884 files changed, 121131 insertions, 18936 deletions
diff --git a/src/lib/libcrypto/LPdir_nyi.c b/src/lib/libcrypto/LPdir_nyi.c
new file mode 100644
index 0000000000..6c1a50e6a8
--- /dev/null
+++ b/src/lib/libcrypto/LPdir_nyi.c
@@ -0,0 +1,42 @@
+/* $LP: LPlib/source/LPdir_win.c,v 1.1 2004/06/14 10:07:56 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#ifndef LPDIR_H
+#include "LPdir.h"
+#endif
+struct LP_dir_context_st { void *dummy; };
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+        {
+        errno = EINVAL;
+        return 0;
+        }
+int LP_find_file_end(LP_DIR_CTX **ctx)
+        {
+        errno = EINVAL;
+        return 0;
+        }
diff --git a/src/lib/libcrypto/LPdir_unix.c b/src/lib/libcrypto/LPdir_unix.c
new file mode 100644
index 0000000000..b004cd99e8
--- /dev/null
+++ b/src/lib/libcrypto/LPdir_unix.c
@@ -0,0 +1,127 @@
+/* $LP: LPlib/source/LPdir_unix.c,v 1.11 2004/09/23 22:07:22 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <stddef.h>
+#include <stdlib.h>
+#include <limits.h>
+#include <string.h>
+#include <sys/types.h>
+#include <dirent.h>
+#include <errno.h>
+#ifndef LPDIR_H
+#include "LPdir.h"
+#endif
+/* The POSIXly macro for the maximum number of characters in a file path
+   is NAME_MAX.  However, some operating systems use PATH_MAX instead.
+   Therefore, it seems natural to first check for PATH_MAX and use that,
+   and if it doesn't exist, use NAME_MAX. */
+#if defined(PATH_MAX)
+# define LP_ENTRY_SIZE PATH_MAX
+#elif defined(NAME_MAX)
+# define LP_ENTRY_SIZE NAME_MAX
+#endif
+/* Of course, there's the possibility that neither PATH_MAX nor NAME_MAX
+   exist.  It's also possible that NAME_MAX exists but is define to a
+   very small value (HP-UX offers 14), so we need to check if we got a
+   result, and if it meets a minimum standard, and create or change it
+   if not. */
+#if !defined(LP_ENTRY_SIZE) || LP_ENTRY_SIZE<255
+# undef LP_ENTRY_SIZE
+# define LP_ENTRY_SIZE 255
+#endif
+struct LP_dir_context_st
+{
+  DIR *dir;
+  char entry_name[LP_ENTRY_SIZE+1];
+};
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+{
+  struct dirent *direntry = NULL;
+  if (ctx == NULL || directory == NULL)
+    {
+      errno = EINVAL;
+      return 0;
+    }
+  errno = 0;
+  if (*ctx == NULL)
+    {
+      *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
+      if (*ctx == NULL)
+        {
+          errno = ENOMEM;
+          return 0;
+        }
+      memset(*ctx, '\0', sizeof(LP_DIR_CTX));
+      (*ctx)->dir = opendir(directory);
+      if ((*ctx)->dir == NULL)
+        {
+          int save_errno = errno; /* Probably not needed, but I'm paranoid */
+          free(*ctx);
+          *ctx = NULL;
+          errno = save_errno;
+          return 0;
+        }
+    }
+  direntry = readdir((*ctx)->dir);
+  if (direntry == NULL)
+    {
+      return 0;
+    }
+  strncpy((*ctx)->entry_name, direntry->d_name, sizeof((*ctx)->entry_name) - 1);
+  (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0';
+  return (*ctx)->entry_name;
+}
+int LP_find_file_end(LP_DIR_CTX **ctx)
+{
+  if (ctx != NULL && *ctx != NULL)
+    {
+      int ret = closedir((*ctx)->dir);
+      free(*ctx);
+      switch (ret)
+        {
+        case 0:
+          return 1;
+        case -1:
+          return 0;
+        default:
+          break;
+        }
+    }
+  errno = EINVAL;
+  return 0;
+}
diff --git a/src/lib/libcrypto/LPdir_vms.c b/src/lib/libcrypto/LPdir_vms.c
new file mode 100644
index 0000000000..85b427a623
--- /dev/null
+++ b/src/lib/libcrypto/LPdir_vms.c
@@ -0,0 +1,199 @@
+/* $LP: LPlib/source/LPdir_vms.c,v 1.20 2004/08/26 13:36:05 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <descrip.h>
+#include <namdef.h>
+#include <rmsdef.h>
+#include <libfildef.h>
+#include <lib$routines.h>
+#include <strdef.h>
+#include <str$routines.h>
+#include <stsdef.h>
+#ifndef LPDIR_H
+#include "LPdir.h"
+#endif
+/* Because some compiler options hide this macor */
+#ifndef EVMSERR
+#define EVMSERR         65535  /* error for non-translatable VMS errors */
+#endif
+struct LP_dir_context_st
+{
+  unsigned long VMS_context;
+#ifdef NAML$C_MAXRSS
+  char filespec[NAML$C_MAXRSS+1];
+  char result[NAML$C_MAXRSS+1];
+#else
+  char filespec[256];
+  char result[256];
+#endif
+  struct dsc$descriptor_d filespec_dsc;
+  struct dsc$descriptor_d result_dsc;
+};
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+{
+  int status;
+  char *p, *r;
+  size_t l;
+  unsigned long flags = 0;
+#ifdef NAML$C_MAXRSS
+  flags |= LIB$M_FIL_LONG_NAMES;
+#endif
+  if (ctx == NULL || directory == NULL)
+    {
+      errno = EINVAL;
+      return 0;
+    }
+  errno = 0;
+  if (*ctx == NULL)
+    {
+      size_t filespeclen = strlen(directory);
+      char *filespec = NULL;
+      /* MUST be a VMS directory specification!  Let's estimate if it is. */
+      if (directory[filespeclen-1] != ']'
+          && directory[filespeclen-1] != '>'
+          && directory[filespeclen-1] != ':')
+        {
+          errno = EINVAL;
+          return 0;
+        }
+      filespeclen += 4;         /* "*.*;" */
+      if (filespeclen >
+#ifdef NAML$C_MAXRSS
+          NAML$C_MAXRSS
+#else
+          255
+#endif
+          )
+        {
+          errno = ENAMETOOLONG;
+          return 0;
+        }
+      *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
+      if (*ctx == NULL)
+        {
+          errno = ENOMEM;
+          return 0;
+        }
+      memset(*ctx, '\0', sizeof(LP_DIR_CTX));
+      strcpy((*ctx)->filespec,directory);
+      strcat((*ctx)->filespec,"*.*;");
+      (*ctx)->filespec_dsc.dsc$w_length = filespeclen;
+      (*ctx)->filespec_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+      (*ctx)->filespec_dsc.dsc$b_class = DSC$K_CLASS_S;
+      (*ctx)->filespec_dsc.dsc$a_pointer = (*ctx)->filespec;
+      (*ctx)->result_dsc.dsc$w_length = 0;
+      (*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+      (*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D;
+      (*ctx)->result_dsc.dsc$a_pointer = 0;
+    }
+  (*ctx)->result_dsc.dsc$w_length = 0;
+  (*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+  (*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D;
+  (*ctx)->result_dsc.dsc$a_pointer = 0;
+  status = lib$find_file(&(*ctx)->filespec_dsc, &(*ctx)->result_dsc,
+                         &(*ctx)->VMS_context, 0, 0, 0, &flags);
+  if (status == RMS$_NMF)
+    {
+      errno = 0;
+      vaxc$errno = status;
+      return NULL;
+    }
+  if(!$VMS_STATUS_SUCCESS(status))
+    {
+      errno = EVMSERR;
+      vaxc$errno = status;
+      return NULL;
+    }
+  /* Quick, cheap and dirty way to discard any device and directory,
+     since we only want file names */
+  l = (*ctx)->result_dsc.dsc$w_length;
+  p = (*ctx)->result_dsc.dsc$a_pointer;
+  r = p;
+  for (; *p; p++)
+    {
+      if (*p == '^' && p[1] != '\0') /* Take care of ODS-5 escapes */
+        {
+          p++;
+        }
+      else if (*p == ':' || *p == '>' || *p == ']')
+        {
+          l -= p + 1 - r;
+          r = p + 1;
+        }
+      else if (*p == ';')
+        {
+          l = p - r;
+          break;
+        }
+    }
+  strncpy((*ctx)->result, r, l);
+  (*ctx)->result[l] = '\0';
+  str$free1_dx(&(*ctx)->result_dsc);
+  return (*ctx)->result;
+}
+int LP_find_file_end(LP_DIR_CTX **ctx)
+{
+  if (ctx != NULL && *ctx != NULL)
+    {
+      int status = lib$find_file_end(&(*ctx)->VMS_context);
+      free(*ctx);
+      if(!$VMS_STATUS_SUCCESS(status))
+        {
+          errno = EVMSERR;
+          vaxc$errno = status;
+          return 0;
+        }
+      return 1;
+    }
+  errno = EINVAL;
+  return 0;
+}
diff --git a/src/lib/libcrypto/LPdir_win.c b/src/lib/libcrypto/LPdir_win.c
new file mode 100644
index 0000000000..09b475beed
--- /dev/null
+++ b/src/lib/libcrypto/LPdir_win.c
@@ -0,0 +1,155 @@
+/* $LP: LPlib/source/LPdir_win.c,v 1.10 2004/08/26 13:36:05 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <windows.h>
+#include <tchar.h>
+#ifndef LPDIR_H
+#include "LPdir.h"
+#endif
+/* We're most likely overcautious here, but let's reserve for
+    broken WinCE headers and explicitly opt for UNICODE call.
+    Keep in mind that our WinCE builds are compiled with -DUNICODE
+    [as well as -D_UNICODE]. */
+#if defined(LP_SYS_WINCE) && !defined(FindFirstFile)
+# define FindFirstFile FindFirstFileW
+#endif
+#if defined(LP_SYS_WINCE) && !defined(FindFirstFile)
+# define FindNextFile FindNextFileW
+#endif
+#ifndef NAME_MAX
+#define NAME_MAX 255
+#endif
+struct LP_dir_context_st
+{
+  WIN32_FIND_DATA ctx;
+  HANDLE handle;
+  char entry_name[NAME_MAX+1];
+};
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+{
+  struct dirent *direntry = NULL;
+  if (ctx == NULL || directory == NULL)
+    {
+      errno = EINVAL;
+      return 0;
+    }
+  errno = 0;
+  if (*ctx == NULL)
+    {
+      *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
+      if (*ctx == NULL)
+        {
+          errno = ENOMEM;
+          return 0;
+        }
+      memset(*ctx, '\0', sizeof(LP_DIR_CTX));
+      if (sizeof(TCHAR) != sizeof(char))
+        {
+          TCHAR *wdir = NULL;
+          /* len_0 denotes string length *with* trailing 0 */ 
+          size_t index = 0,len_0 = strlen(directory) + 1;
+          wdir = (TCHAR *)malloc(len_0 * sizeof(TCHAR));
+          if (wdir == NULL)
+            {
+              free(*ctx);
+              *ctx = NULL;
+              errno = ENOMEM;
+              return 0;
+            }
+#ifdef LP_MULTIBYTE_AVAILABLE
+          if (!MultiByteToWideChar(CP_ACP, 0, directory, len_0, (WCHAR *)wdir, len_0))
+#endif
+            for (index = 0; index < len_0; index++)
+              wdir[index] = (TCHAR)directory[index];
+          (*ctx)->handle = FindFirstFile(wdir, &(*ctx)->ctx);
+          free(wdir);
+        }
+      else
+        (*ctx)->handle = FindFirstFile((TCHAR *)directory, &(*ctx)->ctx);
+      if ((*ctx)->handle == INVALID_HANDLE_VALUE)
+        {
+          free(*ctx);
+          *ctx = NULL;
+          errno = EINVAL;
+          return 0;
+        }
+    }
+  else
+    {
+      if (FindNextFile((*ctx)->handle, &(*ctx)->ctx) == FALSE)
+        {
+          return 0;
+        }
+    }
+  if (sizeof(TCHAR) != sizeof(char))
+    {
+      TCHAR *wdir = (*ctx)->ctx.cFileName;
+      size_t index, len_0 = 0;
+      while (wdir[len_0] && len_0 < (sizeof((*ctx)->entry_name) - 1)) len_0++;
+      len_0++;
+#ifdef LP_MULTIBYTE_AVAILABLE
+      if (!WideCharToMultiByte(CP_ACP, 0, (WCHAR *)wdir, len_0, (*ctx)->entry_name,
+                               sizeof((*ctx)->entry_name), NULL, 0))
+#endif
+        for (index = 0; index < len_0; index++)
+          (*ctx)->entry_name[index] = (char)wdir[index];
+    }
+  else
+    strncpy((*ctx)->entry_name, (const char *)(*ctx)->ctx.cFileName,
+            sizeof((*ctx)->entry_name)-1);
+  (*ctx)->entry_name[sizeof((*ctx)->entry_name)-1] = '\0';
+  return (*ctx)->entry_name;
+}
+int LP_find_file_end(LP_DIR_CTX **ctx)
+{
+  if (ctx != NULL && *ctx != NULL)
+    {
+      FindClose((*ctx)->handle);
+      free(*ctx);
+      *ctx = NULL;
+      return 1;
+    }
+  errno = EINVAL;
+  return 0;
+}
diff --git a/src/lib/libcrypto/LPdir_win32.c b/src/lib/libcrypto/LPdir_win32.c
new file mode 100644
index 0000000000..e39872da52
--- /dev/null
+++ b/src/lib/libcrypto/LPdir_win32.c
@@ -0,0 +1,30 @@
+/* $LP: LPlib/source/LPdir_win32.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#define LP_SYS_WIN32
+#define LP_MULTIBYTE_AVAILABLE
+#include "LPdir_win.c"
diff --git a/src/lib/libcrypto/LPdir_wince.c b/src/lib/libcrypto/LPdir_wince.c
new file mode 100644
index 0000000000..ab0e1e6f4f
--- /dev/null
+++ b/src/lib/libcrypto/LPdir_wince.c
@@ -0,0 +1,31 @@
+/* $LP: LPlib/source/LPdir_wince.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#define LP_SYS_WINCE
+/* We might want to define LP_MULTIBYTE_AVAILABLE here.  It's currently
+   under investigation what the exact conditions would be */
+#include "LPdir_win.c"
diff --git a/src/lib/libcrypto/Makefile.ssl b/src/lib/libcrypto/Makefile.ssl
new file mode 100644
index 0000000000..b9951a4600
--- /dev/null
+++ b/src/lib/libcrypto/Makefile.ssl
@@ -0,0 +1,218 @@
+#
+# SSLeay/crypto/Makefile
+#
+DIR=            crypto
+TOP=            ..
+CC=             cc
+INCLUDE=        -I. -I$(TOP) -I../include
+INCLUDES=       -I.. -I../.. -I../../include
+CFLAG=          -g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=     /usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+RM=             rm -f
+AR=             ar r
+PEX_LIBS=
+EX_LIBS=
+ 
+CFLAGS= $(INCLUDE) $(CFLAG)
+LIBS=
+SDIRS=  md2 md5 sha mdc2 hmac ripemd \
+        des rc2 rc4 rc5 idea bf cast \
+        bn ec rsa dsa dh dso engine aes \
+        buffer bio stack lhash rand err objects \
+        evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
+GENERAL=Makefile README crypto-lib.com install.com
+LIB= $(TOP)/libcrypto.a
+SHARED_LIB= libcrypto$(SHLIB_EXT)
+LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c
+LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o
+SRC= $(LIBSRC)
+EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
+        ossl_typ.h
+HEADER= cryptlib.h buildinf.h md32_common.h o_time.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        @(cd ..; $(MAKE) DIRS=$(DIR) all)
+all: shared
+buildinf.h: ../Makefile.ssl
+        ( echo "#ifndef MK1MF_BUILD"; \
+        echo '  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */'; \
+        echo '  #define CFLAGS "$(CC) $(CFLAG)"'; \
+        echo '  #define PLATFORM "$(PLATFORM)"'; \
+        echo "  #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
+        echo '#endif' ) >buildinf.h
+testapps:
+        if echo ${SDIRS} | fgrep ' des '; \
+        then cd des && $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' des; fi
+        cd pkcs7 && $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' testapps
+subdirs:
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i && echo "making all in crypto/$$i..." && \
+        $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
+        done;
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i && echo "making 'files' in crypto/$$i..." && \
+        $(MAKE) PERL='${PERL}' files ); \
+        done;
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @for i in $(SDIRS); do \
+        (cd $$i && echo "making links in crypto/$$i..." && \
+        $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \
+        done;
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+shared: buildinf.h lib subdirs
+        if [ -n "$(SHARED_LIBS)" ]; then \
+                (cd ..; $(MAKE) $(SHARED_LIB)); \
+        fi
+libs:
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i && echo "making libs in crypto/$$i..." && \
+        $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \
+        done;
+tests:
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i && echo "making tests in crypto/$$i..." && \
+        $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' tests ); \
+        done;
+install:
+        @for i in $(EXHEADER) ;\
+        do \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i && echo "making install in crypto/$$i..." && \
+        $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}'  INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \
+        done;
+lint:
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i && echo "making lint in crypto/$$i..." && \
+        $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' lint ); \
+        done;
+depend:
+        if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+        if [ ! -s buildinf.h ]; then rm buildinf.h; fi
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i && echo "making depend in crypto/$$i..." && \
+        $(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ); \
+        done;
+clean:
+        rm -f buildinf.h *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i && echo "making clean in crypto/$$i..." && \
+        $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' clean ); \
+        done;
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+        @for i in $(SDIRS) ;\
+        do \
+        (cd $$i && echo "making dclean in crypto/$$i..." && \
+        $(MAKE) PERL='${PERL}' CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \
+        done;
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+cpt_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h
+cpt_err.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+cpt_err.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+cpt_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cpt_err.c
+cryptlib.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+cryptlib.o: ../include/openssl/err.h ../include/openssl/lhash.h
+cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+cryptlib.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+cryptlib.o: ../include/openssl/symhacks.h cryptlib.c cryptlib.h
+cversion.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+cversion.o: ../include/openssl/err.h ../include/openssl/lhash.h
+cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+cversion.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+cversion.o: ../include/openssl/symhacks.h buildinf.h cryptlib.h cversion.c
+ebcdic.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h ebcdic.c
+ex_data.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+ex_data.o: ../include/openssl/err.h ../include/openssl/lhash.h
+ex_data.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ex_data.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+ex_data.o: ../include/openssl/symhacks.h cryptlib.h ex_data.c
+mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+mem.o: ../include/openssl/err.h ../include/openssl/lhash.h
+mem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mem.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+mem.o: ../include/openssl/symhacks.h cryptlib.h mem.c
+mem_clr.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+mem_clr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mem_clr.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+mem_clr.o: ../include/openssl/symhacks.h mem_clr.c
+mem_dbg.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h
+mem_dbg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mem_dbg.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+mem_dbg.o: ../include/openssl/symhacks.h cryptlib.h mem_dbg.c
+o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c
+o_time.o: o_time.h
+tmdiff.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+tmdiff.o: ../include/openssl/err.h ../include/openssl/lhash.h
+tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+tmdiff.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+tmdiff.o: ../include/openssl/symhacks.h ../include/openssl/tmdiff.h cryptlib.h
+tmdiff.o: tmdiff.c
+uid.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+uid.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+uid.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+uid.o: ../include/openssl/symhacks.h uid.c
diff --git a/src/lib/libcrypto/acss/acss.h b/src/lib/libcrypto/acss/acss.h
new file mode 100644
index 0000000000..c2d3550796
--- /dev/null
+++ b/src/lib/libcrypto/acss/acss.h
@@ -0,0 +1,47 @@
+/*      $OpenBSD: acss.h,v 1.4 2005/04/25 13:20:52 miod Exp $   */
+/*
+ * Copyright (c) 2004 The OpenBSD project
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#ifndef _ACSS_H_
+#define _ACSS_H_
+#ifdef OPENSSL_NO_ACSS
+#error acss is disabled.
+#endif
+/* 40bit key */
+#define ACSS_KEYSIZE            5
+/* modes of acss */
+#define ACSS_MODE0              0
+#define ACSS_MODE1              1
+#define ACSS_MODE2              2
+#define ACSS_MODE3              3
+typedef struct acss_key_st {
+        unsigned int    lfsr17;         /* current state of lfsrs */
+        unsigned int    lfsr25;
+        unsigned int    lfsrsum;
+        unsigned char   seed[ACSS_KEYSIZE];
+        unsigned char   data[ACSS_KEYSIZE];
+        int             encrypt;
+        int             mode;
+} ACSS_KEY;
+void acss_setkey(ACSS_KEY *, const unsigned char *, int, int);
+void acss(ACSS_KEY *, unsigned long, const unsigned char *, unsigned char *);
+#endif /* ifndef _ACSS_H_ */
diff --git a/src/lib/libcrypto/acss/acss_enc.c b/src/lib/libcrypto/acss/acss_enc.c
new file mode 100644
index 0000000000..829830bc54
--- /dev/null
+++ b/src/lib/libcrypto/acss/acss_enc.c
@@ -0,0 +1,177 @@
+/*      $OpenBSD: acss_enc.c,v 1.4 2004/02/13 10:05:44 hshoexer Exp $   */
+/*
+ * Copyright (c) 2004 The OpenBSD project
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include <openssl/acss.h>
+/* decryption sbox */
+static unsigned char sboxdec[] = {
+        0x33, 0x73, 0x3b, 0x26, 0x63, 0x23, 0x6b, 0x76, 
+        0x3e, 0x7e, 0x36, 0x2b, 0x6e, 0x2e, 0x66, 0x7b, 
+        0xd3, 0x93, 0xdb, 0x06, 0x43, 0x03, 0x4b, 0x96, 
+        0xde, 0x9e, 0xd6, 0x0b, 0x4e, 0x0e, 0x46, 0x9b, 
+        0x57, 0x17, 0x5f, 0x82, 0xc7, 0x87, 0xcf, 0x12, 
+        0x5a, 0x1a, 0x52, 0x8f, 0xca, 0x8a, 0xc2, 0x1f, 
+        0xd9, 0x99, 0xd1, 0x00, 0x49, 0x09, 0x41, 0x90, 
+        0xd8, 0x98, 0xd0, 0x01, 0x48, 0x08, 0x40, 0x91, 
+        0x3d, 0x7d, 0x35, 0x24, 0x6d, 0x2d, 0x65, 0x74, 
+        0x3c, 0x7c, 0x34, 0x25, 0x6c, 0x2c, 0x64, 0x75, 
+        0xdd, 0x9d, 0xd5, 0x04, 0x4d, 0x0d, 0x45, 0x94, 
+        0xdc, 0x9c, 0xd4, 0x05, 0x4c, 0x0c, 0x44, 0x95, 
+        0x59, 0x19, 0x51, 0x80, 0xc9, 0x89, 0xc1, 0x10, 
+        0x58, 0x18, 0x50, 0x81, 0xc8, 0x88, 0xc0, 0x11, 
+        0xd7, 0x97, 0xdf, 0x02, 0x47, 0x07, 0x4f, 0x92, 
+        0xda, 0x9a, 0xd2, 0x0f, 0x4a, 0x0a, 0x42, 0x9f, 
+        0x53, 0x13, 0x5b, 0x86, 0xc3, 0x83, 0xcb, 0x16, 
+        0x5e, 0x1e, 0x56, 0x8b, 0xce, 0x8e, 0xc6, 0x1b, 
+        0xb3, 0xf3, 0xbb, 0xa6, 0xe3, 0xa3, 0xeb, 0xf6, 
+        0xbe, 0xfe, 0xb6, 0xab, 0xee, 0xae, 0xe6, 0xfb, 
+        0x37, 0x77, 0x3f, 0x22, 0x67, 0x27, 0x6f, 0x72, 
+        0x3a, 0x7a, 0x32, 0x2f, 0x6a, 0x2a, 0x62, 0x7f, 
+        0xb9, 0xf9, 0xb1, 0xa0, 0xe9, 0xa9, 0xe1, 0xf0, 
+        0xb8, 0xf8, 0xb0, 0xa1, 0xe8, 0xa8, 0xe0, 0xf1, 
+        0x5d, 0x1d, 0x55, 0x84, 0xcd, 0x8d, 0xc5, 0x14, 
+        0x5c, 0x1c, 0x54, 0x85, 0xcc, 0x8c, 0xc4, 0x15, 
+        0xbd, 0xfd, 0xb5, 0xa4, 0xed, 0xad, 0xe5, 0xf4, 
+        0xbc, 0xfc, 0xb4, 0xa5, 0xec, 0xac, 0xe4, 0xf5, 
+        0x39, 0x79, 0x31, 0x20, 0x69, 0x29, 0x61, 0x70, 
+        0x38, 0x78, 0x30, 0x21, 0x68, 0x28, 0x60, 0x71, 
+        0xb7, 0xf7, 0xbf, 0xa2, 0xe7, 0xa7, 0xef, 0xf2, 
+        0xba, 0xfa, 0xb2, 0xaf, 0xea, 0xaa, 0xe2, 0xff
+};
+/* encryption sbox */
+static unsigned char sboxenc[] = {
+        0x33, 0x3b, 0x73, 0x15, 0x53, 0x5b, 0x13, 0x75,
+        0x3d, 0x35, 0x7d, 0x1b, 0x5d, 0x55, 0x1d, 0x7b,
+        0x67, 0x6f, 0x27, 0x81, 0xc7, 0xcf, 0x87, 0x21,
+        0x69, 0x61, 0x29, 0x8f, 0xc9, 0xc1, 0x89, 0x2f,
+        0xe3, 0xeb, 0xa3, 0x05, 0x43, 0x4b, 0x03, 0xa5,
+        0xed, 0xe5, 0xad, 0x0b, 0x4d, 0x45, 0x0d, 0xab,
+        0xea, 0xe2, 0xaa, 0x00, 0x4a, 0x42, 0x0a, 0xa0,
+        0xe8, 0xe0, 0xa8, 0x02, 0x48, 0x40, 0x08, 0xa2,
+        0x3e, 0x36, 0x7e, 0x14, 0x5e, 0x56, 0x1e, 0x74,
+        0x3c, 0x34, 0x7c, 0x16, 0x5c, 0x54, 0x1c, 0x76,
+        0x6a, 0x62, 0x2a, 0x80, 0xca, 0xc2, 0x8a, 0x20,
+        0x68, 0x60, 0x28, 0x82, 0xc8, 0xc0, 0x88, 0x22,
+        0xee, 0xe6, 0xae, 0x04, 0x4e, 0x46, 0x0e, 0xa4,
+        0xec, 0xe4, 0xac, 0x06, 0x4c, 0x44, 0x0c, 0xa6,
+        0xe7, 0xef, 0xa7, 0x01, 0x47, 0x4f, 0x07, 0xa1,
+        0xe9, 0xe1, 0xa9, 0x0f, 0x49, 0x41, 0x09, 0xaf,
+        0x63, 0x6b, 0x23, 0x85, 0xc3, 0xcb, 0x83, 0x25,
+        0x6d, 0x65, 0x2d, 0x8b, 0xcd, 0xc5, 0x8d, 0x2b,
+        0x37, 0x3f, 0x77, 0x11, 0x57, 0x5f, 0x17, 0x71,
+        0x39, 0x31, 0x79, 0x1f, 0x59, 0x51, 0x19, 0x7f,
+        0xb3, 0xbb, 0xf3, 0x95, 0xd3, 0xdb, 0x93, 0xf5,
+        0xbd, 0xb5, 0xfd, 0x9b, 0xdd, 0xd5, 0x9d, 0xfb,
+        0xba, 0xb2, 0xfa, 0x90, 0xda, 0xd2, 0x9a, 0xf0,
+        0xb8, 0xb0, 0xf8, 0x92, 0xd8, 0xd0, 0x98, 0xf2,
+        0x6e, 0x66, 0x2e, 0x84, 0xce, 0xc6, 0x8e, 0x24,
+        0x6c, 0x64, 0x2c, 0x86, 0xcc, 0xc4, 0x8c, 0x26,
+        0x3a, 0x32, 0x7a, 0x10, 0x5a, 0x52, 0x1a, 0x70,
+        0x38, 0x30, 0x78, 0x12, 0x58, 0x50, 0x18, 0x72,
+        0xbe, 0xb6, 0xfe, 0x94, 0xde, 0xd6, 0x9e, 0xf4,
+        0xbc, 0xb4, 0xfc, 0x96, 0xdc, 0xd4, 0x9c, 0xf6,
+        0xb7, 0xbf, 0xf7, 0x91, 0xd7, 0xdf, 0x97, 0xf1,
+        0xb9, 0xb1, 0xf9, 0x9f, 0xd9, 0xd1, 0x99, 0xff
+};
+/*
+ * Two linear feedback shift registers are used:
+ *
+ * lfsr17:  polynomial of degree 17, primitive modulo 2 (listed in Schneier)
+ *          x^15 + x + 1
+ * lfsr25:  polynomial of degree 25, not know if primitive modulo 2
+ *          x^13 + x^5 + x^4 + x + 1
+ *
+ * Output bits are discarded, instead the feedback bits are added to produce
+ * the cipher stream.  Depending on the mode, feedback bytes may be inverted
+ * bit-wise before addition.
+ *
+ * The lfsrs are seeded with bytes from the raw key:
+ *
+ * lfsr17:  byte 0[0:7] at bit 9
+ *          byte 1[0:7] at bit 0
+ *
+ * lfsr25:  byte 2[0:4] at bit 16
+ *          byte 2[5:7] at bit 22
+ *          byte 3[0:7] at bit 8
+ *          byte 4[0:7] at bit 0
+ *
+ * To prevent 0 cycles, 1's are inject at bit 8 in lfrs17 and bit 21 in
+ * lfsr25.
+ *
+ */
+void
+acss(ACSS_KEY *key, unsigned long len, const unsigned char *in,
+    unsigned char *out)
+{
+        unsigned long i;
+        unsigned long lfsr17tmp, lfsr25tmp, lfsrsumtmp;
+        lfsrsumtmp = lfsr17tmp = lfsr25tmp = 0;
+        /* keystream is sum of lfsrs */
+        for (i = 0; i < len; i++) {
+                lfsr17tmp = key->lfsr17 ^ (key->lfsr17 >> 14);
+                key->lfsr17 = (key->lfsr17 >> 8)
+                        ^ (lfsr17tmp << 9)
+                        ^ (lfsr17tmp << 12)
+                        ^ (lfsr17tmp << 15);
+                key->lfsr17 &= 0x1ffff; /* 17 bit LFSR */
+                lfsr25tmp = key->lfsr25
+                        ^ (key->lfsr25 >> 3)
+                        ^ (key->lfsr25 >> 4)
+                        ^ (key->lfsr25 >> 12);
+                key->lfsr25 = (key->lfsr25 >> 8) ^ (lfsr25tmp << 17);
+                key->lfsr25 &= 0x1ffffff;       /* 25 bit LFSR */
+                lfsrsumtmp = key->lfsrsum;
+                /* addition */
+                switch (key->mode) {
+                case ACSS_MODE3:
+                        key->lfsrsum = 0xff & ~(key->lfsr17 >> 9);
+                        key->lfsrsum += 0xff & ~(key->lfsr25 >> 17);
+                        break;
+                case ACSS_MODE2:
+                        key->lfsrsum = key->lfsr17 >> 9;
+                        key->lfsrsum += 0xff & ~(key->lfsr25 >> 17);
+                        break;
+                case ACSS_MODE1:
+                        key->lfsrsum = 0xff & ~(key->lfsr17 >> 9);
+                        key->lfsrsum += key->lfsr25 >> 17;
+                        break;
+                case ACSS_MODE0:
+                default:
+                        key->lfsrsum = key->lfsr17 >> 9;
+                        key->lfsrsum += key->lfsr25 >> 17;
+                        break;
+                }
+                key->lfsrsum += (lfsrsumtmp >> 8);
+                if (in == (unsigned char *)0)
+                        /* generate only a keystream */
+                        out[i] = key->lfsrsum & 0xff;
+                else if (key->encrypt) {
+                        out[i] = sboxenc[(in[i] ^ key->lfsrsum) & 0xff];
+                } else {
+                        out[i] = (sboxdec[in[i]] ^ key->lfsrsum) & 0xff;
+                }
+        }
+}
diff --git a/src/lib/libcrypto/acss/acss_skey.c b/src/lib/libcrypto/acss/acss_skey.c
new file mode 100644
index 0000000000..08e5685fcf
--- /dev/null
+++ b/src/lib/libcrypto/acss/acss_skey.c
@@ -0,0 +1,86 @@
+/*      $OpenBSD: acss_skey.c,v 1.2 2004/01/23 19:23:33 hshoexer Exp $  */
+/*
+ * Copyright (c) 2004 The OpenBSD project
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include <openssl/acss.h>
+static unsigned char reverse[] = {
+        0x00, 0x80, 0x40, 0xc0, 0x20, 0xa0, 0x60, 0xe0, 
+        0x10, 0x90, 0x50, 0xd0, 0x30, 0xb0, 0x70, 0xf0, 
+        0x08, 0x88, 0x48, 0xc8, 0x28, 0xa8, 0x68, 0xe8, 
+        0x18, 0x98, 0x58, 0xd8, 0x38, 0xb8, 0x78, 0xf8, 
+        0x04, 0x84, 0x44, 0xc4, 0x24, 0xa4, 0x64, 0xe4, 
+        0x14, 0x94, 0x54, 0xd4, 0x34, 0xb4, 0x74, 0xf4, 
+        0x0c, 0x8c, 0x4c, 0xcc, 0x2c, 0xac, 0x6c, 0xec, 
+        0x1c, 0x9c, 0x5c, 0xdc, 0x3c, 0xbc, 0x7c, 0xfc, 
+        0x02, 0x82, 0x42, 0xc2, 0x22, 0xa2, 0x62, 0xe2, 
+        0x12, 0x92, 0x52, 0xd2, 0x32, 0xb2, 0x72, 0xf2, 
+        0x0a, 0x8a, 0x4a, 0xca, 0x2a, 0xaa, 0x6a, 0xea, 
+        0x1a, 0x9a, 0x5a, 0xda, 0x3a, 0xba, 0x7a, 0xfa, 
+        0x06, 0x86, 0x46, 0xc6, 0x26, 0xa6, 0x66, 0xe6, 
+        0x16, 0x96, 0x56, 0xd6, 0x36, 0xb6, 0x76, 0xf6, 
+        0x0e, 0x8e, 0x4e, 0xce, 0x2e, 0xae, 0x6e, 0xee, 
+        0x1e, 0x9e, 0x5e, 0xde, 0x3e, 0xbe, 0x7e, 0xfe, 
+        0x01, 0x81, 0x41, 0xc1, 0x21, 0xa1, 0x61, 0xe1, 
+        0x11, 0x91, 0x51, 0xd1, 0x31, 0xb1, 0x71, 0xf1, 
+        0x09, 0x89, 0x49, 0xc9, 0x29, 0xa9, 0x69, 0xe9, 
+        0x19, 0x99, 0x59, 0xd9, 0x39, 0xb9, 0x79, 0xf9, 
+        0x05, 0x85, 0x45, 0xc5, 0x25, 0xa5, 0x65, 0xe5, 
+        0x15, 0x95, 0x55, 0xd5, 0x35, 0xb5, 0x75, 0xf5, 
+        0x0d, 0x8d, 0x4d, 0xcd, 0x2d, 0xad, 0x6d, 0xed, 
+        0x1d, 0x9d, 0x5d, 0xdd, 0x3d, 0xbd, 0x7d, 0xfd, 
+        0x03, 0x83, 0x43, 0xc3, 0x23, 0xa3, 0x63, 0xe3, 
+        0x13, 0x93, 0x53, 0xd3, 0x33, 0xb3, 0x73, 0xf3, 
+        0x0b, 0x8b, 0x4b, 0xcb, 0x2b, 0xab, 0x6b, 0xeb, 
+        0x1b, 0x9b, 0x5b, 0xdb, 0x3b, 0xbb, 0x7b, 0xfb, 
+        0x07, 0x87, 0x47, 0xc7, 0x27, 0xa7, 0x67, 0xe7, 
+        0x17, 0x97, 0x57, 0xd7, 0x37, 0xb7, 0x77, 0xf7, 
+        0x0f, 0x8f, 0x4f, 0xcf, 0x2f, 0xaf, 0x6f, 0xef, 
+        0x1f, 0x9f, 0x5f, 0xdf, 0x3f, 0xbf, 0x7f, 0xff 
+};
+static void
+acss_seed(ACSS_KEY *key)
+{
+        int i;
+        for (i = 0; i < ACSS_KEYSIZE; i++)
+                key->seed[i] = reverse[key->data[i]];
+        /* seed lfsrs */
+        key->lfsr17 = key->seed[1]
+                | (key->seed[0] << 9)
+                | (1 << 8);     /* inject 1 at bit 9 */
+        key->lfsr25 = key->seed[4]
+                | (key->seed[3] << 8)
+                | ((key->seed[2] & 0x1f) << 16)
+                | ((key->seed[2] & 0xe0) << 17)
+                        | (1 << 21);    /* inject 1 at bit 22 */
+        key->lfsrsum = 0;
+}
+void
+acss_setkey(ACSS_KEY *key, const unsigned char *data, int enc, int mode)
+{
+        memcpy(key->data, data, sizeof(key->data));
+        if (enc != -1)
+                key->encrypt = enc;
+        key->mode = mode;
+        acss_seed(key);
+}
diff --git a/src/lib/libcrypto/aes/Makefile b/src/lib/libcrypto/aes/Makefile
new file mode 100644
index 0000000000..22c7203dbb
--- /dev/null
+++ b/src/lib/libcrypto/aes/Makefile
@@ -0,0 +1,130 @@
+#
+# crypto/aes/Makefile
+#
+DIR=    aes
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+AES_ASM_OBJ=aes_core.o aes_cbc.o
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+GENERAL=Makefile
+#TEST=aestest.c
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c \
+       aes_ctr.c aes_ige.c aes_wrap.c
+LIBOBJ=aes_misc.o aes_ecb.o aes_cfb.o aes_ofb.o aes_ctr.o aes_ige.o aes_wrap.o \
+       $(AES_ASM_OBJ)
+SRC= $(LIBSRC)
+EXHEADER= aes.h
+HEADER= aes_locl.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+$(LIBOBJ): $(LIBSRC)
+aes-ia64.s: asm/aes-ia64.S
+        $(CC) $(CFLAGS) -E asm/aes-ia64.S > $@
+ax86-elf.s: asm/aes-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) aes-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@)
+ax86-cof.s: asm/aes-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) aes-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@)
+ax86-out.s: asm/aes-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) aes-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@)
+aes-x86_64.s: asm/aes-x86_64.pl
+        $(PERL) asm/aes-x86_64.pl $@
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_locl.h
+aes_cfb.o: ../../e_os.h ../../include/openssl/aes.h
+aes_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+aes_cfb.o: aes_cfb.c aes_locl.h
+aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h
+aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h
+aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ecb.o: ../../include/openssl/opensslconf.h aes_ecb.c aes_locl.h
+aes_ige.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/bio.h
+aes_ige.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+aes_ige.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+aes_ige.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+aes_ige.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+aes_ige.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+aes_ige.o: ../../include/openssl/symhacks.h ../cryptlib.h aes_ige.c aes_locl.h
+aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_misc.o: ../../include/openssl/opensslconf.h
+aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c
+aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ofb.o: ../../include/openssl/opensslconf.h aes_locl.h aes_ofb.c
+aes_wrap.o: ../../e_os.h ../../include/openssl/aes.h
+aes_wrap.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+aes_wrap.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+aes_wrap.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+aes_wrap.o: ../../include/openssl/opensslconf.h
+aes_wrap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+aes_wrap.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+aes_wrap.o: ../../include/openssl/symhacks.h ../cryptlib.h aes_wrap.c
diff --git a/src/lib/libcrypto/aes/Makefile.ssl b/src/lib/libcrypto/aes/Makefile.ssl
new file mode 100644
index 0000000000..f353aeb697
--- /dev/null
+++ b/src/lib/libcrypto/aes/Makefile.ssl
@@ -0,0 +1,103 @@
+#
+# crypto/aes/Makefile
+#
+DIR=    aes
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=     /usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+# CFLAGS= -mpentiumpro $(INCLUDES) $(CFLAG) -O3 -fexpensive-optimizations -funroll-loops -fforce-addr
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+#TEST=aestest.c
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c aes_ctr.c
+LIBOBJ=aes_core.o aes_misc.o aes_ecb.o aes_cbc.o aes_cfb.o aes_ofb.o aes_ctr.o
+SRC= $(LIBSRC)
+EXHEADER= aes.h
+HEADER= aes_locl.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+$(LIBOBJ): $(LIBSRC)
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install: installs
+installs:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_locl.h
+aes_cfb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_cfb.o: ../../include/openssl/opensslconf.h aes_cfb.c aes_locl.h
+aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h
+aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h
+aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ecb.o: ../../include/openssl/opensslconf.h aes_ecb.c aes_locl.h
+aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_misc.o: ../../include/openssl/opensslconf.h
+aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c
+aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ofb.o: ../../include/openssl/opensslconf.h aes_locl.h aes_ofb.c
diff --git a/src/lib/libcrypto/aes/aes.h b/src/lib/libcrypto/aes/aes.h
index baf0222d49..8a3ea0b883 100644
--- a/src/lib/libcrypto/aes/aes.h
+++ b/src/lib/libcrypto/aes/aes.h
@@ -52,7 +52,7 @@
 #ifndef HEADER_AES_H
 #define HEADER_AES_H
-#include <openssl/opensslconf.h>
+#include <openssl/e_os2.h>
 #ifdef OPENSSL_NO_AES
 #error AES is disabled.
@@ -66,17 +66,17 @@
 #define AES_MAXNR 14
 #define AES_BLOCK_SIZE 16
+#if defined(OPENSSL_FIPS)
+#define FIPS_AES_SIZE_T int
+#endif
 #ifdef  __cplusplus
 extern "C" {
 #endif
 /* This should be a hidden type, but EVP requires that the size be known */
 struct aes_key_st {
-#ifdef AES_LONG
    unsigned long rd_key[4 *(AES_MAXNR + 1)];
-#else
-    unsigned int rd_key[4 *(AES_MAXNR + 1)];
-#endif
    int rounds;
 };
 typedef struct aes_key_st AES_KEY;
@@ -119,23 +119,6 @@ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
        unsigned char ecount_buf[AES_BLOCK_SIZE],
        unsigned int *num);
-/* For IGE, see also http://www.links.org/files/openssl-ige.pdf */
-/* NB: the IV is _two_ blocks long */
-void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
-                     const unsigned long length, const AES_KEY *key,
-                     unsigned char *ivec, const int enc);
-/* NB: the IV is _four_ blocks long */
-void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
-                        const unsigned long length, const AES_KEY *key,
-                        const AES_KEY *key2, const unsigned char *ivec,
-                        const int enc);
-int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
-                unsigned char *out,
-                const unsigned char *in, unsigned int inlen);
-int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
-                unsigned char *out,
-                const unsigned char *in, unsigned int inlen);
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libcrypto/aes/aes_cbc.c b/src/lib/libcrypto/aes/aes_cbc.c
index d2ba6bcdb4..373864cd4b 100644
--- a/src/lib/libcrypto/aes/aes_cbc.c
+++ b/src/lib/libcrypto/aes/aes_cbc.c
@@ -59,6 +59,7 @@
 #include <openssl/aes.h>
 #include "aes_locl.h"
+#if !defined(OPENSSL_FIPS_AES_ASM)
 void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
                     const unsigned long length, const AES_KEY *key,
                     unsigned char *ivec, const int enc) {
@@ -129,3 +130,4 @@ void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
                }
        }
 }
+#endif
diff --git a/src/lib/libcrypto/aes/aes_core.c b/src/lib/libcrypto/aes/aes_core.c
index 3a80e18b0a..ed566a8123 100644
--- a/src/lib/libcrypto/aes/aes_core.c
+++ b/src/lib/libcrypto/aes/aes_core.c
@@ -37,19 +37,23 @@
 #include <stdlib.h>
 #include <openssl/aes.h>
+#include <openssl/fips.h>
 #include "aes_locl.h"
+#ifndef OPENSSL_FIPS
 /*
 Te0[x] = S [x].[02, 01, 01, 03];
 Te1[x] = S [x].[03, 02, 01, 01];
 Te2[x] = S [x].[01, 03, 02, 01];
 Te3[x] = S [x].[01, 01, 03, 02];
+Te4[x] = S [x].[01, 01, 01, 01];
 Td0[x] = Si[x].[0e, 09, 0d, 0b];
 Td1[x] = Si[x].[0b, 0e, 09, 0d];
 Td2[x] = Si[x].[0d, 0b, 0e, 09];
 Td3[x] = Si[x].[09, 0d, 0b, 0e];
-Td4[x] = Si[x].[01];
+Td4[x] = Si[x].[01, 01, 01, 01];
 */
 static const u32 Te0[256] = {
@@ -251,6 +255,7 @@ static const u32 Te2[256] = {
    0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
 };
 static const u32 Te3[256] = {
    0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
    0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
    0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
@@ -316,7 +321,72 @@ static const u32 Te3[256] = {
    0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
    0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
 };
+static const u32 Te4[256] = {
+    0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
+    0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
+    0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
+    0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
+    0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
+    0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
+    0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
+    0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
+    0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
+    0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
+    0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
+    0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
+    0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
+    0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
+    0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
+    0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
+    0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
+    0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
+    0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
+    0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
+    0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
+    0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
+    0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
+    0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
+    0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
+    0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
+    0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
+    0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
+    0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
+    0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
+    0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
+    0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
+    0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
+    0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
+    0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
+    0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
+    0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
+    0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
+    0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
+    0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
+    0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
+    0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
+    0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
+    0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
+    0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
+    0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
+    0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
+    0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
+    0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
+    0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
+    0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
+    0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
+    0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
+    0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
+    0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
+    0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
+    0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
+    0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
+    0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
+    0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
+    0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
+    0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
+    0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
+    0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
+};
 static const u32 Td0[256] = {
    0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
    0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
@@ -470,6 +540,7 @@ static const u32 Td2[256] = {
    0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
    0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
    0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
    0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
    0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
    0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
@@ -581,39 +652,71 @@ static const u32 Td3[256] = {
    0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
    0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
 };
-static const u8 Td4[256] = {
+static const u32 Td4[256] = {
-    0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
+    0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
-    0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
+    0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
-    0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
+    0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
-    0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
+    0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
-    0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
+    0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
-    0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
+    0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
-    0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
+    0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
-    0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
+    0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
-    0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
+    0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
-    0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
+    0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
-    0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
+    0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
-    0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
+    0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
-    0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
+    0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
-    0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
+    0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
-    0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
+    0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
-    0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
+    0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
-    0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
+    0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
-    0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
+    0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
-    0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
+    0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
-    0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
+    0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
-    0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
+    0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
-    0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
+    0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
-    0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
+    0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
-    0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
+    0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
-    0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
+    0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
-    0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
+    0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
-    0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
+    0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
-    0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
+    0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
-    0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
+    0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
-    0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
+    0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
-    0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
+    0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
-    0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
+    0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
+    0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
+    0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
+    0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
+    0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
+    0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
+    0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
+    0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
+    0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
+    0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
+    0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
+    0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
+    0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
+    0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
+    0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
+    0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
+    0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
+    0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
+    0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
+    0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
+    0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
+    0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
+    0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
+    0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
+    0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
+    0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
+    0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
+    0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
+    0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
+    0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
+    0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
+    0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
+    0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
 };
 static const u32 rcon[] = {
        0x01000000, 0x02000000, 0x04000000, 0x08000000,
@@ -653,10 +756,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
                while (1) {
                        temp  = rk[3];
                        rk[4] = rk[0] ^
-                                (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+                                (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
-                                (Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                                (Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
-                                (Te0[(temp      ) & 0xff] & 0x0000ff00) ^
+                                (Te4[(temp      ) & 0xff] & 0x0000ff00) ^
-                                (Te1[(temp >> 24)       ] & 0x000000ff) ^
+                                (Te4[(temp >> 24)       ] & 0x000000ff) ^
                                rcon[i];
                        rk[5] = rk[1] ^ rk[4];
                        rk[6] = rk[2] ^ rk[5];
@@ -673,10 +776,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
                while (1) {
                        temp = rk[ 5];
                        rk[ 6] = rk[ 0] ^
-                                (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+                                (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
-                                (Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                                (Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
-                                (Te0[(temp      ) & 0xff] & 0x0000ff00) ^
+                                (Te4[(temp      ) & 0xff] & 0x0000ff00) ^
-                                (Te1[(temp >> 24)       ] & 0x000000ff) ^
+                                (Te4[(temp >> 24)       ] & 0x000000ff) ^
                                rcon[i];
                        rk[ 7] = rk[ 1] ^ rk[ 6];
                        rk[ 8] = rk[ 2] ^ rk[ 7];
@@ -695,10 +798,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
                while (1) {
                        temp = rk[ 7];
                        rk[ 8] = rk[ 0] ^
-                                (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+                                (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
-                                (Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                                (Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
-                                (Te0[(temp      ) & 0xff] & 0x0000ff00) ^
+                                (Te4[(temp      ) & 0xff] & 0x0000ff00) ^
-                                (Te1[(temp >> 24)       ] & 0x000000ff) ^
+                                (Te4[(temp >> 24)       ] & 0x000000ff) ^
                                rcon[i];
                        rk[ 9] = rk[ 1] ^ rk[ 8];
                        rk[10] = rk[ 2] ^ rk[ 9];
@@ -708,10 +811,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
                        }
                        temp = rk[11];
                        rk[12] = rk[ 4] ^
-                                (Te2[(temp >> 24)       ] & 0xff000000) ^
+                                (Te4[(temp >> 24)       ] & 0xff000000) ^
-                                (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^
+                                (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
-                                (Te0[(temp >>  8) & 0xff] & 0x0000ff00) ^
+                                (Te4[(temp >>  8) & 0xff] & 0x0000ff00) ^
-                                (Te1[(temp      ) & 0xff] & 0x000000ff);
+                                (Te4[(temp      ) & 0xff] & 0x000000ff);
                        rk[13] = rk[ 5] ^ rk[12];
                        rk[14] = rk[ 6] ^ rk[13];
                        rk[15] = rk[ 7] ^ rk[14];
@@ -750,30 +853,29 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
        for (i = 1; i < (key->rounds); i++) {
                rk += 4;
                rk[0] =
-                        Td0[Te1[(rk[0] >> 24)       ] & 0xff] ^
+                        Td0[Te4[(rk[0] >> 24)       ] & 0xff] ^
-                        Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^
+                        Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^
-                        Td2[Te1[(rk[0] >>  8) & 0xff] & 0xff] ^
+                        Td2[Te4[(rk[0] >>  8) & 0xff] & 0xff] ^
-                        Td3[Te1[(rk[0]      ) & 0xff] & 0xff];
+                        Td3[Te4[(rk[0]      ) & 0xff] & 0xff];
                rk[1] =
-                        Td0[Te1[(rk[1] >> 24)       ] & 0xff] ^
+                        Td0[Te4[(rk[1] >> 24)       ] & 0xff] ^
-                        Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^
+                        Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^
-                        Td2[Te1[(rk[1] >>  8) & 0xff] & 0xff] ^
+                        Td2[Te4[(rk[1] >>  8) & 0xff] & 0xff] ^
-                        Td3[Te1[(rk[1]      ) & 0xff] & 0xff];
+                        Td3[Te4[(rk[1]      ) & 0xff] & 0xff];
                rk[2] =
-                        Td0[Te1[(rk[2] >> 24)       ] & 0xff] ^
+                        Td0[Te4[(rk[2] >> 24)       ] & 0xff] ^
-                        Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^
+                        Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^
-                        Td2[Te1[(rk[2] >>  8) & 0xff] & 0xff] ^
+                        Td2[Te4[(rk[2] >>  8) & 0xff] & 0xff] ^
-                        Td3[Te1[(rk[2]      ) & 0xff] & 0xff];
+                        Td3[Te4[(rk[2]      ) & 0xff] & 0xff];
                rk[3] =
-                        Td0[Te1[(rk[3] >> 24)       ] & 0xff] ^
+                        Td0[Te4[(rk[3] >> 24)       ] & 0xff] ^
-                        Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^
+                        Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^
-                        Td2[Te1[(rk[3] >>  8) & 0xff] & 0xff] ^
+                        Td2[Te4[(rk[3] >>  8) & 0xff] & 0xff] ^
-                        Td3[Te1[(rk[3]      ) & 0xff] & 0xff];
+                        Td3[Te4[(rk[3]      ) & 0xff] & 0xff];
        }
        return 0;
 }
-#ifndef AES_ASM
 /*
 * Encrypt a single block
 * in and out can overlap
@@ -936,31 +1038,31 @@ void AES_encrypt(const unsigned char *in, unsigned char *out,
         * map cipher state to byte array block:
         */
        s0 =
-                (Te2[(t0 >> 24)       ] & 0xff000000) ^
+                (Te4[(t0 >> 24)       ] & 0xff000000) ^
-                (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^
+                (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
-                (Te0[(t2 >>  8) & 0xff] & 0x0000ff00) ^
+                (Te4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
-                (Te1[(t3      ) & 0xff] & 0x000000ff) ^
+                (Te4[(t3      ) & 0xff] & 0x000000ff) ^
                rk[0];
        PUTU32(out     , s0);
        s1 =
-                (Te2[(t1 >> 24)       ] & 0xff000000) ^
+                (Te4[(t1 >> 24)       ] & 0xff000000) ^
-                (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^
+                (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
-                (Te0[(t3 >>  8) & 0xff] & 0x0000ff00) ^
+                (Te4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
-                (Te1[(t0      ) & 0xff] & 0x000000ff) ^
+                (Te4[(t0      ) & 0xff] & 0x000000ff) ^
                rk[1];
        PUTU32(out +  4, s1);
        s2 =
-                (Te2[(t2 >> 24)       ] & 0xff000000) ^
+                (Te4[(t2 >> 24)       ] & 0xff000000) ^
-                (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^
+                (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
-                (Te0[(t0 >>  8) & 0xff] & 0x0000ff00) ^
+                (Te4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
-                (Te1[(t1      ) & 0xff] & 0x000000ff) ^
+                (Te4[(t1      ) & 0xff] & 0x000000ff) ^
                rk[2];
        PUTU32(out +  8, s2);
        s3 =
-                (Te2[(t3 >> 24)       ] & 0xff000000) ^
+                (Te4[(t3 >> 24)       ] & 0xff000000) ^
-                (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^
+                (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
-                (Te0[(t1 >>  8) & 0xff] & 0x0000ff00) ^
+                (Te4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
-                (Te1[(t2      ) & 0xff] & 0x000000ff) ^
+                (Te4[(t2      ) & 0xff] & 0x000000ff) ^
                rk[3];
        PUTU32(out + 12, s3);
 }
@@ -1127,33 +1229,33 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
         * map cipher state to byte array block:
         */
        s0 =
-                (Td4[(t0 >> 24)       ] << 24) ^
+                (Td4[(t0 >> 24)       ] & 0xff000000) ^
-                (Td4[(t3 >> 16) & 0xff] << 16) ^
+                (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
-                (Td4[(t2 >>  8) & 0xff] <<  8) ^
+                (Td4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
-                (Td4[(t1      ) & 0xff])       ^
+                (Td4[(t1      ) & 0xff] & 0x000000ff) ^
                rk[0];
        PUTU32(out     , s0);
        s1 =
-                (Td4[(t1 >> 24)       ] << 24) ^
+                (Td4[(t1 >> 24)       ] & 0xff000000) ^
-                (Td4[(t0 >> 16) & 0xff] << 16) ^
+                (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
-                (Td4[(t3 >>  8) & 0xff] <<  8) ^
+                (Td4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
-                (Td4[(t2      ) & 0xff])       ^
+                (Td4[(t2      ) & 0xff] & 0x000000ff) ^
                rk[1];
        PUTU32(out +  4, s1);
        s2 =
-                (Td4[(t2 >> 24)       ] << 24) ^
+                (Td4[(t2 >> 24)       ] & 0xff000000) ^
-                (Td4[(t1 >> 16) & 0xff] << 16) ^
+                (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
-                (Td4[(t0 >>  8) & 0xff] <<  8) ^
+                (Td4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
-                (Td4[(t3      ) & 0xff])       ^
+                (Td4[(t3      ) & 0xff] & 0x000000ff) ^
                rk[2];
        PUTU32(out +  8, s2);
        s3 =
-                (Td4[(t3 >> 24)       ] << 24) ^
+                (Td4[(t3 >> 24)       ] & 0xff000000) ^
-                (Td4[(t2 >> 16) & 0xff] << 16) ^
+                (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
-                (Td4[(t1 >>  8) & 0xff] <<  8) ^
+                (Td4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
-                (Td4[(t0      ) & 0xff])       ^
+                (Td4[(t0      ) & 0xff] & 0x000000ff) ^
                rk[3];
        PUTU32(out + 12, s3);
 }
-#endif /* AES_ASM */
+#endif /* ndef OPENSSL_FIPS */
diff --git a/src/lib/libcrypto/aes/aes_locl.h b/src/lib/libcrypto/aes/aes_locl.h
index 054b442d41..4184729e34 100644
--- a/src/lib/libcrypto/aes/aes_locl.h
+++ b/src/lib/libcrypto/aes/aes_locl.h
@@ -62,7 +62,7 @@
 #include <stdlib.h>
 #include <string.h>
-#if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
+#if defined(_MSC_VER) && !defined(_M_IA64) && !defined(OPENSSL_SYS_WINCE)
 # define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
 # define GETU32(p) SWAP(*((u32 *)(p)))
 # define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
@@ -71,11 +71,7 @@
 # define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >>  8); (ct)[3] = (u8)(st); }
 #endif
-#ifdef AES_LONG
 typedef unsigned long u32;
-#else
-typedef unsigned int u32;
-#endif
 typedef unsigned short u16;
 typedef unsigned char u8;
diff --git a/src/lib/libcrypto/aes/aes_misc.c b/src/lib/libcrypto/aes/aes_misc.c
index 4fead1b4c7..090def25d5 100644
--- a/src/lib/libcrypto/aes/aes_misc.c
+++ b/src/lib/libcrypto/aes/aes_misc.c
@@ -53,7 +53,7 @@
 #include <openssl/aes.h>
 #include "aes_locl.h"
-const char AES_version[]="AES" OPENSSL_VERSION_PTEXT;
+const char *AES_version="AES" OPENSSL_VERSION_PTEXT;
 const char *AES_options(void) {
 #ifdef FULL_UNROLL
diff --git a/src/lib/libcrypto/aes/asm/aes-586.pl b/src/lib/libcrypto/aes/asm/aes-586.pl
index 89fa261794..688fda21ff 100644
--- a/src/lib/libcrypto/aes/asm/aes-586.pl
+++ b/src/lib/libcrypto/aes/asm/aes-586.pl
@@ -6,7 +6,7 @@
 # forms are granted according to the OpenSSL license.
 # ====================================================================
 #
-# Version 3.6.
+# Version 2.0.
 #
 # You might fail to appreciate this module performance from the first
 # try. If compared to "vanilla" linux-ia32-icc target, i.e. considered
@@ -46,68 +46,43 @@
 # Instruction Level Parallelism, and it indeed resulted in up to 15%
 # better performance on most recent �-archs...
 #
-# Third version adds AES_cbc_encrypt implementation, which resulted in
+# Current ECB performance numbers for 128-bit key in cycles per byte
-# up to 40% performance imrovement of CBC benchmark results. 40% was
+# [measure commonly used by AES benchmarkers] are:
-# observed on P4 core, where "overall" imrovement coefficient, i.e. if
-# compared to PIC generated by GCC and in CBC mode, was observed to be
-# as large as 4x:-) CBC performance is virtually identical to ECB now
-# and on some platforms even better, e.g. 17.6 "small" cycles/byte on
-# Opteron, because certain function prologues and epilogues are
-# effectively taken out of the loop...
-#
-# Version 3.2 implements compressed tables and prefetch of these tables
-# in CBC[!] mode. Former means that 3/4 of table references are now
-# misaligned, which unfortunately has negative impact on elder IA-32
-# implementations, Pentium suffered 30% penalty, PIII - 10%.
-#
-# Version 3.3 avoids L1 cache aliasing between stack frame and
-# S-boxes, and 3.4 - L1 cache aliasing even between key schedule. The
-# latter is achieved by copying the key schedule to controlled place in
-# stack. This unfortunately has rather strong impact on small block CBC
-# performance, ~2x deterioration on 16-byte block if compared to 3.3.
-#
-# Version 3.5 checks if there is L1 cache aliasing between user-supplied
-# key schedule and S-boxes and abstains from copying the former if
-# there is no. This allows end-user to consciously retain small block
-# performance by aligning key schedule in specific manner.
-#
-# Version 3.6 compresses Td4 to 256 bytes and prefetches it in ECB.
-#
-# Current ECB performance numbers for 128-bit key in CPU cycles per
-# processed byte [measure commonly used by AES benchmarkers] are:
 #
 #               small footprint         fully unrolled
-# P4            24                      22
+# P4[-3]        23[24]                  22[23]
-# AMD K8        20                      19
+# AMD K8        19                      18
-# PIII          25                      23
+# PIII          26(*)                   23
-# Pentium       81                      78
+# Pentium       63(*)                   52
+#
+# (*)   Performance difference between small footprint code and fully
+#       unrolled in more commonly used CBC mode is not as big, 7% for
+#       PIII and 15% for Pentium, which I consider tolerable.
 push(@INC,"perlasm","../../perlasm");
 require "x86asm.pl";
 &asm_init($ARGV[0],"aes-586.pl",$ARGV[$#ARGV] eq "386");
+$small_footprint=1;     # $small_footprint=1 code is ~5% slower [on
+                        # recent �-archs], but ~5 times smaller!
+                        # I favor compact code, because it minimizes
+                        # cache contention...
+$vertical_spin=0;       # shift "verticaly" defaults to 0, because of
+                        # its proof-of-concept status, see below...
 $s0="eax";
 $s1="ebx";
 $s2="ecx";
 $s3="edx";
-$key="edi";
+$key="esi";
-$acc="esi";
+$acc="edi";
-$compromise=0;          # $compromise=128 abstains from copying key
-                        # schedule to stack when encrypting inputs
-                        # shorter than 128 bytes at the cost of
-                        # risksing aliasing with S-boxes. In return
-                        # you get way better, up to +70%, small block
-                        # performance.
-$small_footprint=1;     # $small_footprint=1 code is ~5% slower [on
-                        # recent �-archs], but ~5 times smaller!
-                        # I favor compact code to minimize cache
-                        # contention and in hope to "collect" 5% back
-                        # in real-life applications...
-$vertical_spin=0;       # shift "verticaly" defaults to 0, because of
-                        # its proof-of-concept status...
+if ($vertical_spin) {
+        # I need high parts of volatile registers to be accessible...
+        $s1="esi";      $key="ebx";
+        $s2="edi";      $acc="ecx";
+}
 # Note that there is no decvert(), as well as last encryption round is
 # performed with "horizontal" shifts. This is because this "vertical"
 # implementation [one which groups shifts on a given $s[i] to form a
@@ -123,55 +98,55 @@ sub encvert()
  my $v0 = $acc, $v1 = $key;
        &mov    ($v0,$s[3]);                            # copy s3
-        &mov    (&DWP(4,"esp"),$s[2]);                  # save s2
+        &mov    (&DWP(0,"esp"),$s[2]);                  # save s2
        &mov    ($v1,$s[0]);                            # copy s0
-        &mov    (&DWP(8,"esp"),$s[1]);                  # save s1
+        &mov    (&DWP(4,"esp"),$s[1]);                  # save s1
        &movz   ($s[2],&HB($s[0]));
        &and    ($s[0],0xFF);
-        &mov    ($s[0],&DWP(0,$te,$s[0],8));            # s0>>0
+        &mov    ($s[0],&DWP(1024*0,$te,$s[0],4));       # s0>>0
        &shr    ($v1,16);
-        &mov    ($s[3],&DWP(3,$te,$s[2],8));            # s0>>8
+        &mov    ($s[3],&DWP(1024*1,$te,$s[2],4));       # s0>>8
        &movz   ($s[1],&HB($v1));
        &and    ($v1,0xFF);
-        &mov    ($s[2],&DWP(2,$te,$v1,8));              # s0>>16
+        &mov    ($s[2],&DWP(1024*2,$te,$v1,4));         # s0>>16
         &mov   ($v1,$v0);
-        &mov    ($s[1],&DWP(1,$te,$s[1],8));            # s0>>24
+        &mov    ($s[1],&DWP(1024*3,$te,$s[1],4));       # s0>>24
        &and    ($v0,0xFF);
-        &xor    ($s[3],&DWP(0,$te,$v0,8));              # s3>>0
+        &xor    ($s[3],&DWP(1024*0,$te,$v0,4));         # s3>>0
        &movz   ($v0,&HB($v1));
        &shr    ($v1,16);
-        &xor    ($s[2],&DWP(3,$te,$v0,8));              # s3>>8
+        &xor    ($s[2],&DWP(1024*1,$te,$v0,4));         # s3>>8
        &movz   ($v0,&HB($v1));
        &and    ($v1,0xFF);
-        &xor    ($s[1],&DWP(2,$te,$v1,8));              # s3>>16
+        &xor    ($s[1],&DWP(1024*2,$te,$v1,4));         # s3>>16
-         &mov   ($v1,&DWP(4,"esp"));                    # restore s2
+         &mov   ($v1,&DWP(0,"esp"));                    # restore s2
-        &xor    ($s[0],&DWP(1,$te,$v0,8));              # s3>>24
+        &xor    ($s[0],&DWP(1024*3,$te,$v0,4));         # s3>>24
        &mov    ($v0,$v1);
        &and    ($v1,0xFF);
-        &xor    ($s[2],&DWP(0,$te,$v1,8));              # s2>>0
+        &xor    ($s[2],&DWP(1024*0,$te,$v1,4));         # s2>>0
        &movz   ($v1,&HB($v0));
        &shr    ($v0,16);
-        &xor    ($s[1],&DWP(3,$te,$v1,8));              # s2>>8
+        &xor    ($s[1],&DWP(1024*1,$te,$v1,4));         # s2>>8
        &movz   ($v1,&HB($v0));
        &and    ($v0,0xFF);
-        &xor    ($s[0],&DWP(2,$te,$v0,8));              # s2>>16
+        &xor    ($s[0],&DWP(1024*2,$te,$v0,4));         # s2>>16
-         &mov   ($v0,&DWP(8,"esp"));                    # restore s1
+         &mov   ($v0,&DWP(4,"esp"));                    # restore s1
-        &xor    ($s[3],&DWP(1,$te,$v1,8));              # s2>>24
+        &xor    ($s[3],&DWP(1024*3,$te,$v1,4));         # s2>>24
        &mov    ($v1,$v0);
        &and    ($v0,0xFF);
-        &xor    ($s[1],&DWP(0,$te,$v0,8));              # s1>>0
+        &xor    ($s[1],&DWP(1024*0,$te,$v0,4));         # s1>>0
        &movz   ($v0,&HB($v1));
        &shr    ($v1,16);
-        &xor    ($s[0],&DWP(3,$te,$v0,8));              # s1>>8
+        &xor    ($s[0],&DWP(1024*1,$te,$v0,4));         # s1>>8
        &movz   ($v0,&HB($v1));
        &and    ($v1,0xFF);
-        &xor    ($s[3],&DWP(2,$te,$v1,8));              # s1>>16
+        &xor    ($s[3],&DWP(1024*2,$te,$v1,4));         # s1>>16
         &mov   ($key,&DWP(12,"esp"));                  # reincarnate v1 as key
-        &xor    ($s[2],&DWP(1,$te,$v0,8));              # s1>>24
+        &xor    ($s[2],&DWP(1024*3,$te,$v0,4));         # s1>>24
 }
 sub encstep()
@@ -185,25 +160,25 @@ sub encstep()
                        &and    ($out,0xFF);                    }
        if ($i==1)  {   &shr    ($s[0],16);                     }#%ebx[1]
        if ($i==2)  {   &shr    ($s[0],24);                     }#%ecx[2]
-                        &mov    ($out,&DWP(0,$te,$out,8));
+                        &mov    ($out,&DWP(1024*0,$te,$out,4));
        if ($i==3)  {   $tmp=$s[1];                             }##%eax
                        &movz   ($tmp,&HB($s[1]));
-                        &xor    ($out,&DWP(3,$te,$tmp,8));
+                        &xor    ($out,&DWP(1024*1,$te,$tmp,4));
-        if ($i==3)  {   $tmp=$s[2]; &mov ($s[1],&DWP(4,"esp")); }##%ebx
+        if ($i==3)  {   $tmp=$s[2]; &mov ($s[1],&DWP(0,"esp")); }##%ebx
        else        {   &mov    ($tmp,$s[2]);
                        &shr    ($tmp,16);                      }
        if ($i==2)  {   &and    ($s[1],0xFF);                   }#%edx[2]
                        &and    ($tmp,0xFF);
-                        &xor    ($out,&DWP(2,$te,$tmp,8));
+                        &xor    ($out,&DWP(1024*2,$te,$tmp,4));
-        if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }##%ecx
+        if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],&DWP(4,"esp")); }##%ecx
        elsif($i==2){   &movz   ($tmp,&HB($s[3]));              }#%ebx[2]
        else        {   &mov    ($tmp,$s[3]); 
                        &shr    ($tmp,24)                       }
-                        &xor    ($out,&DWP(1,$te,$tmp,8));
+                        &xor    ($out,&DWP(1024*3,$te,$tmp,4));
-        if ($i<2)   {   &mov    (&DWP(4+4*$i,"esp"),$out);      }
+        if ($i<2)   {   &mov    (&DWP(4*$i,"esp"),$out);        }
        if ($i==3)  {   &mov    ($s[3],$acc);                   }
                        &comment();
 }
@@ -218,49 +193,60 @@ sub enclast()
                        &and    ($out,0xFF);
        if ($i==1)  {   &shr    ($s[0],16);                     }#%ebx[1]
        if ($i==2)  {   &shr    ($s[0],24);                     }#%ecx[2]
-                        &mov    ($out,&DWP(2,$te,$out,8));
+                        &mov    ($out,&DWP(1024*0,$te,$out,4));
                        &and    ($out,0x000000ff);
        if ($i==3)  {   $tmp=$s[1];                             }##%eax
                        &movz   ($tmp,&HB($s[1]));
-                        &mov    ($tmp,&DWP(0,$te,$tmp,8));
+                        &mov    ($tmp,&DWP(0,$te,$tmp,4));
                        &and    ($tmp,0x0000ff00);
                        &xor    ($out,$tmp);
-        if ($i==3)  {   $tmp=$s[2]; &mov ($s[1],&DWP(4,"esp")); }##%ebx
+        if ($i==3)  {   $tmp=$s[2]; &mov ($s[1],&DWP(0,"esp")); }##%ebx
        else        {   mov     ($tmp,$s[2]);
                        &shr    ($tmp,16);                      }
        if ($i==2)  {   &and    ($s[1],0xFF);                   }#%edx[2]
                        &and    ($tmp,0xFF);
-                        &mov    ($tmp,&DWP(0,$te,$tmp,8));
+                        &mov    ($tmp,&DWP(0,$te,$tmp,4));
                        &and    ($tmp,0x00ff0000);
                        &xor    ($out,$tmp);
-        if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }##%ecx
+        if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],&DWP(4,"esp")); }##%ecx
        elsif($i==2){   &movz   ($tmp,&HB($s[3]));              }#%ebx[2]
        else        {   &mov    ($tmp,$s[3]);
                        &shr    ($tmp,24);                      }
-                        &mov    ($tmp,&DWP(2,$te,$tmp,8));
+                        &mov    ($tmp,&DWP(0,$te,$tmp,4));
                        &and    ($tmp,0xff000000);
                        &xor    ($out,$tmp);
-        if ($i<2)   {   &mov    (&DWP(4+4*$i,"esp"),$out);      }
+        if ($i<2)   {   &mov    (&DWP(4*$i,"esp"),$out);        }
        if ($i==3)  {   &mov    ($s[3],$acc);                   }
 }
-sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }
+# void AES_encrypt (const void *inp,void *out,const AES_KEY *key);
 &public_label("AES_Te");
-&function_begin_B("_x86_AES_encrypt");
+&function_begin("AES_encrypt");
-        if ($vertical_spin) {
+        &mov    ($acc,&wparam(0));              # load inp
-                # I need high parts of volatile registers to be accessible...
+        &mov    ($key,&wparam(2));              # load key
-                &exch   ($s1="edi",$key="ebx");
-                &mov    ($s2="esi",$acc="ecx");
+        &call   (&label("pic_point"));          # make it PIC!
-        }
+        &set_label("pic_point");
+        &blindpop("ebp");
+        &lea    ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
+        # allocate aligned stack frame
+        &mov    ($s0,"esp");
+        &sub    ("esp",20);
+        &and    ("esp",-16);
-        # note that caller is expected to allocate stack frame for me!
        &mov    (&DWP(12,"esp"),$key);          # save key
+        &mov    (&DWP(16,"esp"),$s0);           # save %esp
-        &xor    ($s0,&DWP(0,$key));             # xor with key
+        &mov    ($s0,&DWP(0,$acc));             # load input data
+        &mov    ($s1,&DWP(4,$acc));
+        &mov    ($s2,&DWP(8,$acc));
+        &mov    ($s3,&DWP(12,$acc));
+        &xor    ($s0,&DWP(0,$key));
        &xor    ($s1,&DWP(4,$key));
        &xor    ($s2,&DWP(8,$key));
        &xor    ($s3,&DWP(12,$key));
@@ -270,7 +256,7 @@ sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }
        if ($small_footprint) {
            &lea        ($acc,&DWP(-2,$acc,$acc));
            &lea        ($acc,&DWP(0,$key,$acc,8));
-            &mov        (&DWP(16,"esp"),$acc);  # end of key schedule
+            &mov        (&DWP(8,"esp"),$acc);   # end of key schedule
            &align      (4);
            &set_label("loop");
                if ($vertical_spin) {
@@ -281,12 +267,12 @@ sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }
                    &encstep(2,"ebp",$s2,$s3,$s0,$s1);
                    &encstep(3,"ebp",$s3,$s0,$s1,$s2);
                }
-                &add    ($key,16);              # advance rd_key
+                &add    ($key,16);                      # advance rd_key
                &xor    ($s0,&DWP(0,$key));
                &xor    ($s1,&DWP(4,$key));
                &xor    ($s2,&DWP(8,$key));
                &xor    ($s3,&DWP(12,$key));
-            &cmp        ($key,&DWP(16,"esp"));
+            &cmp        ($key,&DWP(8,"esp"));
            &mov        (&DWP(12,"esp"),$key);
            &jb         (&label("loop"));
        }
@@ -312,7 +298,7 @@ sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }
                &xor    ($s3,&DWP(16*$i+12,$key));
            }
            &add        ($key,32);
-            &mov        (&DWP(12,"esp"),$key);  # advance rd_key
+            &mov        (&DWP(12,"esp"),$key);          # advance rd_key
        &set_label("12rounds");
            for ($i=1;$i<3;$i++) {
                if ($vertical_spin) {
@@ -329,7 +315,7 @@ sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }
                &xor    ($s3,&DWP(16*$i+12,$key));
            }
            &add        ($key,32);
-            &mov        (&DWP(12,"esp"),$key);  # advance rd_key
+            &mov        (&DWP(12,"esp"),$key);          # advance rd_key
        &set_label("10rounds");
            for ($i=1;$i<10;$i++) {
                if ($vertical_spin) {
@@ -347,130 +333,376 @@ sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } }
            }
        }
+        &add    ("ebp",4*1024);                 # skip to Te4
        if ($vertical_spin) {
            # "reincarnate" some registers for "horizontal" spin...
-            &mov        ($s1="ebx",$key="edi");
+            &mov        ($s1="ebx",$key="esi");
-            &mov        ($s2="ecx",$acc="esi");
+            &mov        ($s2="ecx",$acc="edi");
        }
        &enclast(0,"ebp",$s0,$s1,$s2,$s3);
        &enclast(1,"ebp",$s1,$s2,$s3,$s0);
        &enclast(2,"ebp",$s2,$s3,$s0,$s1);
        &enclast(3,"ebp",$s3,$s0,$s1,$s2);
+        &mov    ("esp",&DWP(16,"esp"));         # restore %esp
        &add    ($key,$small_footprint?16:160);
        &xor    ($s0,&DWP(0,$key));
        &xor    ($s1,&DWP(4,$key));
        &xor    ($s2,&DWP(8,$key));
        &xor    ($s3,&DWP(12,$key));
-        &ret    ();
-&set_label("AES_Te",64);        # Yes! I keep it in the code segment!
-        &_data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6);
-        &_data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591);
-        &_data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56);
-        &_data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec);
-        &_data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa);
-        &_data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb);
-        &_data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45);
-        &_data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b);
-        &_data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c);
-        &_data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83);
-        &_data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9);
-        &_data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a);
-        &_data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d);
-        &_data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f);
-        &_data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df);
-        &_data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea);
-        &_data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34);
-        &_data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b);
-        &_data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d);
-        &_data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413);
-        &_data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1);
-        &_data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6);
-        &_data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972);
-        &_data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85);
-        &_data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed);
-        &_data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511);
-        &_data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe);
-        &_data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b);
-        &_data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05);
-        &_data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1);
-        &_data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142);
-        &_data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf);
-        &_data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3);
-        &_data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e);
-        &_data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a);
-        &_data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6);
-        &_data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3);
-        &_data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b);
-        &_data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428);
-        &_data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad);
-        &_data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14);
-        &_data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8);
-        &_data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4);
-        &_data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2);
-        &_data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda);
-        &_data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949);
-        &_data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf);
-        &_data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810);
-        &_data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c);
-        &_data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697);
-        &_data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e);
-        &_data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f);
-        &_data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc);
-        &_data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c);
-        &_data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969);
-        &_data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27);
-        &_data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122);
-        &_data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433);
-        &_data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9);
-        &_data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5);
-        &_data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a);
-        &_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0);
-        &_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e);
-        &_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c);
-#rcon:
-        &data_word(0x00000001, 0x00000002, 0x00000004, 0x00000008);
-        &data_word(0x00000010, 0x00000020, 0x00000040, 0x00000080);
-        &data_word(0x0000001b, 0x00000036, 0, 0, 0, 0, 0, 0);
-&function_end_B("_x86_AES_encrypt");
-# void AES_encrypt (const void *inp,void *out,const AES_KEY *key);
-&public_label("AES_Te");
-&function_begin("AES_encrypt");
-        &mov    ($acc,&wparam(0));              # load inp
-        &mov    ($key,&wparam(2));              # load key
-        &mov    ($s0,"esp");
-        &sub    ("esp",24);
-        &and    ("esp",-64);
-        &add    ("esp",4);
-        &mov    (&DWP(16,"esp"),$s0);
-        &call   (&label("pic_point"));          # make it PIC!
-        &set_label("pic_point");
-        &blindpop("ebp");
-        &lea    ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
-        &mov    ($s0,&DWP(0,$acc));             # load input data
-        &mov    ($s1,&DWP(4,$acc));
-        &mov    ($s2,&DWP(8,$acc));
-        &mov    ($s3,&DWP(12,$acc));
-        &call   ("_x86_AES_encrypt");
-        &mov    ("esp",&DWP(16,"esp"));
        &mov    ($acc,&wparam(1));              # load out
        &mov    (&DWP(0,$acc),$s0);             # write output data
        &mov    (&DWP(4,$acc),$s1);
        &mov    (&DWP(8,$acc),$s2);
        &mov    (&DWP(12,$acc),$s3);
-&function_end("AES_encrypt");
+        &pop    ("edi");
+        &pop    ("esi");
+        &pop    ("ebx");
+        &pop    ("ebp");
+        &ret    ();
+&set_label("AES_Te",64);        # Yes! I keep it in the code segment!
+        &data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6);
+        &data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591);
+        &data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56);
+        &data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec);
+        &data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa);
+        &data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb);
+        &data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45);
+        &data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b);
+        &data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c);
+        &data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83);
+        &data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9);
+        &data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a);
+        &data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d);
+        &data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f);
+        &data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df);
+        &data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea);
+        &data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34);
+        &data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b);
+        &data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d);
+        &data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413);
+        &data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1);
+        &data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6);
+        &data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972);
+        &data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85);
+        &data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed);
+        &data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511);
+        &data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe);
+        &data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b);
+        &data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05);
+        &data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1);
+        &data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142);
+        &data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf);
+        &data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3);
+        &data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e);
+        &data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a);
+        &data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6);
+        &data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3);
+        &data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b);
+        &data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428);
+        &data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad);
+        &data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14);
+        &data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8);
+        &data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4);
+        &data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2);
+        &data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda);
+        &data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949);
+        &data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf);
+        &data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810);
+        &data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c);
+        &data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697);
+        &data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e);
+        &data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f);
+        &data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc);
+        &data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c);
+        &data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969);
+        &data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27);
+        &data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122);
+        &data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433);
+        &data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9);
+        &data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5);
+        &data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a);
+        &data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0);
+        &data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e);
+        &data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c);
+#Te1:
+        &data_word(0x6363c6a5, 0x7c7cf884, 0x7777ee99, 0x7b7bf68d);
+        &data_word(0xf2f2ff0d, 0x6b6bd6bd, 0x6f6fdeb1, 0xc5c59154);
+        &data_word(0x30306050, 0x01010203, 0x6767cea9, 0x2b2b567d);
+        &data_word(0xfefee719, 0xd7d7b562, 0xabab4de6, 0x7676ec9a);
+        &data_word(0xcaca8f45, 0x82821f9d, 0xc9c98940, 0x7d7dfa87);
+        &data_word(0xfafaef15, 0x5959b2eb, 0x47478ec9, 0xf0f0fb0b);
+        &data_word(0xadad41ec, 0xd4d4b367, 0xa2a25ffd, 0xafaf45ea);
+        &data_word(0x9c9c23bf, 0xa4a453f7, 0x7272e496, 0xc0c09b5b);
+        &data_word(0xb7b775c2, 0xfdfde11c, 0x93933dae, 0x26264c6a);
+        &data_word(0x36366c5a, 0x3f3f7e41, 0xf7f7f502, 0xcccc834f);
+        &data_word(0x3434685c, 0xa5a551f4, 0xe5e5d134, 0xf1f1f908);
+        &data_word(0x7171e293, 0xd8d8ab73, 0x31316253, 0x15152a3f);
+        &data_word(0x0404080c, 0xc7c79552, 0x23234665, 0xc3c39d5e);
+        &data_word(0x18183028, 0x969637a1, 0x05050a0f, 0x9a9a2fb5);
+        &data_word(0x07070e09, 0x12122436, 0x80801b9b, 0xe2e2df3d);
+        &data_word(0xebebcd26, 0x27274e69, 0xb2b27fcd, 0x7575ea9f);
+        &data_word(0x0909121b, 0x83831d9e, 0x2c2c5874, 0x1a1a342e);
+        &data_word(0x1b1b362d, 0x6e6edcb2, 0x5a5ab4ee, 0xa0a05bfb);
+        &data_word(0x5252a4f6, 0x3b3b764d, 0xd6d6b761, 0xb3b37dce);
+        &data_word(0x2929527b, 0xe3e3dd3e, 0x2f2f5e71, 0x84841397);
+        &data_word(0x5353a6f5, 0xd1d1b968, 0x00000000, 0xededc12c);
+        &data_word(0x20204060, 0xfcfce31f, 0xb1b179c8, 0x5b5bb6ed);
+        &data_word(0x6a6ad4be, 0xcbcb8d46, 0xbebe67d9, 0x3939724b);
+        &data_word(0x4a4a94de, 0x4c4c98d4, 0x5858b0e8, 0xcfcf854a);
+        &data_word(0xd0d0bb6b, 0xefefc52a, 0xaaaa4fe5, 0xfbfbed16);
+        &data_word(0x434386c5, 0x4d4d9ad7, 0x33336655, 0x85851194);
+        &data_word(0x45458acf, 0xf9f9e910, 0x02020406, 0x7f7ffe81);
+        &data_word(0x5050a0f0, 0x3c3c7844, 0x9f9f25ba, 0xa8a84be3);
+        &data_word(0x5151a2f3, 0xa3a35dfe, 0x404080c0, 0x8f8f058a);
+        &data_word(0x92923fad, 0x9d9d21bc, 0x38387048, 0xf5f5f104);
+        &data_word(0xbcbc63df, 0xb6b677c1, 0xdadaaf75, 0x21214263);
+        &data_word(0x10102030, 0xffffe51a, 0xf3f3fd0e, 0xd2d2bf6d);
+        &data_word(0xcdcd814c, 0x0c0c1814, 0x13132635, 0xececc32f);
+        &data_word(0x5f5fbee1, 0x979735a2, 0x444488cc, 0x17172e39);
+        &data_word(0xc4c49357, 0xa7a755f2, 0x7e7efc82, 0x3d3d7a47);
+        &data_word(0x6464c8ac, 0x5d5dbae7, 0x1919322b, 0x7373e695);
+        &data_word(0x6060c0a0, 0x81811998, 0x4f4f9ed1, 0xdcdca37f);
+        &data_word(0x22224466, 0x2a2a547e, 0x90903bab, 0x88880b83);
+        &data_word(0x46468cca, 0xeeeec729, 0xb8b86bd3, 0x1414283c);
+        &data_word(0xdedea779, 0x5e5ebce2, 0x0b0b161d, 0xdbdbad76);
+        &data_word(0xe0e0db3b, 0x32326456, 0x3a3a744e, 0x0a0a141e);
+        &data_word(0x494992db, 0x06060c0a, 0x2424486c, 0x5c5cb8e4);
+        &data_word(0xc2c29f5d, 0xd3d3bd6e, 0xacac43ef, 0x6262c4a6);
+        &data_word(0x919139a8, 0x959531a4, 0xe4e4d337, 0x7979f28b);
+        &data_word(0xe7e7d532, 0xc8c88b43, 0x37376e59, 0x6d6ddab7);
+        &data_word(0x8d8d018c, 0xd5d5b164, 0x4e4e9cd2, 0xa9a949e0);
+        &data_word(0x6c6cd8b4, 0x5656acfa, 0xf4f4f307, 0xeaeacf25);
+        &data_word(0x6565caaf, 0x7a7af48e, 0xaeae47e9, 0x08081018);
+        &data_word(0xbaba6fd5, 0x7878f088, 0x25254a6f, 0x2e2e5c72);
+        &data_word(0x1c1c3824, 0xa6a657f1, 0xb4b473c7, 0xc6c69751);
+        &data_word(0xe8e8cb23, 0xdddda17c, 0x7474e89c, 0x1f1f3e21);
+        &data_word(0x4b4b96dd, 0xbdbd61dc, 0x8b8b0d86, 0x8a8a0f85);
+        &data_word(0x7070e090, 0x3e3e7c42, 0xb5b571c4, 0x6666ccaa);
+        &data_word(0x484890d8, 0x03030605, 0xf6f6f701, 0x0e0e1c12);
+        &data_word(0x6161c2a3, 0x35356a5f, 0x5757aef9, 0xb9b969d0);
+        &data_word(0x86861791, 0xc1c19958, 0x1d1d3a27, 0x9e9e27b9);
+        &data_word(0xe1e1d938, 0xf8f8eb13, 0x98982bb3, 0x11112233);
+        &data_word(0x6969d2bb, 0xd9d9a970, 0x8e8e0789, 0x949433a7);
+        &data_word(0x9b9b2db6, 0x1e1e3c22, 0x87871592, 0xe9e9c920);
+        &data_word(0xcece8749, 0x5555aaff, 0x28285078, 0xdfdfa57a);
+        &data_word(0x8c8c038f, 0xa1a159f8, 0x89890980, 0x0d0d1a17);
+        &data_word(0xbfbf65da, 0xe6e6d731, 0x424284c6, 0x6868d0b8);
+        &data_word(0x414182c3, 0x999929b0, 0x2d2d5a77, 0x0f0f1e11);
+        &data_word(0xb0b07bcb, 0x5454a8fc, 0xbbbb6dd6, 0x16162c3a);
+#Te2:
+        &data_word(0x63c6a563, 0x7cf8847c, 0x77ee9977, 0x7bf68d7b);
+        &data_word(0xf2ff0df2, 0x6bd6bd6b, 0x6fdeb16f, 0xc59154c5);
+        &data_word(0x30605030, 0x01020301, 0x67cea967, 0x2b567d2b);
+        &data_word(0xfee719fe, 0xd7b562d7, 0xab4de6ab, 0x76ec9a76);
+        &data_word(0xca8f45ca, 0x821f9d82, 0xc98940c9, 0x7dfa877d);
+        &data_word(0xfaef15fa, 0x59b2eb59, 0x478ec947, 0xf0fb0bf0);
+        &data_word(0xad41ecad, 0xd4b367d4, 0xa25ffda2, 0xaf45eaaf);
+        &data_word(0x9c23bf9c, 0xa453f7a4, 0x72e49672, 0xc09b5bc0);
+        &data_word(0xb775c2b7, 0xfde11cfd, 0x933dae93, 0x264c6a26);
+        &data_word(0x366c5a36, 0x3f7e413f, 0xf7f502f7, 0xcc834fcc);
+        &data_word(0x34685c34, 0xa551f4a5, 0xe5d134e5, 0xf1f908f1);
+        &data_word(0x71e29371, 0xd8ab73d8, 0x31625331, 0x152a3f15);
+        &data_word(0x04080c04, 0xc79552c7, 0x23466523, 0xc39d5ec3);
+        &data_word(0x18302818, 0x9637a196, 0x050a0f05, 0x9a2fb59a);
+        &data_word(0x070e0907, 0x12243612, 0x801b9b80, 0xe2df3de2);
+        &data_word(0xebcd26eb, 0x274e6927, 0xb27fcdb2, 0x75ea9f75);
+        &data_word(0x09121b09, 0x831d9e83, 0x2c58742c, 0x1a342e1a);
+        &data_word(0x1b362d1b, 0x6edcb26e, 0x5ab4ee5a, 0xa05bfba0);
+        &data_word(0x52a4f652, 0x3b764d3b, 0xd6b761d6, 0xb37dceb3);
+        &data_word(0x29527b29, 0xe3dd3ee3, 0x2f5e712f, 0x84139784);
+        &data_word(0x53a6f553, 0xd1b968d1, 0x00000000, 0xedc12ced);
+        &data_word(0x20406020, 0xfce31ffc, 0xb179c8b1, 0x5bb6ed5b);
+        &data_word(0x6ad4be6a, 0xcb8d46cb, 0xbe67d9be, 0x39724b39);
+        &data_word(0x4a94de4a, 0x4c98d44c, 0x58b0e858, 0xcf854acf);
+        &data_word(0xd0bb6bd0, 0xefc52aef, 0xaa4fe5aa, 0xfbed16fb);
+        &data_word(0x4386c543, 0x4d9ad74d, 0x33665533, 0x85119485);
+        &data_word(0x458acf45, 0xf9e910f9, 0x02040602, 0x7ffe817f);
+        &data_word(0x50a0f050, 0x3c78443c, 0x9f25ba9f, 0xa84be3a8);
+        &data_word(0x51a2f351, 0xa35dfea3, 0x4080c040, 0x8f058a8f);
+        &data_word(0x923fad92, 0x9d21bc9d, 0x38704838, 0xf5f104f5);
+        &data_word(0xbc63dfbc, 0xb677c1b6, 0xdaaf75da, 0x21426321);
+        &data_word(0x10203010, 0xffe51aff, 0xf3fd0ef3, 0xd2bf6dd2);
+        &data_word(0xcd814ccd, 0x0c18140c, 0x13263513, 0xecc32fec);
+        &data_word(0x5fbee15f, 0x9735a297, 0x4488cc44, 0x172e3917);
+        &data_word(0xc49357c4, 0xa755f2a7, 0x7efc827e, 0x3d7a473d);
+        &data_word(0x64c8ac64, 0x5dbae75d, 0x19322b19, 0x73e69573);
+        &data_word(0x60c0a060, 0x81199881, 0x4f9ed14f, 0xdca37fdc);
+        &data_word(0x22446622, 0x2a547e2a, 0x903bab90, 0x880b8388);
+        &data_word(0x468cca46, 0xeec729ee, 0xb86bd3b8, 0x14283c14);
+        &data_word(0xdea779de, 0x5ebce25e, 0x0b161d0b, 0xdbad76db);
+        &data_word(0xe0db3be0, 0x32645632, 0x3a744e3a, 0x0a141e0a);
+        &data_word(0x4992db49, 0x060c0a06, 0x24486c24, 0x5cb8e45c);
+        &data_word(0xc29f5dc2, 0xd3bd6ed3, 0xac43efac, 0x62c4a662);
+        &data_word(0x9139a891, 0x9531a495, 0xe4d337e4, 0x79f28b79);
+        &data_word(0xe7d532e7, 0xc88b43c8, 0x376e5937, 0x6ddab76d);
+        &data_word(0x8d018c8d, 0xd5b164d5, 0x4e9cd24e, 0xa949e0a9);
+        &data_word(0x6cd8b46c, 0x56acfa56, 0xf4f307f4, 0xeacf25ea);
+        &data_word(0x65caaf65, 0x7af48e7a, 0xae47e9ae, 0x08101808);
+        &data_word(0xba6fd5ba, 0x78f08878, 0x254a6f25, 0x2e5c722e);
+        &data_word(0x1c38241c, 0xa657f1a6, 0xb473c7b4, 0xc69751c6);
+        &data_word(0xe8cb23e8, 0xdda17cdd, 0x74e89c74, 0x1f3e211f);
+        &data_word(0x4b96dd4b, 0xbd61dcbd, 0x8b0d868b, 0x8a0f858a);
+        &data_word(0x70e09070, 0x3e7c423e, 0xb571c4b5, 0x66ccaa66);
+        &data_word(0x4890d848, 0x03060503, 0xf6f701f6, 0x0e1c120e);
+        &data_word(0x61c2a361, 0x356a5f35, 0x57aef957, 0xb969d0b9);
+        &data_word(0x86179186, 0xc19958c1, 0x1d3a271d, 0x9e27b99e);
+        &data_word(0xe1d938e1, 0xf8eb13f8, 0x982bb398, 0x11223311);
+        &data_word(0x69d2bb69, 0xd9a970d9, 0x8e07898e, 0x9433a794);
+        &data_word(0x9b2db69b, 0x1e3c221e, 0x87159287, 0xe9c920e9);
+        &data_word(0xce8749ce, 0x55aaff55, 0x28507828, 0xdfa57adf);
+        &data_word(0x8c038f8c, 0xa159f8a1, 0x89098089, 0x0d1a170d);
+        &data_word(0xbf65dabf, 0xe6d731e6, 0x4284c642, 0x68d0b868);
+        &data_word(0x4182c341, 0x9929b099, 0x2d5a772d, 0x0f1e110f);
+        &data_word(0xb07bcbb0, 0x54a8fc54, 0xbb6dd6bb, 0x162c3a16);
+#Te3:
+        &data_word(0xc6a56363, 0xf8847c7c, 0xee997777, 0xf68d7b7b);
+        &data_word(0xff0df2f2, 0xd6bd6b6b, 0xdeb16f6f, 0x9154c5c5);
+        &data_word(0x60503030, 0x02030101, 0xcea96767, 0x567d2b2b);
+        &data_word(0xe719fefe, 0xb562d7d7, 0x4de6abab, 0xec9a7676);
+        &data_word(0x8f45caca, 0x1f9d8282, 0x8940c9c9, 0xfa877d7d);
+        &data_word(0xef15fafa, 0xb2eb5959, 0x8ec94747, 0xfb0bf0f0);
+        &data_word(0x41ecadad, 0xb367d4d4, 0x5ffda2a2, 0x45eaafaf);
+        &data_word(0x23bf9c9c, 0x53f7a4a4, 0xe4967272, 0x9b5bc0c0);
+        &data_word(0x75c2b7b7, 0xe11cfdfd, 0x3dae9393, 0x4c6a2626);
+        &data_word(0x6c5a3636, 0x7e413f3f, 0xf502f7f7, 0x834fcccc);
+        &data_word(0x685c3434, 0x51f4a5a5, 0xd134e5e5, 0xf908f1f1);
+        &data_word(0xe2937171, 0xab73d8d8, 0x62533131, 0x2a3f1515);
+        &data_word(0x080c0404, 0x9552c7c7, 0x46652323, 0x9d5ec3c3);
+        &data_word(0x30281818, 0x37a19696, 0x0a0f0505, 0x2fb59a9a);
+        &data_word(0x0e090707, 0x24361212, 0x1b9b8080, 0xdf3de2e2);
+        &data_word(0xcd26ebeb, 0x4e692727, 0x7fcdb2b2, 0xea9f7575);
+        &data_word(0x121b0909, 0x1d9e8383, 0x58742c2c, 0x342e1a1a);
+        &data_word(0x362d1b1b, 0xdcb26e6e, 0xb4ee5a5a, 0x5bfba0a0);
+        &data_word(0xa4f65252, 0x764d3b3b, 0xb761d6d6, 0x7dceb3b3);
+        &data_word(0x527b2929, 0xdd3ee3e3, 0x5e712f2f, 0x13978484);
+        &data_word(0xa6f55353, 0xb968d1d1, 0x00000000, 0xc12ceded);
+        &data_word(0x40602020, 0xe31ffcfc, 0x79c8b1b1, 0xb6ed5b5b);
+        &data_word(0xd4be6a6a, 0x8d46cbcb, 0x67d9bebe, 0x724b3939);
+        &data_word(0x94de4a4a, 0x98d44c4c, 0xb0e85858, 0x854acfcf);
+        &data_word(0xbb6bd0d0, 0xc52aefef, 0x4fe5aaaa, 0xed16fbfb);
+        &data_word(0x86c54343, 0x9ad74d4d, 0x66553333, 0x11948585);
+        &data_word(0x8acf4545, 0xe910f9f9, 0x04060202, 0xfe817f7f);
+        &data_word(0xa0f05050, 0x78443c3c, 0x25ba9f9f, 0x4be3a8a8);
+        &data_word(0xa2f35151, 0x5dfea3a3, 0x80c04040, 0x058a8f8f);
+        &data_word(0x3fad9292, 0x21bc9d9d, 0x70483838, 0xf104f5f5);
+        &data_word(0x63dfbcbc, 0x77c1b6b6, 0xaf75dada, 0x42632121);
+        &data_word(0x20301010, 0xe51affff, 0xfd0ef3f3, 0xbf6dd2d2);
+        &data_word(0x814ccdcd, 0x18140c0c, 0x26351313, 0xc32fecec);
+        &data_word(0xbee15f5f, 0x35a29797, 0x88cc4444, 0x2e391717);
+        &data_word(0x9357c4c4, 0x55f2a7a7, 0xfc827e7e, 0x7a473d3d);
+        &data_word(0xc8ac6464, 0xbae75d5d, 0x322b1919, 0xe6957373);
+        &data_word(0xc0a06060, 0x19988181, 0x9ed14f4f, 0xa37fdcdc);
+        &data_word(0x44662222, 0x547e2a2a, 0x3bab9090, 0x0b838888);
+        &data_word(0x8cca4646, 0xc729eeee, 0x6bd3b8b8, 0x283c1414);
+        &data_word(0xa779dede, 0xbce25e5e, 0x161d0b0b, 0xad76dbdb);
+        &data_word(0xdb3be0e0, 0x64563232, 0x744e3a3a, 0x141e0a0a);
+        &data_word(0x92db4949, 0x0c0a0606, 0x486c2424, 0xb8e45c5c);
+        &data_word(0x9f5dc2c2, 0xbd6ed3d3, 0x43efacac, 0xc4a66262);
+        &data_word(0x39a89191, 0x31a49595, 0xd337e4e4, 0xf28b7979);
+        &data_word(0xd532e7e7, 0x8b43c8c8, 0x6e593737, 0xdab76d6d);
+        &data_word(0x018c8d8d, 0xb164d5d5, 0x9cd24e4e, 0x49e0a9a9);
+        &data_word(0xd8b46c6c, 0xacfa5656, 0xf307f4f4, 0xcf25eaea);
+        &data_word(0xcaaf6565, 0xf48e7a7a, 0x47e9aeae, 0x10180808);
+        &data_word(0x6fd5baba, 0xf0887878, 0x4a6f2525, 0x5c722e2e);
+        &data_word(0x38241c1c, 0x57f1a6a6, 0x73c7b4b4, 0x9751c6c6);
+        &data_word(0xcb23e8e8, 0xa17cdddd, 0xe89c7474, 0x3e211f1f);
+        &data_word(0x96dd4b4b, 0x61dcbdbd, 0x0d868b8b, 0x0f858a8a);
+        &data_word(0xe0907070, 0x7c423e3e, 0x71c4b5b5, 0xccaa6666);
+        &data_word(0x90d84848, 0x06050303, 0xf701f6f6, 0x1c120e0e);
+        &data_word(0xc2a36161, 0x6a5f3535, 0xaef95757, 0x69d0b9b9);
+        &data_word(0x17918686, 0x9958c1c1, 0x3a271d1d, 0x27b99e9e);
+        &data_word(0xd938e1e1, 0xeb13f8f8, 0x2bb39898, 0x22331111);
+        &data_word(0xd2bb6969, 0xa970d9d9, 0x07898e8e, 0x33a79494);
+        &data_word(0x2db69b9b, 0x3c221e1e, 0x15928787, 0xc920e9e9);
+        &data_word(0x8749cece, 0xaaff5555, 0x50782828, 0xa57adfdf);
+        &data_word(0x038f8c8c, 0x59f8a1a1, 0x09808989, 0x1a170d0d);
+        &data_word(0x65dabfbf, 0xd731e6e6, 0x84c64242, 0xd0b86868);
+        &data_word(0x82c34141, 0x29b09999, 0x5a772d2d, 0x1e110f0f);
+        &data_word(0x7bcbb0b0, 0xa8fc5454, 0x6dd6bbbb, 0x2c3a1616);
+#Te4:
+        &data_word(0x63636363, 0x7c7c7c7c, 0x77777777, 0x7b7b7b7b);
+        &data_word(0xf2f2f2f2, 0x6b6b6b6b, 0x6f6f6f6f, 0xc5c5c5c5);
+        &data_word(0x30303030, 0x01010101, 0x67676767, 0x2b2b2b2b);
+        &data_word(0xfefefefe, 0xd7d7d7d7, 0xabababab, 0x76767676);
+        &data_word(0xcacacaca, 0x82828282, 0xc9c9c9c9, 0x7d7d7d7d);
+        &data_word(0xfafafafa, 0x59595959, 0x47474747, 0xf0f0f0f0);
+        &data_word(0xadadadad, 0xd4d4d4d4, 0xa2a2a2a2, 0xafafafaf);
+        &data_word(0x9c9c9c9c, 0xa4a4a4a4, 0x72727272, 0xc0c0c0c0);
+        &data_word(0xb7b7b7b7, 0xfdfdfdfd, 0x93939393, 0x26262626);
+        &data_word(0x36363636, 0x3f3f3f3f, 0xf7f7f7f7, 0xcccccccc);
+        &data_word(0x34343434, 0xa5a5a5a5, 0xe5e5e5e5, 0xf1f1f1f1);
+        &data_word(0x71717171, 0xd8d8d8d8, 0x31313131, 0x15151515);
+        &data_word(0x04040404, 0xc7c7c7c7, 0x23232323, 0xc3c3c3c3);
+        &data_word(0x18181818, 0x96969696, 0x05050505, 0x9a9a9a9a);
+        &data_word(0x07070707, 0x12121212, 0x80808080, 0xe2e2e2e2);
+        &data_word(0xebebebeb, 0x27272727, 0xb2b2b2b2, 0x75757575);
+        &data_word(0x09090909, 0x83838383, 0x2c2c2c2c, 0x1a1a1a1a);
+        &data_word(0x1b1b1b1b, 0x6e6e6e6e, 0x5a5a5a5a, 0xa0a0a0a0);
+        &data_word(0x52525252, 0x3b3b3b3b, 0xd6d6d6d6, 0xb3b3b3b3);
+        &data_word(0x29292929, 0xe3e3e3e3, 0x2f2f2f2f, 0x84848484);
+        &data_word(0x53535353, 0xd1d1d1d1, 0x00000000, 0xedededed);
+        &data_word(0x20202020, 0xfcfcfcfc, 0xb1b1b1b1, 0x5b5b5b5b);
+        &data_word(0x6a6a6a6a, 0xcbcbcbcb, 0xbebebebe, 0x39393939);
+        &data_word(0x4a4a4a4a, 0x4c4c4c4c, 0x58585858, 0xcfcfcfcf);
+        &data_word(0xd0d0d0d0, 0xefefefef, 0xaaaaaaaa, 0xfbfbfbfb);
+        &data_word(0x43434343, 0x4d4d4d4d, 0x33333333, 0x85858585);
+        &data_word(0x45454545, 0xf9f9f9f9, 0x02020202, 0x7f7f7f7f);
+        &data_word(0x50505050, 0x3c3c3c3c, 0x9f9f9f9f, 0xa8a8a8a8);
+        &data_word(0x51515151, 0xa3a3a3a3, 0x40404040, 0x8f8f8f8f);
+        &data_word(0x92929292, 0x9d9d9d9d, 0x38383838, 0xf5f5f5f5);
+        &data_word(0xbcbcbcbc, 0xb6b6b6b6, 0xdadadada, 0x21212121);
+        &data_word(0x10101010, 0xffffffff, 0xf3f3f3f3, 0xd2d2d2d2);
+        &data_word(0xcdcdcdcd, 0x0c0c0c0c, 0x13131313, 0xecececec);
+        &data_word(0x5f5f5f5f, 0x97979797, 0x44444444, 0x17171717);
+        &data_word(0xc4c4c4c4, 0xa7a7a7a7, 0x7e7e7e7e, 0x3d3d3d3d);
+        &data_word(0x64646464, 0x5d5d5d5d, 0x19191919, 0x73737373);
+        &data_word(0x60606060, 0x81818181, 0x4f4f4f4f, 0xdcdcdcdc);
+        &data_word(0x22222222, 0x2a2a2a2a, 0x90909090, 0x88888888);
+        &data_word(0x46464646, 0xeeeeeeee, 0xb8b8b8b8, 0x14141414);
+        &data_word(0xdededede, 0x5e5e5e5e, 0x0b0b0b0b, 0xdbdbdbdb);
+        &data_word(0xe0e0e0e0, 0x32323232, 0x3a3a3a3a, 0x0a0a0a0a);
+        &data_word(0x49494949, 0x06060606, 0x24242424, 0x5c5c5c5c);
+        &data_word(0xc2c2c2c2, 0xd3d3d3d3, 0xacacacac, 0x62626262);
+        &data_word(0x91919191, 0x95959595, 0xe4e4e4e4, 0x79797979);
+        &data_word(0xe7e7e7e7, 0xc8c8c8c8, 0x37373737, 0x6d6d6d6d);
+        &data_word(0x8d8d8d8d, 0xd5d5d5d5, 0x4e4e4e4e, 0xa9a9a9a9);
+        &data_word(0x6c6c6c6c, 0x56565656, 0xf4f4f4f4, 0xeaeaeaea);
+        &data_word(0x65656565, 0x7a7a7a7a, 0xaeaeaeae, 0x08080808);
+        &data_word(0xbabababa, 0x78787878, 0x25252525, 0x2e2e2e2e);
+        &data_word(0x1c1c1c1c, 0xa6a6a6a6, 0xb4b4b4b4, 0xc6c6c6c6);
+        &data_word(0xe8e8e8e8, 0xdddddddd, 0x74747474, 0x1f1f1f1f);
+        &data_word(0x4b4b4b4b, 0xbdbdbdbd, 0x8b8b8b8b, 0x8a8a8a8a);
+        &data_word(0x70707070, 0x3e3e3e3e, 0xb5b5b5b5, 0x66666666);
+        &data_word(0x48484848, 0x03030303, 0xf6f6f6f6, 0x0e0e0e0e);
+        &data_word(0x61616161, 0x35353535, 0x57575757, 0xb9b9b9b9);
+        &data_word(0x86868686, 0xc1c1c1c1, 0x1d1d1d1d, 0x9e9e9e9e);
+        &data_word(0xe1e1e1e1, 0xf8f8f8f8, 0x98989898, 0x11111111);
+        &data_word(0x69696969, 0xd9d9d9d9, 0x8e8e8e8e, 0x94949494);
+        &data_word(0x9b9b9b9b, 0x1e1e1e1e, 0x87878787, 0xe9e9e9e9);
+        &data_word(0xcececece, 0x55555555, 0x28282828, 0xdfdfdfdf);
+        &data_word(0x8c8c8c8c, 0xa1a1a1a1, 0x89898989, 0x0d0d0d0d);
+        &data_word(0xbfbfbfbf, 0xe6e6e6e6, 0x42424242, 0x68686868);
+        &data_word(0x41414141, 0x99999999, 0x2d2d2d2d, 0x0f0f0f0f);
+        &data_word(0xb0b0b0b0, 0x54545454, 0xbbbbbbbb, 0x16161616);
+#rcon:
+        &data_word(0x00000001, 0x00000002, 0x00000004, 0x00000008);
+        &data_word(0x00000010, 0x00000020, 0x00000040, 0x00000080);
+        &data_word(0x0000001b, 0x00000036);
+&function_end_B("AES_encrypt");
 #------------------------------------------------------------------#
+$s0="eax";
+$s1="ebx";
+$s2="ecx";
+$s3="edx";
+$key="edi";
+$acc="esi";
 sub decstep()
 { my ($i,$td,@s) = @_;
  my $tmp = $key;
@@ -483,24 +715,24 @@ sub decstep()
        if($i==3)   {   &mov    ($key,&DWP(12,"esp"));          }
        else        {   &mov    ($out,$s[0]);                   }
                        &and    ($out,0xFF);
-                        &mov    ($out,&DWP(0,$td,$out,8));
+                        &mov    ($out,&DWP(1024*0,$td,$out,4));
        if ($i==3)  {   $tmp=$s[1];                             }
                        &movz   ($tmp,&HB($s[1]));
-                        &xor    ($out,&DWP(3,$td,$tmp,8));
+                        &xor    ($out,&DWP(1024*1,$td,$tmp,4));
        if ($i==3)  {   $tmp=$s[2]; &mov ($s[1],$acc);          }
        else        {   &mov    ($tmp,$s[2]);                   }
                        &shr    ($tmp,16);
                        &and    ($tmp,0xFF);
-                        &xor    ($out,&DWP(2,$td,$tmp,8));
+                        &xor    ($out,&DWP(1024*2,$td,$tmp,4));
-        if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }
+        if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],&DWP(4,"esp")); }
        else        {   &mov    ($tmp,$s[3]);                   }
                        &shr    ($tmp,24);
-                        &xor    ($out,&DWP(1,$td,$tmp,8));
+                        &xor    ($out,&DWP(1024*3,$td,$tmp,4));
-        if ($i<2)   {   &mov    (&DWP(4+4*$i,"esp"),$out);      }
+        if ($i<2)   {   &mov    (&DWP(4*$i,"esp"),$out);        }
-        if ($i==3)  {   &mov    ($s[3],&DWP(4,"esp"));          }
+        if ($i==3)  {   &mov    ($s[3],&DWP(0,"esp"));          }
                        &comment();
 }
@@ -512,38 +744,58 @@ sub declast()
        if($i==3)   {   &mov    ($key,&DWP(12,"esp"));          }
        else        {   &mov    ($out,$s[0]);                   }
                        &and    ($out,0xFF);
-                        &movz   ($out,&BP(2048,$td,$out,1));
+                        &mov    ($out,&DWP(0,$td,$out,4));
+                        &and    ($out,0x000000ff);
        if ($i==3)  {   $tmp=$s[1];                             }
                        &movz   ($tmp,&HB($s[1]));
-                        &movz   ($tmp,&BP(2048,$td,$tmp,1));
+                        &mov    ($tmp,&DWP(0,$td,$tmp,4));
-                        &shl    ($tmp,8);
+                        &and    ($tmp,0x0000ff00);
                        &xor    ($out,$tmp);
        if ($i==3)  {   $tmp=$s[2]; &mov ($s[1],$acc);          }
        else        {   mov     ($tmp,$s[2]);                   }
                        &shr    ($tmp,16);
                        &and    ($tmp,0xFF);
-                        &movz   ($tmp,&BP(2048,$td,$tmp,1));
+                        &mov    ($tmp,&DWP(0,$td,$tmp,4));
-                        &shl    ($tmp,16);
+                        &and    ($tmp,0x00ff0000);
                        &xor    ($out,$tmp);
-        if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }
+        if ($i==3)  {   $tmp=$s[3]; &mov ($s[2],&DWP(4,"esp")); }
        else        {   &mov    ($tmp,$s[3]);                   }
                        &shr    ($tmp,24);
-                        &movz   ($tmp,&BP(2048,$td,$tmp,1));
+                        &mov    ($tmp,&DWP(0,$td,$tmp,4));
-                        &shl    ($tmp,24);
+                        &and    ($tmp,0xff000000);
                        &xor    ($out,$tmp);
-        if ($i<2)   {   &mov    (&DWP(4+4*$i,"esp"),$out);      }
+        if ($i<2)   {   &mov    (&DWP(4*$i,"esp"),$out);        }
-        if ($i==3)  {   &mov    ($s[3],&DWP(4,"esp"));          }
+        if ($i==3)  {   &mov    ($s[3],&DWP(0,"esp"));          }
 }
+# void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
 &public_label("AES_Td");
-&function_begin_B("_x86_AES_decrypt");
+&function_begin("AES_decrypt");
-        # note that caller is expected to allocate stack frame for me!
+        &mov    ($acc,&wparam(0));              # load inp
+        &mov    ($key,&wparam(2));              # load key
+        &call   (&label("pic_point"));          # make it PIC!
+        &set_label("pic_point");
+        &blindpop("ebp");
+        &lea    ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));
+        # allocate aligned stack frame
+        &mov    ($s0,"esp");
+        &sub    ("esp",20);
+        &and    ("esp",-16);
        &mov    (&DWP(12,"esp"),$key);          # save key
+        &mov    (&DWP(16,"esp"),$s0);           # save %esp
+        &mov    ($s0,&DWP(0,$acc));             # load input data
+        &mov    ($s1,&DWP(4,$acc));
+        &mov    ($s2,&DWP(8,$acc));
+        &mov    ($s3,&DWP(12,$acc));
-        &xor    ($s0,&DWP(0,$key));             # xor with key
+        &xor    ($s0,&DWP(0,$key));
        &xor    ($s1,&DWP(4,$key));
        &xor    ($s2,&DWP(8,$key));
        &xor    ($s3,&DWP(12,$key));
@@ -553,19 +805,19 @@ sub declast()
        if ($small_footprint) {
            &lea        ($acc,&DWP(-2,$acc,$acc));
            &lea        ($acc,&DWP(0,$key,$acc,8));
-            &mov        (&DWP(16,"esp"),$acc);  # end of key schedule
+            &mov        (&DWP(8,"esp"),$acc);   # end of key schedule
            &align      (4);
            &set_label("loop");
                &decstep(0,"ebp",$s0,$s3,$s2,$s1);
                &decstep(1,"ebp",$s1,$s0,$s3,$s2);
                &decstep(2,"ebp",$s2,$s1,$s0,$s3);
                &decstep(3,"ebp",$s3,$s2,$s1,$s0);
-                &add    ($key,16);              # advance rd_key
+                &add    ($key,16);                      # advance rd_key
                &xor    ($s0,&DWP(0,$key));
                &xor    ($s1,&DWP(4,$key));
                &xor    ($s2,&DWP(8,$key));
                &xor    ($s3,&DWP(12,$key));
-            &cmp        ($key,&DWP(16,"esp"));
+            &cmp        ($key,&DWP(8,"esp"));
            &mov        (&DWP(12,"esp"),$key);
            &jb         (&label("loop"));
        }
@@ -587,7 +839,7 @@ sub declast()
                &xor    ($s3,&DWP(16*$i+12,$key));
            }
            &add        ($key,32);
-            &mov        (&DWP(12,"esp"),$key);  # advance rd_key
+            &mov        (&DWP(12,"esp"),$key);          # advance rd_key
        &set_label("12rounds");
            for ($i=1;$i<3;$i++) {
                &decstep(0,"ebp",$s0,$s3,$s2,$s1);
@@ -600,7 +852,7 @@ sub declast()
                &xor    ($s3,&DWP(16*$i+12,$key));
            }
            &add        ($key,32);
-            &mov        (&DWP(12,"esp"),$key);  # advance rd_key
+            &mov        (&DWP(12,"esp"),$key);          # advance rd_key
        &set_label("10rounds");
            for ($i=1;$i<10;$i++) {
                &decstep(0,"ebp",$s0,$s3,$s2,$s1);
@@ -614,627 +866,382 @@ sub declast()
            }
        }
+        &add    ("ebp",4*1024);                 # skip to Te4
        &declast(0,"ebp",$s0,$s3,$s2,$s1);
        &declast(1,"ebp",$s1,$s0,$s3,$s2);
        &declast(2,"ebp",$s2,$s1,$s0,$s3);
        &declast(3,"ebp",$s3,$s2,$s1,$s0);
+        &mov    ("esp",&DWP(16,"esp"));         # restore %esp
        &add    ($key,$small_footprint?16:160);
        &xor    ($s0,&DWP(0,$key));
        &xor    ($s1,&DWP(4,$key));
        &xor    ($s2,&DWP(8,$key));
        &xor    ($s3,&DWP(12,$key));
-        &ret    ();
+        &mov    ($key,&wparam(1));              # load out
+        &mov    (&DWP(0,$key),$s0);             # write output data
-&set_label("AES_Td",64);        # Yes! I keep it in the code segment!
-        &_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a);
-        &_data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b);
-        &_data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5);
-        &_data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5);
-        &_data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d);
-        &_data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b);
-        &_data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295);
-        &_data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e);
-        &_data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927);
-        &_data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d);
-        &_data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362);
-        &_data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9);
-        &_data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52);
-        &_data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566);
-        &_data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3);
-        &_data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed);
-        &_data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e);
-        &_data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4);
-        &_data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4);
-        &_data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd);
-        &_data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d);
-        &_data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060);
-        &_data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967);
-        &_data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879);
-        &_data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000);
-        &_data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c);
-        &_data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36);
-        &_data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624);
-        &_data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b);
-        &_data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c);
-        &_data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12);
-        &_data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14);
-        &_data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3);
-        &_data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b);
-        &_data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8);
-        &_data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684);
-        &_data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7);
-        &_data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177);
-        &_data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947);
-        &_data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322);
-        &_data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498);
-        &_data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f);
-        &_data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54);
-        &_data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382);
-        &_data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf);
-        &_data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb);
-        &_data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83);
-        &_data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef);
-        &_data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029);
-        &_data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235);
-        &_data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733);
-        &_data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117);
-        &_data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4);
-        &_data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546);
-        &_data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb);
-        &_data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d);
-        &_data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb);
-        &_data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a);
-        &_data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773);
-        &_data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478);
-        &_data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2);
-        &_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff);
-        &_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664);
-        &_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0);
-#Td4:
-        &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38);
-        &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb);
-        &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87);
-        &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb);
-        &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d);
-        &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e);
-        &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2);
-        &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25);
-        &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16);
-        &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92);
-        &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda);
-        &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84);
-        &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a);
-        &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06);
-        &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02);
-        &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b);
-        &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea);
-        &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73);
-        &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85);
-        &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e);
-        &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89);
-        &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b);
-        &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20);
-        &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4);
-        &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31);
-        &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f);
-        &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d);
-        &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef);
-        &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0);
-        &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61);
-        &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26);
-        &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d);
-&function_end_B("_x86_AES_decrypt");
-# void AES_decrypt (const void *inp,void *out,const AES_KEY *key);
-&public_label("AES_Td");
-&function_begin("AES_decrypt");
-        &mov    ($acc,&wparam(0));              # load inp
-        &mov    ($key,&wparam(2));              # load key
-        &mov    ($s0,"esp");
-        &sub    ("esp",24);
-        &and    ("esp",-64);
-        &add    ("esp",4);
-        &mov    (&DWP(16,"esp"),$s0);
-        &call   (&label("pic_point"));          # make it PIC!
-        &set_label("pic_point");
-        &blindpop("ebp");
-        &lea    ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));
-        # prefetch Td4
-        &lea    ("ebp",&DWP(2048+128,"ebp"));
-        &mov    ($s0,&DWP(0-128,"ebp"));
-        &mov    ($s1,&DWP(32-128,"ebp"));
-        &mov    ($s2,&DWP(64-128,"ebp"));
-        &mov    ($s3,&DWP(96-128,"ebp"));
-        &mov    ($s0,&DWP(128-128,"ebp"));
-        &mov    ($s1,&DWP(160-128,"ebp"));
-        &mov    ($s2,&DWP(192-128,"ebp"));
-        &mov    ($s3,&DWP(224-128,"ebp"));
-        &lea    ("ebp",&DWP(-2048-128,"ebp"));
-        &mov    ($s0,&DWP(0,$acc));             # load input data
-        &mov    ($s1,&DWP(4,$acc));
-        &mov    ($s2,&DWP(8,$acc));
-        &mov    ($s3,&DWP(12,$acc));
-        &call   ("_x86_AES_decrypt");
-        &mov    ("esp",&DWP(16,"esp"));
-        &mov    ($acc,&wparam(1));              # load out
-        &mov    (&DWP(0,$acc),$s0);             # write output data
-        &mov    (&DWP(4,$acc),$s1);
-        &mov    (&DWP(8,$acc),$s2);
-        &mov    (&DWP(12,$acc),$s3);
-&function_end("AES_decrypt");
-# void AES_cbc_encrypt (const void char *inp, unsigned char *out,
-#                       size_t length, const AES_KEY *key,
-#                       unsigned char *ivp,const int enc);
-{
-# stack frame layout
-# -4(%esp)      0(%esp)         return address
-# 0(%esp)       4(%esp)         tmp1
-# 4(%esp)       8(%esp)         tmp2
-# 8(%esp)       12(%esp)        key
-# 12(%esp)      16(%esp)        end of key schedule
-my $_esp=&DWP(16,"esp");        #saved %esp
-my $_inp=&DWP(20,"esp");        #copy of wparam(0)
-my $_out=&DWP(24,"esp");        #copy of wparam(1)
-my $_len=&DWP(28,"esp");        #copy of wparam(2)
-my $_key=&DWP(32,"esp");        #copy of wparam(3)
-my $_ivp=&DWP(36,"esp");        #copy of wparam(4)
-my $_tmp=&DWP(40,"esp");        #volatile variable
-my $ivec=&DWP(44,"esp");        #ivec[16]
-my $aes_key=&DWP(60,"esp");     #copy of aes_key
-my $mark=&DWP(60+240,"esp");    #copy of aes_key->rounds
-&public_label("AES_Te");
-&public_label("AES_Td");
-&function_begin("AES_cbc_encrypt");
-        &mov    ($s2 eq "ecx"? $s2 : "",&wparam(2));    # load len
-        &cmp    ($s2,0);
-        &je     (&label("enc_out"));
-        &call   (&label("pic_point"));          # make it PIC!
-        &set_label("pic_point");
-        &blindpop("ebp");
-        &pushf  ();
-        &cld    ();
-        &cmp    (&wparam(5),0);
-        &je     (&label("DECRYPT"));
-        &lea    ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
-        # allocate aligned stack frame...
-        &lea    ($key,&DWP(-64-244,"esp"));
-        &and    ($key,-64);
-        # ... and make sure it doesn't alias with AES_Te modulo 4096
-        &mov    ($s0,"ebp");
-        &lea    ($s1,&DWP(2048,"ebp"));
-        &mov    ($s3,$key);
-        &and    ($s0,0xfff);            # s = %ebp&0xfff
-        &and    ($s1,0xfff);            # e = (%ebp+2048)&0xfff
-        &and    ($s3,0xfff);            # p = %esp&0xfff
-        &cmp    ($s3,$s1);              # if (p>=e) %esp =- (p-e);
-        &jb     (&label("te_break_out"));
-        &sub    ($s3,$s1);
-        &sub    ($key,$s3);
-        &jmp    (&label("te_ok"));
-        &set_label("te_break_out");     # else %esp -= (p-s)&0xfff + framesz;
-        &sub    ($s3,$s0);
-        &and    ($s3,0xfff);
-        &add    ($s3,64+256);
-        &sub    ($key,$s3);
-        &align  (4);
-        &set_label("te_ok");
-        &mov    ($s0,&wparam(0));       # load inp
-        &mov    ($s1,&wparam(1));       # load out
-        &mov    ($s3,&wparam(3));       # load key
-        &mov    ($acc,&wparam(4));      # load ivp
-        &exch   ("esp",$key);
-        &add    ("esp",4);              # reserve for return address!
-        &mov    ($_esp,$key);           # save %esp
-        &mov    ($_inp,$s0);            # save copy of inp
-        &mov    ($_out,$s1);            # save copy of out
-        &mov    ($_len,$s2);            # save copy of len
-        &mov    ($_key,$s3);            # save copy of key
-        &mov    ($_ivp,$acc);           # save copy of ivp
-        &mov    ($mark,0);              # copy of aes_key->rounds = 0;
-        if ($compromise) {
-                &cmp    ($s2,$compromise);
-                &jb     (&label("skip_ecopy"));
-        }
-        # do we copy key schedule to stack?
-        &mov    ($s1 eq "ebx" ? $s1 : "",$s3);
-        &mov    ($s2 eq "ecx" ? $s2 : "",244/4);
-        &sub    ($s1,"ebp");
-        &mov    ("esi",$s3);
-        &and    ($s1,0xfff);
-        &lea    ("edi",$aes_key);
-        &cmp    ($s1,2048);
-        &jb     (&label("do_ecopy"));
-        &cmp    ($s1,4096-244);
-        &jb     (&label("skip_ecopy"));
-        &align  (4);
-        &set_label("do_ecopy");
-                &mov    ($_key,"edi");
-                &data_word(0xA5F3F689); # rep movsd
-        &set_label("skip_ecopy");
-        &mov    ($acc,$s0);
-        &mov    ($key,16);
-        &align  (4);
-        &set_label("prefetch_te");
-                &mov    ($s0,&DWP(0,"ebp"));
-                &mov    ($s1,&DWP(32,"ebp"));
-                &mov    ($s2,&DWP(64,"ebp"));
-                &mov    ($s3,&DWP(96,"ebp"));
-                &lea    ("ebp",&DWP(128,"ebp"));
-                &dec    ($key);
-        &jnz    (&label("prefetch_te"));
-        &sub    ("ebp",2048);
-        &mov    ($s2,$_len);
-        &mov    ($key,$_ivp);
-        &test   ($s2,0xFFFFFFF0);
-        &jz     (&label("enc_tail"));           # short input...
-        &mov    ($s0,&DWP(0,$key));             # load iv
-        &mov    ($s1,&DWP(4,$key));
-        &align  (4);
-        &set_label("enc_loop");
-                &mov    ($s2,&DWP(8,$key));
-                &mov    ($s3,&DWP(12,$key));
-                &xor    ($s0,&DWP(0,$acc));     # xor input data
-                &xor    ($s1,&DWP(4,$acc));
-                &xor    ($s2,&DWP(8,$acc));
-                &xor    ($s3,&DWP(12,$acc));
-                &mov    ($key,$_key);           # load key
-                &call   ("_x86_AES_encrypt");
-                &mov    ($acc,$_inp);           # load inp
-                &mov    ($key,$_out);           # load out
-                &mov    (&DWP(0,$key),$s0);     # save output data
-                &mov    (&DWP(4,$key),$s1);
-                &mov    (&DWP(8,$key),$s2);
-                &mov    (&DWP(12,$key),$s3);
-                &mov    ($s2,$_len);            # load len
-                &lea    ($acc,&DWP(16,$acc));
-                &mov    ($_inp,$acc);           # save inp
-                &lea    ($s3,&DWP(16,$key));
-                &mov    ($_out,$s3);            # save out
-                &sub    ($s2,16);
-                &test   ($s2,0xFFFFFFF0);
-                &mov    ($_len,$s2);            # save len
-        &jnz    (&label("enc_loop"));
-        &test   ($s2,15);
-        &jnz    (&label("enc_tail"));
-        &mov    ($acc,$_ivp);           # load ivp
-        &mov    ($s2,&DWP(8,$key));     # restore last dwords
-        &mov    ($s3,&DWP(12,$key));
-        &mov    (&DWP(0,$acc),$s0);     # save ivec
-        &mov    (&DWP(4,$acc),$s1);
-        &mov    (&DWP(8,$acc),$s2);
-        &mov    (&DWP(12,$acc),$s3);
-        &cmp    ($mark,0);              # was the key schedule copied?
-        &mov    ("edi",$_key);
-        &je     (&label("skip_ezero"));
-        # zero copy of key schedule
-        &mov    ("ecx",240/4);
-        &xor    ("eax","eax");
-        &align  (4);
-        &data_word(0xABF3F689); # rep stosd
-        &set_label("skip_ezero")
-        &mov    ("esp",$_esp);
-        &popf   ();
-    &set_label("enc_out");
-        &function_end_A();
-        &pushf  ();                     # kludge, never executed
-    &align      (4);
-    &set_label("enc_tail");
-        &push   ($key eq "edi" ? $key : "");    # push ivp
-        &mov    ($key,$_out);                   # load out
-        &mov    ($s1,16);
-        &sub    ($s1,$s2);
-        &cmp    ($key,$acc);                    # compare with inp
-        &je     (&label("enc_in_place"));
-        &align  (4);
-        &data_word(0xA4F3F689); # rep movsb     # copy input
-        &jmp    (&label("enc_skip_in_place"));
-    &set_label("enc_in_place");
-        &lea    ($key,&DWP(0,$key,$s2));
-    &set_label("enc_skip_in_place");
-        &mov    ($s2,$s1);
-        &xor    ($s0,$s0);
-        &align  (4);
-        &data_word(0xAAF3F689); # rep stosb     # zero tail
-        &pop    ($key);                         # pop ivp
-        &mov    ($acc,$_out);                   # output as input
-        &mov    ($s0,&DWP(0,$key));
-        &mov    ($s1,&DWP(4,$key));
-        &mov    ($_len,16);                     # len=16
-        &jmp    (&label("enc_loop"));           # one more spin...
-#----------------------------- DECRYPT -----------------------------#
-&align  (4);
-&set_label("DECRYPT");
-        &lea    ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));
-        # allocate aligned stack frame...
-        &lea    ($key,&DWP(-64-244,"esp"));
-        &and    ($key,-64);
-        # ... and make sure it doesn't alias with AES_Td modulo 4096
-        &mov    ($s0,"ebp");
-        &lea    ($s1,&DWP(2048+256,"ebp"));
-        &mov    ($s3,$key);
-        &and    ($s0,0xfff);            # s = %ebp&0xfff
-        &and    ($s1,0xfff);            # e = (%ebp+2048+256)&0xfff
-        &and    ($s3,0xfff);            # p = %esp&0xfff
-        &cmp    ($s3,$s1);              # if (p>=e) %esp =- (p-e);
-        &jb     (&label("td_break_out"));
-        &sub    ($s3,$s1);
-        &sub    ($key,$s3);
-        &jmp    (&label("td_ok"));
-        &set_label("td_break_out");     # else %esp -= (p-s)&0xfff + framesz;
-        &sub    ($s3,$s0);
-        &and    ($s3,0xfff);
-        &add    ($s3,64+256);
-        &sub    ($key,$s3);
-        &align  (4);
-        &set_label("td_ok");
-        &mov    ($s0,&wparam(0));       # load inp
-        &mov    ($s1,&wparam(1));       # load out
-        &mov    ($s3,&wparam(3));       # load key
-        &mov    ($acc,&wparam(4));      # load ivp
-        &exch   ("esp",$key);
-        &add    ("esp",4);              # reserve for return address!
-        &mov    ($_esp,$key);           # save %esp
-        &mov    ($_inp,$s0);            # save copy of inp
-        &mov    ($_out,$s1);            # save copy of out
-        &mov    ($_len,$s2);            # save copy of len
-        &mov    ($_key,$s3);            # save copy of key
-        &mov    ($_ivp,$acc);           # save copy of ivp
-        &mov    ($mark,0);              # copy of aes_key->rounds = 0;
-        if ($compromise) {
-                &cmp    ($s2,$compromise);
-                &jb     (&label("skip_dcopy"));
-        }
-        # do we copy key schedule to stack?
-        &mov    ($s1 eq "ebx" ? $s1 : "",$s3);
-        &mov    ($s2 eq "ecx" ? $s2 : "",244/4);
-        &sub    ($s1,"ebp");
-        &mov    ("esi",$s3);
-        &and    ($s1,0xfff);
-        &lea    ("edi",$aes_key);
-        &cmp    ($s1,2048+256);
-        &jb     (&label("do_dcopy"));
-        &cmp    ($s1,4096-244);
-        &jb     (&label("skip_dcopy"));
-        &align  (4);
-        &set_label("do_dcopy");
-                &mov    ($_key,"edi");
-                &data_word(0xA5F3F689); # rep movsd
-        &set_label("skip_dcopy");
-        &mov    ($acc,$s0);
-        &mov    ($key,18);
-        &align  (4);
-        &set_label("prefetch_td");
-                &mov    ($s0,&DWP(0,"ebp"));
-                &mov    ($s1,&DWP(32,"ebp"));
-                &mov    ($s2,&DWP(64,"ebp"));
-                &mov    ($s3,&DWP(96,"ebp"));
-                &lea    ("ebp",&DWP(128,"ebp"));
-                &dec    ($key);
-        &jnz    (&label("prefetch_td"));
-        &sub    ("ebp",2048+256);
-        &cmp    ($acc,$_out);
-        &je     (&label("dec_in_place"));       # in-place processing...
-        &mov    ($key,$_ivp);           # load ivp
-        &mov    ($_tmp,$key);
-        &align  (4);
-        &set_label("dec_loop");
-                &mov    ($s0,&DWP(0,$acc));     # read input
-                &mov    ($s1,&DWP(4,$acc));
-                &mov    ($s2,&DWP(8,$acc));
-                &mov    ($s3,&DWP(12,$acc));
-                &mov    ($key,$_key);           # load key
-                &call   ("_x86_AES_decrypt");
-                &mov    ($key,$_tmp);           # load ivp
-                &mov    ($acc,$_len);           # load len
-                &xor    ($s0,&DWP(0,$key));     # xor iv
-                &xor    ($s1,&DWP(4,$key));
-                &xor    ($s2,&DWP(8,$key));
-                &xor    ($s3,&DWP(12,$key));
-                &sub    ($acc,16);
-                &jc     (&label("dec_partial"));
-                &mov    ($_len,$acc);           # save len
-                &mov    ($acc,$_inp);           # load inp
-                &mov    ($key,$_out);           # load out
-                &mov    (&DWP(0,$key),$s0);     # write output
-                &mov    (&DWP(4,$key),$s1);
-                &mov    (&DWP(8,$key),$s2);
-                &mov    (&DWP(12,$key),$s3);
-                &mov    ($_tmp,$acc);           # save ivp
-                &lea    ($acc,&DWP(16,$acc));
-                &mov    ($_inp,$acc);           # save inp
-                &lea    ($key,&DWP(16,$key));
-                &mov    ($_out,$key);           # save out
-        &jnz    (&label("dec_loop"));
-        &mov    ($key,$_tmp);           # load temp ivp
-    &set_label("dec_end");
-        &mov    ($acc,$_ivp);           # load user ivp
-        &mov    ($s0,&DWP(0,$key));     # load iv
-        &mov    ($s1,&DWP(4,$key));
-        &mov    ($s2,&DWP(8,$key));
-        &mov    ($s3,&DWP(12,$key));
-        &mov    (&DWP(0,$acc),$s0);     # copy back to user
-        &mov    (&DWP(4,$acc),$s1);
-        &mov    (&DWP(8,$acc),$s2);
-        &mov    (&DWP(12,$acc),$s3);
-        &jmp    (&label("dec_out"));
-    &align      (4);
-    &set_label("dec_partial");
-        &lea    ($key,$ivec);
-        &mov    (&DWP(0,$key),$s0);     # dump output to stack
        &mov    (&DWP(4,$key),$s1);
        &mov    (&DWP(8,$key),$s2);
        &mov    (&DWP(12,$key),$s3);
-        &lea    ($s2 eq "ecx" ? $s2 : "",&DWP(16,$acc));
-        &mov    ($acc eq "esi" ? $acc : "",$key);
-        &mov    ($key eq "edi" ? $key : "",$_out);      # load out
-        &data_word(0xA4F3F689); # rep movsb             # copy output
-        &mov    ($key,$_inp);                           # use inp as temp ivp
-        &jmp    (&label("dec_end"));
-    &align      (4);
-    &set_label("dec_in_place");
-        &set_label("dec_in_place_loop");
-                &lea    ($key,$ivec);
-                &mov    ($s0,&DWP(0,$acc));     # read input
-                &mov    ($s1,&DWP(4,$acc));
-                &mov    ($s2,&DWP(8,$acc));
-                &mov    ($s3,&DWP(12,$acc));
-                &mov    (&DWP(0,$key),$s0);     # copy to temp
-                &mov    (&DWP(4,$key),$s1);
-                &mov    (&DWP(8,$key),$s2);
-                &mov    (&DWP(12,$key),$s3);
-                &mov    ($key,$_key);           # load key
-                &call   ("_x86_AES_decrypt");
-                &mov    ($key,$_ivp);           # load ivp
-                &mov    ($acc,$_out);           # load out
-                &xor    ($s0,&DWP(0,$key));     # xor iv
-                &xor    ($s1,&DWP(4,$key));
-                &xor    ($s2,&DWP(8,$key));
-                &xor    ($s3,&DWP(12,$key));
-                &mov    (&DWP(0,$acc),$s0);     # write output
+        &pop    ("edi");
-                &mov    (&DWP(4,$acc),$s1);
+        &pop    ("esi");
-                &mov    (&DWP(8,$acc),$s2);
+        &pop    ("ebx");
-                &mov    (&DWP(12,$acc),$s3);
+        &pop    ("ebp");
+        &ret    ();
-                &lea    ($acc,&DWP(16,$acc));
-                &mov    ($_out,$acc);           # save out
-                &lea    ($acc,$ivec);
-                &mov    ($s0,&DWP(0,$acc));     # read temp
-                &mov    ($s1,&DWP(4,$acc));
-                &mov    ($s2,&DWP(8,$acc));
-                &mov    ($s3,&DWP(12,$acc));
-                &mov    (&DWP(0,$key),$s0);     # copy iv
-                &mov    (&DWP(4,$key),$s1);
-                &mov    (&DWP(8,$key),$s2);
-                &mov    (&DWP(12,$key),$s3);
-                &mov    ($acc,$_inp);           # load inp
-                &lea    ($acc,&DWP(16,$acc));
-                &mov    ($_inp,$acc);           # save inp
-                &mov    ($s2,$_len);            # load len
-                &sub    ($s2,16);
-                &jc     (&label("dec_in_place_partial"));
-                &mov    ($_len,$s2);            # save len
-        &jnz    (&label("dec_in_place_loop"));
-        &jmp    (&label("dec_out"));
-    &align      (4);
-    &set_label("dec_in_place_partial");
-        # one can argue if this is actually required...
-        &mov    ($key eq "edi" ? $key : "",$_out);
-        &lea    ($acc eq "esi" ? $acc : "",$ivec);
-        &lea    ($key,&DWP(0,$key,$s2));
-        &lea    ($acc,&DWP(16,$acc,$s2));
-        &neg    ($s2 eq "ecx" ? $s2 : "");
-        &data_word(0xA4F3F689); # rep movsb     # restore tail
-    &align      (4);
-    &set_label("dec_out");
-    &cmp        ($mark,0);              # was the key schedule copied?
-    &mov        ("edi",$_key);
-    &je         (&label("skip_dzero"));
-    # zero copy of key schedule
-    &mov        ("ecx",240/4);
-    &xor        ("eax","eax");
-    &align      (4);
-    &data_word(0xABF3F689);     # rep stosd
-    &set_label("skip_dzero")
-    &mov        ("esp",$_esp);
-    &popf       ();
-&function_end("AES_cbc_encrypt");
-}
-#------------------------------------------------------------------#
+&set_label("AES_Td",64);        # Yes! I keep it in the code segment!
+        &data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a);
+        &data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b);
+        &data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5);
+        &data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5);
+        &data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d);
+        &data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b);
+        &data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295);
+        &data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e);
+        &data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927);
+        &data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d);
+        &data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362);
+        &data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9);
+        &data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52);
+        &data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566);
+        &data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3);
+        &data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed);
+        &data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e);
+        &data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4);
+        &data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4);
+        &data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd);
+        &data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d);
+        &data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060);
+        &data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967);
+        &data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879);
+        &data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000);
+        &data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c);
+        &data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36);
+        &data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624);
+        &data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b);
+        &data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c);
+        &data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12);
+        &data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14);
+        &data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3);
+        &data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b);
+        &data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8);
+        &data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684);
+        &data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7);
+        &data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177);
+        &data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947);
+        &data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322);
+        &data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498);
+        &data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f);
+        &data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54);
+        &data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382);
+        &data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf);
+        &data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb);
+        &data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83);
+        &data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef);
+        &data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029);
+        &data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235);
+        &data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733);
+        &data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117);
+        &data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4);
+        &data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546);
+        &data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb);
+        &data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d);
+        &data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb);
+        &data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a);
+        &data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773);
+        &data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478);
+        &data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2);
+        &data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff);
+        &data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664);
+        &data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0);
+#Td1:
+        &data_word(0xa7f45150, 0x65417e53, 0xa4171ac3, 0x5e273a96);
+        &data_word(0x6bab3bcb, 0x459d1ff1, 0x58faacab, 0x03e34b93);
+        &data_word(0xfa302055, 0x6d76adf6, 0x76cc8891, 0x4c02f525);
+        &data_word(0xd7e54ffc, 0xcb2ac5d7, 0x44352680, 0xa362b58f);
+        &data_word(0x5ab1de49, 0x1bba2567, 0x0eea4598, 0xc0fe5de1);
+        &data_word(0x752fc302, 0xf04c8112, 0x97468da3, 0xf9d36bc6);
+        &data_word(0x5f8f03e7, 0x9c921595, 0x7a6dbfeb, 0x595295da);
+        &data_word(0x83bed42d, 0x217458d3, 0x69e04929, 0xc8c98e44);
+        &data_word(0x89c2756a, 0x798ef478, 0x3e58996b, 0x71b927dd);
+        &data_word(0x4fe1beb6, 0xad88f017, 0xac20c966, 0x3ace7db4);
+        &data_word(0x4adf6318, 0x311ae582, 0x33519760, 0x7f536245);
+        &data_word(0x7764b1e0, 0xae6bbb84, 0xa081fe1c, 0x2b08f994);
+        &data_word(0x68487058, 0xfd458f19, 0x6cde9487, 0xf87b52b7);
+        &data_word(0xd373ab23, 0x024b72e2, 0x8f1fe357, 0xab55662a);
+        &data_word(0x28ebb207, 0xc2b52f03, 0x7bc5869a, 0x0837d3a5);
+        &data_word(0x872830f2, 0xa5bf23b2, 0x6a0302ba, 0x8216ed5c);
+        &data_word(0x1ccf8a2b, 0xb479a792, 0xf207f3f0, 0xe2694ea1);
+        &data_word(0xf4da65cd, 0xbe0506d5, 0x6234d11f, 0xfea6c48a);
+        &data_word(0x532e349d, 0x55f3a2a0, 0xe18a0532, 0xebf6a475);
+        &data_word(0xec830b39, 0xef6040aa, 0x9f715e06, 0x106ebd51);
+        &data_word(0x8a213ef9, 0x06dd963d, 0x053eddae, 0xbde64d46);
+        &data_word(0x8d5491b5, 0x5dc47105, 0xd406046f, 0x155060ff);
+        &data_word(0xfb981924, 0xe9bdd697, 0x434089cc, 0x9ed96777);
+        &data_word(0x42e8b0bd, 0x8b890788, 0x5b19e738, 0xeec879db);
+        &data_word(0x0a7ca147, 0x0f427ce9, 0x1e84f8c9, 0x00000000);
+        &data_word(0x86800983, 0xed2b3248, 0x70111eac, 0x725a6c4e);
+        &data_word(0xff0efdfb, 0x38850f56, 0xd5ae3d1e, 0x392d3627);
+        &data_word(0xd90f0a64, 0xa65c6821, 0x545b9bd1, 0x2e36243a);
+        &data_word(0x670a0cb1, 0xe757930f, 0x96eeb4d2, 0x919b1b9e);
+        &data_word(0xc5c0804f, 0x20dc61a2, 0x4b775a69, 0x1a121c16);
+        &data_word(0xba93e20a, 0x2aa0c0e5, 0xe0223c43, 0x171b121d);
+        &data_word(0x0d090e0b, 0xc78bf2ad, 0xa8b62db9, 0xa91e14c8);
+        &data_word(0x19f15785, 0x0775af4c, 0xdd99eebb, 0x607fa3fd);
+        &data_word(0x2601f79f, 0xf5725cbc, 0x3b6644c5, 0x7efb5b34);
+        &data_word(0x29438b76, 0xc623cbdc, 0xfcedb668, 0xf1e4b863);
+        &data_word(0xdc31d7ca, 0x85634210, 0x22971340, 0x11c68420);
+        &data_word(0x244a857d, 0x3dbbd2f8, 0x32f9ae11, 0xa129c76d);
+        &data_word(0x2f9e1d4b, 0x30b2dcf3, 0x52860dec, 0xe3c177d0);
+        &data_word(0x16b32b6c, 0xb970a999, 0x489411fa, 0x64e94722);
+        &data_word(0x8cfca8c4, 0x3ff0a01a, 0x2c7d56d8, 0x903322ef);
+        &data_word(0x4e4987c7, 0xd138d9c1, 0xa2ca8cfe, 0x0bd49836);
+        &data_word(0x81f5a6cf, 0xde7aa528, 0x8eb7da26, 0xbfad3fa4);
+        &data_word(0x9d3a2ce4, 0x9278500d, 0xcc5f6a9b, 0x467e5462);
+        &data_word(0x138df6c2, 0xb8d890e8, 0xf7392e5e, 0xafc382f5);
+        &data_word(0x805d9fbe, 0x93d0697c, 0x2dd56fa9, 0x1225cfb3);
+        &data_word(0x99acc83b, 0x7d1810a7, 0x639ce86e, 0xbb3bdb7b);
+        &data_word(0x7826cd09, 0x18596ef4, 0xb79aec01, 0x9a4f83a8);
+        &data_word(0x6e95e665, 0xe6ffaa7e, 0xcfbc2108, 0xe815efe6);
+        &data_word(0x9be7bad9, 0x366f4ace, 0x099fead4, 0x7cb029d6);
+        &data_word(0xb2a431af, 0x233f2a31, 0x94a5c630, 0x66a235c0);
+        &data_word(0xbc4e7437, 0xca82fca6, 0xd090e0b0, 0xd8a73315);
+        &data_word(0x9804f14a, 0xdaec41f7, 0x50cd7f0e, 0xf691172f);
+        &data_word(0xd64d768d, 0xb0ef434d, 0x4daacc54, 0x0496e4df);
+        &data_word(0xb5d19ee3, 0x886a4c1b, 0x1f2cc1b8, 0x5165467f);
+        &data_word(0xea5e9d04, 0x358c015d, 0x7487fa73, 0x410bfb2e);
+        &data_word(0x1d67b35a, 0xd2db9252, 0x5610e933, 0x47d66d13);
+        &data_word(0x61d79a8c, 0x0ca1377a, 0x14f8598e, 0x3c13eb89);
+        &data_word(0x27a9ceee, 0xc961b735, 0xe51ce1ed, 0xb1477a3c);
+        &data_word(0xdfd29c59, 0x73f2553f, 0xce141879, 0x37c773bf);
+        &data_word(0xcdf753ea, 0xaafd5f5b, 0x6f3ddf14, 0xdb447886);
+        &data_word(0xf3afca81, 0xc468b93e, 0x3424382c, 0x40a3c25f);
+        &data_word(0xc31d1672, 0x25e2bc0c, 0x493c288b, 0x950dff41);
+        &data_word(0x01a83971, 0xb30c08de, 0xe4b4d89c, 0xc1566490);
+        &data_word(0x84cb7b61, 0xb632d570, 0x5c6c4874, 0x57b8d042);
+#Td2:
+        &data_word(0xf45150a7, 0x417e5365, 0x171ac3a4, 0x273a965e);
+        &data_word(0xab3bcb6b, 0x9d1ff145, 0xfaacab58, 0xe34b9303);
+        &data_word(0x302055fa, 0x76adf66d, 0xcc889176, 0x02f5254c);
+        &data_word(0xe54ffcd7, 0x2ac5d7cb, 0x35268044, 0x62b58fa3);
+        &data_word(0xb1de495a, 0xba25671b, 0xea45980e, 0xfe5de1c0);
+        &data_word(0x2fc30275, 0x4c8112f0, 0x468da397, 0xd36bc6f9);
+        &data_word(0x8f03e75f, 0x9215959c, 0x6dbfeb7a, 0x5295da59);
+        &data_word(0xbed42d83, 0x7458d321, 0xe0492969, 0xc98e44c8);
+        &data_word(0xc2756a89, 0x8ef47879, 0x58996b3e, 0xb927dd71);
+        &data_word(0xe1beb64f, 0x88f017ad, 0x20c966ac, 0xce7db43a);
+        &data_word(0xdf63184a, 0x1ae58231, 0x51976033, 0x5362457f);
+        &data_word(0x64b1e077, 0x6bbb84ae, 0x81fe1ca0, 0x08f9942b);
+        &data_word(0x48705868, 0x458f19fd, 0xde94876c, 0x7b52b7f8);
+        &data_word(0x73ab23d3, 0x4b72e202, 0x1fe3578f, 0x55662aab);
+        &data_word(0xebb20728, 0xb52f03c2, 0xc5869a7b, 0x37d3a508);
+        &data_word(0x2830f287, 0xbf23b2a5, 0x0302ba6a, 0x16ed5c82);
+        &data_word(0xcf8a2b1c, 0x79a792b4, 0x07f3f0f2, 0x694ea1e2);
+        &data_word(0xda65cdf4, 0x0506d5be, 0x34d11f62, 0xa6c48afe);
+        &data_word(0x2e349d53, 0xf3a2a055, 0x8a0532e1, 0xf6a475eb);
+        &data_word(0x830b39ec, 0x6040aaef, 0x715e069f, 0x6ebd5110);
+        &data_word(0x213ef98a, 0xdd963d06, 0x3eddae05, 0xe64d46bd);
+        &data_word(0x5491b58d, 0xc471055d, 0x06046fd4, 0x5060ff15);
+        &data_word(0x981924fb, 0xbdd697e9, 0x4089cc43, 0xd967779e);
+        &data_word(0xe8b0bd42, 0x8907888b, 0x19e7385b, 0xc879dbee);
+        &data_word(0x7ca1470a, 0x427ce90f, 0x84f8c91e, 0x00000000);
+        &data_word(0x80098386, 0x2b3248ed, 0x111eac70, 0x5a6c4e72);
+        &data_word(0x0efdfbff, 0x850f5638, 0xae3d1ed5, 0x2d362739);
+        &data_word(0x0f0a64d9, 0x5c6821a6, 0x5b9bd154, 0x36243a2e);
+        &data_word(0x0a0cb167, 0x57930fe7, 0xeeb4d296, 0x9b1b9e91);
+        &data_word(0xc0804fc5, 0xdc61a220, 0x775a694b, 0x121c161a);
+        &data_word(0x93e20aba, 0xa0c0e52a, 0x223c43e0, 0x1b121d17);
+        &data_word(0x090e0b0d, 0x8bf2adc7, 0xb62db9a8, 0x1e14c8a9);
+        &data_word(0xf1578519, 0x75af4c07, 0x99eebbdd, 0x7fa3fd60);
+        &data_word(0x01f79f26, 0x725cbcf5, 0x6644c53b, 0xfb5b347e);
+        &data_word(0x438b7629, 0x23cbdcc6, 0xedb668fc, 0xe4b863f1);
+        &data_word(0x31d7cadc, 0x63421085, 0x97134022, 0xc6842011);
+        &data_word(0x4a857d24, 0xbbd2f83d, 0xf9ae1132, 0x29c76da1);
+        &data_word(0x9e1d4b2f, 0xb2dcf330, 0x860dec52, 0xc177d0e3);
+        &data_word(0xb32b6c16, 0x70a999b9, 0x9411fa48, 0xe9472264);
+        &data_word(0xfca8c48c, 0xf0a01a3f, 0x7d56d82c, 0x3322ef90);
+        &data_word(0x4987c74e, 0x38d9c1d1, 0xca8cfea2, 0xd498360b);
+        &data_word(0xf5a6cf81, 0x7aa528de, 0xb7da268e, 0xad3fa4bf);
+        &data_word(0x3a2ce49d, 0x78500d92, 0x5f6a9bcc, 0x7e546246);
+        &data_word(0x8df6c213, 0xd890e8b8, 0x392e5ef7, 0xc382f5af);
+        &data_word(0x5d9fbe80, 0xd0697c93, 0xd56fa92d, 0x25cfb312);
+        &data_word(0xacc83b99, 0x1810a77d, 0x9ce86e63, 0x3bdb7bbb);
+        &data_word(0x26cd0978, 0x596ef418, 0x9aec01b7, 0x4f83a89a);
+        &data_word(0x95e6656e, 0xffaa7ee6, 0xbc2108cf, 0x15efe6e8);
+        &data_word(0xe7bad99b, 0x6f4ace36, 0x9fead409, 0xb029d67c);
+        &data_word(0xa431afb2, 0x3f2a3123, 0xa5c63094, 0xa235c066);
+        &data_word(0x4e7437bc, 0x82fca6ca, 0x90e0b0d0, 0xa73315d8);
+        &data_word(0x04f14a98, 0xec41f7da, 0xcd7f0e50, 0x91172ff6);
+        &data_word(0x4d768dd6, 0xef434db0, 0xaacc544d, 0x96e4df04);
+        &data_word(0xd19ee3b5, 0x6a4c1b88, 0x2cc1b81f, 0x65467f51);
+        &data_word(0x5e9d04ea, 0x8c015d35, 0x87fa7374, 0x0bfb2e41);
+        &data_word(0x67b35a1d, 0xdb9252d2, 0x10e93356, 0xd66d1347);
+        &data_word(0xd79a8c61, 0xa1377a0c, 0xf8598e14, 0x13eb893c);
+        &data_word(0xa9ceee27, 0x61b735c9, 0x1ce1ede5, 0x477a3cb1);
+        &data_word(0xd29c59df, 0xf2553f73, 0x141879ce, 0xc773bf37);
+        &data_word(0xf753eacd, 0xfd5f5baa, 0x3ddf146f, 0x447886db);
+        &data_word(0xafca81f3, 0x68b93ec4, 0x24382c34, 0xa3c25f40);
+        &data_word(0x1d1672c3, 0xe2bc0c25, 0x3c288b49, 0x0dff4195);
+        &data_word(0xa8397101, 0x0c08deb3, 0xb4d89ce4, 0x566490c1);
+        &data_word(0xcb7b6184, 0x32d570b6, 0x6c48745c, 0xb8d04257);
+#Td3:
+        &data_word(0x5150a7f4, 0x7e536541, 0x1ac3a417, 0x3a965e27);
+        &data_word(0x3bcb6bab, 0x1ff1459d, 0xacab58fa, 0x4b9303e3);
+        &data_word(0x2055fa30, 0xadf66d76, 0x889176cc, 0xf5254c02);
+        &data_word(0x4ffcd7e5, 0xc5d7cb2a, 0x26804435, 0xb58fa362);
+        &data_word(0xde495ab1, 0x25671bba, 0x45980eea, 0x5de1c0fe);
+        &data_word(0xc302752f, 0x8112f04c, 0x8da39746, 0x6bc6f9d3);
+        &data_word(0x03e75f8f, 0x15959c92, 0xbfeb7a6d, 0x95da5952);
+        &data_word(0xd42d83be, 0x58d32174, 0x492969e0, 0x8e44c8c9);
+        &data_word(0x756a89c2, 0xf478798e, 0x996b3e58, 0x27dd71b9);
+        &data_word(0xbeb64fe1, 0xf017ad88, 0xc966ac20, 0x7db43ace);
+        &data_word(0x63184adf, 0xe582311a, 0x97603351, 0x62457f53);
+        &data_word(0xb1e07764, 0xbb84ae6b, 0xfe1ca081, 0xf9942b08);
+        &data_word(0x70586848, 0x8f19fd45, 0x94876cde, 0x52b7f87b);
+        &data_word(0xab23d373, 0x72e2024b, 0xe3578f1f, 0x662aab55);
+        &data_word(0xb20728eb, 0x2f03c2b5, 0x869a7bc5, 0xd3a50837);
+        &data_word(0x30f28728, 0x23b2a5bf, 0x02ba6a03, 0xed5c8216);
+        &data_word(0x8a2b1ccf, 0xa792b479, 0xf3f0f207, 0x4ea1e269);
+        &data_word(0x65cdf4da, 0x06d5be05, 0xd11f6234, 0xc48afea6);
+        &data_word(0x349d532e, 0xa2a055f3, 0x0532e18a, 0xa475ebf6);
+        &data_word(0x0b39ec83, 0x40aaef60, 0x5e069f71, 0xbd51106e);
+        &data_word(0x3ef98a21, 0x963d06dd, 0xddae053e, 0x4d46bde6);
+        &data_word(0x91b58d54, 0x71055dc4, 0x046fd406, 0x60ff1550);
+        &data_word(0x1924fb98, 0xd697e9bd, 0x89cc4340, 0x67779ed9);
+        &data_word(0xb0bd42e8, 0x07888b89, 0xe7385b19, 0x79dbeec8);
+        &data_word(0xa1470a7c, 0x7ce90f42, 0xf8c91e84, 0x00000000);
+        &data_word(0x09838680, 0x3248ed2b, 0x1eac7011, 0x6c4e725a);
+        &data_word(0xfdfbff0e, 0x0f563885, 0x3d1ed5ae, 0x3627392d);
+        &data_word(0x0a64d90f, 0x6821a65c, 0x9bd1545b, 0x243a2e36);
+        &data_word(0x0cb1670a, 0x930fe757, 0xb4d296ee, 0x1b9e919b);
+        &data_word(0x804fc5c0, 0x61a220dc, 0x5a694b77, 0x1c161a12);
+        &data_word(0xe20aba93, 0xc0e52aa0, 0x3c43e022, 0x121d171b);
+        &data_word(0x0e0b0d09, 0xf2adc78b, 0x2db9a8b6, 0x14c8a91e);
+        &data_word(0x578519f1, 0xaf4c0775, 0xeebbdd99, 0xa3fd607f);
+        &data_word(0xf79f2601, 0x5cbcf572, 0x44c53b66, 0x5b347efb);
+        &data_word(0x8b762943, 0xcbdcc623, 0xb668fced, 0xb863f1e4);
+        &data_word(0xd7cadc31, 0x42108563, 0x13402297, 0x842011c6);
+        &data_word(0x857d244a, 0xd2f83dbb, 0xae1132f9, 0xc76da129);
+        &data_word(0x1d4b2f9e, 0xdcf330b2, 0x0dec5286, 0x77d0e3c1);
+        &data_word(0x2b6c16b3, 0xa999b970, 0x11fa4894, 0x472264e9);
+        &data_word(0xa8c48cfc, 0xa01a3ff0, 0x56d82c7d, 0x22ef9033);
+        &data_word(0x87c74e49, 0xd9c1d138, 0x8cfea2ca, 0x98360bd4);
+        &data_word(0xa6cf81f5, 0xa528de7a, 0xda268eb7, 0x3fa4bfad);
+        &data_word(0x2ce49d3a, 0x500d9278, 0x6a9bcc5f, 0x5462467e);
+        &data_word(0xf6c2138d, 0x90e8b8d8, 0x2e5ef739, 0x82f5afc3);
+        &data_word(0x9fbe805d, 0x697c93d0, 0x6fa92dd5, 0xcfb31225);
+        &data_word(0xc83b99ac, 0x10a77d18, 0xe86e639c, 0xdb7bbb3b);
+        &data_word(0xcd097826, 0x6ef41859, 0xec01b79a, 0x83a89a4f);
+        &data_word(0xe6656e95, 0xaa7ee6ff, 0x2108cfbc, 0xefe6e815);
+        &data_word(0xbad99be7, 0x4ace366f, 0xead4099f, 0x29d67cb0);
+        &data_word(0x31afb2a4, 0x2a31233f, 0xc63094a5, 0x35c066a2);
+        &data_word(0x7437bc4e, 0xfca6ca82, 0xe0b0d090, 0x3315d8a7);
+        &data_word(0xf14a9804, 0x41f7daec, 0x7f0e50cd, 0x172ff691);
+        &data_word(0x768dd64d, 0x434db0ef, 0xcc544daa, 0xe4df0496);
+        &data_word(0x9ee3b5d1, 0x4c1b886a, 0xc1b81f2c, 0x467f5165);
+        &data_word(0x9d04ea5e, 0x015d358c, 0xfa737487, 0xfb2e410b);
+        &data_word(0xb35a1d67, 0x9252d2db, 0xe9335610, 0x6d1347d6);
+        &data_word(0x9a8c61d7, 0x377a0ca1, 0x598e14f8, 0xeb893c13);
+        &data_word(0xceee27a9, 0xb735c961, 0xe1ede51c, 0x7a3cb147);
+        &data_word(0x9c59dfd2, 0x553f73f2, 0x1879ce14, 0x73bf37c7);
+        &data_word(0x53eacdf7, 0x5f5baafd, 0xdf146f3d, 0x7886db44);
+        &data_word(0xca81f3af, 0xb93ec468, 0x382c3424, 0xc25f40a3);
+        &data_word(0x1672c31d, 0xbc0c25e2, 0x288b493c, 0xff41950d);
+        &data_word(0x397101a8, 0x08deb30c, 0xd89ce4b4, 0x6490c156);
+        &data_word(0x7b6184cb, 0xd570b632, 0x48745c6c, 0xd04257b8);
+#Td4:
+        &data_word(0x52525252, 0x09090909, 0x6a6a6a6a, 0xd5d5d5d5);
+        &data_word(0x30303030, 0x36363636, 0xa5a5a5a5, 0x38383838);
+        &data_word(0xbfbfbfbf, 0x40404040, 0xa3a3a3a3, 0x9e9e9e9e);
+        &data_word(0x81818181, 0xf3f3f3f3, 0xd7d7d7d7, 0xfbfbfbfb);
+        &data_word(0x7c7c7c7c, 0xe3e3e3e3, 0x39393939, 0x82828282);
+        &data_word(0x9b9b9b9b, 0x2f2f2f2f, 0xffffffff, 0x87878787);
+        &data_word(0x34343434, 0x8e8e8e8e, 0x43434343, 0x44444444);
+        &data_word(0xc4c4c4c4, 0xdededede, 0xe9e9e9e9, 0xcbcbcbcb);
+        &data_word(0x54545454, 0x7b7b7b7b, 0x94949494, 0x32323232);
+        &data_word(0xa6a6a6a6, 0xc2c2c2c2, 0x23232323, 0x3d3d3d3d);
+        &data_word(0xeeeeeeee, 0x4c4c4c4c, 0x95959595, 0x0b0b0b0b);
+        &data_word(0x42424242, 0xfafafafa, 0xc3c3c3c3, 0x4e4e4e4e);
+        &data_word(0x08080808, 0x2e2e2e2e, 0xa1a1a1a1, 0x66666666);
+        &data_word(0x28282828, 0xd9d9d9d9, 0x24242424, 0xb2b2b2b2);
+        &data_word(0x76767676, 0x5b5b5b5b, 0xa2a2a2a2, 0x49494949);
+        &data_word(0x6d6d6d6d, 0x8b8b8b8b, 0xd1d1d1d1, 0x25252525);
+        &data_word(0x72727272, 0xf8f8f8f8, 0xf6f6f6f6, 0x64646464);
+        &data_word(0x86868686, 0x68686868, 0x98989898, 0x16161616);
+        &data_word(0xd4d4d4d4, 0xa4a4a4a4, 0x5c5c5c5c, 0xcccccccc);
+        &data_word(0x5d5d5d5d, 0x65656565, 0xb6b6b6b6, 0x92929292);
+        &data_word(0x6c6c6c6c, 0x70707070, 0x48484848, 0x50505050);
+        &data_word(0xfdfdfdfd, 0xedededed, 0xb9b9b9b9, 0xdadadada);
+        &data_word(0x5e5e5e5e, 0x15151515, 0x46464646, 0x57575757);
+        &data_word(0xa7a7a7a7, 0x8d8d8d8d, 0x9d9d9d9d, 0x84848484);
+        &data_word(0x90909090, 0xd8d8d8d8, 0xabababab, 0x00000000);
+        &data_word(0x8c8c8c8c, 0xbcbcbcbc, 0xd3d3d3d3, 0x0a0a0a0a);
+        &data_word(0xf7f7f7f7, 0xe4e4e4e4, 0x58585858, 0x05050505);
+        &data_word(0xb8b8b8b8, 0xb3b3b3b3, 0x45454545, 0x06060606);
+        &data_word(0xd0d0d0d0, 0x2c2c2c2c, 0x1e1e1e1e, 0x8f8f8f8f);
+        &data_word(0xcacacaca, 0x3f3f3f3f, 0x0f0f0f0f, 0x02020202);
+        &data_word(0xc1c1c1c1, 0xafafafaf, 0xbdbdbdbd, 0x03030303);
+        &data_word(0x01010101, 0x13131313, 0x8a8a8a8a, 0x6b6b6b6b);
+        &data_word(0x3a3a3a3a, 0x91919191, 0x11111111, 0x41414141);
+        &data_word(0x4f4f4f4f, 0x67676767, 0xdcdcdcdc, 0xeaeaeaea);
+        &data_word(0x97979797, 0xf2f2f2f2, 0xcfcfcfcf, 0xcececece);
+        &data_word(0xf0f0f0f0, 0xb4b4b4b4, 0xe6e6e6e6, 0x73737373);
+        &data_word(0x96969696, 0xacacacac, 0x74747474, 0x22222222);
+        &data_word(0xe7e7e7e7, 0xadadadad, 0x35353535, 0x85858585);
+        &data_word(0xe2e2e2e2, 0xf9f9f9f9, 0x37373737, 0xe8e8e8e8);
+        &data_word(0x1c1c1c1c, 0x75757575, 0xdfdfdfdf, 0x6e6e6e6e);
+        &data_word(0x47474747, 0xf1f1f1f1, 0x1a1a1a1a, 0x71717171);
+        &data_word(0x1d1d1d1d, 0x29292929, 0xc5c5c5c5, 0x89898989);
+        &data_word(0x6f6f6f6f, 0xb7b7b7b7, 0x62626262, 0x0e0e0e0e);
+        &data_word(0xaaaaaaaa, 0x18181818, 0xbebebebe, 0x1b1b1b1b);
+        &data_word(0xfcfcfcfc, 0x56565656, 0x3e3e3e3e, 0x4b4b4b4b);
+        &data_word(0xc6c6c6c6, 0xd2d2d2d2, 0x79797979, 0x20202020);
+        &data_word(0x9a9a9a9a, 0xdbdbdbdb, 0xc0c0c0c0, 0xfefefefe);
+        &data_word(0x78787878, 0xcdcdcdcd, 0x5a5a5a5a, 0xf4f4f4f4);
+        &data_word(0x1f1f1f1f, 0xdddddddd, 0xa8a8a8a8, 0x33333333);
+        &data_word(0x88888888, 0x07070707, 0xc7c7c7c7, 0x31313131);
+        &data_word(0xb1b1b1b1, 0x12121212, 0x10101010, 0x59595959);
+        &data_word(0x27272727, 0x80808080, 0xecececec, 0x5f5f5f5f);
+        &data_word(0x60606060, 0x51515151, 0x7f7f7f7f, 0xa9a9a9a9);
+        &data_word(0x19191919, 0xb5b5b5b5, 0x4a4a4a4a, 0x0d0d0d0d);
+        &data_word(0x2d2d2d2d, 0xe5e5e5e5, 0x7a7a7a7a, 0x9f9f9f9f);
+        &data_word(0x93939393, 0xc9c9c9c9, 0x9c9c9c9c, 0xefefefef);
+        &data_word(0xa0a0a0a0, 0xe0e0e0e0, 0x3b3b3b3b, 0x4d4d4d4d);
+        &data_word(0xaeaeaeae, 0x2a2a2a2a, 0xf5f5f5f5, 0xb0b0b0b0);
+        &data_word(0xc8c8c8c8, 0xebebebeb, 0xbbbbbbbb, 0x3c3c3c3c);
+        &data_word(0x83838383, 0x53535353, 0x99999999, 0x61616161);
+        &data_word(0x17171717, 0x2b2b2b2b, 0x04040404, 0x7e7e7e7e);
+        &data_word(0xbabababa, 0x77777777, 0xd6d6d6d6, 0x26262626);
+        &data_word(0xe1e1e1e1, 0x69696969, 0x14141414, 0x63636363);
+        &data_word(0x55555555, 0x21212121, 0x0c0c0c0c, 0x7d7d7d7d);
+&function_end_B("AES_decrypt");
 sub enckey()
 {
        &movz   ("esi",&LB("edx"));             # rk[i]>>0
-        &mov    ("ebx",&DWP(2,"ebp","esi",8));
+        &mov    ("ebx",&DWP(0,"ebp","esi",4));
        &movz   ("esi",&HB("edx"));             # rk[i]>>8
        &and    ("ebx",0xFF000000);
        &xor    ("eax","ebx");
-        &mov    ("ebx",&DWP(2,"ebp","esi",8));
+        &mov    ("ebx",&DWP(0,"ebp","esi",4));
        &shr    ("edx",16);
        &and    ("ebx",0x000000FF);
        &movz   ("esi",&LB("edx"));             # rk[i]>>16
        &xor    ("eax","ebx");
-        &mov    ("ebx",&DWP(0,"ebp","esi",8));
+        &mov    ("ebx",&DWP(0,"ebp","esi",4));
        &movz   ("esi",&HB("edx"));             # rk[i]>>24
        &and    ("ebx",0x0000FF00);
        &xor    ("eax","ebx");
-        &mov    ("ebx",&DWP(0,"ebp","esi",8));
+        &mov    ("ebx",&DWP(0,"ebp","esi",4));
        &and    ("ebx",0x00FF0000);
        &xor    ("eax","ebx");
-        &xor    ("eax",&DWP(2048,"ebp","ecx",4));       # rcon
+        &xor    ("eax",&DWP(1024,"ebp","ecx",4));       # rcon
 }
 # int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
@@ -1253,6 +1260,7 @@ sub enckey()
        &set_label("pic_point");
        &blindpop("ebp");
        &lea    ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
+        &add    ("ebp",1024*4);                 # skip to Te4
        &mov    ("ecx",&wparam(1));             # number of bits in key
        &cmp    ("ecx",128);
@@ -1393,23 +1401,23 @@ sub enckey()
                &mov    ("edx","eax");
                &mov    ("eax",&DWP(16,"edi"));         # rk[4]
                &movz   ("esi",&LB("edx"));             # rk[11]>>0
-                &mov    ("ebx",&DWP(2,"ebp","esi",8));
+                &mov    ("ebx",&DWP(0,"ebp","esi",4));
                &movz   ("esi",&HB("edx"));             # rk[11]>>8
                &and    ("ebx",0x000000FF);
                &xor    ("eax","ebx");
-                &mov    ("ebx",&DWP(0,"ebp","esi",8));
+                &mov    ("ebx",&DWP(0,"ebp","esi",4));
                &shr    ("edx",16);
                &and    ("ebx",0x0000FF00);
                &movz   ("esi",&LB("edx"));             # rk[11]>>16
                &xor    ("eax","ebx");
-                &mov    ("ebx",&DWP(0,"ebp","esi",8));
+                &mov    ("ebx",&DWP(0,"ebp","esi",4));
                &movz   ("esi",&HB("edx"));             # rk[11]>>24
                &and    ("ebx",0x00FF0000);
                &xor    ("eax","ebx");
-                &mov    ("ebx",&DWP(2,"ebp","esi",8));
+                &mov    ("ebx",&DWP(0,"ebp","esi",4));
                &and    ("ebx",0xFF000000);
                &xor    ("eax","ebx");
@@ -1435,23 +1443,23 @@ sub enckey()
 &function_end("AES_set_encrypt_key");
 sub deckey()
-{ my ($i,$ptr,$te,$td) = @_;
+{ my ($i,$ptr,$te4,$td) = @_;
        &mov    ("eax",&DWP($i,$ptr));
        &mov    ("edx","eax");
        &movz   ("ebx",&HB("eax"));
        &shr    ("edx",16);
        &and    ("eax",0xFF);
-        &movz   ("eax",&BP(2,$te,"eax",8));
+        &movz   ("eax",&BP(0,$te4,"eax",4));
-        &movz   ("ebx",&BP(2,$te,"ebx",8));
+        &movz   ("ebx",&BP(0,$te4,"ebx",4));
-        &mov    ("eax",&DWP(0,$td,"eax",8));
+        &mov    ("eax",&DWP(1024*0,$td,"eax",4));
-        &xor    ("eax",&DWP(3,$td,"ebx",8));
+        &xor    ("eax",&DWP(1024*1,$td,"ebx",4));
        &movz   ("ebx",&HB("edx"));
        &and    ("edx",0xFF);
-        &movz   ("edx",&BP(2,$te,"edx",8));
+        &movz   ("edx",&BP(0,$te4,"edx",4));
-        &movz   ("ebx",&BP(2,$te,"ebx",8));
+        &movz   ("ebx",&BP(0,$te4,"ebx",4));
-        &xor    ("eax",&DWP(2,$td,"edx",8));
+        &xor    ("eax",&DWP(1024*2,$td,"edx",4));
-        &xor    ("eax",&DWP(1,$td,"ebx",8));
+        &xor    ("eax",&DWP(1024*3,$td,"ebx",4));
        &mov    (&DWP($i,$ptr),"eax");
 }
@@ -1512,6 +1520,7 @@ sub deckey()
        blindpop("ebp");
        &lea    ("edi",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp"));
        &lea    ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp"));
+        &add    ("ebp",1024*4);                 # skip to Te4
        &mov    ("esi",&wparam(2));
        &mov    ("ecx",&DWP(240,"esi"));        # pull number of rounds
diff --git a/src/lib/libcrypto/asn1/Makefile b/src/lib/libcrypto/asn1/Makefile
new file mode 100644
index 0000000000..63066899d0
--- /dev/null
+++ b/src/lib/libcrypto/asn1/Makefile
@@ -0,0 +1,885 @@
+#
+# OpenSSL/crypto/asn1/Makefile
+#
+DIR=    asn1
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile README
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
+        a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c \
+        a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
+        x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_bignum.c \
+        x_long.c x_name.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
+        d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
+        t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \
+        tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
+        f_int.c f_string.c n_pkey.c \
+        f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn_mime.c \
+        asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \
+        evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c
+LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
+        a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \
+        a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
+        x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_bignum.o \
+        x_long.o x_name.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
+        d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
+        t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \
+        tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \
+        f_int.o f_string.o n_pkey.o \
+        f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o asn_mime.o \
+        asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \
+        evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o
+SRC= $(LIBSRC)
+EXHEADER=  asn1.h asn1_mac.h asn1t.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+test:   test.c
+        cc -g -I../../include -c test.c
+        cc -g -I../../include -o test test.o -L../.. -lcrypto
+pk:     pk.c
+        cc -g -I../../include -c pk.c
+        cc -g -I../../include -o pk pk.o -L../.. -lcrypto
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+a_bitstr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_bitstr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_bitstr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_bitstr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_bitstr.o: ../../include/openssl/opensslconf.h
+a_bitstr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_bitstr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_bitstr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bitstr.c
+a_bool.o: ../../e_os.h ../../include/openssl/asn1.h
+a_bool.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+a_bool.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_bool.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_bool.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_bool.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_bool.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_bool.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bool.c
+a_bytes.o: ../../e_os.h ../../include/openssl/asn1.h
+a_bytes.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_bytes.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_bytes.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_bytes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_bytes.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_bytes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_bytes.o: ../cryptlib.h a_bytes.c
+a_d2i_fp.o: ../../e_os.h ../../include/openssl/asn1.h
+a_d2i_fp.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_d2i_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_d2i_fp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_d2i_fp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_d2i_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_d2i_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_d2i_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_d2i_fp.c
+a_digest.o: ../../e_os.h ../../include/openssl/asn1.h
+a_digest.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+a_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+a_digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+a_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_digest.o: ../../include/openssl/opensslconf.h
+a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+a_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_digest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+a_digest.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_digest.c
+a_dup.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_dup.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_dup.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_dup.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_dup.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_dup.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_dup.o: ../../include/openssl/symhacks.h ../cryptlib.h a_dup.c
+a_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_enum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_enum.o: ../cryptlib.h a_enum.c
+a_gentm.o: ../../e_os.h ../../include/openssl/asn1.h
+a_gentm.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_gentm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_gentm.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_gentm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_gentm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_gentm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_gentm.o: ../cryptlib.h ../o_time.h a_gentm.c
+a_hdr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_hdr.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_hdr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_hdr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_hdr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_hdr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_hdr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_hdr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_hdr.c
+a_i2d_fp.o: ../../e_os.h ../../include/openssl/asn1.h
+a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_i2d_fp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_i2d_fp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_i2d_fp.o: ../../include/openssl/opensslconf.h
+a_i2d_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_i2d_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_i2d_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_i2d_fp.c
+a_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_int.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_int.o: ../cryptlib.h a_int.c
+a_mbstr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_mbstr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_mbstr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_mbstr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_mbstr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_mbstr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_mbstr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_mbstr.o: ../cryptlib.h a_mbstr.c
+a_meth.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_meth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_meth.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_meth.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_meth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_meth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_meth.o: ../../include/openssl/symhacks.h ../cryptlib.h a_meth.c
+a_object.o: ../../e_os.h ../../include/openssl/asn1.h
+a_object.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_object.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_object.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_object.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_object.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_object.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_object.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_object.o: ../../include/openssl/symhacks.h ../cryptlib.h a_object.c
+a_octet.o: ../../e_os.h ../../include/openssl/asn1.h
+a_octet.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_octet.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_octet.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_octet.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_octet.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_octet.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_octet.o: ../cryptlib.h a_octet.c
+a_print.o: ../../e_os.h ../../include/openssl/asn1.h
+a_print.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_print.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_print.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_print.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_print.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_print.o: ../cryptlib.h a_print.c
+a_set.o: ../../e_os.h ../../include/openssl/asn1.h
+a_set.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_set.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_set.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_set.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_set.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_set.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_set.o: ../../include/openssl/symhacks.h ../cryptlib.h a_set.c
+a_sign.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+a_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+a_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+a_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_sign.o: ../cryptlib.h a_sign.c
+a_strex.o: ../../e_os.h ../../include/openssl/asn1.h
+a_strex.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_strex.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+a_strex.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+a_strex.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+a_strex.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_strex.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_strex.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+a_strex.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_strex.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_strex.o: ../cryptlib.h a_strex.c charmap.h
+a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h
+a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_strnid.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_strnid.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_strnid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_strnid.o: ../../include/openssl/opensslconf.h
+a_strnid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_strnid.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_strnid.o: ../../include/openssl/symhacks.h ../cryptlib.h a_strnid.c
+a_time.o: ../../e_os.h ../../include/openssl/asn1.h
+a_time.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+a_time.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_time.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_time.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_time.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_time.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_time.o: ../../include/openssl/symhacks.h ../cryptlib.h ../o_time.h a_time.c
+a_type.o: ../../e_os.h ../../include/openssl/asn1.h
+a_type.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+a_type.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_type.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_type.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_type.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_type.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_type.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_type.o: ../../include/openssl/symhacks.h ../cryptlib.h a_type.c
+a_utctm.o: ../../e_os.h ../../include/openssl/asn1.h
+a_utctm.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+a_utctm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_utctm.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_utctm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_utctm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_utctm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_utctm.o: ../cryptlib.h ../o_time.h a_utctm.c
+a_utf8.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_utf8.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_utf8.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_utf8.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_utf8.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_utf8.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_utf8.o: ../../include/openssl/symhacks.h ../cryptlib.h a_utf8.c
+a_verify.o: ../../e_os.h ../../include/openssl/asn1.h
+a_verify.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_verify.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+a_verify.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+a_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+a_verify.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+a_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+a_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_verify.c
+asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+asn1_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+asn1_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+asn1_err.o: ../../include/openssl/opensslconf.h
+asn1_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_err.o: ../../include/openssl/symhacks.h asn1_err.c
+asn1_gen.o: ../../e_os.h ../../include/openssl/asn1.h
+asn1_gen.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+asn1_gen.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+asn1_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+asn1_gen.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+asn1_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+asn1_gen.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+asn1_gen.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+asn1_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_gen.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+asn1_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+asn1_gen.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+asn1_gen.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+asn1_gen.o: ../cryptlib.h asn1_gen.c
+asn1_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+asn1_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+asn1_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+asn1_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+asn1_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+asn1_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_lib.c
+asn1_par.o: ../../e_os.h ../../include/openssl/asn1.h
+asn1_par.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+asn1_par.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+asn1_par.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+asn1_par.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+asn1_par.o: ../../include/openssl/opensslconf.h
+asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_par.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_par.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_par.c
+asn_mime.o: ../../e_os.h ../../include/openssl/asn1.h
+asn_mime.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+asn_mime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+asn_mime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+asn_mime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+asn_mime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+asn_mime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+asn_mime.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+asn_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+asn_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+asn_mime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+asn_mime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+asn_mime.o: ../cryptlib.h asn_mime.c
+asn_moid.o: ../../e_os.h ../../include/openssl/asn1.h
+asn_moid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+asn_moid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+asn_moid.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+asn_moid.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+asn_moid.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+asn_moid.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+asn_moid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+asn_moid.o: ../../include/openssl/opensslconf.h
+asn_moid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn_moid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+asn_moid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+asn_moid.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+asn_moid.o: ../../include/openssl/x509_vfy.h ../cryptlib.h asn_moid.c
+asn_pack.o: ../../e_os.h ../../include/openssl/asn1.h
+asn_pack.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+asn_pack.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+asn_pack.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+asn_pack.o: ../../include/openssl/opensslconf.h
+asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn_pack.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn_pack.o: ../../include/openssl/symhacks.h ../cryptlib.h asn_pack.c
+d2i_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+d2i_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+d2i_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+d2i_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+d2i_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+d2i_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+d2i_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+d2i_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+d2i_pr.o: ../cryptlib.h d2i_pr.c
+d2i_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+d2i_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+d2i_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+d2i_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+d2i_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+d2i_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+d2i_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+d2i_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+d2i_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+d2i_pu.o: ../cryptlib.h d2i_pu.c
+evp_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_asn1.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+evp_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+evp_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+evp_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+evp_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+evp_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_asn1.c
+f_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+f_enum.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+f_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+f_enum.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+f_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+f_enum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+f_enum.o: ../../include/openssl/symhacks.h ../cryptlib.h f_enum.c
+f_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+f_int.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+f_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+f_int.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+f_int.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+f_int.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+f_int.o: ../../include/openssl/symhacks.h ../cryptlib.h f_int.c
+f_string.o: ../../e_os.h ../../include/openssl/asn1.h
+f_string.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+f_string.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+f_string.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+f_string.o: ../../include/openssl/opensslconf.h
+f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+f_string.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+f_string.o: ../../include/openssl/symhacks.h ../cryptlib.h f_string.c
+i2d_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+i2d_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+i2d_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+i2d_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+i2d_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+i2d_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+i2d_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+i2d_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+i2d_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+i2d_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+i2d_pr.o: ../cryptlib.h i2d_pr.c
+i2d_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+i2d_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+i2d_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+i2d_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+i2d_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+i2d_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+i2d_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+i2d_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+i2d_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+i2d_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+i2d_pu.o: ../cryptlib.h i2d_pu.c
+n_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+n_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/asn1t.h
+n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+n_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+n_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+n_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+n_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+n_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+n_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+n_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+n_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+n_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+n_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h n_pkey.c
+nsseq.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+nsseq.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+nsseq.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+nsseq.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+nsseq.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
+nsseq.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+nsseq.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+nsseq.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+nsseq.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+nsseq.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+nsseq.o: ../../include/openssl/x509_vfy.h nsseq.c
+p5_pbe.o: ../../e_os.h ../../include/openssl/asn1.h
+p5_pbe.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+p5_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p5_pbe.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p5_pbe.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p5_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p5_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p5_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p5_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p5_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p5_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p5_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p5_pbe.o: ../cryptlib.h p5_pbe.c
+p5_pbev2.o: ../../e_os.h ../../include/openssl/asn1.h
+p5_pbev2.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+p5_pbev2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p5_pbev2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p5_pbev2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p5_pbev2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p5_pbev2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p5_pbev2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p5_pbev2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p5_pbev2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p5_pbev2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p5_pbev2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p5_pbev2.o: ../cryptlib.h p5_pbev2.c
+p8_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+p8_pkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+p8_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p8_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p8_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p8_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p8_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p8_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p8_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p8_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p8_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p8_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p8_pkey.c
+t_bitst.o: ../../e_os.h ../../include/openssl/asn1.h
+t_bitst.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+t_bitst.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+t_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+t_bitst.o: ../cryptlib.h t_bitst.c
+t_crl.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+t_crl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_crl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+t_crl.o: ../cryptlib.h t_crl.c
+t_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+t_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_pkey.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+t_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_pkey.o: ../cryptlib.h t_pkey.c
+t_req.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_req.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+t_req.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+t_req.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+t_req.o: ../cryptlib.h t_req.c
+t_spki.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_spki.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+t_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+t_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+t_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+t_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_spki.o: ../cryptlib.h t_spki.c
+t_x509.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+t_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+t_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+t_x509.o: ../cryptlib.h t_x509.c
+t_x509a.o: ../../e_os.h ../../include/openssl/asn1.h
+t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+t_x509a.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+t_x509a.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+t_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_x509a.o: ../cryptlib.h t_x509a.c
+tasn_dec.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_dec.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+tasn_dec.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_dec.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+tasn_dec.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_dec.o: ../../include/openssl/opensslconf.h
+tasn_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_dec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_dec.o: ../../include/openssl/symhacks.h tasn_dec.c
+tasn_enc.o: ../../e_os.h ../../include/openssl/asn1.h
+tasn_enc.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+tasn_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+tasn_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+tasn_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tasn_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tasn_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h tasn_enc.c
+tasn_fre.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_fre.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+tasn_fre.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h
+tasn_fre.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tasn_fre.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_fre.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_fre.o: ../../include/openssl/symhacks.h tasn_fre.c
+tasn_new.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_new.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+tasn_new.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+tasn_new.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tasn_new.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c
+tasn_typ.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_typ.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+tasn_typ.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+tasn_typ.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_typ.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_typ.o: ../../include/openssl/symhacks.h tasn_typ.c
+tasn_utl.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_utl.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+tasn_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+tasn_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tasn_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tasn_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_utl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_utl.o: ../../include/openssl/symhacks.h tasn_utl.c
+x_algor.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+x_algor.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x_algor.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_algor.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_algor.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
+x_algor.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_algor.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_algor.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_algor.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_algor.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_algor.o: ../../include/openssl/x509_vfy.h x_algor.c
+x_attrib.o: ../../e_os.h ../../include/openssl/asn1.h
+x_attrib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_attrib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_attrib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_attrib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_attrib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_attrib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_attrib.c
+x_bignum.o: ../../e_os.h ../../include/openssl/asn1.h
+x_bignum.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_bignum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_bignum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_bignum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+x_bignum.o: ../../include/openssl/opensslconf.h
+x_bignum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_bignum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+x_bignum.o: ../../include/openssl/symhacks.h ../cryptlib.h x_bignum.c
+x_crl.o: ../../e_os.h ../../include/openssl/asn1.h
+x_crl.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_crl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_crl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_crl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_crl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_crl.c
+x_exten.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+x_exten.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x_exten.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_exten.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_exten.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
+x_exten.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_exten.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_exten.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_exten.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_exten.o: ../../include/openssl/x509_vfy.h x_exten.c
+x_info.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x_info.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_info.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_info.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_info.c
+x_long.o: ../../e_os.h ../../include/openssl/asn1.h
+x_long.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_long.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_long.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_long.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+x_long.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_long.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+x_long.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_long.o: ../cryptlib.h x_long.c
+x_name.o: ../../e_os.h ../../include/openssl/asn1.h
+x_name.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_name.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_name.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_name.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_name.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_name.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_name.c
+x_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+x_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_pkey.c
+x_pubkey.o: ../../e_os.h ../../include/openssl/asn1.h
+x_pubkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_pubkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_pubkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_pubkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_pubkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x_pubkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_pubkey.o: ../../include/openssl/opensslconf.h
+x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_pubkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+x_pubkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_pubkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_pubkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_pubkey.o: ../cryptlib.h x_pubkey.c
+x_req.o: ../../e_os.h ../../include/openssl/asn1.h
+x_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_req.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_req.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_req.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_req.c
+x_sig.o: ../../e_os.h ../../include/openssl/asn1.h
+x_sig.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_sig.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_sig.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_sig.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_sig.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_sig.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_sig.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_sig.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_sig.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_sig.c
+x_spki.o: ../../e_os.h ../../include/openssl/asn1.h
+x_spki.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_spki.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_spki.c
+x_val.o: ../../e_os.h ../../include/openssl/asn1.h
+x_val.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_val.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_val.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_val.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_val.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_val.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_val.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_val.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_val.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_val.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_val.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_val.c
+x_x509.o: ../../e_os.h ../../include/openssl/asn1.h
+x_x509.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_x509.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+x_x509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h x_x509.c
+x_x509a.o: ../../e_os.h ../../include/openssl/asn1.h
+x_x509a.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_x509a.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_x509a.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_x509a.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_x509a.c
diff --git a/src/lib/libcrypto/asn1/Makefile.ssl b/src/lib/libcrypto/asn1/Makefile.ssl
new file mode 100644
index 0000000000..cb45194d48
--- /dev/null
+++ b/src/lib/libcrypto/asn1/Makefile.ssl
@@ -0,0 +1,1152 @@
+#
+# SSLeay/crypto/asn1/Makefile
+#
+DIR=    asn1
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile README
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
+        a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c \
+        a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
+        x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_bignum.c \
+        x_long.c x_name.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
+        d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
+        t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \
+        tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
+        f_int.c f_string.c n_pkey.c \
+        f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \
+        asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \
+        evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c
+LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
+        a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \
+        a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
+        x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_bignum.o \
+        x_long.o x_name.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
+        d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
+        t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \
+        tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \
+        f_int.o f_string.o n_pkey.o \
+        f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \
+        asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \
+        evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o
+SRC= $(LIBSRC)
+EXHEADER=  asn1.h asn1_mac.h asn1t.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+test:   test.c
+        cc -g -I../../include -c test.c
+        cc -g -I../../include -o test test.o -L../.. -lcrypto
+pk:     pk.c
+        cc -g -I../../include -c pk.c
+        cc -g -I../../include -o pk pk.o -L../.. -lcrypto
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+a_bitstr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_bitstr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_bitstr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_bitstr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_bitstr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_bitstr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_bitstr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_bitstr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bitstr.c
+a_bool.o: ../../e_os.h ../../include/openssl/asn1.h
+a_bool.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+a_bool.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_bool.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_bool.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_bool.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_bool.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_bool.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_bool.o: ../cryptlib.h a_bool.c
+a_bytes.o: ../../e_os.h ../../include/openssl/asn1.h
+a_bytes.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_bytes.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_bytes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_bytes.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_bytes.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_bytes.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_bytes.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bytes.c
+a_d2i_fp.o: ../../e_os.h ../../include/openssl/asn1.h
+a_d2i_fp.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_d2i_fp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_d2i_fp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_d2i_fp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_d2i_fp.o: ../../include/openssl/opensslconf.h
+a_d2i_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_d2i_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_d2i_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_d2i_fp.c
+a_digest.o: ../../e_os.h ../../include/openssl/aes.h
+a_digest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_digest.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+a_digest.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+a_digest.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+a_digest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+a_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+a_digest.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+a_digest.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+a_digest.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+a_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_digest.o: ../../include/openssl/opensslconf.h
+a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+a_digest.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+a_digest.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+a_digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_digest.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+a_digest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_digest.o: ../cryptlib.h a_digest.c
+a_dup.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_dup.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_dup.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_dup.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_dup.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_dup.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_dup.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_dup.o: ../cryptlib.h a_dup.c
+a_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_enum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_enum.o: ../cryptlib.h a_enum.c
+a_gentm.o: ../../e_os.h ../../include/openssl/asn1.h
+a_gentm.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_gentm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_gentm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_gentm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_gentm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_gentm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_gentm.o: ../../include/openssl/symhacks.h ../cryptlib.h ../o_time.h a_gentm.c
+a_hdr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_hdr.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_hdr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_hdr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_hdr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_hdr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_hdr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_hdr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_hdr.o: ../cryptlib.h a_hdr.c
+a_i2d_fp.o: ../../e_os.h ../../include/openssl/asn1.h
+a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_i2d_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_i2d_fp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_i2d_fp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_i2d_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_i2d_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_i2d_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_i2d_fp.c
+a_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_int.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_int.o: ../cryptlib.h a_int.c
+a_mbstr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_mbstr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_mbstr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_mbstr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_mbstr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_mbstr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_mbstr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_mbstr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_mbstr.c
+a_meth.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_meth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_meth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_meth.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_meth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_meth.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_meth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_meth.o: ../cryptlib.h a_meth.c
+a_object.o: ../../e_os.h ../../include/openssl/asn1.h
+a_object.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_object.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_object.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_object.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_object.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_object.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_object.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_object.o: ../../include/openssl/symhacks.h ../cryptlib.h a_object.c
+a_octet.o: ../../e_os.h ../../include/openssl/asn1.h
+a_octet.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_octet.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_octet.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_octet.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_octet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_octet.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_octet.o: ../../include/openssl/symhacks.h ../cryptlib.h a_octet.c
+a_print.o: ../../e_os.h ../../include/openssl/asn1.h
+a_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_print.o: ../../include/openssl/symhacks.h ../cryptlib.h a_print.c
+a_set.o: ../../e_os.h ../../include/openssl/asn1.h
+a_set.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_set.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_set.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_set.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_set.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_set.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_set.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_set.o: ../cryptlib.h a_set.c
+a_sign.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+a_sign.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+a_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_sign.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+a_sign.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+a_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+a_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+a_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+a_sign.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+a_sign.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+a_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+a_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+a_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_sign.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_sign.o: ../cryptlib.h a_sign.c
+a_strex.o: ../../e_os.h ../../include/openssl/aes.h
+a_strex.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_strex.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+a_strex.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+a_strex.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+a_strex.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+a_strex.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+a_strex.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+a_strex.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+a_strex.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+a_strex.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_strex.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_strex.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+a_strex.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+a_strex.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+a_strex.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_strex.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+a_strex.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+a_strex.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_strex.c charmap.h
+a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h
+a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_strnid.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_strnid.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_strnid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_strnid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_strnid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_strnid.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_strnid.o: ../../include/openssl/symhacks.h ../cryptlib.h a_strnid.c
+a_time.o: ../../e_os.h ../../include/openssl/asn1.h
+a_time.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+a_time.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_time.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_time.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_time.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_time.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_time.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_time.o: ../cryptlib.h ../o_time.h a_time.c
+a_type.o: ../../e_os.h ../../include/openssl/asn1.h
+a_type.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+a_type.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_type.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_type.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_type.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_type.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_type.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_type.o: ../cryptlib.h a_type.c
+a_utctm.o: ../../e_os.h ../../include/openssl/asn1.h
+a_utctm.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_utctm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_utctm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_utctm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_utctm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_utctm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_utctm.o: ../../include/openssl/symhacks.h ../cryptlib.h ../o_time.h a_utctm.c
+a_utf8.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_utf8.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_utf8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_utf8.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_utf8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_utf8.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_utf8.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_utf8.o: ../cryptlib.h a_utf8.c
+a_verify.o: ../../e_os.h ../../include/openssl/aes.h
+a_verify.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_verify.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+a_verify.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+a_verify.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+a_verify.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+a_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+a_verify.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+a_verify.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+a_verify.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+a_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_verify.o: ../../include/openssl/opensslconf.h
+a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+a_verify.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+a_verify.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+a_verify.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_verify.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_verify.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+a_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_verify.o: ../cryptlib.h a_verify.c
+asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+asn1_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+asn1_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+asn1_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+asn1_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_err.o: ../../include/openssl/symhacks.h asn1_err.c
+asn1_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+asn1_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+asn1_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+asn1_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+asn1_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+asn1_lib.o: ../../include/openssl/opensslconf.h
+asn1_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_lib.c
+asn1_par.o: ../../e_os.h ../../include/openssl/asn1.h
+asn1_par.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+asn1_par.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+asn1_par.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+asn1_par.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+asn1_par.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_par.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_par.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_par.c
+asn_moid.o: ../../e_os.h ../../include/openssl/aes.h
+asn_moid.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+asn_moid.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+asn_moid.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+asn_moid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+asn_moid.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+asn_moid.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+asn_moid.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+asn_moid.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+asn_moid.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+asn_moid.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+asn_moid.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+asn_moid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+asn_moid.o: ../../include/openssl/opensslconf.h
+asn_moid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn_moid.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+asn_moid.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+asn_moid.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+asn_moid.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+asn_moid.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+asn_moid.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+asn_moid.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+asn_moid.o: ../cryptlib.h asn_moid.c
+asn_pack.o: ../../e_os.h ../../include/openssl/asn1.h
+asn_pack.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+asn_pack.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+asn_pack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+asn_pack.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn_pack.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn_pack.o: ../../include/openssl/symhacks.h ../cryptlib.h asn_pack.c
+d2i_pr.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+d2i_pr.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+d2i_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+d2i_pr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+d2i_pr.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+d2i_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+d2i_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+d2i_pr.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+d2i_pr.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+d2i_pr.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+d2i_pr.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+d2i_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+d2i_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+d2i_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+d2i_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+d2i_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+d2i_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+d2i_pr.o: ../../include/openssl/ui_compat.h ../cryptlib.h d2i_pr.c
+d2i_pu.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+d2i_pu.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+d2i_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+d2i_pu.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+d2i_pu.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+d2i_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+d2i_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+d2i_pu.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+d2i_pu.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+d2i_pu.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+d2i_pu.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+d2i_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+d2i_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+d2i_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+d2i_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+d2i_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+d2i_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+d2i_pu.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+d2i_pu.o: ../../include/openssl/ui_compat.h ../cryptlib.h d2i_pu.c
+evp_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_asn1.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+evp_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+evp_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+evp_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+evp_asn1.o: ../../include/openssl/opensslconf.h
+evp_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+evp_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_asn1.c
+f_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+f_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+f_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+f_enum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+f_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+f_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+f_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+f_enum.o: ../cryptlib.h f_enum.c
+f_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+f_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+f_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+f_int.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+f_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+f_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+f_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+f_int.o: ../cryptlib.h f_int.c
+f_string.o: ../../e_os.h ../../include/openssl/asn1.h
+f_string.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+f_string.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+f_string.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+f_string.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+f_string.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+f_string.o: ../../include/openssl/symhacks.h ../cryptlib.h f_string.c
+i2d_pr.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+i2d_pr.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+i2d_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+i2d_pr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+i2d_pr.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+i2d_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+i2d_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+i2d_pr.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+i2d_pr.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+i2d_pr.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+i2d_pr.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+i2d_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+i2d_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+i2d_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+i2d_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+i2d_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+i2d_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+i2d_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+i2d_pr.o: ../../include/openssl/ui_compat.h ../cryptlib.h i2d_pr.c
+i2d_pu.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+i2d_pu.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+i2d_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+i2d_pu.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+i2d_pu.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+i2d_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+i2d_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+i2d_pu.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+i2d_pu.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+i2d_pu.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+i2d_pu.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+i2d_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+i2d_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+i2d_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+i2d_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+i2d_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+i2d_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+i2d_pu.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+i2d_pu.o: ../../include/openssl/ui_compat.h ../cryptlib.h i2d_pu.c
+n_pkey.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+n_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/asn1t.h
+n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+n_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+n_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+n_pkey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+n_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+n_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+n_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+n_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+n_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+n_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+n_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+n_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+n_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+n_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+n_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+n_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+n_pkey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+n_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+n_pkey.o: ../cryptlib.h n_pkey.c
+nsseq.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+nsseq.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+nsseq.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+nsseq.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+nsseq.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+nsseq.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+nsseq.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+nsseq.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+nsseq.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+nsseq.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+nsseq.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+nsseq.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+nsseq.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+nsseq.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+nsseq.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+nsseq.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+nsseq.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+nsseq.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+nsseq.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h nsseq.c
+p5_pbe.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p5_pbe.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+p5_pbe.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p5_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p5_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p5_pbe.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p5_pbe.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p5_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p5_pbe.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p5_pbe.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p5_pbe.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p5_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p5_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p5_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p5_pbe.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+p5_pbe.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p5_pbe.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p5_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p5_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p5_pbe.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p5_pbe.o: ../cryptlib.h p5_pbe.c
+p5_pbev2.o: ../../e_os.h ../../include/openssl/aes.h
+p5_pbev2.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+p5_pbev2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p5_pbev2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p5_pbev2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p5_pbev2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p5_pbev2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p5_pbev2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p5_pbev2.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p5_pbev2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p5_pbev2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p5_pbev2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p5_pbev2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p5_pbev2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p5_pbev2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p5_pbev2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p5_pbev2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p5_pbev2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_pbev2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p5_pbev2.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p5_pbev2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_pbev2.c
+p8_pkey.o: ../../e_os.h ../../include/openssl/aes.h
+p8_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+p8_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p8_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p8_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p8_pkey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p8_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p8_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p8_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p8_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p8_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p8_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p8_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p8_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p8_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p8_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p8_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p8_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p8_pkey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p8_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p8_pkey.o: ../cryptlib.h p8_pkey.c
+t_bitst.o: ../../e_os.h ../../include/openssl/aes.h
+t_bitst.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_bitst.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+t_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+t_bitst.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+t_bitst.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+t_bitst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+t_bitst.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+t_bitst.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+t_bitst.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+t_bitst.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_bitst.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h t_bitst.c
+t_crl.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+t_crl.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+t_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_crl.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+t_crl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+t_crl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+t_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_crl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_crl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+t_crl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_crl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+t_crl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+t_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+t_crl.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+t_crl.o: ../cryptlib.h t_crl.c
+t_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+t_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+t_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+t_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+t_pkey.o: ../../include/openssl/symhacks.h ../cryptlib.h t_pkey.c
+t_req.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+t_req.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+t_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_req.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+t_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+t_req.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+t_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+t_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+t_req.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+t_req.o: ../cryptlib.h t_req.c
+t_spki.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+t_spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_spki.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+t_spki.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+t_spki.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+t_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+t_spki.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+t_spki.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+t_spki.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+t_spki.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+t_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+t_spki.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+t_spki.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_spki.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+t_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_spki.o: ../cryptlib.h t_spki.c
+t_x509.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+t_x509.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+t_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_x509.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+t_x509.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+t_x509.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_x509.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_x509.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+t_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_x509.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+t_x509.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+t_x509.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+t_x509.o: ../cryptlib.h t_x509.c
+t_x509a.o: ../../e_os.h ../../include/openssl/aes.h
+t_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_x509a.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+t_x509a.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+t_x509a.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+t_x509a.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_x509a.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_x509a.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_x509a.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+t_x509a.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_x509a.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+t_x509a.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+t_x509a.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+t_x509a.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+t_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_x509a.c
+tasn_dec.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_dec.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+tasn_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+tasn_dec.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tasn_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tasn_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_dec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_dec.o: ../../include/openssl/symhacks.h tasn_dec.c
+tasn_enc.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_enc.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_enc.o: ../../include/openssl/opensslconf.h
+tasn_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_enc.o: ../../include/openssl/symhacks.h tasn_enc.c
+tasn_fre.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_fre.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_fre.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_fre.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_fre.o: ../../include/openssl/opensslconf.h
+tasn_fre.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_fre.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_fre.o: ../../include/openssl/symhacks.h tasn_fre.c
+tasn_new.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_new.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_new.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_new.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+tasn_new.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_new.o: ../../include/openssl/opensslconf.h
+tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c
+tasn_typ.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_typ.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_typ.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_typ.o: ../../include/openssl/opensslconf.h
+tasn_typ.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_typ.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_typ.o: ../../include/openssl/symhacks.h tasn_typ.c
+tasn_utl.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_utl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_utl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_utl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+tasn_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_utl.o: ../../include/openssl/opensslconf.h
+tasn_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_utl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_utl.o: ../../include/openssl/symhacks.h tasn_utl.c
+x_algor.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_algor.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_algor.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_algor.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_algor.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_algor.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_algor.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_algor.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_algor.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_algor.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_algor.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_algor.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_algor.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_algor.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_algor.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_algor.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_algor.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_algor.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_algor.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_algor.o: x_algor.c
+x_attrib.o: ../../e_os.h ../../include/openssl/aes.h
+x_attrib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+x_attrib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_attrib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_attrib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_attrib.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_attrib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_attrib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_attrib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_attrib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_attrib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_attrib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_attrib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_attrib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_attrib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_attrib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_attrib.o: ../cryptlib.h x_attrib.c
+x_bignum.o: ../../e_os.h ../../include/openssl/asn1.h
+x_bignum.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_bignum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_bignum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_bignum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+x_bignum.o: ../../include/openssl/opensslconf.h
+x_bignum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_bignum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+x_bignum.o: ../../include/openssl/symhacks.h ../cryptlib.h x_bignum.c
+x_crl.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_crl.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_crl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_crl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_crl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_crl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_crl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_crl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_crl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_crl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_crl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_crl.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_crl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_crl.c
+x_exten.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_exten.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_exten.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_exten.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_exten.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_exten.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_exten.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_exten.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_exten.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_exten.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_exten.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_exten.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_exten.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_exten.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_exten.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_exten.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_exten.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_exten.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_exten.o: x_exten.c
+x_info.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_info.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_info.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_info.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_info.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_info.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_info.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_info.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_info.o: ../cryptlib.h x_info.c
+x_long.o: ../../e_os.h ../../include/openssl/asn1.h
+x_long.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_long.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_long.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_long.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+x_long.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_long.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+x_long.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_long.o: ../cryptlib.h x_long.c
+x_name.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_name.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_name.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_name.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_name.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_name.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_name.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_name.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_name.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_name.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_name.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_name.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_name.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_name.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_name.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_name.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_name.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_name.c
+x_pkey.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+x_pkey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_pkey.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_pkey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_pkey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_pkey.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_pkey.c
+x_pubkey.o: ../../e_os.h ../../include/openssl/aes.h
+x_pubkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+x_pubkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_pubkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_pubkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_pubkey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_pubkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x_pubkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_pubkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_pubkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_pubkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_pubkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_pubkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_pubkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_pubkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_pubkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_pubkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_pubkey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_pubkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_pubkey.o: ../cryptlib.h x_pubkey.c
+x_req.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_req.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_req.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_req.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_req.c
+x_sig.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_sig.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_sig.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_sig.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_sig.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_sig.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_sig.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_sig.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_sig.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_sig.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_sig.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_sig.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_sig.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_sig.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_sig.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_sig.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_sig.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_sig.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_sig.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_sig.c
+x_spki.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_spki.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_spki.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_spki.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_spki.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_spki.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_spki.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_spki.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_spki.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_spki.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_spki.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_spki.c
+x_val.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_val.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_val.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_val.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_val.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_val.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_val.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_val.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_val.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_val.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_val.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_val.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_val.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_val.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_val.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_val.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_val.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_val.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_val.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_val.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_val.c
+x_x509.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_x509.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_x509.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_x509.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x_x509.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_x509.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_x509.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_x509.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_x509.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h x_x509.c
+x_x509a.o: ../../e_os.h ../../include/openssl/aes.h
+x_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+x_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_x509a.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_x509a.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_x509a.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_x509a.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_x509a.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_x509a.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_x509a.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_x509a.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_x509a.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_x509a.o: ../cryptlib.h x_x509a.c
diff --git a/src/lib/libcrypto/asn1/a_bitstr.c b/src/lib/libcrypto/asn1/a_bitstr.c
index 0fb9ce0c2a..b81bf4fc81 100644
--- a/src/lib/libcrypto/asn1/a_bitstr.c
+++ b/src/lib/libcrypto/asn1/a_bitstr.c
@@ -113,12 +113,11 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
        return(ret);
        }
-ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
+ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
-        const unsigned char **pp, long len)
+             long len)
        {
        ASN1_BIT_STRING *ret=NULL;
-        const unsigned char *p;
+        unsigned char *p,*s;
-        unsigned char *s;
        int i;
        if (len < 1)
@@ -165,7 +164,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
        *pp=p;
        return(ret);
 err:
-        ASN1err(ASN1_F_C2I_ASN1_BIT_STRING,i);
+        ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,i);
        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
                M_ASN1_BIT_STRING_free(ret);
        return(NULL);
@@ -183,11 +182,9 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
        iv= ~v;
        if (!value) v=0;
-        if (a == NULL)
-                return 0;
        a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */
+        if (a == NULL) return(0);
        if ((a->length < (w+1)) || (a->data == NULL))
                {
                if (!value) return(1); /* Don't need to set */
diff --git a/src/lib/libcrypto/asn1/a_bool.c b/src/lib/libcrypto/asn1/a_bool.c
index 331acdf053..24333ea4d5 100644
--- a/src/lib/libcrypto/asn1/a_bool.c
+++ b/src/lib/libcrypto/asn1/a_bool.c
@@ -75,10 +75,10 @@ int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
        return(r);
        }
-int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length)
+int d2i_ASN1_BOOLEAN(int *a, unsigned char **pp, long length)
        {
        int ret= -1;
-        const unsigned char *p;
+        unsigned char *p;
        long len;
        int inf,tag,xclass;
        int i=0;
diff --git a/src/lib/libcrypto/asn1/a_bytes.c b/src/lib/libcrypto/asn1/a_bytes.c
index 8d13f9c931..2407f7c87a 100644
--- a/src/lib/libcrypto/asn1/a_bytes.c
+++ b/src/lib/libcrypto/asn1/a_bytes.c
@@ -60,15 +60,14 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
-static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c);
+static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c);
 /* type is a 'bitmap' of acceptable string types.
 */
-ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp,
+ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, unsigned char **pp,
             long length, int type)
        {
        ASN1_STRING *ret=NULL;
-        const unsigned char *p;
+        unsigned char *p,*s;
-        unsigned char *s;
        long len;
        int inf,tag,xclass;
        int i=0;
@@ -79,7 +78,7 @@ ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp,
        if (tag >= 32)
                {
-                i=ASN1_R_TAG_VALUE_TOO_HIGH;;
+                i=ASN1_R_TAG_VALUE_TOO_HIGH;
                goto err;
                }
        if (!(ASN1_tag2bit(tag) & type))
@@ -154,12 +153,11 @@ int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass)
        return(r);
        }
-ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
+ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length,
-             long length, int Ptag, int Pclass)
+             int Ptag, int Pclass)
        {
        ASN1_STRING *ret=NULL;
-        const unsigned char *p;
+        unsigned char *p,*s;
-        unsigned char *s;
        long len;
        int inf,tag,xclass;
        int i=0;
@@ -187,7 +185,7 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
        if (inf & V_ASN1_CONSTRUCTED)
                {
-                ASN1_const_CTX c;
+                ASN1_CTX c;
                c.pp=pp;
                c.p=p;
@@ -249,7 +247,7 @@ err:
 * them into the one structure that is then returned */
 /* There have been a few bug fixes for this function from
 * Paul Keogh <paul.keogh@sse.ie>, many thanks to him */
-static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c)
+static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c)
        {
        ASN1_STRING *os=NULL;
        BUF_MEM b;
@@ -270,7 +268,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c)
                {
                if (c->inf & 1)
                        {
-                        c->eos=ASN1_const_check_infinite_end(&c->p,
+                        c->eos=ASN1_check_infinite_end(&c->p,
                                (long)(c->max-c->p));
                        if (c->eos) break;
                        }
@@ -298,7 +296,7 @@ static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c)
                num+=os->length;
                }
-        if (!asn1_const_Finish(c)) goto err;
+        if (!asn1_Finish(c)) goto err;
        a->length=num;
        if (a->data != NULL) OPENSSL_free(a->data);
diff --git a/src/lib/libcrypto/asn1/a_d2i_fp.c b/src/lib/libcrypto/asn1/a_d2i_fp.c
index ece40bc4c0..b67b75e7c2 100644
--- a/src/lib/libcrypto/asn1/a_d2i_fp.c
+++ b/src/lib/libcrypto/asn1/a_d2i_fp.c
@@ -66,10 +66,11 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
 #ifndef NO_OLD_ASN1
 #ifndef OPENSSL_NO_FP_API
-void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x)
+char *ASN1_d2i_fp(char *(*xnew)(), char *(*d2i)(), FILE *in,
+             unsigned char **x)
        {
        BIO *b;
-        void *ret;
+        char *ret;
        if ((b=BIO_new(BIO_s_file())) == NULL)
                {
@@ -83,11 +84,12 @@ void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x)
        }
 #endif
-void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x)
+char *ASN1_d2i_bio(char *(*xnew)(), char *(*d2i)(), BIO *in,
+             unsigned char **x)
        {
        BUF_MEM *b = NULL;
-        const unsigned char *p;
+        unsigned char *p;
-        void *ret=NULL;
+        char *ret=NULL;
        int len;
        len = asn1_d2i_read_bio(in, &b);
@@ -105,14 +107,14 @@ err:
 void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
        {
        BUF_MEM *b = NULL;
-        const unsigned char *p;
+        unsigned char *p;
        void *ret=NULL;
        int len;
        len = asn1_d2i_read_bio(in, &b);
        if(len < 0) goto err;
-        p=(const unsigned char *)b->data;
+        p=(unsigned char *)b->data;
        ret=ASN1_item_d2i(x,&p,len, it);
 err:
        if (b != NULL) BUF_MEM_free(b);
@@ -127,7 +129,7 @@ void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
        if ((b=BIO_new(BIO_s_file())) == NULL)
                {
-                ASN1err(ASN1_F_ASN1_ITEM_D2I_FP,ERR_R_BUF_LIB);
+                ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB);
                return(NULL);
                }
        BIO_set_fp(b,in,BIO_NOCLOSE);
@@ -144,7 +146,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
        unsigned char *p;
        int i;
        int ret=-1;
-        ASN1_const_CTX c;
+        ASN1_CTX c;
        int want=HEADER_SIZE;
        int eos=0;
 #if defined(__GNUC__) && defined(__ia64)
@@ -158,7 +160,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
        b=BUF_MEM_new();
        if (b == NULL)
                {
-                ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
                return -1;
                }
@@ -171,13 +173,13 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
                        if (!BUF_MEM_grow_clean(b,len+want))
                                {
-                                ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
+                                ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
                                goto err;
                                }
                        i=BIO_read(in,&(b->data[len]),want);
                        if ((i < 0) && ((len-off) == 0))
                                {
-                                ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_NOT_ENOUGH_DATA);
+                                ASN1err(ASN1_F_ASN1_D2I_BIO,ASN1_R_NOT_ENOUGH_DATA);
                                goto err;
                                }
                        if (i > 0)
@@ -197,7 +199,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
                        if (e != ASN1_R_TOO_LONG)
                                goto err;
                        else
-                                ERR_clear_error(); /* clear error */
+                                ERR_get_error(); /* clear error */
                        }
                i=c.p-p;/* header length */
                off+=i; /* end of data */
@@ -226,7 +228,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
                                want-=(len-off);
                                if (!BUF_MEM_grow_clean(b,len+want))
                                        {
-                                        ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
+                                        ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
                                        goto err;
                                        }
                                while (want > 0)
@@ -234,7 +236,7 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
                                        i=BIO_read(in,&(b->data[len]),want);
                                        if (i <= 0)
                                                {
-                                                ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
+                                                ASN1err(ASN1_F_ASN1_D2I_BIO,
                                                    ASN1_R_NOT_ENOUGH_DATA);
                                                goto err;
                                                }
diff --git a/src/lib/libcrypto/asn1/a_digest.c b/src/lib/libcrypto/asn1/a_digest.c
index d00d9e22b1..7182e9fa5d 100644
--- a/src/lib/libcrypto/asn1/a_digest.c
+++ b/src/lib/libcrypto/asn1/a_digest.c
@@ -72,7 +72,7 @@
 #ifndef NO_ASN1_OLD
-int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
+int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
                unsigned char *md, unsigned int *len)
        {
        int i;
diff --git a/src/lib/libcrypto/asn1/a_dup.c b/src/lib/libcrypto/asn1/a_dup.c
index 199d50f521..58a017884c 100644
--- a/src/lib/libcrypto/asn1/a_dup.c
+++ b/src/lib/libcrypto/asn1/a_dup.c
@@ -62,23 +62,22 @@
 #ifndef NO_OLD_ASN1
-void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x)
+char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x)
        {
        unsigned char *b,*p;
-        const unsigned char *p2;
+        long i;
-        int i;
        char *ret;
        if (x == NULL) return(NULL);
-        i=i2d(x,NULL);
+        i=(long)i2d(x,NULL);
-        b=OPENSSL_malloc(i+10);
+        b=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
        if (b == NULL)
                { ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
        p= b;
        i=i2d(x,&p);
-        p2= b;
+        p= b;
-        ret=d2i(NULL,&p2,i);
+        ret=d2i(NULL,&p,i);
        OPENSSL_free(b);
        return(ret);
        }
@@ -92,8 +91,7 @@ void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x)
 void *ASN1_item_dup(const ASN1_ITEM *it, void *x)
        {
-        unsigned char *b = NULL;
+        unsigned char *b = NULL, *p;
-        const unsigned char *p;
        long i;
        void *ret;
@@ -101,7 +99,7 @@ void *ASN1_item_dup(const ASN1_ITEM *it, void *x)
        i=ASN1_item_i2d(x,&b,it);
        if (b == NULL)
-                { ASN1err(ASN1_F_ASN1_ITEM_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
+                { ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
        p= b;
        ret=ASN1_item_d2i(NULL,&p,i, it);
        OPENSSL_free(b);
diff --git a/src/lib/libcrypto/asn1/a_enum.c b/src/lib/libcrypto/asn1/a_enum.c
index fe9aa13b9c..03ede68d1c 100644
--- a/src/lib/libcrypto/asn1/a_enum.c
+++ b/src/lib/libcrypto/asn1/a_enum.c
@@ -59,7 +59,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1.h>
-#include <openssl/bn.h>
 /* 
 * Code for ENUMERATED type: identical to INTEGER apart from a different tag.
@@ -68,13 +67,12 @@
 int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
        {
-        int j,k;
+        int i,j,k;
-        unsigned int i;
        unsigned char buf[sizeof(long)+1];
        long d;
        a->type=V_ASN1_ENUMERATED;
-        if (a->length < (int)(sizeof(long)+1))
+        if (a->length < (sizeof(long)+1))
                {
                if (a->data != NULL)
                        OPENSSL_free(a->data);
@@ -118,7 +116,7 @@ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
        else if (i != V_ASN1_ENUMERATED)
                return -1;
        
-        if (a->length > (int)sizeof(long))
+        if (a->length > sizeof(long))
                {
                /* hmm... a bit ugly */
                return(0xffffffffL);
@@ -149,7 +147,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
                ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_NESTED_ASN1_ERROR);
                goto err;
                }
-        if(BN_is_negative(bn)) ret->type = V_ASN1_NEG_ENUMERATED;
+        if(bn->neg) ret->type = V_ASN1_NEG_ENUMERATED;
        else ret->type=V_ASN1_ENUMERATED;
        j=BN_num_bits(bn);
        len=((j == 0)?0:((j/8)+1));
@@ -177,6 +175,6 @@ BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)
        if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
                ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB);
-        else if(ai->type == V_ASN1_NEG_ENUMERATED) BN_set_negative(ret,1);
+        else if(ai->type == V_ASN1_NEG_ENUMERATED) ret->neg = 1;
        return(ret);
        }
diff --git a/src/lib/libcrypto/asn1/a_gentm.c b/src/lib/libcrypto/asn1/a_gentm.c
new file mode 100644
index 0000000000..0dfd576211
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_gentm.c
@@ -0,0 +1,246 @@
+/* crypto/asn1/a_gentm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* GENERALIZEDTIME implementation, written by Steve Henson. Based on UTCTIME */
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "o_time.h"
+#include <openssl/asn1.h>
+#if 0
+int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp)
+        {
+#ifdef CHARSET_EBCDIC
+        /* KLUDGE! We convert to ascii before writing DER */
+        int len;
+        char tmp[24];
+        ASN1_STRING tmpstr = *(ASN1_STRING *)a;
+        len = tmpstr.length;
+        ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len);
+        tmpstr.data = tmp;
+        a = (ASN1_GENERALIZEDTIME *) &tmpstr;
+#endif
+        return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+                V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL));
+        }
+ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a,
+             unsigned char **pp, long length)
+        {
+        ASN1_GENERALIZEDTIME *ret=NULL;
+        ret=(ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length,
+                V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL);
+        if (ret == NULL)
+                {
+                ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ERR_R_NESTED_ASN1_ERROR);
+                return(NULL);
+                }
+#ifdef CHARSET_EBCDIC
+        ascii2ebcdic(ret->data, ret->data, ret->length);
+#endif
+        if (!ASN1_GENERALIZEDTIME_check(ret))
+                {
+                ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ASN1_R_INVALID_TIME_FORMAT);
+                goto err;
+                }
+        return(ret);
+err:
+        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+                M_ASN1_GENERALIZEDTIME_free(ret);
+        return(NULL);
+        }
+#endif
+int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
+        {
+        static int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0};
+        static int max[9]={99, 99,12,31,23,59,59,12,59};
+        char *a;
+        int n,i,l,o;
+        if (d->type != V_ASN1_GENERALIZEDTIME) return(0);
+        l=d->length;
+        a=(char *)d->data;
+        o=0;
+        /* GENERALIZEDTIME is similar to UTCTIME except the year is
+         * represented as YYYY. This stuff treats everything as a two digit
+         * field so make first two fields 00 to 99
+         */
+        if (l < 13) goto err;
+        for (i=0; i<7; i++)
+                {
+                if ((i == 6) && ((a[o] == 'Z') ||
+                        (a[o] == '+') || (a[o] == '-')))
+                        { i++; break; }
+                if ((a[o] < '0') || (a[o] > '9')) goto err;
+                n= a[o]-'0';
+                if (++o > l) goto err;
+                if ((a[o] < '0') || (a[o] > '9')) goto err;
+                n=(n*10)+ a[o]-'0';
+                if (++o > l) goto err;
+                if ((n < min[i]) || (n > max[i])) goto err;
+                }
+        /* Optional fractional seconds: decimal point followed by one
+         * or more digits.
+         */
+        if (a[o] == '.')
+                {
+                if (++o > l) goto err;
+                i = o;
+                while ((a[o] >= '0') && (a[o] <= '9') && (o <= l))
+                        o++;
+                /* Must have at least one digit after decimal point */
+                if (i == o) goto err;
+                }
+        if (a[o] == 'Z')
+                o++;
+        else if ((a[o] == '+') || (a[o] == '-'))
+                {
+                o++;
+                if (o+4 > l) goto err;
+                for (i=7; i<9; i++)
+                        {
+                        if ((a[o] < '0') || (a[o] > '9')) goto err;
+                        n= a[o]-'0';
+                        o++;
+                        if ((a[o] < '0') || (a[o] > '9')) goto err;
+                        n=(n*10)+ a[o]-'0';
+                        if ((n < min[i]) || (n > max[i])) goto err;
+                        o++;
+                        }
+                }
+        return(o == l);
+err:
+        return(0);
+        }
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str)
+        {
+        ASN1_GENERALIZEDTIME t;
+        t.type=V_ASN1_GENERALIZEDTIME;
+        t.length=strlen(str);
+        t.data=(unsigned char *)str;
+        if (ASN1_GENERALIZEDTIME_check(&t))
+                {
+                if (s != NULL)
+                        {
+                        if (!ASN1_STRING_set((ASN1_STRING *)s,
+                                (unsigned char *)str,t.length))
+                                return 0;
+                        s->type=V_ASN1_GENERALIZEDTIME;
+                        }
+                return(1);
+                }
+        else
+                return(0);
+        }
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
+             time_t t)
+        {
+        char *p;
+        struct tm *ts;
+        struct tm data;
+        size_t len = 20; 
+        if (s == NULL)
+                s=M_ASN1_GENERALIZEDTIME_new();
+        if (s == NULL)
+                return(NULL);
+        ts=OPENSSL_gmtime(&t, &data);
+        if (ts == NULL)
+                return(NULL);
+        p=(char *)s->data;
+        if ((p == NULL) || ((size_t)s->length < len))
+                {
+                p=OPENSSL_malloc(len);
+                if (p == NULL)
+                        {
+                        ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_SET,
+                                ERR_R_MALLOC_FAILURE);
+                        return(NULL);
+                        }
+                if (s->data != NULL)
+                        OPENSSL_free(s->data);
+                s->data=(unsigned char *)p;
+                }
+        BIO_snprintf(p,len,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
+                     ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
+        s->length=strlen(p);
+        s->type=V_ASN1_GENERALIZEDTIME;
+#ifdef CHARSET_EBCDIC_not
+        ebcdic2ascii(s->data, s->data, s->length);
+#endif
+        return(s);
+        }
diff --git a/src/lib/libcrypto/asn1/a_hdr.c b/src/lib/libcrypto/asn1/a_hdr.c
new file mode 100644
index 0000000000..b1aad81f77
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_hdr.c
@@ -0,0 +1,119 @@
+/* crypto/asn1/a_hdr.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/asn1.h>
+int i2d_ASN1_HEADER(ASN1_HEADER *a, unsigned char **pp)
+        {
+        M_ASN1_I2D_vars(a);
+        M_ASN1_I2D_len(a->header,       i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_len(a->data,         a->meth->i2d);
+        M_ASN1_I2D_seq_total();
+        M_ASN1_I2D_put(a->header,       i2d_ASN1_OCTET_STRING);
+        M_ASN1_I2D_put(a->data,         a->meth->i2d);
+        M_ASN1_I2D_finish();
+        }
+ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a, unsigned char **pp,
+             long length)
+        {
+        M_ASN1_D2I_vars(a,ASN1_HEADER *,ASN1_HEADER_new);
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get(ret->header,d2i_ASN1_OCTET_STRING);
+        if (ret->meth != NULL)
+                {
+                M_ASN1_D2I_get(ret->data,ret->meth->d2i);
+                }
+        else
+                {
+                if (a != NULL) (*a)=ret;
+                return(ret);
+                }
+        M_ASN1_D2I_Finish(a,ASN1_HEADER_free,ASN1_F_D2I_ASN1_HEADER);
+        }
+ASN1_HEADER *ASN1_HEADER_new(void)
+        {
+        ASN1_HEADER *ret=NULL;
+        ASN1_CTX c;
+        M_ASN1_New_Malloc(ret,ASN1_HEADER);
+        M_ASN1_New(ret->header,M_ASN1_OCTET_STRING_new);
+        ret->meth=NULL;
+        ret->data=NULL;
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_ASN1_HEADER_NEW);
+        }
+void ASN1_HEADER_free(ASN1_HEADER *a)
+        {
+        if (a == NULL) return;
+        M_ASN1_OCTET_STRING_free(a->header);
+        if (a->meth != NULL)
+                a->meth->destroy(a->data);
+        OPENSSL_free(a);
+        }
diff --git a/src/lib/libcrypto/asn1/a_i2d_fp.c b/src/lib/libcrypto/asn1/a_i2d_fp.c
index a3ad76d356..f4f1b73ebe 100644
--- a/src/lib/libcrypto/asn1/a_i2d_fp.c
+++ b/src/lib/libcrypto/asn1/a_i2d_fp.c
@@ -64,7 +64,7 @@
 #ifndef NO_OLD_ASN1
 #ifndef OPENSSL_NO_FP_API
-int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x)
+int ASN1_i2d_fp(int (*i2d)(), FILE *out, unsigned char *x)
        {
        BIO *b;
        int ret;
@@ -81,7 +81,7 @@ int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x)
        }
 #endif
-int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
+int ASN1_i2d_bio(int (*i2d)(), BIO *out, unsigned char *x)
        {
        char *b;
        unsigned char *p;
@@ -124,7 +124,7 @@ int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
        if ((b=BIO_new(BIO_s_file())) == NULL)
                {
-                ASN1err(ASN1_F_ASN1_ITEM_I2D_FP,ERR_R_BUF_LIB);
+                ASN1err(ASN1_F_ASN1_I2D_FP,ERR_R_BUF_LIB);
                return(0);
                }
        BIO_set_fp(b,out,BIO_NOCLOSE);
@@ -142,7 +142,7 @@ int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
        n = ASN1_item_i2d(x, &b, it);
        if (b == NULL)
                {
-                ASN1err(ASN1_F_ASN1_ITEM_I2D_BIO,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE);
                return(0);
                }
diff --git a/src/lib/libcrypto/asn1/a_int.c b/src/lib/libcrypto/asn1/a_int.c
index f8d198efb1..21cc64bb23 100644
--- a/src/lib/libcrypto/asn1/a_int.c
+++ b/src/lib/libcrypto/asn1/a_int.c
@@ -59,7 +59,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1.h>
-#include <openssl/bn.h>
 ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x)
 { return M_ASN1_INTEGER_dup(x);}
@@ -175,12 +174,11 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
 /* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */
-ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
             long len)
        {
        ASN1_INTEGER *ret=NULL;
-        const unsigned char *p, *pend;
+        unsigned char *p,*to,*s, *pend;
-        unsigned char *to,*s;
        int i;
        if ((a == NULL) || ((*a) == NULL))
@@ -256,7 +254,7 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
        *pp=pend;
        return(ret);
 err:
-        ASN1err(ASN1_F_C2I_ASN1_INTEGER,i);
+        ASN1err(ASN1_F_D2I_ASN1_INTEGER,i);
        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
                M_ASN1_INTEGER_free(ret);
        return(NULL);
@@ -268,12 +266,11 @@ err:
 * with its MSB set as negative (it doesn't add a padding zero).
 */
-ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp,
             long length)
        {
        ASN1_INTEGER *ret=NULL;
-        const unsigned char *p;
+        unsigned char *p,*to,*s;
-        unsigned char *to,*s;
        long len;
        int inf,tag,xclass;
        int i;
@@ -335,13 +332,12 @@ err:
 int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
        {
-        int j,k;
+        int i,j,k;
-        unsigned int i;
        unsigned char buf[sizeof(long)+1];
        long d;
        a->type=V_ASN1_INTEGER;
-        if (a->length < (int)(sizeof(long)+1))
+        if (a->length < (sizeof(long)+1))
                {
                if (a->data != NULL)
                        OPENSSL_free(a->data);
@@ -385,7 +381,7 @@ long ASN1_INTEGER_get(ASN1_INTEGER *a)
        else if (i != V_ASN1_INTEGER)
                return -1;
        
-        if (a->length > (int)sizeof(long))
+        if (a->length > sizeof(long))
                {
                /* hmm... a bit ugly */
                return(0xffffffffL);
@@ -416,8 +412,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
                ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR);
                goto err;
                }
-        if (BN_is_negative(bn))
+        if(bn->neg) ret->type = V_ASN1_NEG_INTEGER;
-                ret->type = V_ASN1_NEG_INTEGER;
        else ret->type=V_ASN1_INTEGER;
        j=BN_num_bits(bn);
        len=((j == 0)?0:((j/8)+1));
@@ -450,8 +445,7 @@ BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn)
        if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
                ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB);
-        else if(ai->type == V_ASN1_NEG_INTEGER)
+        else if(ai->type == V_ASN1_NEG_INTEGER) ret->neg = 1;
-                BN_set_negative(ret, 1);
        return(ret);
        }
diff --git a/src/lib/libcrypto/asn1/a_mbstr.c b/src/lib/libcrypto/asn1/a_mbstr.c
index 2d4800a22a..208b3ec395 100644
--- a/src/lib/libcrypto/asn1/a_mbstr.c
+++ b/src/lib/libcrypto/asn1/a_mbstr.c
@@ -107,7 +107,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
                case MBSTRING_BMP:
                if(len & 1) {
-                        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
+                        ASN1err(ASN1_F_ASN1_MBSTRING_COPY,
                                         ASN1_R_INVALID_BMPSTRING_LENGTH);
                        return -1;
                }
@@ -116,7 +116,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
                case MBSTRING_UNIV:
                if(len & 3) {
-                        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
+                        ASN1err(ASN1_F_ASN1_MBSTRING_COPY,
                                         ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
                        return -1;
                }
@@ -128,7 +128,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
                /* This counts the characters and does utf8 syntax checking */
                ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar);
                if(ret < 0) {
-                        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
+                        ASN1err(ASN1_F_ASN1_MBSTRING_COPY,
                                                 ASN1_R_INVALID_UTF8STRING);
                        return -1;
                }
@@ -139,19 +139,19 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
                break;
                default:
-                ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_UNKNOWN_FORMAT);
+                ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_UNKNOWN_FORMAT);
                return -1;
        }
        if((minsize > 0) && (nchar < minsize)) {
-                ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT);
+                ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_SHORT);
                BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize);
                ERR_add_error_data(2, "minsize=", strbuf);
                return -1;
        }
        if((maxsize > 0) && (nchar > maxsize)) {
-                ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG);
+                ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_LONG);
                BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
                ERR_add_error_data(2, "maxsize=", strbuf);
                return -1;
@@ -159,7 +159,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
        /* Now work out minimal type (if any) */
        if(traverse_string(in, len, inform, type_str, &mask) < 0) {
-                ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_ILLEGAL_CHARACTERS);
+                ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_ILLEGAL_CHARACTERS);
                return -1;
        }
@@ -193,7 +193,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
                free_out = 1;
                dest = ASN1_STRING_type_new(str_type);
                if(!dest) {
-                        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
+                        ASN1err(ASN1_F_ASN1_MBSTRING_COPY,
                                                        ERR_R_MALLOC_FAILURE);
                        return -1;
                }
@@ -202,7 +202,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
        /* If both the same type just copy across */
        if(inform == outform) {
                if(!ASN1_STRING_set(dest, in, len)) {
-                        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,ERR_R_MALLOC_FAILURE);
+                        ASN1err(ASN1_F_ASN1_MBSTRING_COPY,ERR_R_MALLOC_FAILURE);
                        return -1;
                }
                return str_type;
@@ -233,7 +233,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
        }
        if(!(p = OPENSSL_malloc(outlen + 1))) {
                if(free_out) ASN1_STRING_free(dest);
-                ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_ASN1_MBSTRING_COPY,ERR_R_MALLOC_FAILURE);
                return -1;
        }
        dest->length = outlen;
diff --git a/src/lib/libcrypto/asn1/a_meth.c b/src/lib/libcrypto/asn1/a_meth.c
new file mode 100644
index 0000000000..63158e9cab
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_meth.c
@@ -0,0 +1,84 @@
+/* crypto/asn1/a_meth.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+static  ASN1_METHOD ia5string_meth={
+        (int (*)())     i2d_ASN1_IA5STRING,
+        (char *(*)())   d2i_ASN1_IA5STRING,
+        (char *(*)())   ASN1_STRING_new,
+        (void (*)())    ASN1_STRING_free};
+static  ASN1_METHOD bit_string_meth={
+        (int (*)())     i2d_ASN1_BIT_STRING,
+        (char *(*)())   d2i_ASN1_BIT_STRING,
+        (char *(*)())   ASN1_STRING_new,
+        (void (*)())    ASN1_STRING_free};
+ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void)
+        {
+        return(&ia5string_meth);
+        }
+ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void)
+        {
+        return(&bit_string_meth);
+        }
diff --git a/src/lib/libcrypto/asn1/a_object.c b/src/lib/libcrypto/asn1/a_object.c
index dc980421d0..0a8e6c287c 100644
--- a/src/lib/libcrypto/asn1/a_object.c
+++ b/src/lib/libcrypto/asn1/a_object.c
@@ -57,12 +57,10 @@
 */
 #include <stdio.h>
-#include <limits.h>
 #include "cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
-#include <openssl/bn.h>
 int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
        {
@@ -85,12 +83,10 @@ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
 int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
        {
-        int i,first,len=0,c, use_bn;
+        int i,first,len=0,c;
-        char ftmp[24], *tmp = ftmp;
+        char tmp[24];
-        int tmpsize = sizeof ftmp;
        const char *p;
        unsigned long l;
-        BIGNUM *bl = NULL;
        if (num == 0)
                return(0);
@@ -102,7 +98,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
        num--;
        if ((c >= '0') && (c <= '2'))
                {
-                first= c-'0';
+                first=(c-'0')*40;
                }
        else
                {
@@ -126,7 +122,6 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
                        goto err;
                        }
                l=0;
-                use_bn = 0;
                for (;;)
                        {
                        if (num <= 0) break;
@@ -139,22 +134,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
                                ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT);
                                goto err;
                                }
-                        if (!use_bn && l > (ULONG_MAX / 10L))
+                        l=l*10L+(long)(c-'0');
-                                {
-                                use_bn = 1;
-                                if (!bl)
-                                        bl = BN_new();
-                                if (!bl || !BN_set_word(bl, l))
-                                        goto err;
-                                }
-                        if (use_bn)
-                                {
-                                if (!BN_mul_word(bl, 10L)
-                                        || !BN_add_word(bl, c-'0'))
-                                        goto err;
-                                }
-                        else
-                                l=l*10L+(long)(c-'0');
                        }
                if (len == 0)
                        {
@@ -163,42 +143,14 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
                                ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_SECOND_NUMBER_TOO_LARGE);
                                goto err;
                                }
-                        if (use_bn)
+                        l+=(long)first;
-                                {
-                                if (!BN_add_word(bl, first * 40))
-                                        goto err;
-                                }
-                        else
-                                l+=(long)first*40;
                        }
                i=0;
-                if (use_bn)
+                for (;;)
-                        {
-                        int blsize;
-                        blsize = BN_num_bits(bl);
-                        blsize = (blsize + 6)/7;
-                        if (blsize > tmpsize)
-                                {
-                                if (tmp != ftmp)
-                                        OPENSSL_free(tmp);
-                                tmpsize = blsize + 32;
-                                tmp = OPENSSL_malloc(tmpsize);
-                                if (!tmp)
-                                        goto err;
-                                }
-                        while(blsize--)
-                                tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L);
-                        }
-                else
                        {
-                                        
+                        tmp[i++]=(unsigned char)l&0x7f;
-                        for (;;)
+                        l>>=7L;
-                                {
+                        if (l == 0L) break;
-                                tmp[i++]=(unsigned char)l&0x7f;
-                                l>>=7L;
-                                if (l == 0L) break;
-                                }
                        }
                if (out != NULL)
                        {
@@ -214,16 +166,8 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
                else
                        len+=i;
                }
-        if (tmp != ftmp)
-                OPENSSL_free(tmp);
-        if (bl)
-                BN_free(bl);
        return(len);
 err:
-        if (tmp != ftmp)
-                OPENSSL_free(tmp);
-        if (bl)
-                BN_free(bl);
        return(0);
        }
@@ -234,31 +178,21 @@ int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
 int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
        {
-        char buf[80], *p = buf;
+        char buf[80];
        int i;
        if ((a == NULL) || (a->data == NULL))
                return(BIO_write(bp,"NULL",4));
        i=i2t_ASN1_OBJECT(buf,sizeof buf,a);
-        if (i > (int)(sizeof(buf) - 1))
+        if (i > sizeof buf) i=sizeof buf;
-                {
+        BIO_write(bp,buf,i);
-                p = OPENSSL_malloc(i + 1);
-                if (!p)
-                        return -1;
-                i2t_ASN1_OBJECT(p,i + 1,a);
-                }
-        if (i <= 0)
-                return BIO_write(bp, "<INVALID>", 9);
-        BIO_write(bp,p,i);
-        if (p != buf)
-                OPENSSL_free(p);
        return(i);
        }
-ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
             long length)
 {
-        const unsigned char *p;
+        unsigned char *p;
        long len;
        int tag,xclass;
        int inf,i;
@@ -285,11 +219,11 @@ err:
                ASN1_OBJECT_free(ret);
        return(NULL);
 }
-ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
             long len)
        {
        ASN1_OBJECT *ret=NULL;
-        const unsigned char *p;
+        unsigned char *p;
        int i;
        /* only the ASN1_OBJECTs from the 'table' will have values
@@ -321,7 +255,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
        *pp=p;
        return(ret);
 err:
-        ASN1err(ASN1_F_C2I_ASN1_OBJECT,i);
+        ASN1err(ASN1_F_D2I_ASN1_OBJECT,i);
        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
                ASN1_OBJECT_free(ret);
        return(NULL);
diff --git a/src/lib/libcrypto/asn1/a_octet.c b/src/lib/libcrypto/asn1/a_octet.c
index 24fd0f8e5a..9690bae0f1 100644
--- a/src/lib/libcrypto/asn1/a_octet.c
+++ b/src/lib/libcrypto/asn1/a_octet.c
@@ -66,6 +66,6 @@ ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x)
 int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b)
 { return M_ASN1_OCTET_STRING_cmp(a, b); }
-int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, int len)
+int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, unsigned char *d, int len)
 { return M_ASN1_OCTET_STRING_set(x, d, len); }
diff --git a/src/lib/libcrypto/asn1/a_set.c b/src/lib/libcrypto/asn1/a_set.c
index 958558c204..e24061c545 100644
--- a/src/lib/libcrypto/asn1/a_set.c
+++ b/src/lib/libcrypto/asn1/a_set.c
@@ -85,8 +85,8 @@ static int SetBlobCmp(const void *elem1, const void *elem2 )
    }
 /* int is_set:  if TRUE, then sort the contents (i.e. it isn't a SEQUENCE)    */
-int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
+int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag,
-                 int ex_class, int is_set)
+             int ex_class, int is_set)
        {
        int ret=0,r;
        int i;
@@ -97,7 +97,7 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
        if (a == NULL) return(0);
        for (i=sk_num(a)-1; i>=0; i--)
-                ret+=i2d(sk_value(a,i),NULL);
+                ret+=func(sk_value(a,i),NULL);
        r=ASN1_object_size(1,ret,ex_tag);
        if (pp == NULL) return(r);
@@ -111,7 +111,7 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
        if(!is_set || (sk_num(a) < 2))
                {
                for (i=0; i<sk_num(a); i++)
-                        i2d(sk_value(a,i),&p);
+                        func(sk_value(a,i),&p);
                *pp=p;
                return(r);
@@ -129,7 +129,7 @@ int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
        for (i=0; i<sk_num(a); i++)
                {
                rgSetBlob[i].pbData = p;  /* catch each set encode blob */
-                i2d(sk_value(a,i),&p);
+                func(sk_value(a,i),&p);
                rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this
 SetBlob
 */
@@ -162,11 +162,10 @@ SetBlob
        return(r);
        }
-STACK *d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length,
+STACK *d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
-                    d2i_of_void *d2i, void (*free_func)(void *), int ex_tag,
+             char *(*func)(), void (*free_func)(void *), int ex_tag, int ex_class)
-                    int ex_class)
        {
-        ASN1_const_CTX c;
+        ASN1_CTX c;
        STACK *ret=NULL;
        if ((a == NULL) || ((*a) == NULL))
@@ -211,9 +210,7 @@ STACK *d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length,
                char *s;
                if (M_ASN1_D2I_end_sequence()) break;
-                /* XXX: This was called with 4 arguments, incorrectly, it seems
+                if ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL)
-                   if ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL) */
-                if ((s=d2i(NULL,&c.p,c.slen)) == NULL)
                        {
                        ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_ERROR_PARSING_SET_ELEMENT);
                        asn1_add_error(*pp,(int)(c.q- *pp));
diff --git a/src/lib/libcrypto/asn1/a_sign.c b/src/lib/libcrypto/asn1/a_sign.c
index 1081950518..52ce7e3974 100644
--- a/src/lib/libcrypto/asn1/a_sign.c
+++ b/src/lib/libcrypto/asn1/a_sign.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -126,9 +126,9 @@
 #ifndef NO_ASN1_OLD
-int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
+int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
-              ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
+             ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
-              const EVP_MD *type)
+             const EVP_MD *type)
        {
        EVP_MD_CTX ctx;
        unsigned char *p,*buf_in=NULL,*buf_out=NULL;
@@ -229,11 +229,10 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
                else
                        a=algor2;
                if (a == NULL) continue;
-                if (type->pkey_type == NID_dsaWithSHA1 ||
+                if (type->pkey_type == NID_dsaWithSHA1)
-                        type->pkey_type == NID_ecdsa_with_SHA1)
                        {
-                        /* special case: RFC 3279 tells us to omit 'parameters'
+                        /* special case: RFC 2459 tells us to omit 'parameters'
-                         * with id-dsa-with-sha1 and ecdsa-with-SHA1 */
+                         * with id-dsa-with-sha1 */
                        ASN1_TYPE_free(a->parameter);
                        a->parameter = NULL;
                        }
@@ -248,12 +247,12 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
                a->algorithm=OBJ_nid2obj(type->pkey_type);
                if (a->algorithm == NULL)
                        {
-                        ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
+                        ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
                        goto err;
                        }
                if (a->algorithm->length == 0)
                        {
-                        ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+                        ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
                        goto err;
                        }
                }
@@ -263,7 +262,7 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
        if ((buf_in == NULL) || (buf_out == NULL))
                {
                outl=0;
-                ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE);
                goto err;
                }
@@ -273,7 +272,7 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
                        (unsigned int *)&outl,pkey))
                {
                outl=0;
-                ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB);
+                ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
                goto err;
                }
        if (signature->data != NULL) OPENSSL_free(signature->data);
diff --git a/src/lib/libcrypto/asn1/a_strex.c b/src/lib/libcrypto/asn1/a_strex.c
index c2dbb6f9a5..a07122ba47 100644
--- a/src/lib/libcrypto/asn1/a_strex.c
+++ b/src/lib/libcrypto/asn1/a_strex.c
@@ -3,7 +3,7 @@
 * project 2000.
 */
 /* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -58,12 +58,12 @@
 #include <stdio.h>
 #include <string.h>
-#include "cryptlib.h"
 #include <openssl/crypto.h>
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
 #include "charmap.h"
+#include "cryptlib.h"
 /* ASN1_STRING_print_ex() and X509_NAME_print_ex().
 * Enhanced string and name printing routines handling
@@ -170,7 +170,7 @@ static int do_buf(unsigned char *buf, int buflen,
        q = buf + buflen;
        outlen = 0;
        while(p != q) {
-                if(p == buf && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_FIRST_ESC_2253;
+                if(p == buf) orflags = CHARTYPE_FIRST_ESC_2253;
                else orflags = 0;
                switch(type & BUF_TYPE_WIDTH_MASK) {
                        case 4:
@@ -194,10 +194,8 @@ static int do_buf(unsigned char *buf, int buflen,
                        if(i < 0) return -1;    /* Invalid UTF8String */
                        p += i;
                        break;
-                        default:
-                        return -1;      /* invalid width */
                }
-                if (p == q && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_LAST_ESC_2253;
+                if (p == q) orflags = CHARTYPE_LAST_ESC_2253;
                if(type & BUF_TYPE_CONVUTF8) {
                        unsigned char utfbuf[6];
                        int utflen;
@@ -225,7 +223,7 @@ static int do_buf(unsigned char *buf, int buflen,
 static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen)
 {
-        static const char hexdig[] = "0123456789ABCDEF";
+        const static char hexdig[] = "0123456789ABCDEF";
        unsigned char *p, *q;
        char hextmp[2];
        if(arg) {
@@ -281,7 +279,7 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING
 * otherwise it is the number of bytes per character
 */
-static const signed char tag2nbyte[] = {
+const static signed char tag2nbyte[] = {
        -1, -1, -1, -1, -1,     /* 0-4 */
        -1, -1, -1, -1, -1,     /* 5-9 */
        -1, -1, 0, -1,          /* 10-13 */
@@ -358,13 +356,12 @@ static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ASN1_STR
        }
        len = do_buf(str->data, str->length, type, flags, &quotes, io_ch, NULL);
-        if(len < 0) return -1;
+        if(outlen < 0) return -1;
        outlen += len;
        if(quotes) outlen += 2;
        if(!arg) return outlen;
        if(quotes && !io_ch(arg, "\"", 1)) return -1;
-        if(do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0)
+        do_buf(str->data, str->length, type, flags, NULL, io_ch, arg);
-                return -1;
        if(quotes && !io_ch(arg, "\"", 1)) return -1;
        return outlen;
 }
@@ -516,7 +513,7 @@ int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags)
        return do_name_ex(send_bio_chars, out, nm, indent, flags);
 }
-#ifndef OPENSSL_NO_FP_API
 int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags)
 {
        if(flags == XN_FLAG_COMPAT)
@@ -531,19 +528,17 @@ int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long fla
                }
        return do_name_ex(send_fp_chars, fp, nm, indent, flags);
 }
-#endif
 int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags)
 {
        return do_print_ex(send_bio_chars, out, flags, str);
 }
-#ifndef OPENSSL_NO_FP_API
 int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags)
 {
        return do_print_ex(send_fp_chars, fp, flags, str);
 }
-#endif
 /* Utility function: convert any string type to UTF8, returns number of bytes
 * in output string or a negative error code
@@ -558,7 +553,12 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
        if((type < 0) || (type > 30)) return -1;
        mbflag = tag2nbyte[type];
        if(mbflag == -1) return -1;
-        mbflag |= MBSTRING_FLAG;
+        if (mbflag == 0)
+                mbflag = MBSTRING_UTF8;
+        else if (mbflag == 4)
+                mbflag = MBSTRING_UNIV;
+        else            
+                mbflag |= MBSTRING_FLAG;
        stmp.data = NULL;
        ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
        if(ret < 0) return ret;
diff --git a/src/lib/libcrypto/asn1/a_type.c b/src/lib/libcrypto/asn1/a_type.c
index 36beceacdb..2292d49b93 100644
--- a/src/lib/libcrypto/asn1/a_type.c
+++ b/src/lib/libcrypto/asn1/a_type.c
@@ -57,9 +57,8 @@
 */
 #include <stdio.h>
-#include "cryptlib.h"
 #include <openssl/asn1t.h>
-#include <openssl/objects.h>
+#include "cryptlib.h"
 int ASN1_TYPE_get(ASN1_TYPE *a)
        {
@@ -80,31 +79,6 @@ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
        a->value.ptr=value;
        }
-int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
-        {
-        if (!value || (type == V_ASN1_BOOLEAN))
-                {
-                void *p = (void *)value;
-                ASN1_TYPE_set(a, type, p);
-                }
-        else if (type == V_ASN1_OBJECT)
-                {
-                ASN1_OBJECT *odup;
-                odup = OBJ_dup(value);
-                if (!odup)
-                        return 0;
-                ASN1_TYPE_set(a, type, odup);
-                }
-        else
-                {
-                ASN1_STRING *sdup;
-                sdup = ASN1_STRING_dup((ASN1_STRING *)value);
-                if (!sdup)
-                        return 0;
-                ASN1_TYPE_set(a, type, sdup);
-                }
-        return 1;
-        }
 IMPLEMENT_STACK_OF(ASN1_TYPE)
 IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
diff --git a/src/lib/libcrypto/asn1/a_utctm.c b/src/lib/libcrypto/asn1/a_utctm.c
new file mode 100644
index 0000000000..7b25fed331
--- /dev/null
+++ b/src/lib/libcrypto/asn1/a_utctm.c
@@ -0,0 +1,303 @@
+/* crypto/asn1/a_utctm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "o_time.h"
+#include <openssl/asn1.h>
+#if 0
+int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp)
+        {
+#ifndef CHARSET_EBCDIC
+        return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+                V_ASN1_UTCTIME,V_ASN1_UNIVERSAL));
+#else
+        /* KLUDGE! We convert to ascii before writing DER */
+        int len;
+        char tmp[24];
+        ASN1_STRING x = *(ASN1_STRING *)a;
+        len = x.length;
+        ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len);
+        x.data = tmp;
+        return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME,V_ASN1_UNIVERSAL);
+#endif
+        }
+ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, unsigned char **pp,
+             long length)
+        {
+        ASN1_UTCTIME *ret=NULL;
+        ret=(ASN1_UTCTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length,
+                V_ASN1_UTCTIME,V_ASN1_UNIVERSAL);
+        if (ret == NULL)
+                {
+                ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ERR_R_NESTED_ASN1_ERROR);
+                return(NULL);
+                }
+#ifdef CHARSET_EBCDIC
+        ascii2ebcdic(ret->data, ret->data, ret->length);
+#endif
+        if (!ASN1_UTCTIME_check(ret))
+                {
+                ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ASN1_R_INVALID_TIME_FORMAT);
+                goto err;
+                }
+        return(ret);
+err:
+        if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+                M_ASN1_UTCTIME_free(ret);
+        return(NULL);
+        }
+#endif
+int ASN1_UTCTIME_check(ASN1_UTCTIME *d)
+        {
+        static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
+        static int max[8]={99,12,31,23,59,59,12,59};
+        char *a;
+        int n,i,l,o;
+        if (d->type != V_ASN1_UTCTIME) return(0);
+        l=d->length;
+        a=(char *)d->data;
+        o=0;
+        if (l < 11) goto err;
+        for (i=0; i<6; i++)
+                {
+                if ((i == 5) && ((a[o] == 'Z') ||
+                        (a[o] == '+') || (a[o] == '-')))
+                        { i++; break; }
+                if ((a[o] < '0') || (a[o] > '9')) goto err;
+                n= a[o]-'0';
+                if (++o > l) goto err;
+                if ((a[o] < '0') || (a[o] > '9')) goto err;
+                n=(n*10)+ a[o]-'0';
+                if (++o > l) goto err;
+                if ((n < min[i]) || (n > max[i])) goto err;
+                }
+        if (a[o] == 'Z')
+                o++;
+        else if ((a[o] == '+') || (a[o] == '-'))
+                {
+                o++;
+                if (o+4 > l) goto err;
+                for (i=6; i<8; i++)
+                        {
+                        if ((a[o] < '0') || (a[o] > '9')) goto err;
+                        n= a[o]-'0';
+                        o++;
+                        if ((a[o] < '0') || (a[o] > '9')) goto err;
+                        n=(n*10)+ a[o]-'0';
+                        if ((n < min[i]) || (n > max[i])) goto err;
+                        o++;
+                        }
+                }
+        return(o == l);
+err:
+        return(0);
+        }
+int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str)
+        {
+        ASN1_UTCTIME t;
+        t.type=V_ASN1_UTCTIME;
+        t.length=strlen(str);
+        t.data=(unsigned char *)str;
+        if (ASN1_UTCTIME_check(&t))
+                {
+                if (s != NULL)
+                        {
+                        if (!ASN1_STRING_set((ASN1_STRING *)s,
+                                (unsigned char *)str,t.length))
+                                return 0;
+                        s->type = V_ASN1_UTCTIME;
+                        }
+                return(1);
+                }
+        else
+                return(0);
+        }
+ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
+        {
+        char *p;
+        struct tm *ts;
+        struct tm data;
+        size_t len = 20;
+        if (s == NULL)
+                s=M_ASN1_UTCTIME_new();
+        if (s == NULL)
+                return(NULL);
+        ts=OPENSSL_gmtime(&t, &data);
+        if (ts == NULL)
+                return(NULL);
+        p=(char *)s->data;
+        if ((p == NULL) || ((size_t)s->length < len))
+                {
+                p=OPENSSL_malloc(len);
+                if (p == NULL)
+                        {
+                        ASN1err(ASN1_F_ASN1_UTCTIME_SET,ERR_R_MALLOC_FAILURE);
+                        return(NULL);
+                        }
+                if (s->data != NULL)
+                        OPENSSL_free(s->data);
+                s->data=(unsigned char *)p;
+                }
+        BIO_snprintf(p,len,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,
+                     ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
+        s->length=strlen(p);
+        s->type=V_ASN1_UTCTIME;
+#ifdef CHARSET_EBCDIC_not
+        ebcdic2ascii(s->data, s->data, s->length);
+#endif
+        return(s);
+        }
+int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
+        {
+        struct tm *tm;
+        struct tm data;
+        int offset;
+        int year;
+#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
+        if (s->data[12] == 'Z')
+                offset=0;
+        else
+                {
+                offset = g2(s->data+13)*60+g2(s->data+15);
+                if (s->data[12] == '-')
+                        offset = -offset;
+                }
+        t -= offset*60; /* FIXME: may overflow in extreme cases */
+        tm = OPENSSL_gmtime(&t, &data);
+        
+#define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
+        year = g2(s->data);
+        if (year < 50)
+                year += 100;
+        return_cmp(year,              tm->tm_year);
+        return_cmp(g2(s->data+2) - 1, tm->tm_mon);
+        return_cmp(g2(s->data+4),     tm->tm_mday);
+        return_cmp(g2(s->data+6),     tm->tm_hour);
+        return_cmp(g2(s->data+8),     tm->tm_min);
+        return_cmp(g2(s->data+10),    tm->tm_sec);
+#undef g2
+#undef return_cmp
+        return 0;
+        }
+#if 0
+time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
+        {
+        struct tm tm;
+        int offset;
+        memset(&tm,'\0',sizeof tm);
+#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
+        tm.tm_year=g2(s->data);
+        if(tm.tm_year < 50)
+                tm.tm_year+=100;
+        tm.tm_mon=g2(s->data+2)-1;
+        tm.tm_mday=g2(s->data+4);
+        tm.tm_hour=g2(s->data+6);
+        tm.tm_min=g2(s->data+8);
+        tm.tm_sec=g2(s->data+10);
+        if(s->data[12] == 'Z')
+                offset=0;
+        else
+                {
+                offset=g2(s->data+13)*60+g2(s->data+15);
+                if(s->data[12] == '-')
+                        offset= -offset;
+                }
+#undef g2
+        return mktime(&tm)-offset*60; /* FIXME: mktime assumes the current timezone
+                                       * instead of UTC, and unless we rewrite OpenSSL
+                                       * in Lisp we cannot locally change the timezone
+                                       * without possibly interfering with other parts
+                                       * of the program. timegm, which uses UTC, is
+                                       * non-standard.
+                                       * Also time_t is inappropriate for general
+                                       * UTC times because it may a 32 bit type. */
+        }
+#endif
diff --git a/src/lib/libcrypto/asn1/a_verify.c b/src/lib/libcrypto/asn1/a_verify.c
index fdce6e4380..18ef0acf00 100644
--- a/src/lib/libcrypto/asn1/a_verify.c
+++ b/src/lib/libcrypto/asn1/a_verify.c
@@ -73,8 +73,8 @@
 #ifndef NO_ASN1_OLD
-int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
+int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
-                char *data, EVP_PKEY *pkey)
+             char *data, EVP_PKEY *pkey)
        {
        EVP_MD_CTX ctx;
        const EVP_MD *type;
@@ -138,13 +138,13 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
        type=EVP_get_digestbyname(OBJ_nid2sn(i));
        if (type == NULL)
                {
-                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+                ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
                goto err;
                }
        if (!EVP_VerifyInit_ex(&ctx,type, NULL))
                {
-                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
+                ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
                ret=0;
                goto err;
                }
@@ -153,7 +153,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
        
        if (buf_in == NULL)
                {
-                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
                goto err;
                }
@@ -165,7 +165,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
        if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
                        (unsigned int)signature->length,pkey) <= 0)
                {
-                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
+                ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
                ret=0;
                goto err;
                }
diff --git a/src/lib/libcrypto/asn1/asn1.h b/src/lib/libcrypto/asn1/asn1.h
index 424cd348bb..0184b475a7 100644
--- a/src/lib/libcrypto/asn1/asn1.h
+++ b/src/lib/libcrypto/asn1/asn1.h
@@ -60,19 +60,17 @@
 #define HEADER_ASN1_H
 #include <time.h>
-#include <openssl/e_os2.h>
 #ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
+#include <openssl/e_os2.h>
+#include <openssl/bn.h>
 #include <openssl/stack.h>
 #include <openssl/safestack.h>
 #include <openssl/symhacks.h>
 #include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#endif
 #ifdef OPENSSL_BUILD_SHLIBCRYPTO
 # undef OPENSSL_EXTERN
@@ -149,29 +147,19 @@ extern "C" {
 #define B_ASN1_UTF8STRING       0x2000
 #define B_ASN1_UTCTIME          0x4000
 #define B_ASN1_GENERALIZEDTIME  0x8000
-#define B_ASN1_SEQUENCE         0x10000
 /* For use with ASN1_mbstring_copy() */
 #define MBSTRING_FLAG           0x1000
-#define MBSTRING_UTF8           (MBSTRING_FLAG)
 #define MBSTRING_ASC            (MBSTRING_FLAG|1)
 #define MBSTRING_BMP            (MBSTRING_FLAG|2)
-#define MBSTRING_UNIV           (MBSTRING_FLAG|4)
+#define MBSTRING_UNIV           (MBSTRING_FLAG|3)
+#define MBSTRING_UTF8           (MBSTRING_FLAG|4)
-#define SMIME_OLDMIME           0x400
-#define SMIME_CRLFEOL           0x800
-#define SMIME_STREAM            0x1000
 struct X509_algor_st;
-DECLARE_STACK_OF(X509_ALGOR)
 #define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */
 #define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */
-/* We MUST make sure that, except for constness, asn1_ctx_st and
-   asn1_const_ctx are exactly the same.  Fortunately, as soon as
-   the old ASN1 parsing macros are gone, we can throw this away
-   as well... */
 typedef struct asn1_ctx_st
        {
        unsigned char *p;/* work char pointer */
@@ -187,21 +175,6 @@ typedef struct asn1_ctx_st
        int line;       /* used in error processing */
        } ASN1_CTX;
-typedef struct asn1_const_ctx_st
-        {
-        const unsigned char *p;/* work char pointer */
-        int eos;        /* end of sequence read for indefinite encoding */
-        int error;      /* error code to use when returning an error */
-        int inf;        /* constructed if 0x20, indefinite is 0x21 */
-        int tag;        /* tag from last 'get object' */
-        int xclass;     /* class from last 'get object' */
-        long slen;      /* length of last 'get object' */
-        const unsigned char *max; /* largest value of p allowed */
-        const unsigned char *q;/* temporary variable */
-        const unsigned char **pp;/* variable */
-        int line;       /* used in error processing */
-        } ASN1_const_CTX;
 /* These are used internally in the ASN1_OBJECT to keep track of
 * whether the names and data need to be free()ed */
 #define ASN1_OBJECT_FLAG_DYNAMIC         0x01   /* internal use */
@@ -218,18 +191,6 @@ typedef struct asn1_object_st
        } ASN1_OBJECT;
 #define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
-/* This indicates that the ASN1_STRING is not a real value but just a place
- * holder for the location where indefinite length constructed data should
- * be inserted in the memory buffer 
- */
-#define ASN1_STRING_FLAG_NDEF 0x010 
-/* This flag is used by the CMS code to indicate that a string is not
- * complete and is a place holder for content when it had all been 
- * accessed. The flag will be reset when content has been written to it.
- */
-#define ASN1_STRING_FLAG_CONT 0x020 
 /* This is the base type that holds just about everything :-) */
 typedef struct asn1_string_st
        {
@@ -298,19 +259,18 @@ typedef struct ASN1_VALUE_st ASN1_VALUE;
 #define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)
-#define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \
-        DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type)
 #define DECLARE_ASN1_FUNCTIONS_name(type, name) \
-        DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
+        type *name##_new(void); \
+        void name##_free(type *a); \
        DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name)
 #define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \
-        DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
+        type *name##_new(void); \
+        void name##_free(type *a); \
        DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name)
 #define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \
-        type *d2i_##name(type **a, const unsigned char **in, long len); \
+        type *d2i_##name(type **a, unsigned char **in, long len); \
        int i2d_##name(type *a, unsigned char **out); \
        DECLARE_ASN1_ITEM(itname)
@@ -319,37 +279,10 @@ typedef struct ASN1_VALUE_st ASN1_VALUE;
        int i2d_##name(const type *a, unsigned char **out); \
        DECLARE_ASN1_ITEM(name)
-#define DECLARE_ASN1_NDEF_FUNCTION(name) \
-        int i2d_##name##_NDEF(name *a, unsigned char **out);
 #define DECLARE_ASN1_FUNCTIONS_const(name) \
-        DECLARE_ASN1_ALLOC_FUNCTIONS(name) \
+        name *name##_new(void); \
-        DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name)
+        void name##_free(name *a);
-#define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
-        type *name##_new(void); \
-        void name##_free(type *a);
-#define D2I_OF(type) type *(*)(type **,const unsigned char **,long)
-#define I2D_OF(type) int (*)(type *,unsigned char **)
-#define I2D_OF_const(type) int (*)(const type *,unsigned char **)
-#define CHECKED_D2I_OF(type, d2i) \
-    ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0)))
-#define CHECKED_I2D_OF(type, i2d) \
-    ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0)))
-#define CHECKED_NEW_OF(type, xnew) \
-    ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0)))
-#define CHECKED_PTR_OF(type, p) \
-    ((void*) (1 ? p : (type*)0))
-#define CHECKED_PPTR_OF(type, p) \
-    ((void**) (1 ? p : (type**)0))
-#define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long)
-#define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **)
-#define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type)
-TYPEDEF_D2I2D_OF(void);
 /* The following macros and typedefs allow an ASN1_ITEM
 * to be embedded in a structure and referenced. Since
@@ -534,7 +467,6 @@ typedef struct asn1_type_st
                 * contain the set or sequence bytes */
                ASN1_STRING *           set;
                ASN1_STRING *           sequence;
-                ASN1_VALUE  *           asn1_value;
                } value;
        } ASN1_TYPE;
@@ -543,17 +475,17 @@ DECLARE_ASN1_SET_OF(ASN1_TYPE)
 typedef struct asn1_method_st
        {
-        i2d_of_void *i2d;
+        int (*i2d)();
-        d2i_of_void *d2i;
+        char *(*d2i)();
-        void *(*create)(void);
+        char *(*create)();
-        void (*destroy)(void *);
+        void (*destroy)();
        } ASN1_METHOD;
 /* This is used when parsing some Netscape objects */
 typedef struct asn1_header_st
        {
        ASN1_OCTET_STRING *header;
-        void *data;
+        char *data;
        ASN1_METHOD *meth;
        } ASN1_HEADER;
@@ -619,7 +551,6 @@ typedef struct BIT_STRING_BITNAME_st {
                        B_ASN1_UNIVERSALSTRING|\
                        B_ASN1_BMPSTRING|\
                        B_ASN1_UTF8STRING|\
-                        B_ASN1_SEQUENCE|\
                        B_ASN1_UNKNOWN
 #define B_ASN1_DIRECTORYSTRING \
@@ -765,14 +696,13 @@ DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
 int ASN1_TYPE_get(ASN1_TYPE *a);
 void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
-int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
 ASN1_OBJECT *   ASN1_OBJECT_new(void );
 void            ASN1_OBJECT_free(ASN1_OBJECT *a);
 int             i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp);
-ASN1_OBJECT *   c2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp,
+ASN1_OBJECT *   c2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
                        long length);
-ASN1_OBJECT *   d2i_ASN1_OBJECT(ASN1_OBJECT **a,const unsigned char **pp,
+ASN1_OBJECT *   d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
                        long length);
 DECLARE_ASN1_ITEM(ASN1_OBJECT)
@@ -788,7 +718,6 @@ int 		ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
  /* Since this is used to store all sorts of things, via macros, for now, make
     its data void * */
 int             ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
-void            ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
 int ASN1_STRING_length(ASN1_STRING *x);
 void ASN1_STRING_length_set(ASN1_STRING *x, int n);
 int ASN1_STRING_type(ASN1_STRING *x);
@@ -796,7 +725,7 @@ unsigned char * ASN1_STRING_data(ASN1_STRING *x);
 DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
 int             i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
-ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,const unsigned char **pp,
+ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp,
                        long length);
 int             ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,
                        int length );
@@ -812,13 +741,13 @@ int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
                                BIT_STRING_BITNAME *tbl);
 int             i2d_ASN1_BOOLEAN(int a,unsigned char **pp);
-int             d2i_ASN1_BOOLEAN(int *a,const unsigned char **pp,long length);
+int             d2i_ASN1_BOOLEAN(int *a,unsigned char **pp,long length);
 DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)
 int             i2c_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
-ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,const unsigned char **pp,
+ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
                        long length);
-ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,const unsigned char **pp,
+ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,unsigned char **pp,
                        long length);
 ASN1_INTEGER *  ASN1_INTEGER_dup(ASN1_INTEGER *x);
 int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y);
@@ -827,7 +756,7 @@ DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)
 int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
 ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
-int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
+int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str); 
 int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
 #if 0
 time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
@@ -835,12 +764,12 @@ time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
 int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
-int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str);
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str); 
 DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
 ASN1_OCTET_STRING *     ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a);
 int     ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b);
-int     ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, int len);
+int     ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, unsigned char *data, int len);
 DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
 DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
@@ -863,17 +792,15 @@ DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME)
 DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
 DECLARE_ASN1_FUNCTIONS(ASN1_TIME)
-DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF)
 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
 int ASN1_TIME_check(ASN1_TIME *t);
 ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
-int i2d_ASN1_SET(STACK *a, unsigned char **pp,
+int             i2d_ASN1_SET(STACK *a, unsigned char **pp,
-                 i2d_of_void *i2d, int ex_tag, int ex_class, int is_set);
+                        int (*func)(), int ex_tag, int ex_class, int is_set);
-STACK * d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length,
+STACK *         d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
-                     d2i_of_void *d2i, void (*free_func)(void *),
+                        char *(*func)(), void (*free_func)(void *),
-                     int ex_tag, int ex_class);
+                        int ex_tag, int ex_class);
 #ifndef OPENSSL_NO_BIO
 int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
@@ -905,70 +832,33 @@ BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai,BIGNUM *bn);
 int ASN1_PRINTABLE_type(const unsigned char *s, int max);
 int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass);
-ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
+ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp,
        long length, int Ptag, int Pclass);
 unsigned long ASN1_tag2bit(int tag);
 /* type is one or more of the B_ASN1_ values. */
-ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,const unsigned char **pp,
+ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,unsigned char **pp,
                long length,int type);
 /* PARSING */
 int asn1_Finish(ASN1_CTX *c);
-int asn1_const_Finish(ASN1_const_CTX *c);
 /* SPECIALS */
-int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
+int ASN1_get_object(unsigned char **pp, long *plength, int *ptag,
        int *pclass, long omax);
 int ASN1_check_infinite_end(unsigned char **p,long len);
-int ASN1_const_check_infinite_end(const unsigned char **p,long len);
 void ASN1_put_object(unsigned char **pp, int constructed, int length,
        int tag, int xclass);
-int ASN1_put_eoc(unsigned char **pp);
 int ASN1_object_size(int constructed, int length, int tag);
 /* Used to implement other functions */
-void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x);
+char *ASN1_dup(int (*i2d)(),char *(*d2i)(),char *x);
-#define ASN1_dup_of(type,i2d,d2i,x) \
-    ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \
-                     CHECKED_D2I_OF(type, d2i), \
-                     CHECKED_PTR_OF(type, x)))
-#define ASN1_dup_of_const(type,i2d,d2i,x) \
-    ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \
-                     CHECKED_D2I_OF(type, d2i), \
-                     CHECKED_PTR_OF(const type, x)))
 void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
-/* ASN1 alloc/free macros for when a type is only used internally */
-#define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type))
-#define M_ASN1_free_of(x, type) \
-                ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type))
 #ifndef OPENSSL_NO_FP_API
-void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x);
+char *ASN1_d2i_fp(char *(*xnew)(),char *(*d2i)(),FILE *fp,unsigned char **x);
-#define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \
-    ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \
-                        CHECKED_D2I_OF(type, d2i), \
-                        in, \
-                        CHECKED_PPTR_OF(type, x)))
 void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
-int ASN1_i2d_fp(i2d_of_void *i2d,FILE *out,void *x);
+int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x);
-#define ASN1_i2d_fp_of(type,i2d,out,x) \
-    (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \
-                 out, \
-                 CHECKED_PTR_OF(type, x)))
-#define ASN1_i2d_fp_of_const(type,i2d,out,x) \
-    (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \
-                 out, \
-                 CHECKED_PTR_OF(const type, x)))
 int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);
 int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
 #endif
@@ -976,41 +866,23 @@ int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
 int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
 #ifndef OPENSSL_NO_BIO
-void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x);
+char *ASN1_d2i_bio(char *(*xnew)(),char *(*d2i)(),BIO *bp,unsigned char **x);
-#define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \
-    ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \
-                          CHECKED_D2I_OF(type, d2i), \
-                          in, \
-                          CHECKED_PPTR_OF(type, x)))
 void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);
-int ASN1_i2d_bio(i2d_of_void *i2d,BIO *out, unsigned char *x);
+int ASN1_i2d_bio(int (*i2d)(),BIO *out,unsigned char *x);
-#define ASN1_i2d_bio_of(type,i2d,out,x) \
-    (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \
-                  out, \
-                  CHECKED_PTR_OF(type, x)))
-#define ASN1_i2d_bio_of_const(type,i2d,out,x) \
-    (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \
-                  out, \
-                  CHECKED_PTR_OF(const type, x)))
 int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
 int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
 int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a);
 int ASN1_TIME_print(BIO *fp,ASN1_TIME *a);
 int ASN1_STRING_print(BIO *bp,ASN1_STRING *v);
 int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
-int ASN1_parse(BIO *bp,const unsigned char *pp,long len,int indent);
+int ASN1_parse(BIO *bp,unsigned char *pp,long len,int indent);
-int ASN1_parse_dump(BIO *bp,const unsigned char *pp,long len,int indent,int dump);
+int ASN1_parse_dump(BIO *bp,unsigned char *pp,long len,int indent,int dump);
 #endif
 const char *ASN1_tag2str(int tag);
 /* Used to load and write netscape format cert/key */
 int i2d_ASN1_HEADER(ASN1_HEADER *a,unsigned char **pp);
-ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a,const unsigned char **pp, long length);
+ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a,unsigned char **pp, long length);
 ASN1_HEADER *ASN1_HEADER_new(void );
 void ASN1_HEADER_free(ASN1_HEADER *a);
@@ -1031,20 +903,13 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
 int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
        unsigned char *data, int max_len);
-STACK *ASN1_seq_unpack(const unsigned char *buf, int len,
+STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
-                       d2i_of_void *d2i, void (*free_func)(void *));
+                                                 void (*free_func)(void *) ); 
-unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d,
+unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
-                             unsigned char **buf, int *len );
+                             int *len );
-void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i);
+void *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)());
 void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
-ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d,
+ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_OCTET_STRING **oct);
-                              ASN1_OCTET_STRING **oct);
-#define ASN1_pack_string_of(type,obj,i2d,oct) \
-    (ASN1_pack_string(CHECKED_PTR_OF(type, obj), \
-                      CHECKED_I2D_OF(type, i2d), \
-                      oct))
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct);
 void ASN1_STRING_set_default_mask(unsigned long mask);
@@ -1067,25 +932,11 @@ void ASN1_STRING_TABLE_cleanup(void);
 /* Old API compatible functions */
 ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
 void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
-ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it);
+ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it);
 int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
-int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
 void ASN1_add_oid_module(void);
-ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
-ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
-typedef int asn1_output_data_fn(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
-                                        const ASN1_ITEM *it);
-int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
-                                int ctype_nid, int econt_nid,
-                                STACK_OF(X509_ALGOR) *mdalgs,
-                                asn1_output_data_fn *data_fn,
-                                const ASN1_ITEM *it);
-ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it);
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
@@ -1099,70 +950,49 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_A2I_ASN1_ENUMERATED                       101
 #define ASN1_F_A2I_ASN1_INTEGER                          102
 #define ASN1_F_A2I_ASN1_STRING                           103
-#define ASN1_F_APPEND_EXP                                176
+#define ASN1_F_ASN1_BIT_STRING_SET_BIT                   176
-#define ASN1_F_ASN1_BIT_STRING_SET_BIT                   183
-#define ASN1_F_ASN1_CB                                   177
 #define ASN1_F_ASN1_CHECK_TLEN                           104
 #define ASN1_F_ASN1_COLLATE_PRIMITIVE                    105
 #define ASN1_F_ASN1_COLLECT                              106
+#define ASN1_F_ASN1_D2I_BIO                              107
 #define ASN1_F_ASN1_D2I_EX_PRIMITIVE                     108
 #define ASN1_F_ASN1_D2I_FP                               109
-#define ASN1_F_ASN1_D2I_READ_BIO                         107
+#define ASN1_F_ASN1_DIGEST                               177
-#define ASN1_F_ASN1_DIGEST                               184
 #define ASN1_F_ASN1_DO_ADB                               110
 #define ASN1_F_ASN1_DUP                                  111
 #define ASN1_F_ASN1_ENUMERATED_SET                       112
 #define ASN1_F_ASN1_ENUMERATED_TO_BN                     113
-#define ASN1_F_ASN1_EX_C2I                               204
+#define ASN1_F_ASN1_FIND_END                             182
-#define ASN1_F_ASN1_FIND_END                             190
+#define ASN1_F_ASN1_GENERALIZEDTIME_SET                  178
-#define ASN1_F_ASN1_GENERALIZEDTIME_SET                  185
-#define ASN1_F_ASN1_GENERATE_V3                          178
 #define ASN1_F_ASN1_GET_OBJECT                           114
 #define ASN1_F_ASN1_HEADER_NEW                           115
 #define ASN1_F_ASN1_I2D_BIO                              116
 #define ASN1_F_ASN1_I2D_FP                               117
 #define ASN1_F_ASN1_INTEGER_SET                          118
 #define ASN1_F_ASN1_INTEGER_TO_BN                        119
-#define ASN1_F_ASN1_ITEM_D2I_FP                          206
-#define ASN1_F_ASN1_ITEM_DUP                             191
-#define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW                  121
 #define ASN1_F_ASN1_ITEM_EX_D2I                          120
-#define ASN1_F_ASN1_ITEM_I2D_BIO                         192
+#define ASN1_F_ASN1_ITEM_NEW                             121
-#define ASN1_F_ASN1_ITEM_I2D_FP                          193
+#define ASN1_F_ASN1_MBSTRING_COPY                        122
-#define ASN1_F_ASN1_ITEM_PACK                            198
-#define ASN1_F_ASN1_ITEM_SIGN                            195
-#define ASN1_F_ASN1_ITEM_UNPACK                          199
-#define ASN1_F_ASN1_ITEM_VERIFY                          197
-#define ASN1_F_ASN1_MBSTRING_NCOPY                       122
 #define ASN1_F_ASN1_OBJECT_NEW                           123
-#define ASN1_F_ASN1_OUTPUT_DATA                          207
 #define ASN1_F_ASN1_PACK_STRING                          124
-#define ASN1_F_ASN1_PCTX_NEW                             205
+#define ASN1_F_ASN1_PBE_SET                              125
-#define ASN1_F_ASN1_PKCS5_PBE_SET                        125
 #define ASN1_F_ASN1_SEQ_PACK                             126
 #define ASN1_F_ASN1_SEQ_UNPACK                           127
 #define ASN1_F_ASN1_SIGN                                 128
-#define ASN1_F_ASN1_STR2TYPE                             179
+#define ASN1_F_ASN1_STRING_SET                           179
-#define ASN1_F_ASN1_STRING_SET                           186
 #define ASN1_F_ASN1_STRING_TABLE_ADD                     129
 #define ASN1_F_ASN1_STRING_TYPE_NEW                      130
+#define ASN1_F_ASN1_TEMPLATE_D2I                         131
 #define ASN1_F_ASN1_TEMPLATE_EX_D2I                      132
 #define ASN1_F_ASN1_TEMPLATE_NEW                         133
-#define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I                   131
 #define ASN1_F_ASN1_TIME_SET                             175
 #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING             134
 #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING                 135
 #define ASN1_F_ASN1_UNPACK_STRING                        136
-#define ASN1_F_ASN1_UTCTIME_SET                          187
+#define ASN1_F_ASN1_UTCTIME_SET                          180
 #define ASN1_F_ASN1_VERIFY                               137
-#define ASN1_F_B64_READ_ASN1                             208
-#define ASN1_F_B64_WRITE_ASN1                            209
-#define ASN1_F_BITSTR_CB                                 180
 #define ASN1_F_BN_TO_ASN1_ENUMERATED                     138
 #define ASN1_F_BN_TO_ASN1_INTEGER                        139
-#define ASN1_F_C2I_ASN1_BIT_STRING                       189
-#define ASN1_F_C2I_ASN1_INTEGER                          194
-#define ASN1_F_C2I_ASN1_OBJECT                           196
 #define ASN1_F_COLLECT_DATA                              140
 #define ASN1_F_D2I_ASN1_BIT_STRING                       141
 #define ASN1_F_D2I_ASN1_BOOLEAN                          142
@@ -1179,39 +1009,29 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_D2I_NETSCAPE_RSA_2                        153
 #define ASN1_F_D2I_PRIVATEKEY                            154
 #define ASN1_F_D2I_PUBLICKEY                             155
-#define ASN1_F_D2I_RSA_NET                               200
-#define ASN1_F_D2I_RSA_NET_2                             201
 #define ASN1_F_D2I_X509                                  156
 #define ASN1_F_D2I_X509_CINF                             157
+#define ASN1_F_D2I_X509_NAME                             158
 #define ASN1_F_D2I_X509_PKEY                             159
-#define ASN1_F_I2D_ASN1_SET                              188
+#define ASN1_F_I2D_ASN1_SET                              181
 #define ASN1_F_I2D_ASN1_TIME                             160
 #define ASN1_F_I2D_DSA_PUBKEY                            161
-#define ASN1_F_I2D_EC_PUBKEY                             181
+#define ASN1_F_I2D_NETSCAPE_RSA                          162
 #define ASN1_F_I2D_PRIVATEKEY                            163
 #define ASN1_F_I2D_PUBLICKEY                             164
-#define ASN1_F_I2D_RSA_NET                               162
 #define ASN1_F_I2D_RSA_PUBKEY                            165
 #define ASN1_F_LONG_C2I                                  166
 #define ASN1_F_OID_MODULE_INIT                           174
-#define ASN1_F_PARSE_TAGGING                             182
 #define ASN1_F_PKCS5_PBE2_SET                            167
-#define ASN1_F_PKCS5_PBE_SET                             202
-#define ASN1_F_SMIME_READ_ASN1                           210
-#define ASN1_F_SMIME_TEXT                                211
 #define ASN1_F_X509_CINF_NEW                             168
 #define ASN1_F_X509_CRL_ADD0_REVOKED                     169
 #define ASN1_F_X509_INFO_NEW                             170
-#define ASN1_F_X509_NAME_ENCODE                          203
+#define ASN1_F_X509_NAME_NEW                             171
-#define ASN1_F_X509_NAME_EX_D2I                          158
-#define ASN1_F_X509_NAME_EX_NEW                          171
 #define ASN1_F_X509_NEW                                  172
 #define ASN1_F_X509_PKEY_NEW                             173
 /* Reason codes. */
 #define ASN1_R_ADDING_OBJECT                             171
-#define ASN1_R_ASN1_PARSE_ERROR                          198
-#define ASN1_R_ASN1_SIG_PARSE_ERROR                      199
 #define ASN1_R_AUX_ERROR                                 100
 #define ASN1_R_BAD_CLASS                                 101
 #define ASN1_R_BAD_OBJECT_HEADER                         102
@@ -1224,7 +1044,6 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_DATA_IS_WRONG                             109
 #define ASN1_R_DECODE_ERROR                              110
 #define ASN1_R_DECODING_ERROR                            111
-#define ASN1_R_DEPTH_EXCEEDED                            174
 #define ASN1_R_ENCODE_ERROR                              112
 #define ASN1_R_ERROR_GETTING_TIME                        173
 #define ASN1_R_ERROR_LOADING_SECTION                     172
@@ -1239,68 +1058,39 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_FIELD_MISSING                             121
 #define ASN1_R_FIRST_NUM_TOO_LARGE                       122
 #define ASN1_R_HEADER_TOO_LONG                           123
-#define ASN1_R_ILLEGAL_BITSTRING_FORMAT                  175
-#define ASN1_R_ILLEGAL_BOOLEAN                           176
 #define ASN1_R_ILLEGAL_CHARACTERS                        124
-#define ASN1_R_ILLEGAL_FORMAT                            177
-#define ASN1_R_ILLEGAL_HEX                               178
-#define ASN1_R_ILLEGAL_IMPLICIT_TAG                      179
-#define ASN1_R_ILLEGAL_INTEGER                           180
-#define ASN1_R_ILLEGAL_NESTED_TAGGING                    181
 #define ASN1_R_ILLEGAL_NULL                              125
-#define ASN1_R_ILLEGAL_NULL_VALUE                        182
-#define ASN1_R_ILLEGAL_OBJECT                            183
 #define ASN1_R_ILLEGAL_OPTIONAL_ANY                      126
 #define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE          170
 #define ASN1_R_ILLEGAL_TAGGED_ANY                        127
-#define ASN1_R_ILLEGAL_TIME_VALUE                        184
-#define ASN1_R_INTEGER_NOT_ASCII_FORMAT                  185
 #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG                128
 #define ASN1_R_INVALID_BMPSTRING_LENGTH                  129
 #define ASN1_R_INVALID_DIGIT                             130
-#define ASN1_R_INVALID_MIME_TYPE                         200
-#define ASN1_R_INVALID_MODIFIER                          186
-#define ASN1_R_INVALID_NUMBER                            187
 #define ASN1_R_INVALID_SEPARATOR                         131
 #define ASN1_R_INVALID_TIME_FORMAT                       132
 #define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH            133
 #define ASN1_R_INVALID_UTF8STRING                        134
 #define ASN1_R_IV_TOO_LARGE                              135
 #define ASN1_R_LENGTH_ERROR                              136
-#define ASN1_R_LIST_ERROR                                188
-#define ASN1_R_MIME_NO_CONTENT_TYPE                      201
-#define ASN1_R_MIME_PARSE_ERROR                          202
-#define ASN1_R_MIME_SIG_PARSE_ERROR                      203
 #define ASN1_R_MISSING_EOC                               137
 #define ASN1_R_MISSING_SECOND_NUMBER                     138
-#define ASN1_R_MISSING_VALUE                             189
 #define ASN1_R_MSTRING_NOT_UNIVERSAL                     139
 #define ASN1_R_MSTRING_WRONG_TAG                         140
-#define ASN1_R_NESTED_ASN1_STRING                        197
+#define ASN1_R_NESTED_ASN1_STRING                        174
 #define ASN1_R_NON_HEX_CHARACTERS                        141
-#define ASN1_R_NOT_ASCII_FORMAT                          190
 #define ASN1_R_NOT_ENOUGH_DATA                           142
-#define ASN1_R_NO_CONTENT_TYPE                           204
 #define ASN1_R_NO_MATCHING_CHOICE_TYPE                   143
-#define ASN1_R_NO_MULTIPART_BODY_FAILURE                 205
-#define ASN1_R_NO_MULTIPART_BOUNDARY                     206
-#define ASN1_R_NO_SIG_CONTENT_TYPE                       207
 #define ASN1_R_NULL_IS_WRONG_LENGTH                      144
-#define ASN1_R_OBJECT_NOT_ASCII_FORMAT                   191
 #define ASN1_R_ODD_NUMBER_OF_CHARS                       145
 #define ASN1_R_PRIVATE_KEY_HEADER_MISSING                146
 #define ASN1_R_SECOND_NUMBER_TOO_LARGE                   147
 #define ASN1_R_SEQUENCE_LENGTH_MISMATCH                  148
 #define ASN1_R_SEQUENCE_NOT_CONSTRUCTED                  149
-#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG              192
 #define ASN1_R_SHORT_LINE                                150
-#define ASN1_R_SIG_INVALID_MIME_TYPE                     208
-#define ASN1_R_STREAMING_NOT_SUPPORTED                   209
 #define ASN1_R_STRING_TOO_LONG                           151
 #define ASN1_R_STRING_TOO_SHORT                          152
 #define ASN1_R_TAG_VALUE_TOO_HIGH                        153
 #define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154
-#define ASN1_R_TIME_NOT_ASCII_FORMAT                     193
 #define ASN1_R_TOO_LONG                                  155
 #define ASN1_R_TYPE_NOT_CONSTRUCTED                      156
 #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY                  157
@@ -1310,13 +1100,10 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM          161
 #define ASN1_R_UNKNOWN_OBJECT_TYPE                       162
 #define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE                   163
-#define ASN1_R_UNKNOWN_TAG                               194
-#define ASN1_R_UNKOWN_FORMAT                             195
 #define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE           164
 #define ASN1_R_UNSUPPORTED_CIPHER                        165
 #define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM          166
 #define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE               167
-#define ASN1_R_UNSUPPORTED_TYPE                          196
 #define ASN1_R_WRONG_TAG                                 168
 #define ASN1_R_WRONG_TYPE                                169
diff --git a/src/lib/libcrypto/asn1/asn1_err.c b/src/lib/libcrypto/asn1/asn1_err.c
index f8a3e2e6cd..315d0a0807 100644
--- a/src/lib/libcrypto/asn1/asn1_err.c
+++ b/src/lib/libcrypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
 /* crypto/asn1/asn1_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -74,70 +74,49 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED),  "a2i_ASN1_ENUMERATED"},
 {ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER),     "a2i_ASN1_INTEGER"},
 {ERR_FUNC(ASN1_F_A2I_ASN1_STRING),      "a2i_ASN1_STRING"},
-{ERR_FUNC(ASN1_F_APPEND_EXP),   "APPEND_EXP"},
 {ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT),      "ASN1_BIT_STRING_set_bit"},
-{ERR_FUNC(ASN1_F_ASN1_CB),      "ASN1_CB"},
 {ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN),      "ASN1_CHECK_TLEN"},
 {ERR_FUNC(ASN1_F_ASN1_COLLATE_PRIMITIVE),       "ASN1_COLLATE_PRIMITIVE"},
 {ERR_FUNC(ASN1_F_ASN1_COLLECT), "ASN1_COLLECT"},
+{ERR_FUNC(ASN1_F_ASN1_D2I_BIO), "ASN1_d2i_bio"},
 {ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE),        "ASN1_D2I_EX_PRIMITIVE"},
 {ERR_FUNC(ASN1_F_ASN1_D2I_FP),  "ASN1_d2i_fp"},
-{ERR_FUNC(ASN1_F_ASN1_D2I_READ_BIO),    "ASN1_D2I_READ_BIO"},
 {ERR_FUNC(ASN1_F_ASN1_DIGEST),  "ASN1_digest"},
 {ERR_FUNC(ASN1_F_ASN1_DO_ADB),  "ASN1_DO_ADB"},
 {ERR_FUNC(ASN1_F_ASN1_DUP),     "ASN1_dup"},
 {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET),  "ASN1_ENUMERATED_set"},
 {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN),        "ASN1_ENUMERATED_to_BN"},
-{ERR_FUNC(ASN1_F_ASN1_EX_C2I),  "ASN1_EX_C2I"},
 {ERR_FUNC(ASN1_F_ASN1_FIND_END),        "ASN1_FIND_END"},
 {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET),     "ASN1_GENERALIZEDTIME_set"},
-{ERR_FUNC(ASN1_F_ASN1_GENERATE_V3),     "ASN1_generate_v3"},
 {ERR_FUNC(ASN1_F_ASN1_GET_OBJECT),      "ASN1_get_object"},
 {ERR_FUNC(ASN1_F_ASN1_HEADER_NEW),      "ASN1_HEADER_new"},
 {ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"},
 {ERR_FUNC(ASN1_F_ASN1_I2D_FP),  "ASN1_i2d_fp"},
 {ERR_FUNC(ASN1_F_ASN1_INTEGER_SET),     "ASN1_INTEGER_set"},
 {ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN),   "ASN1_INTEGER_to_BN"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP),     "ASN1_item_d2i_fp"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_DUP),        "ASN1_item_dup"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW),     "ASN1_ITEM_EX_COMBINE_NEW"},
 {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I),     "ASN1_ITEM_EX_D2I"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO),    "ASN1_item_i2d_bio"},
+{ERR_FUNC(ASN1_F_ASN1_ITEM_NEW),        "ASN1_item_new"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP),     "ASN1_item_i2d_fp"},
+{ERR_FUNC(ASN1_F_ASN1_MBSTRING_COPY),   "ASN1_mbstring_copy"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_PACK),       "ASN1_item_pack"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN),       "ASN1_item_sign"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_UNPACK),     "ASN1_item_unpack"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY),     "ASN1_item_verify"},
-{ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY),  "ASN1_mbstring_ncopy"},
 {ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW),      "ASN1_OBJECT_new"},
-{ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA),     "ASN1_OUTPUT_DATA"},
 {ERR_FUNC(ASN1_F_ASN1_PACK_STRING),     "ASN1_pack_string"},
-{ERR_FUNC(ASN1_F_ASN1_PCTX_NEW),        "ASN1_PCTX_NEW"},
+{ERR_FUNC(ASN1_F_ASN1_PBE_SET), "ASN1_PBE_SET"},
-{ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET),   "ASN1_PKCS5_PBE_SET"},
 {ERR_FUNC(ASN1_F_ASN1_SEQ_PACK),        "ASN1_seq_pack"},
 {ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK),      "ASN1_seq_unpack"},
 {ERR_FUNC(ASN1_F_ASN1_SIGN),    "ASN1_sign"},
-{ERR_FUNC(ASN1_F_ASN1_STR2TYPE),        "ASN1_STR2TYPE"},
 {ERR_FUNC(ASN1_F_ASN1_STRING_SET),      "ASN1_STRING_set"},
 {ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD),        "ASN1_STRING_TABLE_add"},
 {ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW), "ASN1_STRING_type_new"},
+{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_D2I),    "ASN1_TEMPLATE_D2I"},
 {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"},
 {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW),    "ASN1_TEMPLATE_NEW"},
-{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I),      "ASN1_TEMPLATE_NOEXP_D2I"},
 {ERR_FUNC(ASN1_F_ASN1_TIME_SET),        "ASN1_TIME_set"},
 {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING),        "ASN1_TYPE_get_int_octetstring"},
 {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING),    "ASN1_TYPE_get_octetstring"},
 {ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING),   "ASN1_unpack_string"},
 {ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET),     "ASN1_UTCTIME_set"},
 {ERR_FUNC(ASN1_F_ASN1_VERIFY),  "ASN1_verify"},
-{ERR_FUNC(ASN1_F_B64_READ_ASN1),        "B64_READ_ASN1"},
-{ERR_FUNC(ASN1_F_B64_WRITE_ASN1),       "B64_WRITE_ASN1"},
-{ERR_FUNC(ASN1_F_BITSTR_CB),    "BITSTR_CB"},
 {ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED),        "BN_to_ASN1_ENUMERATED"},
 {ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER),   "BN_to_ASN1_INTEGER"},
-{ERR_FUNC(ASN1_F_C2I_ASN1_BIT_STRING),  "c2i_ASN1_BIT_STRING"},
-{ERR_FUNC(ASN1_F_C2I_ASN1_INTEGER),     "c2i_ASN1_INTEGER"},
-{ERR_FUNC(ASN1_F_C2I_ASN1_OBJECT),      "c2i_ASN1_OBJECT"},
 {ERR_FUNC(ASN1_F_COLLECT_DATA), "COLLECT_DATA"},
 {ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING),  "D2I_ASN1_BIT_STRING"},
 {ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN),     "d2i_ASN1_BOOLEAN"},
@@ -154,32 +133,24 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2),   "D2I_NETSCAPE_RSA_2"},
 {ERR_FUNC(ASN1_F_D2I_PRIVATEKEY),       "d2i_PrivateKey"},
 {ERR_FUNC(ASN1_F_D2I_PUBLICKEY),        "d2i_PublicKey"},
-{ERR_FUNC(ASN1_F_D2I_RSA_NET),  "d2i_RSA_NET"},
-{ERR_FUNC(ASN1_F_D2I_RSA_NET_2),        "D2I_RSA_NET_2"},
 {ERR_FUNC(ASN1_F_D2I_X509),     "D2I_X509"},
 {ERR_FUNC(ASN1_F_D2I_X509_CINF),        "D2I_X509_CINF"},
+{ERR_FUNC(ASN1_F_D2I_X509_NAME),        "D2I_X509_NAME"},
 {ERR_FUNC(ASN1_F_D2I_X509_PKEY),        "d2i_X509_PKEY"},
 {ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"},
 {ERR_FUNC(ASN1_F_I2D_ASN1_TIME),        "I2D_ASN1_TIME"},
 {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY),       "i2d_DSA_PUBKEY"},
-{ERR_FUNC(ASN1_F_I2D_EC_PUBKEY),        "i2d_EC_PUBKEY"},
+{ERR_FUNC(ASN1_F_I2D_NETSCAPE_RSA),     "i2d_Netscape_RSA"},
 {ERR_FUNC(ASN1_F_I2D_PRIVATEKEY),       "i2d_PrivateKey"},
 {ERR_FUNC(ASN1_F_I2D_PUBLICKEY),        "i2d_PublicKey"},
-{ERR_FUNC(ASN1_F_I2D_RSA_NET),  "i2d_RSA_NET"},
 {ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY),       "i2d_RSA_PUBKEY"},
 {ERR_FUNC(ASN1_F_LONG_C2I),     "LONG_C2I"},
 {ERR_FUNC(ASN1_F_OID_MODULE_INIT),      "OID_MODULE_INIT"},
-{ERR_FUNC(ASN1_F_PARSE_TAGGING),        "PARSE_TAGGING"},
 {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET),       "PKCS5_pbe2_set"},
-{ERR_FUNC(ASN1_F_PKCS5_PBE_SET),        "PKCS5_pbe_set"},
-{ERR_FUNC(ASN1_F_SMIME_READ_ASN1),      "SMIME_read_ASN1"},
-{ERR_FUNC(ASN1_F_SMIME_TEXT),   "SMIME_text"},
 {ERR_FUNC(ASN1_F_X509_CINF_NEW),        "X509_CINF_NEW"},
 {ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED),        "X509_CRL_add0_revoked"},
 {ERR_FUNC(ASN1_F_X509_INFO_NEW),        "X509_INFO_new"},
-{ERR_FUNC(ASN1_F_X509_NAME_ENCODE),     "X509_NAME_ENCODE"},
+{ERR_FUNC(ASN1_F_X509_NAME_NEW),        "X509_NAME_NEW"},
-{ERR_FUNC(ASN1_F_X509_NAME_EX_D2I),     "X509_NAME_EX_D2I"},
-{ERR_FUNC(ASN1_F_X509_NAME_EX_NEW),     "X509_NAME_EX_NEW"},
 {ERR_FUNC(ASN1_F_X509_NEW),     "X509_NEW"},
 {ERR_FUNC(ASN1_F_X509_PKEY_NEW),        "X509_PKEY_new"},
 {0,NULL}
@@ -188,8 +159,6 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 static ERR_STRING_DATA ASN1_str_reasons[]=
        {
 {ERR_REASON(ASN1_R_ADDING_OBJECT)        ,"adding object"},
-{ERR_REASON(ASN1_R_ASN1_PARSE_ERROR)     ,"asn1 parse error"},
-{ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR) ,"asn1 sig parse error"},
 {ERR_REASON(ASN1_R_AUX_ERROR)            ,"aux error"},
 {ERR_REASON(ASN1_R_BAD_CLASS)            ,"bad class"},
 {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER)    ,"bad object header"},
@@ -202,7 +171,6 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_DATA_IS_WRONG)        ,"data is wrong"},
 {ERR_REASON(ASN1_R_DECODE_ERROR)         ,"decode error"},
 {ERR_REASON(ASN1_R_DECODING_ERROR)       ,"decoding error"},
-{ERR_REASON(ASN1_R_DEPTH_EXCEEDED)       ,"depth exceeded"},
 {ERR_REASON(ASN1_R_ENCODE_ERROR)         ,"encode error"},
 {ERR_REASON(ASN1_R_ERROR_GETTING_TIME)   ,"error getting time"},
 {ERR_REASON(ASN1_R_ERROR_LOADING_SECTION),"error loading section"},
@@ -217,68 +185,39 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_FIELD_MISSING)        ,"field missing"},
 {ERR_REASON(ASN1_R_FIRST_NUM_TOO_LARGE)  ,"first num too large"},
 {ERR_REASON(ASN1_R_HEADER_TOO_LONG)      ,"header too long"},
-{ERR_REASON(ASN1_R_ILLEGAL_BITSTRING_FORMAT),"illegal bitstring format"},
-{ERR_REASON(ASN1_R_ILLEGAL_BOOLEAN)      ,"illegal boolean"},
 {ERR_REASON(ASN1_R_ILLEGAL_CHARACTERS)   ,"illegal characters"},
-{ERR_REASON(ASN1_R_ILLEGAL_FORMAT)       ,"illegal format"},
-{ERR_REASON(ASN1_R_ILLEGAL_HEX)          ,"illegal hex"},
-{ERR_REASON(ASN1_R_ILLEGAL_IMPLICIT_TAG) ,"illegal implicit tag"},
-{ERR_REASON(ASN1_R_ILLEGAL_INTEGER)      ,"illegal integer"},
-{ERR_REASON(ASN1_R_ILLEGAL_NESTED_TAGGING),"illegal nested tagging"},
 {ERR_REASON(ASN1_R_ILLEGAL_NULL)         ,"illegal null"},
-{ERR_REASON(ASN1_R_ILLEGAL_NULL_VALUE)   ,"illegal null value"},
-{ERR_REASON(ASN1_R_ILLEGAL_OBJECT)       ,"illegal object"},
 {ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY) ,"illegal optional any"},
 {ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE),"illegal options on item template"},
 {ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY)   ,"illegal tagged any"},
-{ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE)   ,"illegal time value"},
-{ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT),"integer not ascii format"},
 {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"},
 {ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"},
 {ERR_REASON(ASN1_R_INVALID_DIGIT)        ,"invalid digit"},
-{ERR_REASON(ASN1_R_INVALID_MIME_TYPE)    ,"invalid mime type"},
-{ERR_REASON(ASN1_R_INVALID_MODIFIER)     ,"invalid modifier"},
-{ERR_REASON(ASN1_R_INVALID_NUMBER)       ,"invalid number"},
 {ERR_REASON(ASN1_R_INVALID_SEPARATOR)    ,"invalid separator"},
 {ERR_REASON(ASN1_R_INVALID_TIME_FORMAT)  ,"invalid time format"},
 {ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"},
 {ERR_REASON(ASN1_R_INVALID_UTF8STRING)   ,"invalid utf8string"},
 {ERR_REASON(ASN1_R_IV_TOO_LARGE)         ,"iv too large"},
 {ERR_REASON(ASN1_R_LENGTH_ERROR)         ,"length error"},
-{ERR_REASON(ASN1_R_LIST_ERROR)           ,"list error"},
-{ERR_REASON(ASN1_R_MIME_NO_CONTENT_TYPE) ,"mime no content type"},
-{ERR_REASON(ASN1_R_MIME_PARSE_ERROR)     ,"mime parse error"},
-{ERR_REASON(ASN1_R_MIME_SIG_PARSE_ERROR) ,"mime sig parse error"},
 {ERR_REASON(ASN1_R_MISSING_EOC)          ,"missing eoc"},
 {ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER),"missing second number"},
-{ERR_REASON(ASN1_R_MISSING_VALUE)        ,"missing value"},
 {ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL),"mstring not universal"},
 {ERR_REASON(ASN1_R_MSTRING_WRONG_TAG)    ,"mstring wrong tag"},
 {ERR_REASON(ASN1_R_NESTED_ASN1_STRING)   ,"nested asn1 string"},
 {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS)   ,"non hex characters"},
-{ERR_REASON(ASN1_R_NOT_ASCII_FORMAT)     ,"not ascii format"},
 {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA)      ,"not enough data"},
-{ERR_REASON(ASN1_R_NO_CONTENT_TYPE)      ,"no content type"},
 {ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE),"no matching choice type"},
-{ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"},
-{ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"},
-{ERR_REASON(ASN1_R_NO_SIG_CONTENT_TYPE)  ,"no sig content type"},
 {ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH) ,"null is wrong length"},
-{ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT),"object not ascii format"},
 {ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS)  ,"odd number of chars"},
 {ERR_REASON(ASN1_R_PRIVATE_KEY_HEADER_MISSING),"private key header missing"},
 {ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE),"second number too large"},
 {ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH),"sequence length mismatch"},
 {ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED),"sequence not constructed"},
-{ERR_REASON(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG),"sequence or set needs config"},
 {ERR_REASON(ASN1_R_SHORT_LINE)           ,"short line"},
-{ERR_REASON(ASN1_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"},
-{ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED),"streaming not supported"},
 {ERR_REASON(ASN1_R_STRING_TOO_LONG)      ,"string too long"},
 {ERR_REASON(ASN1_R_STRING_TOO_SHORT)     ,"string too short"},
 {ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH)   ,"tag value too high"},
 {ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
-{ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT),"time not ascii format"},
 {ERR_REASON(ASN1_R_TOO_LONG)             ,"too long"},
 {ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) ,"type not constructed"},
 {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
@@ -288,13 +227,10 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},
 {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE)  ,"unknown object type"},
 {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"},
-{ERR_REASON(ASN1_R_UNKNOWN_TAG)          ,"unknown tag"},
-{ERR_REASON(ASN1_R_UNKOWN_FORMAT)        ,"unkown format"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER)   ,"unsupported cipher"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"},
 {ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),"unsupported public key type"},
-{ERR_REASON(ASN1_R_UNSUPPORTED_TYPE)     ,"unsupported type"},
 {ERR_REASON(ASN1_R_WRONG_TAG)            ,"wrong tag"},
 {ERR_REASON(ASN1_R_WRONG_TYPE)           ,"wrong type"},
 {0,NULL}
@@ -304,12 +240,15 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 void ERR_load_ASN1_strings(void)
        {
-#ifndef OPENSSL_NO_ERR
+        static int init=1;
-        if (ERR_func_error_string(ASN1_str_functs[0].error) == NULL)
+        if (init)
                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
                ERR_load_strings(0,ASN1_str_functs);
                ERR_load_strings(0,ASN1_str_reasons);
-                }
 #endif
+                }
        }
diff --git a/src/lib/libcrypto/asn1/asn1_lib.c b/src/lib/libcrypto/asn1/asn1_lib.c
index 5af559ef8d..97b9b35f4b 100644
--- a/src/lib/libcrypto/asn1/asn1_lib.c
+++ b/src/lib/libcrypto/asn1/asn1_lib.c
@@ -62,11 +62,11 @@
 #include <openssl/asn1.h>
 #include <openssl/asn1_mac.h>
-static int asn1_get_length(const unsigned char **pp,int *inf,long *rl,int max);
+static int asn1_get_length(unsigned char **pp,int *inf,long *rl,int max);
 static void asn1_put_length(unsigned char **pp, int length);
-const char ASN1_version[]="ASN.1" OPENSSL_VERSION_PTEXT;
+const char *ASN1_version="ASN.1" OPENSSL_VERSION_PTEXT;
-static int _asn1_check_infinite_end(const unsigned char **p, long len)
+int ASN1_check_infinite_end(unsigned char **p, long len)
        {
        /* If there is 0 or 1 byte left, the length check should pick
         * things up */
@@ -80,23 +80,13 @@ static int _asn1_check_infinite_end(const unsigned char **p, long len)
        return(0);
        }
-int ASN1_check_infinite_end(unsigned char **p, long len)
-        {
-        return _asn1_check_infinite_end((const unsigned char **)p, len);
-        }
-int ASN1_const_check_infinite_end(const unsigned char **p, long len)
+int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
-        {
+             long omax)
-        return _asn1_check_infinite_end(p, len);
-        }
-int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
-        int *pclass, long omax)
        {
        int i,ret;
        long l;
-        const unsigned char *p= *pp;
+        unsigned char *p= *pp;
        int tag,xclass,inf;
        long max=omax;
@@ -151,11 +141,11 @@ err:
        return(0x80);
        }
-static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, int max)
+static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
        {
-        const unsigned char *p= *pp;
+        unsigned char *p= *pp;
        unsigned long ret=0;
-        unsigned int i;
+        int i;
        if (max-- < 1) return(0);
        if (*p == 0x80)
@@ -215,22 +205,13 @@ void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
                        }
                p += ttag;
                }
-        if (constructed == 2)
+        if ((constructed == 2) && (length == 0))
-                *(p++)=0x80;
+                *(p++)=0x80; /* der_put_length would output 0 instead */
        else
                asn1_put_length(&p,length);
        *pp=p;
        }
-int ASN1_put_eoc(unsigned char **pp)
-        {
-        unsigned char *p = *pp;
-        *p++ = 0;
-        *p++ = 0;
-        *pp = p;
-        return 2;
-        }
 static void asn1_put_length(unsigned char **pp, int length)
        {
        unsigned char *p= *pp;
@@ -268,8 +249,8 @@ int ASN1_object_size(int constructed, int length, int tag)
                        ret++;
                        }
                }
-        if (constructed == 2)
+        if ((length == 0) && (constructed == 2))
-                return ret + 3;
+                ret+=2;
        ret++;
        if (length > 127)
                {
@@ -282,11 +263,11 @@ int ASN1_object_size(int constructed, int length, int tag)
        return(ret);
        }
-static int _asn1_Finish(ASN1_const_CTX *c)
+int asn1_Finish(ASN1_CTX *c)
        {
        if ((c->inf == (1|V_ASN1_CONSTRUCTED)) && (!c->eos))
                {
-                if (!ASN1_const_check_infinite_end(&c->p,c->slen))
+                if (!ASN1_check_infinite_end(&c->p,c->slen))
                        {
                        c->error=ERR_R_MISSING_ASN1_EOS;
                        return(0);
@@ -301,19 +282,9 @@ static int _asn1_Finish(ASN1_const_CTX *c)
        return(1);
        }
-int asn1_Finish(ASN1_CTX *c)
+int asn1_GetSequence(ASN1_CTX *c, long *length)
-        {
-        return _asn1_Finish((ASN1_const_CTX *)c);
-        }
-int asn1_const_Finish(ASN1_const_CTX *c)
        {
-        return _asn1_Finish(c);
+        unsigned char *q;
-        }
-int asn1_GetSequence(ASN1_const_CTX *c, long *length)
-        {
-        const unsigned char *q;
        q=c->p;
        c->inf=ASN1_get_object(&(c->p),&(c->slen),&(c->tag),&(c->xclass),
@@ -393,14 +364,6 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
        return(1);
        }
-void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len)
-        {
-        if (str->data)
-                OPENSSL_free(str->data);
-        str->data = data;
-        str->length = len;
-        }
 ASN1_STRING *ASN1_STRING_new(void)
        {
        return(ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
@@ -448,7 +411,7 @@ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)
                return(i);
        }
-void asn1_add_error(const unsigned char *address, int offset)
+void asn1_add_error(unsigned char *address, int offset)
        {
        char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
diff --git a/src/lib/libcrypto/asn1/asn1_mac.h b/src/lib/libcrypto/asn1/asn1_mac.h
index d958ca60d9..a48649ceeb 100644
--- a/src/lib/libcrypto/asn1/asn1_mac.h
+++ b/src/lib/libcrypto/asn1/asn1_mac.h
@@ -73,11 +73,11 @@ extern "C" {
        ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))
 #define M_ASN1_D2I_vars(a,type,func) \
-        ASN1_const_CTX c; \
+        ASN1_CTX c; \
        type ret=NULL; \
        \
-        c.pp=(const unsigned char **)pp; \
+        c.pp=(unsigned char **)pp; \
-        c.q= *(const unsigned char **)pp; \
+        c.q= *(unsigned char **)pp; \
        c.error=ERR_R_NESTED_ASN1_ERROR; \
        if ((a == NULL) || ((*a) == NULL)) \
                { if ((ret=(type)func()) == NULL) \
@@ -85,13 +85,13 @@ extern "C" {
        else    ret=(*a);
 #define M_ASN1_D2I_Init() \
-        c.p= *(const unsigned char **)pp; \
+        c.p= *(unsigned char **)pp; \
        c.max=(length == 0)?0:(c.p+length);
 #define M_ASN1_D2I_Finish_2(a) \
-        if (!asn1_const_Finish(&c)) \
+        if (!asn1_Finish(&c)) \
                { c.line=__LINE__; goto err; } \
-        *(const unsigned char **)pp=c.p; \
+        *(unsigned char **)pp=c.p; \
        if (a != NULL) (*a)=ret; \
        return(ret);
@@ -99,7 +99,7 @@ extern "C" {
        M_ASN1_D2I_Finish_2(a); \
 err:\
        ASN1_MAC_H_err((e),c.error,c.line); \
-        asn1_add_error(*(const unsigned char **)pp,(int)(c.q- *pp)); \
+        asn1_add_error(*(unsigned char **)pp,(int)(c.q- *pp)); \
        if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
        return(NULL)
@@ -123,22 +123,15 @@ err:\
 #define M_ASN1_D2I_end_sequence() \
        (((c.inf&1) == 0)?(c.slen <= 0): \
-                (c.eos=ASN1_const_check_infinite_end(&c.p,c.slen)))
+                (c.eos=ASN1_check_infinite_end(&c.p,c.slen)))
 /* Don't use this with d2i_ASN1_BOOLEAN() */
-#define M_ASN1_D2I_get(b, func) \
+#define M_ASN1_D2I_get(b,func) \
        c.q=c.p; \
        if (func(&(b),&c.p,c.slen) == NULL) \
                {c.line=__LINE__; goto err; } \
        c.slen-=(c.p-c.q);
-/* Don't use this with d2i_ASN1_BOOLEAN() */
-#define M_ASN1_D2I_get_x(type,b,func) \
-        c.q=c.p; \
-        if (((D2I_OF(type))func)(&(b),&c.p,c.slen) == NULL) \
-                {c.line=__LINE__; goto err; } \
-        c.slen-=(c.p-c.q);
 /* use this instead () */
 #define M_ASN1_D2I_get_int(b,func) \
        c.q=c.p; \
@@ -285,7 +278,7 @@ err:\
                        { c.line=__LINE__; goto err; } \
                if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
                        Tlen = c.slen - (c.p - c.q); \
-                        if(!ASN1_const_check_infinite_end(&c.p, Tlen)) \
+                        if(!ASN1_check_infinite_end(&c.p, Tlen)) \
                                { c.error=ERR_R_MISSING_ASN1_EOS; \
                                c.line=__LINE__; goto err; } \
                }\
@@ -360,12 +353,8 @@ err:\
                return(NULL)
-/* BIG UGLY WARNING!  This is so damn ugly I wanna puke.  Unfortunately,
+#define M_ASN1_next             (*c.p)
-   some macros that use ASN1_const_CTX still insist on writing in the input
+#define M_ASN1_next_prev        (*c.q)
-   stream.  ARGH!  ARGH!  ARGH!  Let's get rid of this macro package.
-   Please?                                              -- Richard Levitte */
-#define M_ASN1_next             (*((unsigned char *)(c.p)))
-#define M_ASN1_next_prev        (*((unsigned char *)(c.q)))
 /*************************************************/
@@ -562,8 +551,8 @@ err:\
 #define M_ASN1_I2D_finish()     *pp=p; \
                                return(r);
-int asn1_GetSequence(ASN1_const_CTX *c, long *length);
+int asn1_GetSequence(ASN1_CTX *c, long *length);
-void asn1_add_error(const unsigned char *address,int offset);
+void asn1_add_error(unsigned char *address,int offset);
 #ifdef  __cplusplus
 }
 #endif
diff --git a/src/lib/libcrypto/asn1/asn1_par.c b/src/lib/libcrypto/asn1/asn1_par.c
index 501b62a4b1..676d434f03 100644
--- a/src/lib/libcrypto/asn1/asn1_par.c
+++ b/src/lib/libcrypto/asn1/asn1_par.c
@@ -64,7 +64,7 @@
 static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed,
        int indent);
-static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
+static int asn1_parse2(BIO *bp, unsigned char **pp, long length,
        int offset, int depth, int indent, int dump);
 static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
             int indent)
@@ -88,10 +88,7 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
                BIO_snprintf(str,sizeof str,"cont [ %d ]",tag);
        else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
                BIO_snprintf(str,sizeof str,"appl [ %d ]",tag);
-        else if (tag > 30)
+        else p = ASN1_tag2str(tag);
-                BIO_snprintf(str,sizeof str,"<ASN1 %d>",tag);
-        else
-                p = ASN1_tag2str(tag);
        if (p2 != NULL)
                {
@@ -106,20 +103,20 @@ err:
        return(0);
        }
-int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent)
+int ASN1_parse(BIO *bp, unsigned char *pp, long len, int indent)
        {
        return(asn1_parse2(bp,&pp,len,0,0,indent,0));
        }
-int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int dump)
+int ASN1_parse_dump(BIO *bp, unsigned char *pp, long len, int indent, int dump)
        {
        return(asn1_parse2(bp,&pp,len,0,0,indent,dump));
        }
-static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset,
+static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
             int depth, int indent, int dump)
        {
-        const unsigned char *p,*ep,*tot,*op,*opp;
+        unsigned char *p,*ep,*tot,*op,*opp;
        long len;
        int tag,xclass,ret=0;
        int nl,hl,j,r;
@@ -218,7 +215,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse
                                {
                                if (BIO_write(bp,":",1) <= 0) goto end;
                                if ((len > 0) &&
-                                        BIO_write(bp,(const char *)p,(int)len)
+                                        BIO_write(bp,(char *)p,(int)len)
                                        != (int)len)
                                        goto end;
                                }
@@ -259,11 +256,9 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse
                                opp=op;
                                os=d2i_ASN1_OCTET_STRING(NULL,&opp,len+hl);
-                                if (os != NULL && os->length > 0)
+                                if (os != NULL)
                                        {
-                                        opp = os->data;
+                                        opp=os->data;
-                                        /* testing whether the octet string is
-                                         * printable */
                                        for (i=0; i<os->length; i++)
                                                {
                                                if ((   (opp[i] < ' ') &&
@@ -276,47 +271,28 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse
                                                        break;
                                                        }
                                                }
-                                        if (printable)
+                                        if (printable && (os->length > 0))
-                                        /* printable string */
                                                {
                                                if (BIO_write(bp,":",1) <= 0)
                                                        goto end;
-                                                if (BIO_write(bp,(const char *)opp,
+                                                if (BIO_write(bp,(char *)opp,
                                                        os->length) <= 0)
                                                        goto end;
                                                }
-                                        else if (!dump)
+                                        if (!printable && (os->length > 0)
-                                        /* not printable => print octet string
+                                                && dump)
-                                         * as hex dump */
-                                                {
-                                                if (BIO_write(bp,"[HEX DUMP]:",11) <= 0)
-                                                        goto end;
-                                                for (i=0; i<os->length; i++)
-                                                        {
-                                                        if (BIO_printf(bp,"%02X"
-                                                                , opp[i]) <= 0)
-                                                                goto end;
-                                                        }
-                                                }
-                                        else
-                                        /* print the normal dump */
                                                {
                                                if (!nl) 
                                                        {
                                                        if (BIO_write(bp,"\n",1) <= 0)
                                                                goto end;
                                                        }
-                                                if (BIO_dump_indent(bp,
+                                                if (BIO_dump_indent(bp,(char *)opp,
-                                                        (const char *)opp,
+                                                        ((dump == -1 || dump > os->length)?os->length:dump),
-                                                        ((dump == -1 || dump > 
-                                                        os->length)?os->length:dump),
                                                        dump_indent) <= 0)
                                                        goto end;
                                                nl=1;
                                                }
-                                        }
-                                if (os != NULL)
-                                        {
                                        M_ASN1_OCTET_STRING_free(os);
                                        os=NULL;
                                        }
@@ -392,7 +368,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offse
                                        if (BIO_write(bp,"\n",1) <= 0)
                                                goto end;
                                        }
-                                if (BIO_dump_indent(bp,(const char *)p,
+                                if (BIO_dump_indent(bp,(char *)p,
                                        ((dump == -1 || dump > len)?len:dump),
                                        dump_indent) <= 0)
                                        goto end;
@@ -422,7 +398,7 @@ end:
 const char *ASN1_tag2str(int tag)
 {
-        static const char *tag2str[] = {
+        const static char *tag2str[] = {
         "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", /* 0-4 */
         "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", /* 5-9 */
         "ENUMERATED", "<ASN1 11>", "UTF8STRING", "<ASN1 13>",      /* 10-13 */
diff --git a/src/lib/libcrypto/asn1/asn1t.h b/src/lib/libcrypto/asn1/asn1t.h
index bf315e65ed..ed372f8554 100644
--- a/src/lib/libcrypto/asn1/asn1t.h
+++ b/src/lib/libcrypto/asn1/asn1t.h
@@ -99,7 +99,7 @@ extern "C" {
 #define ASN1_ITEM_start(itname) \
        const ASN1_ITEM * itname##_it(void) \
        { \
-                static const ASN1_ITEM local_it = { 
+                static const ASN1_ITEM local_it = { \
 #define ASN1_ITEM_end(itname) \
                }; \
@@ -112,7 +112,7 @@ extern "C" {
 /* Macros to aid ASN1 template writing */
 #define ASN1_ITEM_TEMPLATE(tname) \
-        static const ASN1_TEMPLATE tname##_item_tt 
+        const static ASN1_TEMPLATE tname##_item_tt 
 #define ASN1_ITEM_TEMPLATE_END(tname) \
        ;\
@@ -150,7 +150,7 @@ extern "C" {
 */
 #define ASN1_SEQUENCE(tname) \
-        static const ASN1_TEMPLATE tname##_seq_tt[] 
+        const static ASN1_TEMPLATE tname##_seq_tt[] 
 #define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname)
@@ -166,40 +166,22 @@ extern "C" {
                #stname \
        ASN1_ITEM_end(tname)
-#define ASN1_NDEF_SEQUENCE(tname) \
-        ASN1_SEQUENCE(tname)
-#define ASN1_NDEF_SEQUENCE_cb(tname, cb) \
-        ASN1_SEQUENCE_cb(tname, cb)
 #define ASN1_SEQUENCE_cb(tname, cb) \
-        static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+        const static ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
        ASN1_SEQUENCE(tname)
 #define ASN1_BROKEN_SEQUENCE(tname) \
-        static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \
+        const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \
        ASN1_SEQUENCE(tname)
 #define ASN1_SEQUENCE_ref(tname, cb, lck) \
-        static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \
+        const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \
        ASN1_SEQUENCE(tname)
 #define ASN1_SEQUENCE_enc(tname, enc, cb) \
-        static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \
+        const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \
        ASN1_SEQUENCE(tname)
-#define ASN1_NDEF_SEQUENCE_END(tname) \
-        ;\
-        ASN1_ITEM_start(tname) \
-                ASN1_ITYPE_NDEF_SEQUENCE,\
-                V_ASN1_SEQUENCE,\
-                tname##_seq_tt,\
-                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
-                NULL,\
-                sizeof(tname),\
-                #tname \
-        ASN1_ITEM_end(tname)
 #define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname)
 #define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
@@ -242,10 +224,10 @@ extern "C" {
 */
 #define ASN1_CHOICE(tname) \
-        static const ASN1_TEMPLATE tname##_ch_tt[] 
+        const static ASN1_TEMPLATE tname##_ch_tt[] 
 #define ASN1_CHOICE_cb(tname, cb) \
-        static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+        const static ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
        ASN1_CHOICE(tname)
 #define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname)
@@ -371,24 +353,16 @@ extern "C" {
 #define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \
                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
-/* EXPLICIT using indefinite length constructed form */
-#define ASN1_NDEF_EXP(stname, field, type, tag) \
-                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF)
-/* EXPLICIT OPTIONAL using indefinite length constructed form */
-#define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \
-                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF)
 /* Macros for the ASN1_ADB structure */
 #define ASN1_ADB(name) \
-        static const ASN1_ADB_TABLE name##_adbtbl[] 
+        const static ASN1_ADB_TABLE name##_adbtbl[] 
 #ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
 #define ASN1_ADB_END(name, flags, field, app_table, def, none) \
        ;\
-        static const ASN1_ADB name##_adb = {\
+        const static ASN1_ADB name##_adb = {\
                flags,\
                offsetof(name, field),\
                app_table,\
@@ -402,9 +376,9 @@ extern "C" {
 #define ASN1_ADB_END(name, flags, field, app_table, def, none) \
        ;\
-        static const ASN1_ITEM *name##_adb(void) \
+        const static ASN1_ITEM *name##_adb(void) \
        { \
-        static const ASN1_ADB internal_adb = \
+        const static ASN1_ADB internal_adb = \
                {\
                flags,\
                offsetof(name, field),\
@@ -423,7 +397,7 @@ extern "C" {
 #define ADB_ENTRY(val, template) {val, template}
 #define ASN1_ADB_TEMPLATE(name) \
-        static const ASN1_TEMPLATE name##_tt 
+        const static ASN1_TEMPLATE name##_tt 
 /* This is the ASN1 template structure that defines
 * a wrapper round the actual type. It determines the
@@ -436,7 +410,7 @@ unsigned long flags;		/* Various flags */
 long tag;                       /* tag, not used if no tagging */
 unsigned long offset;           /* Offset of this field in structure */
 #ifndef NO_ASN1_FIELD_NAMES
-const char *field_name;         /* Field name */
+char *field_name;               /* Field name */
 #endif
 ASN1_ITEM_EXP *item;            /* Relevant ASN1_ITEM or ASN1_ADB */
 };
@@ -544,13 +518,6 @@ struct ASN1_ADB_TABLE_st {
 #define ASN1_TFLG_COMBINE       (0x1<<10)
-/* This flag when present in a SEQUENCE OF, SET OF
- * or EXPLICIT causes indefinite length constructed
- * encoding to be used if required.
- */
-#define ASN1_TFLG_NDEF          (0x1<<11)
 /* This is the actual ASN1 item itself */
 struct ASN1_ITEM_st {
@@ -603,25 +570,19 @@ const char *sname;		/* Structure name */
 * has a special meaning, it is used as a mask
 * of acceptable types using the B_ASN1 constants.
 *
- * NDEF_SEQUENCE is the same as SEQUENCE except
- * that it will use indefinite length constructed
- * encoding if requested.
- *
 */
-#define ASN1_ITYPE_PRIMITIVE            0x0
+#define ASN1_ITYPE_PRIMITIVE    0x0
-#define ASN1_ITYPE_SEQUENCE             0x1
-#define ASN1_ITYPE_CHOICE               0x2
+#define ASN1_ITYPE_SEQUENCE     0x1
-#define ASN1_ITYPE_COMPAT               0x3
+#define ASN1_ITYPE_CHOICE       0x2
-#define ASN1_ITYPE_EXTERN               0x4
+#define ASN1_ITYPE_COMPAT       0x3
-#define ASN1_ITYPE_MSTRING              0x5
+#define ASN1_ITYPE_EXTERN       0x4
-#define ASN1_ITYPE_NDEF_SEQUENCE        0x6
+#define ASN1_ITYPE_MSTRING      0x5
 /* Cache for ASN1 tag and length, so we
 * don't keep re-reading it for things
@@ -641,10 +602,10 @@ struct ASN1_TLC_st{
 typedef ASN1_VALUE * ASN1_new_func(void);
 typedef void ASN1_free_func(ASN1_VALUE *a);
-typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, const unsigned char ** in, long length);
+typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, unsigned char ** in, long length);
 typedef int ASN1_i2d_func(ASN1_VALUE * a, unsigned char **in);
-typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it,
+typedef int ASN1_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it,
                                        int tag, int aclass, char opt, ASN1_TLC *ctx);
 typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
@@ -652,7 +613,7 @@ typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
 typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
 typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
-typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
 typedef struct ASN1_COMPAT_FUNCS_st {
        ASN1_new_func *asn1_new;
@@ -782,9 +743,6 @@ typedef struct ASN1_AUX_st {
 #define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \
                        IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)
-#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \
-                IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname)
 #define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \
        stname *fname##_new(void) \
        { \
@@ -800,7 +758,7 @@ typedef struct ASN1_AUX_st {
        IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
 #define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
-        stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
+        stname *d2i_##fname(stname **a, unsigned char **in, long len) \
        { \
                return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
        } \
@@ -809,19 +767,13 @@ typedef struct ASN1_AUX_st {
                return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
        } 
-#define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \
-        int i2d_##stname##_NDEF(stname *a, unsigned char **out) \
-        { \
-                return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\
-        } 
 /* This includes evil casts to remove const: they will go away when full
 * ASN1 constification is done.
 */
 #define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
        stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
        { \
-                return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
+                return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, (unsigned char **)in, len, ASN1_ITEM_rptr(itname));\
        } \
        int i2d_##fname(const stname *a, unsigned char **out) \
        { \
@@ -846,6 +798,7 @@ typedef struct ASN1_AUX_st {
 DECLARE_ASN1_ITEM(ASN1_BOOLEAN)
 DECLARE_ASN1_ITEM(ASN1_TBOOLEAN)
 DECLARE_ASN1_ITEM(ASN1_FBOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_ANY)
 DECLARE_ASN1_ITEM(ASN1_SEQUENCE)
 DECLARE_ASN1_ITEM(CBIGNUM)
 DECLARE_ASN1_ITEM(BIGNUM)
@@ -862,8 +815,8 @@ int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
 int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
 void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
-int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt);
+int ASN1_template_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt);
-int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it,
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it,
                                int tag, int aclass, char opt, ASN1_TLC *ctx);
 int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
@@ -871,7 +824,7 @@ int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLAT
 void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
 int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
-int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
 int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
 int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it);
@@ -885,7 +838,7 @@ int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);
 void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
 void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
 int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it);
-int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, const ASN1_ITEM *it);
+int asn1_enc_save(ASN1_VALUE **pval, unsigned char *in, int inlen, const ASN1_ITEM *it);
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libcrypto/asn1/asn_moid.c b/src/lib/libcrypto/asn1/asn_moid.c
index 9132350f10..edb44c988f 100644
--- a/src/lib/libcrypto/asn1/asn_moid.c
+++ b/src/lib/libcrypto/asn1/asn_moid.c
@@ -3,7 +3,7 @@
 * project 2001.
 */
 /* ====================================================================
- * Copyright (c) 2001-2004 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -57,7 +57,6 @@
 */
 #include <stdio.h>
-#include <ctype.h>
 #include <openssl/crypto.h>
 #include "cryptlib.h"
 #include <openssl/conf.h>
@@ -66,8 +65,6 @@
 /* Simple ASN1 OID module: add all objects in a given section */
-static int do_create(char *value, char *name);
 static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
        {
        int i;
@@ -83,7 +80,7 @@ static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
        for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++)
                {
                oval = sk_CONF_VALUE_value(sktmp, i);
-                if(!do_create(oval->value, oval->name))
+                if(OBJ_create(oval->value, oval->name, oval->name) == NID_undef)
                        {
                        ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT);
                        return 0;
@@ -101,60 +98,3 @@ void ASN1_add_oid_module(void)
        {
        CONF_module_add("oid_section", oid_module_init, oid_module_finish);
        }
-/* Create an OID based on a name value pair. Accept two formats.
- * shortname = 1.2.3.4
- * shortname = some long name, 1.2.3.4
- */
-static int do_create(char *value, char *name)
-        {
-        int nid;
-        ASN1_OBJECT *oid;
-        char *ln, *ostr, *p, *lntmp;
-        p = strrchr(value, ',');
-        if (!p)
-                {
-                ln = name;
-                ostr = value;
-                }
-        else
-                {
-                ln = NULL;
-                ostr = p + 1;
-                if (!*ostr)
-                        return 0;
-                while(isspace((unsigned char)*ostr)) ostr++;
-                }
-        nid = OBJ_create(ostr, name, ln);
-        if (nid == NID_undef)
-                return 0;
-        if (p)
-                {
-                ln = value;
-                while(isspace((unsigned char)*ln)) ln++;
-                p--;
-                while(isspace((unsigned char)*p))
-                        {
-                        if (p == ln)
-                                return 0;
-                        p--;
-                        }
-                p++;
-                lntmp = OPENSSL_malloc((p - ln) + 1);
-                if (lntmp == NULL)
-                        return 0;
-                memcpy(lntmp, ln, p - ln);
-                lntmp[p - ln] = 0;
-                oid = OBJ_nid2obj(nid);
-                oid->ln = lntmp;
-                }
-        return 1;
-        }
-                
-                
diff --git a/src/lib/libcrypto/asn1/asn_pack.c b/src/lib/libcrypto/asn1/asn_pack.c
index e8b671b7b5..e6051db2dc 100644
--- a/src/lib/libcrypto/asn1/asn_pack.c
+++ b/src/lib/libcrypto/asn1/asn_pack.c
@@ -66,11 +66,11 @@
 /* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
-STACK *ASN1_seq_unpack(const unsigned char *buf, int len,
+STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
-                       d2i_of_void *d2i,void (*free_func)(void *))
+             void (*free_func)(void *))
 {
    STACK *sk;
-    const unsigned char *pbuf;
+    unsigned char *pbuf;
    pbuf =  buf;
    if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func,
                                        V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL)))
@@ -82,8 +82,8 @@ STACK *ASN1_seq_unpack(const unsigned char *buf, int len,
 * OPENSSL_malloc'ed buffer
 */
-unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d,
+unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
-                             unsigned char **buf, int *len)
+             int *len)
 {
        int safelen;
        unsigned char *safe, *p;
@@ -106,9 +106,9 @@ unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d,
 /* Extract an ASN1 object from an ASN1_STRING */
-void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i)
+void *ASN1_unpack_string (ASN1_STRING *oct, char *(*d2i)())
 {
-        const unsigned char *p;
+        unsigned char *p;
        char *ret;
        p = oct->data;
@@ -119,7 +119,7 @@ void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i)
 /* Pack an ASN1 object into an ASN1_STRING */
-ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct)
+ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_STRING **oct)
 {
        unsigned char *p;
        ASN1_STRING *octmp;
@@ -155,7 +155,7 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
        if (!oct || !*oct) {
                if (!(octmp = ASN1_STRING_new ())) {
-                        ASN1err(ASN1_F_ASN1_ITEM_PACK,ERR_R_MALLOC_FAILURE);
+                        ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
                        return NULL;
                }
                if (oct) *oct = octmp;
@@ -167,11 +167,11 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
        }
                
        if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) {
-                ASN1err(ASN1_F_ASN1_ITEM_PACK,ASN1_R_ENCODE_ERROR);
+                ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
                return NULL;
        }
        if (!octmp->data) {
-                ASN1err(ASN1_F_ASN1_ITEM_PACK,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
                return NULL;
        }
        return octmp;
@@ -181,11 +181,11 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
 void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it)
 {
-        const unsigned char *p;
+        unsigned char *p;
        void *ret;
        p = oct->data;
        if(!(ret = ASN1_item_d2i(NULL, &p, oct->length, it)))
-                ASN1err(ASN1_F_ASN1_ITEM_UNPACK,ASN1_R_DECODE_ERROR);
+                ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR);
        return ret;
 }
diff --git a/src/lib/libcrypto/asn1/d2i_pr.c b/src/lib/libcrypto/asn1/d2i_pr.c
index 207ccda5ac..2e7d96af90 100644
--- a/src/lib/libcrypto/asn1/d2i_pr.c
+++ b/src/lib/libcrypto/asn1/d2i_pr.c
@@ -68,11 +68,8 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
-EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
+EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp,
             long length)
        {
        EVP_PKEY *ret;
@@ -111,16 +108,6 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
                        }
                break;
 #endif
-#ifndef OPENSSL_NO_EC
-        case EVP_PKEY_EC:
-                if ((ret->pkey.ec = d2i_ECPrivateKey(NULL, 
-                        (const unsigned char **)pp, length)) == NULL)
-                        {
-                        ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
-                        goto err;
-                        }
-                break;
-#endif
        default:
                ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
                goto err;
@@ -135,11 +122,11 @@ err:
 /* This works like d2i_PrivateKey() except it automatically works out the type */
-EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
+EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp,
             long length)
 {
        STACK_OF(ASN1_TYPE) *inkey;
-        const unsigned char *p;
+        unsigned char *p;
        int keytype;
        p = *pp;
        /* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE):
@@ -151,10 +138,7 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
        /* Since we only need to discern "traditional format" RSA and DSA
         * keys we can just count the elements.
         */
-        if(sk_ASN1_TYPE_num(inkey) == 6) 
+        if(sk_ASN1_TYPE_num(inkey) == 6) keytype = EVP_PKEY_DSA;
-                keytype = EVP_PKEY_DSA;
-        else if (sk_ASN1_TYPE_num(inkey) == 4)
-                keytype = EVP_PKEY_EC;
        else keytype = EVP_PKEY_RSA;
        sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
        return d2i_PrivateKey(keytype, a, pp, length);
diff --git a/src/lib/libcrypto/asn1/d2i_pu.c b/src/lib/libcrypto/asn1/d2i_pu.c
index 3694f51a8c..71f2eb361b 100644
--- a/src/lib/libcrypto/asn1/d2i_pu.c
+++ b/src/lib/libcrypto/asn1/d2i_pu.c
@@ -68,11 +68,8 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
-EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
+EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp,
             long length)
        {
        EVP_PKEY *ret;
@@ -103,24 +100,14 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
 #endif
 #ifndef OPENSSL_NO_DSA
        case EVP_PKEY_DSA:
-                if (!d2i_DSAPublicKey(&(ret->pkey.dsa),
+                if ((ret->pkey.dsa=d2i_DSAPublicKey(NULL,
-                        (const unsigned char **)pp,length)) /* TMP UGLY CAST */
+                        (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
                        {
                        ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
                        goto err;
                        }
                break;
 #endif
-#ifndef OPENSSL_NO_EC
-        case EVP_PKEY_EC:
-                if (!o2i_ECPublicKey(&(ret->pkey.ec),
-                                     (const unsigned char **)pp, length))
-                        {
-                        ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
-                        goto err;
-                        }
-        break;
-#endif
        default:
                ASN1err(ASN1_F_D2I_PUBLICKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
                goto err;
diff --git a/src/lib/libcrypto/asn1/evp_asn1.c b/src/lib/libcrypto/asn1/evp_asn1.c
index f3d9804860..f92ce6cb5d 100644
--- a/src/lib/libcrypto/asn1/evp_asn1.c
+++ b/src/lib/libcrypto/asn1/evp_asn1.c
@@ -141,9 +141,9 @@ int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, unsigned char *data,
        int ret= -1,n;
        ASN1_INTEGER *ai=NULL;
        ASN1_OCTET_STRING *os=NULL;
-        const unsigned char *p;
+        unsigned char *p;
        long length;
-        ASN1_const_CTX c;
+        ASN1_CTX c;
        if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL))
                {
diff --git a/src/lib/libcrypto/asn1/f.c b/src/lib/libcrypto/asn1/f.c
new file mode 100644
index 0000000000..82bccdfd51
--- /dev/null
+++ b/src/lib/libcrypto/asn1/f.c
@@ -0,0 +1,80 @@
+/* crypto/asn1/f.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <openssl/asn1.h>
+#include <openssl/err.h>
+main()
+        {
+        ASN1_TYPE *at;
+        char buf[512];
+        int n;
+        long l;
+        at=ASN1_TYPE_new();
+        n=ASN1_TYPE_set_int_octetstring(at,98736,"01234567",8);
+        printf("%d\n",n);
+        n=ASN1_TYPE_get_int_octetstring(at,&l,buf,8);
+        buf[8]='\0';
+        printf("%ld %d %d\n",l,n,buf[8]);
+        buf[8]='\0';
+        printf("%s\n",buf);
+        ERR_load_crypto_strings();
+        ERR_print_errors_fp(stderr);
+        }
diff --git a/src/lib/libcrypto/asn1/i2d_pr.c b/src/lib/libcrypto/asn1/i2d_pr.c
index 0be52c5b76..1e951ae01d 100644
--- a/src/lib/libcrypto/asn1/i2d_pr.c
+++ b/src/lib/libcrypto/asn1/i2d_pr.c
@@ -67,9 +67,6 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
 int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
        {
@@ -86,12 +83,6 @@ int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
                return(i2d_DSAPrivateKey(a->pkey.dsa,pp));
                }
 #endif
-#ifndef OPENSSL_NO_EC
-        if (a->type == EVP_PKEY_EC)
-                {
-                return(i2d_ECPrivateKey(a->pkey.ec, pp));
-                }
-#endif
        ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
        return(-1);
diff --git a/src/lib/libcrypto/asn1/i2d_pu.c b/src/lib/libcrypto/asn1/i2d_pu.c
index 34286dbd35..013d19bbf4 100644
--- a/src/lib/libcrypto/asn1/i2d_pu.c
+++ b/src/lib/libcrypto/asn1/i2d_pu.c
@@ -67,9 +67,6 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
 int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
        {
@@ -83,10 +80,6 @@ int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
        case EVP_PKEY_DSA:
                return(i2d_DSAPublicKey(a->pkey.dsa,pp));
 #endif
-#ifndef OPENSSL_NO_EC
-        case EVP_PKEY_EC:
-                return(i2o_ECPublicKey(a->pkey.ec, pp));
-#endif
        default:
                ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
                return(-1);
diff --git a/src/lib/libcrypto/asn1/n_pkey.c b/src/lib/libcrypto/asn1/n_pkey.c
index 60bc437938..766b51c538 100644
--- a/src/lib/libcrypto/asn1/n_pkey.c
+++ b/src/lib/libcrypto/asn1/n_pkey.c
@@ -56,9 +56,9 @@
 * [including the GNU Public Licence.]
 */
+#ifndef OPENSSL_NO_RSA
 #include <stdio.h>
 #include "cryptlib.h"
-#ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #include <openssl/objects.h>
 #include <openssl/asn1t.h>
@@ -107,20 +107,14 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)
 IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
 static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
-                          int (*cb)(char *buf, int len, const char *prompt,
+             int (*cb)(), int sgckey);
-                                    int verify),
-                          int sgckey);
-int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
+int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)())
-                     int (*cb)(char *buf, int len, const char *prompt,
-                               int verify))
 {
        return i2d_RSA_NET(a, pp, cb, 0);
 }
-int i2d_RSA_NET(const RSA *a, unsigned char **pp,
+int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
-                int (*cb)(char *buf, int len, const char *prompt, int verify),
-                int sgckey)
        {
        int i, j, ret = 0;
        int rsalen, pkeylen, olen;
@@ -170,7 +164,7 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp,
        /* Since its RC4 encrypted length is actual length */
        if ((zz=(unsigned char *)OPENSSL_malloc(rsalen)) == NULL)
                {
-                ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
                goto err;
                }
@@ -180,13 +174,13 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp,
        if ((zz=OPENSSL_malloc(pkeylen)) == NULL)
                {
-                ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
                goto err;
                }
        if (!ASN1_STRING_set(enckey->os, "private-key", -1)) 
                {
-                ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
                goto err;
                }
        enckey->enckey->digest->data = zz;
@@ -197,10 +191,10 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp,
                
        if (cb == NULL)
                cb=EVP_read_pw_string;
-        i=cb((char *)buf,256,"Enter Private Key password:",1);
+        i=cb(buf,256,"Enter Private Key password:",1);
        if (i != 0)
                {
-                ASN1err(ASN1_F_I2D_RSA_NET,ASN1_R_BAD_PASSWORD_READ);
+                ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ASN1_R_BAD_PASSWORD_READ);
                goto err;
                }
        i = strlen((char *)buf);
@@ -230,16 +224,12 @@ err:
        }
-RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
+RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)())
-                      int (*cb)(char *buf, int len, const char *prompt,
-                                int verify))
 {
        return d2i_RSA_NET(a, pp, length, cb, 0);
 }
-RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
+RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey)
-                 int (*cb)(char *buf, int len, const char *prompt, int verify),
-                 int sgckey)
        {
        RSA *ret=NULL;
        const unsigned char *p, *kp;
@@ -249,20 +239,20 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
        enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
        if(!enckey) {
-                ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_DECODING_ERROR);
+                ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_DECODING_ERROR);
                return NULL;
        }
        if ((enckey->os->length != 11) || (strncmp("private-key",
                (char *)enckey->os->data,11) != 0))
                {
-                ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_PRIVATE_KEY_HEADER_MISSING);
+                ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_PRIVATE_KEY_HEADER_MISSING);
                NETSCAPE_ENCRYPTED_PKEY_free(enckey);
                return NULL;
                }
        if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4)
                {
-                ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
+                ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
                goto err;
        }
        kp = enckey->enckey->digest->data;
@@ -279,8 +269,7 @@ RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
        }
 static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
-                          int (*cb)(char *buf, int len, const char *prompt,
+             int (*cb)(), int sgckey)
-                                    int verify), int sgckey)
        {
        NETSCAPE_PKEY *pkey=NULL;
        RSA *ret=NULL;
@@ -290,10 +279,10 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
        unsigned char key[EVP_MAX_KEY_LENGTH];
        EVP_CIPHER_CTX ctx;
-        i=cb((char *)buf,256,"Enter Private Key password:",0);
+        i=cb(buf,256,"Enter Private Key password:",0);
        if (i != 0)
                {
-                ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_BAD_PASSWORD_READ);
+                ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_BAD_PASSWORD_READ);
                goto err;
                }
@@ -318,14 +307,14 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
        if ((pkey=d2i_NETSCAPE_PKEY(NULL,&zz,os->length)) == NULL)
                {
-                ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
+                ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
                goto err;
                }
                
        zz=pkey->private_key->data;
        if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL)
                {
-                ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
+                ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
                goto err;
                }
 err:
diff --git a/src/lib/libcrypto/asn1/p5_pbe.c b/src/lib/libcrypto/asn1/p5_pbe.c
index da91170094..ec788267e0 100644
--- a/src/lib/libcrypto/asn1/p5_pbe.c
+++ b/src/lib/libcrypto/asn1/p5_pbe.c
@@ -82,17 +82,17 @@ X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
        ASN1_TYPE *astype=NULL;
        if (!(pbe = PBEPARAM_new ())) {
-                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
                goto err;
        }
        if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
        if (!ASN1_INTEGER_set(pbe->iter, iter)) {
-                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
                goto err;
        }
        if (!saltlen) saltlen = PKCS5_SALT_LEN;
        if (!(pbe->salt->data = OPENSSL_malloc (saltlen))) {
-                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
                goto err;
        }
        pbe->salt->length = saltlen;
@@ -101,14 +101,13 @@ X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
                goto err;
        if (!(astype = ASN1_TYPE_new())) {
-                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
                goto err;
        }
        astype->type = V_ASN1_SEQUENCE;
-        if(!ASN1_pack_string_of(PBEPARAM, pbe, i2d_PBEPARAM,
+        if(!ASN1_pack_string(pbe, i2d_PBEPARAM, &astype->value.sequence)) {
-                                &astype->value.sequence)) {
+                ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
-                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
                goto err;
        }
        PBEPARAM_free (pbe);
@@ -116,7 +115,7 @@ X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
        
        al = OBJ_nid2obj(alg); /* never need to free al */
        if (!(algor = X509_ALGOR_new())) {
-                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
                goto err;
        }
        ASN1_OBJECT_free(algor->algorithm);
diff --git a/src/lib/libcrypto/asn1/p5_pbev2.c b/src/lib/libcrypto/asn1/p5_pbev2.c
index c834a38ddf..e0dc0ec4ee 100644
--- a/src/lib/libcrypto/asn1/p5_pbev2.c
+++ b/src/lib/libcrypto/asn1/p5_pbev2.c
@@ -115,7 +115,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
        /* Create random IV */
        if (EVP_CIPHER_iv_length(cipher) &&
                RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
-                goto err;
+                goto err;
        EVP_CIPHER_CTX_init(&ctx);
@@ -164,7 +164,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
        if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr;
-        if(!ASN1_pack_string_of(PBKDF2PARAM, kdf, i2d_PBKDF2PARAM,
+        if(!ASN1_pack_string(kdf, i2d_PBKDF2PARAM,
                         &pbe2->keyfunc->parameter->value.sequence)) goto merr;
        pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE;
@@ -180,7 +180,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
        /* Encode PBE2PARAM into parameter */
-        if(!ASN1_pack_string_of(PBE2PARAM, pbe2, i2d_PBE2PARAM,
+        if(!ASN1_pack_string(pbe2, i2d_PBE2PARAM,
                                 &ret->parameter->value.sequence)) goto merr;
        ret->parameter->type = V_ASN1_SEQUENCE;
diff --git a/src/lib/libcrypto/asn1/p8_key.c b/src/lib/libcrypto/asn1/p8_key.c
new file mode 100644
index 0000000000..3a31248e14
--- /dev/null
+++ b/src/lib/libcrypto/asn1/p8_key.c
@@ -0,0 +1,131 @@
+/* crypto/asn1/p8_key.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/objects.h>
+int i2d_X509_KEY(X509 *a, unsigned char **pp)
+        {
+        M_ASN1_I2D_vars(a);
+        M_ASN1_I2D_len(a->cert_info,    i2d_X509_CINF);
+        M_ASN1_I2D_len(a->sig_alg,      i2d_X509_ALGOR);
+        M_ASN1_I2D_len(a->signature,    i2d_ASN1_BIT_STRING);
+        M_ASN1_I2D_seq_total();
+        M_ASN1_I2D_put(a->cert_info,    i2d_X509_CINF);
+        M_ASN1_I2D_put(a->sig_alg,      i2d_X509_ALGOR);
+        M_ASN1_I2D_put(a->signature,    i2d_ASN1_BIT_STRING);
+        M_ASN1_I2D_finish();
+        }
+X509 *d2i_X509_KEY(X509 **a, unsigned char **pp, long length)
+        {
+        M_ASN1_D2I_vars(a,X509 *,X509_new);
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        M_ASN1_D2I_get(ret->cert_info,d2i_X509_CINF);
+        M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
+        M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
+        M_ASN1_D2I_Finish(a,X509_free,ASN1_F_D2I_X509);
+        }
+X509 *X509_KEY_new(void)
+        {
+        X509_KEY *ret=NULL;
+        M_ASN1_New_OPENSSL_malloc(ret,X509_KEY);
+        ret->references=1;
+        ret->type=NID
+        M_ASN1_New(ret->cert_info,X509_CINF_new);
+        M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
+        M_ASN1_New(ret->signature,ASN1_BIT_STRING_new);
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_X509_NEW);
+        }
+void X509_KEY_free(X509 *a)
+        {
+        int i;
+        if (a == NULL) return;
+        i=CRYPTO_add_lock(&a->references,-1,CRYPTO_LOCK_X509_KEY);
+#ifdef REF_PRINT
+        REF_PRINT("X509_KEY",a);
+#endif
+        if (i > 0) return;
+#ifdef REF_CHECK
+        if (i < 0)
+                {
+                fprintf(stderr,"X509_KEY_free, bad reference count\n");
+                abort();
+                }
+#endif
+        X509_CINF_free(a->cert_info);
+        X509_ALGOR_free(a->sig_alg);
+        ASN1_BIT_STRING_free(a->signature);
+        OPENSSL_free(a);
+        }
diff --git a/src/lib/libcrypto/asn1/t_crl.c b/src/lib/libcrypto/asn1/t_crl.c
index 929b3e5904..757c148df8 100644
--- a/src/lib/libcrypto/asn1/t_crl.c
+++ b/src/lib/libcrypto/asn1/t_crl.c
@@ -72,7 +72,7 @@ int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
        if ((b=BIO_new(BIO_s_file())) == NULL)
                {
-                X509err(X509_F_X509_CRL_PRINT_FP,ERR_R_BUF_LIB);
+                X509err(X509_F_X509_PRINT_FP,ERR_R_BUF_LIB);
                return(0);
                }
        BIO_set_fp(b,fp,BIO_NOCLOSE);
@@ -121,7 +121,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
                r = sk_X509_REVOKED_value(rev, i);
                BIO_printf(out,"    Serial Number: ");
                i2a_ASN1_INTEGER(out,r->serialNumber);
-                BIO_printf(out,"\n        Revocation Date: ");
+                BIO_printf(out,"\n        Revocation Date: ","");
                ASN1_TIME_print(out,r->revocationDate);
                BIO_printf(out,"\n");
                X509V3_extensions_print(out, "CRL entry extensions",
diff --git a/src/lib/libcrypto/asn1/t_pkey.c b/src/lib/libcrypto/asn1/t_pkey.c
index afb95d6712..d15006e654 100644
--- a/src/lib/libcrypto/asn1/t_pkey.c
+++ b/src/lib/libcrypto/asn1/t_pkey.c
@@ -55,15 +55,9 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Binary polynomial ECC support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/objects.h>
 #include <openssl/buffer.h>
 #include <openssl/bn.h>
 #ifndef OPENSSL_NO_RSA
@@ -75,33 +69,26 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
-static int print(BIO *fp,const char *str, const BIGNUM *num,
+static int print(BIO *fp,const char *str,BIGNUM *num,
                unsigned char *buf,int off);
-#ifndef OPENSSL_NO_EC
-static int print_bin(BIO *fp, const char *str, const unsigned char *num,
-                size_t len, int off);
-#endif
 #ifndef OPENSSL_NO_RSA
 #ifndef OPENSSL_NO_FP_API
 int RSA_print_fp(FILE *fp, const RSA *x, int off)
-        {
+        {
-        BIO *b;
+        BIO *b;
-        int ret;
+        int ret;
-        if ((b=BIO_new(BIO_s_file())) == NULL)
+        if ((b=BIO_new(BIO_s_file())) == NULL)
                {
                RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
+                return(0);
                }
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=RSA_print(b,x,off);
+        ret=RSA_print(b,x,off);
-        BIO_free(b);
+        BIO_free(b);
-        return(ret);
+        return(ret);
-        }
+        }
 #endif
 int RSA_print(BIO *bp, const RSA *x, int off)
@@ -109,7 +96,7 @@ int RSA_print(BIO *bp, const RSA *x, int off)
        char str[128];
        const char *s;
        unsigned char *m=NULL;
-        int ret=0, mod_len = 0;
+        int ret=0;
        size_t buf_len=0, i;
        if (x->n)
@@ -143,37 +130,27 @@ int RSA_print(BIO *bp, const RSA *x, int off)
                goto err;
                }
-        if (x->n != NULL)
-                mod_len = BN_num_bits(x->n);
        if (x->d != NULL)
                {
                if(!BIO_indent(bp,off,128))
                   goto err;
-                if (BIO_printf(bp,"Private-Key: (%d bit)\n", mod_len)
+                if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->n))
                        <= 0) goto err;
                }
        if (x->d == NULL)
-                BIO_snprintf(str,sizeof str,"Modulus (%d bit):", mod_len);
+                BIO_snprintf(str,sizeof str,"Modulus (%d bit):",BN_num_bits(x->n));
        else
                BUF_strlcpy(str,"modulus:",sizeof str);
        if (!print(bp,str,x->n,m,off)) goto err;
        s=(x->d == NULL)?"Exponent:":"publicExponent:";
-        if ((x->e != NULL) && !print(bp,s,x->e,m,off))
+        if (!print(bp,s,x->e,m,off)) goto err;
-                goto err;
+        if (!print(bp,"privateExponent:",x->d,m,off)) goto err;
-        if ((x->d != NULL) && !print(bp,"privateExponent:",x->d,m,off))
+        if (!print(bp,"prime1:",x->p,m,off)) goto err;
-                goto err;
+        if (!print(bp,"prime2:",x->q,m,off)) goto err;
-        if ((x->p != NULL) && !print(bp,"prime1:",x->p,m,off))
+        if (!print(bp,"exponent1:",x->dmp1,m,off)) goto err;
-                goto err;
+        if (!print(bp,"exponent2:",x->dmq1,m,off)) goto err;
-        if ((x->q != NULL) && !print(bp,"prime2:",x->q,m,off))
+        if (!print(bp,"coefficient:",x->iqmp,m,off)) goto err;
-                goto err;
-        if ((x->dmp1 != NULL) && !print(bp,"exponent1:",x->dmp1,m,off))
-                goto err;
-        if ((x->dmq1 != NULL) && !print(bp,"exponent2:",x->dmq1,m,off))
-                goto err;
-        if ((x->iqmp != NULL) && !print(bp,"coefficient:",x->iqmp,m,off))
-                goto err;
        ret=1;
 err:
        if (m != NULL) OPENSSL_free(m);
@@ -208,11 +185,6 @@ int DSA_print(BIO *bp, const DSA *x, int off)
        if (x->p)
                buf_len = (size_t)BN_num_bytes(x->p);
-        else
-                {
-                DSAerr(DSA_F_DSA_PRINT,DSA_R_MISSING_PARAMETERS);
-                goto err;
-                }
        if (x->q)
                if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
                        buf_len = i;
@@ -255,334 +227,16 @@ err:
        }
 #endif /* !OPENSSL_NO_DSA */
-#ifndef OPENSSL_NO_EC
+static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf,
-#ifndef OPENSSL_NO_FP_API
-int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off)
-        {
-        BIO *b;
-        int ret;
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                ECerr(EC_F_ECPKPARAMETERS_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
-                }
-        BIO_set_fp(b, fp, BIO_NOCLOSE);
-        ret = ECPKParameters_print(b, x, off);
-        BIO_free(b);
-        return(ret);
-        }
-int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off)
-        {
-        BIO *b;
-        int ret;
- 
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB);
-                return(0);
-                }
-        BIO_set_fp(b, fp, BIO_NOCLOSE);
-        ret = EC_KEY_print(b, x, off);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
-        {
-        unsigned char *buffer=NULL;
-        size_t  buf_len=0, i;
-        int     ret=0, reason=ERR_R_BIO_LIB;
-        BN_CTX  *ctx=NULL;
-        const EC_POINT *point=NULL;
-        BIGNUM  *p=NULL, *a=NULL, *b=NULL, *gen=NULL,
-                *order=NULL, *cofactor=NULL;
-        const unsigned char *seed;
-        size_t  seed_len=0;
-        
-        static const char *gen_compressed = "Generator (compressed):";
-        static const char *gen_uncompressed = "Generator (uncompressed):";
-        static const char *gen_hybrid = "Generator (hybrid):";
- 
-        if (!x)
-                {
-                reason = ERR_R_PASSED_NULL_PARAMETER;
-                goto err;
-                }
-        if (EC_GROUP_get_asn1_flag(x))
-                {
-                /* the curve parameter are given by an asn1 OID */
-                int nid;
-                if (!BIO_indent(bp, off, 128))
-                        goto err;
-                nid = EC_GROUP_get_curve_name(x);
-                if (nid == 0)
-                        goto err;
-                if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0)
-                        goto err;
-                if (BIO_printf(bp, "\n") <= 0)
-                        goto err;
-                }
-        else
-                {
-                /* explicit parameters */
-                int is_char_two = 0;
-                point_conversion_form_t form;
-                int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x));
-                if (tmp_nid == NID_X9_62_characteristic_two_field)
-                        is_char_two = 1;
-                if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||
-                        (b = BN_new()) == NULL || (order = BN_new()) == NULL ||
-                        (cofactor = BN_new()) == NULL)
-                        {
-                        reason = ERR_R_MALLOC_FAILURE;
-                        goto err;
-                        }
-                if (is_char_two)
-                        {
-                        if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx))
-                                {
-                                reason = ERR_R_EC_LIB;
-                                goto err;
-                                }
-                        }
-                else /* prime field */
-                        {
-                        if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx))
-                                {
-                                reason = ERR_R_EC_LIB;
-                                goto err;
-                                }
-                        }
-                if ((point = EC_GROUP_get0_generator(x)) == NULL)
-                        {
-                        reason = ERR_R_EC_LIB;
-                        goto err;
-                        }
-                if (!EC_GROUP_get_order(x, order, NULL) || 
-                        !EC_GROUP_get_cofactor(x, cofactor, NULL))
-                        {
-                        reason = ERR_R_EC_LIB;
-                        goto err;
-                        }
-                
-                form = EC_GROUP_get_point_conversion_form(x);
-                if ((gen = EC_POINT_point2bn(x, point, 
-                                form, NULL, ctx)) == NULL)
-                        {
-                        reason = ERR_R_EC_LIB;
-                        goto err;
-                        }
-                buf_len = (size_t)BN_num_bytes(p);
-                if (buf_len < (i = (size_t)BN_num_bytes(a)))
-                        buf_len = i;
-                if (buf_len < (i = (size_t)BN_num_bytes(b)))
-                        buf_len = i;
-                if (buf_len < (i = (size_t)BN_num_bytes(gen)))
-                        buf_len = i;
-                if (buf_len < (i = (size_t)BN_num_bytes(order)))
-                        buf_len = i;
-                if (buf_len < (i = (size_t)BN_num_bytes(cofactor))) 
-                        buf_len = i;
-                if ((seed = EC_GROUP_get0_seed(x)) != NULL)
-                        seed_len = EC_GROUP_get_seed_len(x);
-                buf_len += 10;
-                if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
-                        {
-                        reason = ERR_R_MALLOC_FAILURE;
-                        goto err;
-                        }
-                if (!BIO_indent(bp, off, 128))
-                        goto err;
-                /* print the 'short name' of the field type */
-                if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid))
-                        <= 0)
-                        goto err;  
-                if (is_char_two)
-                        {
-                        /* print the 'short name' of the base type OID */
-                        int basis_type = EC_GROUP_get_basis_type(x);
-                        if (basis_type == 0)
-                                goto err;
-                        if (!BIO_indent(bp, off, 128))
-                                goto err;
-                        if (BIO_printf(bp, "Basis Type: %s\n", 
-                                OBJ_nid2sn(basis_type)) <= 0)
-                                goto err;
-                        /* print the polynomial */
-                        if ((p != NULL) && !print(bp, "Polynomial:", p, buffer,
-                                off))
-                                goto err;
-                        }
-                else
-                        {
-                        if ((p != NULL) && !print(bp, "Prime:", p, buffer,off))
-                                goto err;
-                        }
-                if ((a != NULL) && !print(bp, "A:   ", a, buffer, off)) 
-                        goto err;
-                if ((b != NULL) && !print(bp, "B:   ", b, buffer, off))
-                        goto err;
-                if (form == POINT_CONVERSION_COMPRESSED)
-                        {
-                        if ((gen != NULL) && !print(bp, gen_compressed, gen,
-                                buffer, off))
-                                goto err;
-                        }
-                else if (form == POINT_CONVERSION_UNCOMPRESSED)
-                        {
-                        if ((gen != NULL) && !print(bp, gen_uncompressed, gen,
-                                buffer, off))
-                                goto err;
-                        }
-                else /* form == POINT_CONVERSION_HYBRID */
-                        {
-                        if ((gen != NULL) && !print(bp, gen_hybrid, gen,
-                                buffer, off))
-                                goto err;
-                        }
-                if ((order != NULL) && !print(bp, "Order: ", order, 
-                        buffer, off)) goto err;
-                if ((cofactor != NULL) && !print(bp, "Cofactor: ", cofactor, 
-                        buffer, off)) goto err;
-                if (seed && !print_bin(bp, "Seed:", seed, seed_len, off))
-                        goto err;
-                }
-        ret=1;
-err:
-        if (!ret)
-                ECerr(EC_F_ECPKPARAMETERS_PRINT, reason);
-        if (p) 
-                BN_free(p);
-        if (a) 
-                BN_free(a);
-        if (b)
-                BN_free(b);
-        if (gen)
-                BN_free(gen);
-        if (order)
-                BN_free(order);
-        if (cofactor)
-                BN_free(cofactor);
-        if (ctx)
-                BN_CTX_free(ctx);
-        if (buffer != NULL) 
-                OPENSSL_free(buffer);
-        return(ret);    
-        }
-int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)
-        {
-        unsigned char *buffer=NULL;
-        size_t  buf_len=0, i;
-        int     ret=0, reason=ERR_R_BIO_LIB;
-        BIGNUM  *pub_key=NULL, *order=NULL;
-        BN_CTX  *ctx=NULL;
-        const EC_GROUP *group;
-        const EC_POINT *public_key;
-        const BIGNUM *priv_key;
- 
-        if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL)
-                {
-                reason = ERR_R_PASSED_NULL_PARAMETER;
-                goto err;
-                }
-        public_key = EC_KEY_get0_public_key(x);
-        if ((pub_key = EC_POINT_point2bn(group, public_key,
-                EC_KEY_get_conv_form(x), NULL, ctx)) == NULL)
-                {
-                reason = ERR_R_EC_LIB;
-                goto err;
-                }
-        buf_len = (size_t)BN_num_bytes(pub_key);
-        priv_key = EC_KEY_get0_private_key(x);
-        if (priv_key != NULL)
-                {
-                if ((i = (size_t)BN_num_bytes(priv_key)) > buf_len)
-                        buf_len = i;
-                }
-        buf_len += 10;
-        if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
-                {
-                reason = ERR_R_MALLOC_FAILURE;
-                goto err;
-                }
-        if (priv_key != NULL)
-                {
-                if (!BIO_indent(bp, off, 128))
-                        goto err;
-                if ((order = BN_new()) == NULL)
-                        goto err;
-                if (!EC_GROUP_get_order(group, order, NULL))
-                        goto err;
-                if (BIO_printf(bp, "Private-Key: (%d bit)\n", 
-                        BN_num_bits(order)) <= 0) goto err;
-                }
-  
-        if ((priv_key != NULL) && !print(bp, "priv:", priv_key, 
-                buffer, off))
-                goto err;
-        if ((pub_key != NULL) && !print(bp, "pub: ", pub_key,
-                buffer, off))
-                goto err;
-        if (!ECPKParameters_print(bp, group, off))
-                goto err;
-        ret=1;
-err:
-        if (!ret)
-                ECerr(EC_F_EC_KEY_PRINT, reason);
-        if (pub_key) 
-                BN_free(pub_key);
-        if (order)
-                BN_free(order);
-        if (ctx)
-                BN_CTX_free(ctx);
-        if (buffer != NULL)
-                OPENSSL_free(buffer);
-        return(ret);
-        }
-#endif /* OPENSSL_NO_EC */
-static int print(BIO *bp, const char *number, const BIGNUM *num, unsigned char *buf,
             int off)
        {
        int n,i;
        const char *neg;
        if (num == NULL) return(1);
-        neg = (BN_is_negative(num))?"-":"";
+        neg=(num->neg)?"-":"";
        if(!BIO_indent(bp,off,128))
                return 0;
-        if (BN_is_zero(num))
-                {
-                if (BIO_printf(bp, "%s 0\n", number) <= 0)
-                        return 0;
-                return 1;
-                }
        if (BN_num_bytes(num) <= BN_BYTES)
                {
@@ -618,63 +272,23 @@ static int print(BIO *bp, const char *number, const BIGNUM *num, unsigned char *
        return(1);
        }
-#ifndef OPENSSL_NO_EC
-static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
-                size_t len, int off)
-        {
-        size_t i;
-        char str[128];
-        if (buf == NULL)
-                return 1;
-        if (off)
-                {
-                if (off > 128)
-                        off=128;
-                memset(str,' ',off);
-                if (BIO_write(fp, str, off) <= 0)
-                        return 0;
-                }
-        if (BIO_printf(fp,"%s", name) <= 0)
-                return 0;
-        for (i=0; i<len; i++)
-                {
-                if ((i%15) == 0)
-                        {
-                        str[0]='\n';
-                        memset(&(str[1]),' ',off+4);
-                        if (BIO_write(fp, str, off+1+4) <= 0)
-                                return 0;
-                        }
-                if (BIO_printf(fp,"%02x%s",buf[i],((i+1) == len)?"":":") <= 0)
-                        return 0;
-                }
-        if (BIO_write(fp,"\n",1) <= 0)
-                return 0;
-        return 1;
-        }
-#endif
 #ifndef OPENSSL_NO_DH
 #ifndef OPENSSL_NO_FP_API
 int DHparams_print_fp(FILE *fp, const DH *x)
-        {
+        {
-        BIO *b;
+        BIO *b;
-        int ret;
+        int ret;
-        if ((b=BIO_new(BIO_s_file())) == NULL)
+        if ((b=BIO_new(BIO_s_file())) == NULL)
                {
                DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
+                return(0);
                }
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=DHparams_print(b, x);
+        ret=DHparams_print(b, x);
-        BIO_free(b);
+        BIO_free(b);
-        return(ret);
+        return(ret);
-        }
+        }
 #endif
 int DHparams_print(BIO *bp, const DH *x)
@@ -685,11 +299,6 @@ int DHparams_print(BIO *bp, const DH *x)
        if (x->p)
                buf_len = (size_t)BN_num_bytes(x->p);
-        else
-                {
-                reason = ERR_R_PASSED_NULL_PARAMETER;
-                goto err;
-                }
        if (x->g)
                if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
                        buf_len = i;
@@ -724,35 +333,30 @@ err:
 #ifndef OPENSSL_NO_DSA
 #ifndef OPENSSL_NO_FP_API
 int DSAparams_print_fp(FILE *fp, const DSA *x)
-        {
+        {
-        BIO *b;
+        BIO *b;
-        int ret;
+        int ret;
-        if ((b=BIO_new(BIO_s_file())) == NULL)
+        if ((b=BIO_new(BIO_s_file())) == NULL)
                {
                DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
+                return(0);
                }
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=DSAparams_print(b, x);
+        ret=DSAparams_print(b, x);
-        BIO_free(b);
+        BIO_free(b);
-        return(ret);
+        return(ret);
-        }
+        }
 #endif
 int DSAparams_print(BIO *bp, const DSA *x)
        {
        unsigned char *m=NULL;
-        int ret=0;
+        int reason=ERR_R_BUF_LIB,ret=0;
        size_t buf_len=0,i;
        if (x->p)
                buf_len = (size_t)BN_num_bytes(x->p);
-        else
-                {
-                DSAerr(DSA_F_DSAPARAMS_PRINT,DSA_R_MISSING_PARAMETERS);
-                goto err;
-                }
        if (x->q)
                if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
                        buf_len = i;
@@ -762,7 +366,7 @@ int DSAparams_print(BIO *bp, const DSA *x)
        m=(unsigned char *)OPENSSL_malloc(buf_len+10);
        if (m == NULL)
                {
-                DSAerr(DSA_F_DSAPARAMS_PRINT,ERR_R_MALLOC_FAILURE);
+                reason=ERR_R_MALLOC_FAILURE;
                goto err;
                }
@@ -770,70 +374,14 @@ int DSAparams_print(BIO *bp, const DSA *x)
                BN_num_bits(x->p)) <= 0)
                goto err;
        if (!print(bp,"p:",x->p,m,4)) goto err;
-        if ((x->q != NULL) && !print(bp,"q:",x->q,m,4)) goto err;
+        if (!print(bp,"q:",x->q,m,4)) goto err;
-        if ((x->g != NULL) && !print(bp,"g:",x->g,m,4)) goto err;
+        if (!print(bp,"g:",x->g,m,4)) goto err;
        ret=1;
 err:
        if (m != NULL) OPENSSL_free(m);
+        DSAerr(DSA_F_DSAPARAMS_PRINT,reason);
        return(ret);
        }
 #endif /* !OPENSSL_NO_DSA */
-#ifndef OPENSSL_NO_EC
-#ifndef OPENSSL_NO_FP_API
-int ECParameters_print_fp(FILE *fp, const EC_KEY *x)
-        {
-        BIO *b;
-        int ret;
- 
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-                {
-                ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB);
-                return(0);
-                }
-        BIO_set_fp(b, fp, BIO_NOCLOSE);
-        ret = ECParameters_print(b, x);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
-int ECParameters_print(BIO *bp, const EC_KEY *x)
-        {
-        int     reason=ERR_R_EC_LIB, ret=0;
-        BIGNUM  *order=NULL;
-        const EC_GROUP *group;
- 
-        if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL)
-                {
-                reason = ERR_R_PASSED_NULL_PARAMETER;;
-                goto err;
-                }
-        if ((order = BN_new()) == NULL)
-                {
-                reason = ERR_R_MALLOC_FAILURE;
-                goto err;
-                }
-        if (!EC_GROUP_get_order(group, order, NULL))
-                {
-                reason = ERR_R_EC_LIB;
-                goto err;
-                }
- 
-        if (BIO_printf(bp, "ECDSA-Parameters: (%d bit)\n", 
-                BN_num_bits(order)) <= 0)
-                goto err;
-        if (!ECPKParameters_print(bp, group, 4))
-                goto err;
-        ret=1;
-err:
-        if (order)
-                BN_free(order);
-        ECerr(EC_F_ECPARAMETERS_PRINT, reason);
-        return(ret);
-        }
-  
-#endif
diff --git a/src/lib/libcrypto/asn1/t_req.c b/src/lib/libcrypto/asn1/t_req.c
index 5557e06584..740cee80c0 100644
--- a/src/lib/libcrypto/asn1/t_req.c
+++ b/src/lib/libcrypto/asn1/t_req.c
@@ -63,12 +63,6 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
 #ifndef OPENSSL_NO_FP_API
 int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
@@ -166,14 +160,6 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long
                        }
                else
 #endif
-#ifndef OPENSSL_NO_EC
-                if (pkey->type == EVP_PKEY_EC)
-                {
-                        BIO_printf(bp, "%12sEC Public Key: \n","");
-                        EC_KEY_print(bp, pkey->pkey.ec, 16);
-                }
-        else
-#endif
                        BIO_printf(bp,"%12sUnknown Public Key:\n","");
                EVP_PKEY_free(pkey);
@@ -244,7 +230,7 @@ get_next:
                                }
                        }
                }
-        if(!(cflag & X509_FLAG_NO_EXTENSIONS))
+        if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
                {
                exts = X509_REQ_get_extensions(x);
                if(exts)
@@ -260,9 +246,9 @@ get_next:
                                obj=X509_EXTENSION_get_object(ex);
                                i2a_ASN1_OBJECT(bp,obj);
                                j=X509_EXTENSION_get_critical(ex);
-                                if (BIO_printf(bp,": %s\n",j?"critical":"") <= 0)
+                                if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
                                        goto err;
-                                if(!X509V3_EXT_print(bp, ex, cflag, 16))
+                                if(!X509V3_EXT_print(bp, ex, 0, 16))
                                        {
                                        BIO_printf(bp, "%16s", "");
                                        M_ASN1_OCTET_STRING_print(bp,ex->value);
@@ -280,7 +266,7 @@ get_next:
        return(1);
 err:
-        X509err(X509_F_X509_REQ_PRINT_EX,ERR_R_BUF_LIB);
+        X509err(X509_F_X509_REQ_PRINT,ERR_R_BUF_LIB);
        return(0);
        }
diff --git a/src/lib/libcrypto/asn1/t_spki.c b/src/lib/libcrypto/asn1/t_spki.c
index c2a5797dd8..5abfbc815e 100644
--- a/src/lib/libcrypto/asn1/t_spki.c
+++ b/src/lib/libcrypto/asn1/t_spki.c
@@ -60,13 +60,6 @@
 #include "cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#include <openssl/bn.h>
 /* Print out an SPKI */
@@ -100,15 +93,6 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
                }
                else
 #endif
-#ifndef OPENSSL_NO_EC
-                if (pkey->type == EVP_PKEY_EC)
-                {
-                        BIO_printf(out, "  EC Public Key:\n");
-                        EC_KEY_print(out, pkey->pkey.ec,2);
-                }
-                else
-#endif
                        BIO_printf(out,"  Unknown Public Key:\n");
                EVP_PKEY_free(pkey);
        }
diff --git a/src/lib/libcrypto/asn1/t_x509.c b/src/lib/libcrypto/asn1/t_x509.c
index eb776b7b3b..30f68561b7 100644
--- a/src/lib/libcrypto/asn1/t_x509.c
+++ b/src/lib/libcrypto/asn1/t_x509.c
@@ -66,9 +66,6 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
@@ -86,7 +83,7 @@ int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cfla
        if ((b=BIO_new(BIO_s_file())) == NULL)
                {
-                X509err(X509_F_X509_PRINT_EX_FP,ERR_R_BUF_LIB);
+                X509err(X509_F_X509_PRINT_FP,ERR_R_BUF_LIB);
                return(0);
                }
        BIO_set_fp(b,fp,BIO_NOCLOSE);
@@ -232,14 +229,6 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
                        }
                else
 #endif
-#ifndef OPENSSL_NO_EC
-                if (pkey->type == EVP_PKEY_EC)
-                        {
-                        BIO_printf(bp, "%12sEC Public Key:\n","");
-                        EC_KEY_print(bp, pkey->pkey.ec, 16);
-                        }
-                else
-#endif
                        BIO_printf(bp,"%12sUnknown Public Key:\n","");
                EVP_PKEY_free(pkey);
@@ -332,7 +321,7 @@ int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
 int ASN1_STRING_print(BIO *bp, ASN1_STRING *v)
        {
        int i,n;
-        char buf[80],*p;;
+        char buf[80],*p;
        if (v == NULL) return(0);
        n=0;
@@ -445,18 +434,19 @@ err:
 int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
        {
        char *s,*c,*b;
-        int ret=0,l,i;
+        int ret=0,l,ll,i,first=1;
-        l=80-2-obase;
+        ll=80-2-obase;
-        b=X509_NAME_oneline(name,NULL,0);
+        b=s=X509_NAME_oneline(name,NULL,0);
-        if (!*b)
+        if (!*s)
                {
                OPENSSL_free(b);
                return 1;
                }
-        s=b+1; /* skip the first slash */
+        s++; /* skip the first slash */
+        l=ll;
        c=s;
        for (;;)
                {
@@ -478,9 +468,20 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
                        (*s == '\0'))
 #endif
                        {
+                        if ((l <= 0) && !first)
+                                {
+                                first=0;
+                                if (BIO_write(bp,"\n",1) != 1) goto err;
+                                for (i=0; i<obase; i++)
+                                        {
+                                        if (BIO_write(bp," ",1) != 1) goto err;
+                                        }
+                                l=ll;
+                                }
                        i=s-c;
                        if (BIO_write(bp,c,i) != i) goto err;
-                        c=s+1;  /* skip following slash */
+                        c+=i;
+                        c++;
                        if (*s != '\0')
                                {
                                if (BIO_write(bp,", ",2) != 2) goto err;
diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c
index 0ee406231e..b7e916ef36 100644
--- a/src/lib/libcrypto/asn1/tasn_dec.c
+++ b/src/lib/libcrypto/asn1/tasn_dec.c
@@ -3,7 +3,7 @@
 * project 2000.
 */
 /* ====================================================================
- * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -65,40 +65,24 @@
 #include <openssl/buffer.h>
 #include <openssl/err.h>
-static int asn1_check_eoc(const unsigned char **in, long len);
+static int asn1_check_eoc(unsigned char **in, long len);
-static int asn1_find_end(const unsigned char **in, long len, char inf);
+static int asn1_find_end(unsigned char **in, long len, char inf);
+static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass);
-static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
+static int collect_data(BUF_MEM *buf, unsigned char **p, long plen);
-                                char inf, int tag, int aclass);
+static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, char *cst,
+                        unsigned char **in, long len, int exptag, int expclass, char opt, ASN1_TLC *ctx);
-static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen);
+static int asn1_template_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx);
+static int asn1_template_noexp_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx);
-static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
+static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long len,
-                                char *inf, char *cst,
+                                        const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx);
-                                const unsigned char **in, long len,
-                                int exptag, int expclass, char opt,
-                                ASN1_TLC *ctx);
-static int asn1_template_ex_d2i(ASN1_VALUE **pval,
-                                const unsigned char **in, long len,
-                                const ASN1_TEMPLATE *tt, char opt,
-                                ASN1_TLC *ctx);
-static int asn1_template_noexp_d2i(ASN1_VALUE **val,
-                                const unsigned char **in, long len,
-                                const ASN1_TEMPLATE *tt, char opt,
-                                ASN1_TLC *ctx);
-static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
-                                const unsigned char **in, long len,
-                                const ASN1_ITEM *it,
-                                int tag, int aclass, char opt, ASN1_TLC *ctx);
 /* Table to convert tags to bit values, used for MSTRING type */
-static const unsigned long tag2bit[32] = {
+static unsigned long tag2bit[32]={
 0,      0,      0,      B_ASN1_BIT_STRING,      /* tags  0 -  3 */
 B_ASN1_OCTET_STRING,    0,      0,              B_ASN1_UNKNOWN,/* tags  4- 7 */
 B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags  8-11 */
 B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */
-B_ASN1_SEQUENCE,0,B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING, /* tags 16-19 */
+0,      0,      B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING,   /* tags 16-19 */
 B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,       /* tags 20-22 */
 B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME,                        /* tags 23-24 */ 
 B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING,  /* tags 25-27 */
@@ -106,14 +90,14 @@ B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN, /* tags 2
        };
 unsigned long ASN1_tag2bit(int tag)
-        {
+{
-        if ((tag < 0) || (tag > 30)) return 0;
+        if((tag < 0) || (tag > 30)) return 0;
        return tag2bit[tag];
-        }
+}
 /* Macro to initialize and invalidate the cache */
-#define asn1_tlc_clear(c)       if (c) (c)->valid = 0
+#define asn1_tlc_clear(c)       if(c) (c)->valid = 0
 /* Decode an ASN1 item, this currently behaves just 
 * like a standard 'd2i' function. 'in' points to 
@@ -123,147 +107,113 @@ unsigned long ASN1_tag2bit(int tag)
 * case.
 */
-ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
+ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it)
-                const unsigned char **in, long len, const ASN1_ITEM *it)
+{
-        {
        ASN1_TLC c;
        ASN1_VALUE *ptmpval = NULL;
-        if (!pval)
+        if(!pval) pval = &ptmpval;
-                pval = &ptmpval;
+        asn1_tlc_clear(&c);
-        c.valid = 0;
+        if(ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) 
-        if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) 
                return *pval;
        return NULL;
-        }
+}
-int ASN1_template_d2i(ASN1_VALUE **pval,
+int ASN1_template_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt)
-                const unsigned char **in, long len, const ASN1_TEMPLATE *tt)
+{
-        {
        ASN1_TLC c;
-        c.valid = 0;
+        asn1_tlc_clear(&c);
        return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
-        }
+}
 /* Decode an item, taking care of IMPLICIT tagging, if any.
 * If 'opt' set and tag mismatch return -1 to handle OPTIONAL
 */
-int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it,
-                        const ASN1_ITEM *it,
+                                int tag, int aclass, char opt, ASN1_TLC *ctx)
-                        int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
-        {
        const ASN1_TEMPLATE *tt, *errtt = NULL;
        const ASN1_COMPAT_FUNCS *cf;
        const ASN1_EXTERN_FUNCS *ef;
        const ASN1_AUX *aux = it->funcs;
        ASN1_aux_cb *asn1_cb;
-        const unsigned char *p = NULL, *q;
+        unsigned char *p, *q, imphack = 0, oclass;
-        unsigned char *wp=NULL; /* BIG FAT WARNING!  BREAKS CONST WHERE USED */
-        unsigned char imphack = 0, oclass;
        char seq_eoc, seq_nolen, cst, isopt;
        long tmplen;
        int i;
        int otag;
        int ret = 0;
        ASN1_VALUE *pchval, **pchptr, *ptmpval;
-        if (!pval)
+        if(!pval) return 0;
-                return 0;
+        if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb;
-        if (aux && aux->asn1_cb)
-                asn1_cb = aux->asn1_cb;
        else asn1_cb = 0;
-        switch(it->itype)
+        switch(it->itype) {
-                {
                case ASN1_ITYPE_PRIMITIVE:
-                if (it->templates)
+                if(it->templates) {
-                        {
+                        /* tagging or OPTIONAL is currently illegal on an item template
-                        /* tagging or OPTIONAL is currently illegal on an item
+                         * because the flags can't get passed down. In practice this isn't
-                         * template because the flags can't get passed down.
+                         * a problem: we include the relevant flags from the item template
-                         * In practice this isn't a problem: we include the
+                         * in the template itself.
-                         * relevant flags from the item template in the
-                         * template itself.
                         */
-                        if ((tag != -1) || opt)
+                        if ((tag != -1) || opt) {
-                                {
+                                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
-                                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-                                ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
                                goto err;
-                                }
+                        }
-                        return asn1_template_ex_d2i(pval, in, len,
+                        return asn1_template_ex_d2i(pval, in, len, it->templates, opt, ctx);
-                                        it->templates, opt, ctx);
                }
-                return asn1_d2i_ex_primitive(pval, in, len, it,
+                return asn1_d2i_ex_primitive(pval, in, len, it, tag, aclass, opt, ctx);
-                                                tag, aclass, opt, ctx);
                break;
                case ASN1_ITYPE_MSTRING:
                p = *in;
                /* Just read in tag and class */
-                ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
+                ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, &p, len, -1, 0, 1, ctx);
-                                                &p, len, -1, 0, 1, ctx);
+                if(!ret) {
-                if (!ret)
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-                        {
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-                                        ERR_R_NESTED_ASN1_ERROR);
                        goto err;
-                        }
+                } 
                /* Must be UNIVERSAL class */
-                if (oclass != V_ASN1_UNIVERSAL)
+                if(oclass != V_ASN1_UNIVERSAL) {
-                        {
                        /* If OPTIONAL, assume this is OK */
-                        if (opt) return -1;
+                        if(opt) return -1;
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL);
-                                        ASN1_R_MSTRING_NOT_UNIVERSAL);
                        goto err;
-                        }
+                } 
                /* Check tag matches bit map */
-                if (!(ASN1_tag2bit(otag) & it->utype))
+                if(!(ASN1_tag2bit(otag) & it->utype)) {
-                        {
                        /* If OPTIONAL, assume this is OK */
-                        if (opt)
+                        if(opt) return -1;
-                                return -1;
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_WRONG_TAG);
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-                                        ASN1_R_MSTRING_WRONG_TAG);
                        goto err;
-                        }
+                } 
-                return asn1_d2i_ex_primitive(pval, in, len,
+                return asn1_d2i_ex_primitive(pval, in, len, it, otag, 0, 0, ctx);
-                                                it, otag, 0, 0, ctx);
                case ASN1_ITYPE_EXTERN:
                /* Use new style d2i */
                ef = it->funcs;
-                return ef->asn1_ex_d2i(pval, in, len,
+                return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx);
-                                                it, tag, aclass, opt, ctx);
                case ASN1_ITYPE_COMPAT:
                /* we must resort to old style evil hackery */
                cf = it->funcs;
                /* If OPTIONAL see if it is there */
-                if (opt)
+                if(opt) {
-                        {
                        int exptag;
                        p = *in;
-                        if (tag == -1)
+                        if(tag == -1) exptag = it->utype;
-                                exptag = it->utype;
                        else exptag = tag;
-                        /* Don't care about anything other than presence
+                        /* Don't care about anything other than presence of expected tag */
-                         * of expected tag */
+                        ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL, &p, len, exptag, aclass, 1, ctx);
+                        if(!ret) {
-                        ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL,
+                                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-                                        &p, len, exptag, aclass, 1, ctx);
-                        if (!ret)
-                                {
-                                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-                                        ERR_R_NESTED_ASN1_ERROR);
                                goto err;
-                                }
-                        if (ret == -1)
-                                return -1;
                        }
+                        if(ret == -1) return -1;
+                }
                /* This is the old style evil hack IMPLICIT handling:
                 * since the underlying code is expecting a tag and
                 * class other than the one present we change the
@@ -279,332 +229,245 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                 * buffer.
                 */
-                if (tag != -1)
+                if(tag != -1) {
-                        {
+                        p = *in;
-                        wp = *(unsigned char **)in;
+                        imphack = *p;
-                        imphack = *wp;
+                        *p = (unsigned char)((*p & V_ASN1_CONSTRUCTED) | it->utype);
-                        if (p == NULL)
+                }
-                                {
-                                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-                                        ERR_R_NESTED_ASN1_ERROR);
-                                goto err;
-                                }
-                        *wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED)
-                                                                | it->utype);
-                        }
                ptmpval = cf->asn1_d2i(pval, in, len);
-                if (tag != -1)
+                if(tag != -1) *p = imphack;
-                        *wp = imphack;
-                if (ptmpval)
-                        return 1;
+                if(ptmpval) return 1;
                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
                goto err;
                case ASN1_ITYPE_CHOICE:
-                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+                if(asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
                                goto auxerr;
                /* Allocate structure */
-                if (!*pval && !ASN1_item_ex_new(pval, it))
+                if(!*pval) {
-                        {
+                        if(!ASN1_item_ex_new(pval, it)) {
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+                                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-                                                ERR_R_NESTED_ASN1_ERROR);
+                                goto err;
-                        goto err;
                        }
+                }
                /* CHOICE type, try each possibility in turn */
                pchval = NULL;
                p = *in;
-                for (i = 0, tt=it->templates; i < it->tcount; i++, tt++)
+                for(i = 0, tt=it->templates; i < it->tcount; i++, tt++) {
-                        {
                        pchptr = asn1_get_field_ptr(pval, tt);
                        /* We mark field as OPTIONAL so its absence
                         * can be recognised.
                         */
                        ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
                        /* If field not present, try the next one */
-                        if (ret == -1)
+                        if(ret == -1) continue;
-                                continue;
                        /* If positive return, read OK, break loop */
-                        if (ret > 0)
+                        if(ret > 0) break;
-                                break;
                        /* Otherwise must be an ASN1 parsing error */
                        errtt = tt;
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-                                                ERR_R_NESTED_ASN1_ERROR);
                        goto err;
-                        }
+                }
                /* Did we fall off the end without reading anything? */
-                if (i == it->tcount)
+                if(i == it->tcount) {
-                        {
                        /* If OPTIONAL, this is OK */
-                        if (opt)
+                        if(opt) {
-                                {
                                /* Free and zero it */
                                ASN1_item_ex_free(pval, it);
                                return -1;
-                                }
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-                                        ASN1_R_NO_MATCHING_CHOICE_TYPE);
-                        goto err;
                        }
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NO_MATCHING_CHOICE_TYPE);
+                        goto err;
+                }
                asn1_set_choice_selector(pval, i, it);
                *in = p;
-                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
+                if(asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
                                goto auxerr;
                return 1;
-                case ASN1_ITYPE_NDEF_SEQUENCE:
                case ASN1_ITYPE_SEQUENCE:
                p = *in;
                tmplen = len;
                /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
-                if (tag == -1)
+                if(tag == -1) {
-                        {
                        tag = V_ASN1_SEQUENCE;
                        aclass = V_ASN1_UNIVERSAL;
-                        }
+                }
                /* Get SEQUENCE length and update len, p */
-                ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst,
+                ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst, &p, len, tag, aclass, opt, ctx);
-                                        &p, len, tag, aclass, opt, ctx);
+                if(!ret) {
-                if (!ret)
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-                        {
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-                                        ERR_R_NESTED_ASN1_ERROR);
                        goto err;
-                        }
+                } else if(ret == -1) return -1;
-                else if (ret == -1)
+                if(aux && (aux->flags & ASN1_AFLG_BROKEN)) {
-                        return -1;
-                if (aux && (aux->flags & ASN1_AFLG_BROKEN))
-                        {
                        len = tmplen - (p - *in);
                        seq_nolen = 1;
-                        }
+                } else seq_nolen = seq_eoc;     /* If indefinite we don't do a length check */
-                /* If indefinite we don't do a length check */
+                if(!cst) {
-                else seq_nolen = seq_eoc;
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
-                if (!cst)
-                        {
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-                                ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
                        goto err;
-                        }
+                }
-                if (!*pval && !ASN1_item_ex_new(pval, it))
+                if(!*pval) {
-                        {
+                        if(!ASN1_item_ex_new(pval, it)) {
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+                                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-                                ERR_R_NESTED_ASN1_ERROR);
+                                goto err;
-                        goto err;
                        }
+                }
-                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+                if(asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
                                goto auxerr;
                /* Get each field entry */
-                for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
+                for(i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
-                        {
                        const ASN1_TEMPLATE *seqtt;
                        ASN1_VALUE **pseqval;
                        seqtt = asn1_do_adb(pval, tt, 1);
-                        if (!seqtt)
+                        if(!seqtt) goto err;
-                                goto err;
                        pseqval = asn1_get_field_ptr(pval, seqtt);
                        /* Have we ran out of data? */
-                        if (!len)
+                        if(!len) break;
-                                break;
                        q = p;
-                        if (asn1_check_eoc(&p, len))
+                        if(asn1_check_eoc(&p, len)) {
-                                {
+                                if(!seq_eoc) {
-                                if (!seq_eoc)
+                                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_UNEXPECTED_EOC);
-                                        {
-                                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-                                                        ASN1_R_UNEXPECTED_EOC);
                                        goto err;
-                                        }
+                                }
                                len -= p - q;
                                seq_eoc = 0;
                                q = p;
                                break;
-                                }
+                        }
-                        /* This determines the OPTIONAL flag value. The field
+                        /* This determines the OPTIONAL flag value. The field cannot
-                         * cannot be omitted if it is the last of a SEQUENCE
+                         * be omitted if it is the last of a SEQUENCE and there is
-                         * and there is still data to be read. This isn't
+                         * still data to be read. This isn't strictly necessary but
-                         * strictly necessary but it increases efficiency in
+                         * it increases efficiency in some cases.
-                         * some cases.
                         */
-                        if (i == (it->tcount - 1))
+                        if(i == (it->tcount - 1)) isopt = 0;
-                                isopt = 0;
                        else isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL);
-                        /* attempt to read in field, allowing each to be
+                        /* attempt to read in field, allowing each to be OPTIONAL */
-                         * OPTIONAL */
+                        ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx);
+                        if(!ret) {
-                        ret = asn1_template_ex_d2i(pseqval, &p, len,
-                                                        seqtt, isopt, ctx);
-                        if (!ret)
-                                {
                                errtt = seqtt;
                                goto err;
-                                }
+                        } else if(ret == -1) {
-                        else if (ret == -1)
+                                /* OPTIONAL component absent. Free and zero the field
-                                {
-                                /* OPTIONAL component absent.
-                                 * Free and zero the field.
                                 */
                                ASN1_template_free(pseqval, seqtt);
                                continue;
-                                }
+                        }
                        /* Update length */
                        len -= p - q;
-                        }
+                }
                /* Check for EOC if expecting one */
-                if (seq_eoc && !asn1_check_eoc(&p, len))
+                if(seq_eoc && !asn1_check_eoc(&p, len)) {
-                        {
                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC);
                        goto err;
-                        }
+                }
                /* Check all data read */
-                if (!seq_nolen && len)
+                if(!seq_nolen && len) {
-                        {
+                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_LENGTH_MISMATCH);
-                        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-                                        ASN1_R_SEQUENCE_LENGTH_MISMATCH);
                        goto err;
-                        }
+                }
                /* If we get here we've got no more data in the SEQUENCE,
                 * however we may not have read all fields so check all
                 * remaining are OPTIONAL and clear any that are.
                 */
-                for (; i < it->tcount; tt++, i++)
+                for(; i < it->tcount; tt++, i++) {
-                        {
                        const ASN1_TEMPLATE *seqtt;
                        seqtt = asn1_do_adb(pval, tt, 1);
-                        if (!seqtt)
+                        if(!seqtt) goto err;
-                                goto err;
+                        if(seqtt->flags & ASN1_TFLG_OPTIONAL) {
-                        if (seqtt->flags & ASN1_TFLG_OPTIONAL)
-                                {
                                ASN1_VALUE **pseqval;
                                pseqval = asn1_get_field_ptr(pval, seqtt);
                                ASN1_template_free(pseqval, seqtt);
-                                }
+                        } else {
-                        else
-                                {
                                errtt = seqtt;
-                                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+                                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_FIELD_MISSING);
-                                                        ASN1_R_FIELD_MISSING);
                                goto err;
-                                }
                        }
+                }
                /* Save encoding */
-                if (!asn1_enc_save(pval, *in, p - *in, it))
+                if(!asn1_enc_save(pval, *in, p - *in, it)) goto auxerr;
-                        goto auxerr;
                *in = p;
-                if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
+                if(asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
                                goto auxerr;
                return 1;
                default:
                return 0;
-                }
+        }
        auxerr:
        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
        err:
        ASN1_item_ex_free(pval, it);
-        if (errtt)
+        if(errtt) ERR_add_error_data(4, "Field=", errtt->field_name, ", Type=", it->sname);
-                ERR_add_error_data(4, "Field=", errtt->field_name,
+        else ERR_add_error_data(2, "Type=", it->sname);
-                                        ", Type=", it->sname);
-        else
-                ERR_add_error_data(2, "Type=", it->sname);
        return 0;
-        }
+}
-/* Templates are handled with two separate functions.
+/* Templates are handled with two separate functions. One handles any EXPLICIT tag and the other handles the
- * One handles any EXPLICIT tag and the other handles the rest.
+ * rest.
 */
-static int asn1_template_ex_d2i(ASN1_VALUE **val,
+static int asn1_template_ex_d2i(ASN1_VALUE **val, unsigned char **in, long inlen, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx)
-                                const unsigned char **in, long inlen,
+{
-                                const ASN1_TEMPLATE *tt, char opt,
-                                                        ASN1_TLC *ctx)
-        {
        int flags, aclass;
        int ret;
        long len;
-        const unsigned char *p, *q;
+        unsigned char *p, *q;
        char exp_eoc;
-        if (!val)
+        if(!val) return 0;
-                return 0;
        flags = tt->flags;
        aclass = flags & ASN1_TFLG_TAG_CLASS;
        p = *in;
        /* Check if EXPLICIT tag expected */
-        if (flags & ASN1_TFLG_EXPTAG)
+        if(flags & ASN1_TFLG_EXPTAG) {
-                {
                char cst;
-                /* Need to work out amount of data available to the inner
+                /* Need to work out amount of data available to the inner content and where it
-                 * content and where it starts: so read in EXPLICIT header to
+                 * starts: so read in EXPLICIT header to get the info.
-                 * get the info.
                 */
-                ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst,
+                ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst, &p, inlen, tt->tag, aclass, opt, ctx);
-                                        &p, inlen, tt->tag, aclass, opt, ctx);
                q = p;
-                if (!ret)
+                if(!ret) {
-                        {
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-                        ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
-                                        ERR_R_NESTED_ASN1_ERROR);
                        return 0;
-                        }
+                } else if(ret == -1) return -1;
-                else if (ret == -1)
+                if(!cst) {
-                        return -1;
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
-                if (!cst)
-                        {
-                        ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
-                                        ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
                        return 0;
-                        }
+                }
                /* We've found the field so it can't be OPTIONAL now */
                ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
-                if (!ret)
+                if(!ret) {
-                        {
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-                        ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
-                                        ERR_R_NESTED_ASN1_ERROR);
                        return 0;
-                        }
+                }
                /* We read the field in OK so update length */
                len -= p - q;
-                if (exp_eoc)
+                if(exp_eoc) {
-                        {
                        /* If NDEF we must have an EOC here */
-                        if (!asn1_check_eoc(&p, len))
+                        if(!asn1_check_eoc(&p, len)) {
-                                {
+                                ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_MISSING_EOC);
-                                ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
-                                                ASN1_R_MISSING_EOC);
                                goto err;
-                                }
                        }
-                else
+                } else {
-                        {
+                        /* Otherwise we must hit the EXPLICIT tag end or its an error */
-                        /* Otherwise we must hit the EXPLICIT tag end or its
+                        if(len) {
-                         * an error */
+                                ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_EXPLICIT_LENGTH_MISMATCH);
-                        if (len)
-                                {
-                                ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
-                                        ASN1_R_EXPLICIT_LENGTH_MISMATCH);
                                goto err;
-                                }
                        }
                }
-                else 
+        } else 
-                        return asn1_template_noexp_d2i(val, in, inlen,
+                return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx);
-                                                                tt, opt, ctx);
        *in = p;
        return 1;
@@ -613,145 +476,98 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
        ASN1_template_free(val, tt);
        *val = NULL;
        return 0;
-        }
+}
-static int asn1_template_noexp_d2i(ASN1_VALUE **val,
+static int asn1_template_noexp_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx)
-                                const unsigned char **in, long len,
+{
-                                const ASN1_TEMPLATE *tt, char opt,
-                                ASN1_TLC *ctx)
-        {
        int flags, aclass;
        int ret;
-        const unsigned char *p, *q;
+        unsigned char *p, *q;
-        if (!val)
+        if(!val) return 0;
-                return 0;
        flags = tt->flags;
        aclass = flags & ASN1_TFLG_TAG_CLASS;
        p = *in;
        q = p;
-        if (flags & ASN1_TFLG_SK_MASK)
+        if(flags & ASN1_TFLG_SK_MASK) {
-                {
                /* SET OF, SEQUENCE OF */
                int sktag, skaclass;
                char sk_eoc;
                /* First work out expected inner tag value */
-                if (flags & ASN1_TFLG_IMPTAG)
+                if(flags & ASN1_TFLG_IMPTAG) {
-                        {
                        sktag = tt->tag;
                        skaclass = aclass;
-                        }
+                } else {
-                else
-                        {
                        skaclass = V_ASN1_UNIVERSAL;
-                        if (flags & ASN1_TFLG_SET_OF)
+                        if(flags & ASN1_TFLG_SET_OF) sktag = V_ASN1_SET;
-                                sktag = V_ASN1_SET;
+                        else sktag = V_ASN1_SEQUENCE;
-                        else
+                }
-                                sktag = V_ASN1_SEQUENCE;
-                        }
                /* Get the tag */
-                ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL,
+                ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL, &p, len, sktag, skaclass, opt, ctx);
-                                        &p, len, sktag, skaclass, opt, ctx);
+                if(!ret) {
-                if (!ret)
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-                        {
-                        ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-                                                ERR_R_NESTED_ASN1_ERROR);
                        return 0;
-                        }
+                } else if(ret == -1) return -1;
-                else if (ret == -1)
+                if(!*val) *val = (ASN1_VALUE *)sk_new_null();
-                        return -1;
+                else {
-                if (!*val)
-                        *val = (ASN1_VALUE *)sk_new_null();
-                else
-                        {
                        /* We've got a valid STACK: free up any items present */
                        STACK *sktmp = (STACK *)*val;
                        ASN1_VALUE *vtmp;
-                        while(sk_num(sktmp) > 0)
+                        while(sk_num(sktmp) > 0) {
-                                {
                                vtmp = (ASN1_VALUE *)sk_pop(sktmp);
-                                ASN1_item_ex_free(&vtmp,
+                                ASN1_item_ex_free(&vtmp, ASN1_ITEM_ptr(tt->item));
-                                                ASN1_ITEM_ptr(tt->item));
-                                }
                        }
+                }
                                
-                if (!*val)
+                if(!*val) {
-                        {
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_MALLOC_FAILURE);
-                        ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-                                                ERR_R_MALLOC_FAILURE);
                        goto err;
-                        }
+                }
                /* Read as many items as we can */
-                while(len > 0)
+                while(len > 0) {
-                        {
                        ASN1_VALUE *skfield;
                        q = p;
                        /* See if EOC found */
-                        if (asn1_check_eoc(&p, len))
+                        if(asn1_check_eoc(&p, len)) {
-                                {
+                                if(!sk_eoc) {
-                                if (!sk_eoc)
+                                        ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_UNEXPECTED_EOC);
-                                        {
-                                        ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-                                                        ASN1_R_UNEXPECTED_EOC);
                                        goto err;
-                                        }
+                                }
                                len -= p - q;
                                sk_eoc = 0;
                                break;
-                                }
+                        }
                        skfield = NULL;
-                        if (!ASN1_item_ex_d2i(&skfield, &p, len,
+                        if(!ASN1_item_ex_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) {
-                                                ASN1_ITEM_ptr(tt->item),
+                                ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR);
-                                                -1, 0, 0, ctx))
-                                {
-                                ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-                                        ERR_R_NESTED_ASN1_ERROR);
                                goto err;
-                                }
+                        }
                        len -= p - q;
-                        if (!sk_push((STACK *)*val, (char *)skfield))
+                        if(!sk_push((STACK *)*val, (char *)skfield)) {
-                                {
+                                ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_MALLOC_FAILURE);
-                                ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-                                                ERR_R_MALLOC_FAILURE);
                                goto err;
-                                }
                        }
-                if (sk_eoc)
+                }
-                        {
+                if(sk_eoc) {
-                        ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ASN1_R_MISSING_EOC);
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_MISSING_EOC);
                        goto err;
-                        }
                }
-        else if (flags & ASN1_TFLG_IMPTAG)
+        } else if(flags & ASN1_TFLG_IMPTAG) {
-                {
                /* IMPLICIT tagging */
-                ret = ASN1_item_ex_d2i(val, &p, len,
+                ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ctx);
-                        ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ctx);
+                if(!ret) {
-                if (!ret)
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR);
-                        {
-                        ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-                                                ERR_R_NESTED_ASN1_ERROR);
                        goto err;
-                        }
+                } else if(ret == -1) return -1;
-                else if (ret == -1)
+        } else {
-                        return -1;
-                }
-        else
-                {
                /* Nothing special */
-                ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
+                ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), -1, 0, opt, ctx);
-                                                        -1, 0, opt, ctx);
+                if(!ret) {
-                if (!ret)
+                        ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR);
-                        {
-                        ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-                                        ERR_R_NESTED_ASN1_ERROR);
                        goto err;
-                        }
+                } else if(ret == -1) return -1;
-                else if (ret == -1)
+        }
-                        return -1;
-                }
        *in = p;
        return 1;
@@ -760,115 +576,85 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
        ASN1_template_free(val, tt);
        *val = NULL;
        return 0;
-        }
+}
-static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
+static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inlen, 
-                                const unsigned char **in, long inlen, 
+                                                const ASN1_ITEM *it,
-                                const ASN1_ITEM *it,
+                                                int tag, int aclass, char opt, ASN1_TLC *ctx)
-                                int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
-        {
        int ret = 0, utype;
        long plen;
        char cst, inf, free_cont = 0;
-        const unsigned char *p;
+        unsigned char *p;
        BUF_MEM buf;
-        const unsigned char *cont = NULL;
+        unsigned char *cont = NULL;
        long len; 
-        if (!pval)
+        if(!pval) {
-                {
                ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL);
                return 0; /* Should never happen */
-                }
+        }
-        if (it->itype == ASN1_ITYPE_MSTRING)
+        if(it->itype == ASN1_ITYPE_MSTRING) {
-                {
                utype = tag;
                tag = -1;
-                }
+        } else utype = it->utype;
-        else
-                utype = it->utype;
-        if (utype == V_ASN1_ANY)
+        if(utype == V_ASN1_ANY) {
-                {
                /* If type is ANY need to figure out type from tag */
                unsigned char oclass;
-                if (tag >= 0)
+                if(tag >= 0) {
-                        {
+                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_TAGGED_ANY);
-                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
-                                        ASN1_R_ILLEGAL_TAGGED_ANY);
                        return 0;
-                        }
+                }
-                if (opt)
+                if(opt) {
-                        {
+                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_OPTIONAL_ANY);
-                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
-                                        ASN1_R_ILLEGAL_OPTIONAL_ANY);
                        return 0;
-                        }
+                }
                p = *in;
-                ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL,
+                ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL, &p, inlen, -1, 0, 0, ctx);
-                                        &p, inlen, -1, 0, 0, ctx);
+                if(!ret) {
-                if (!ret)
+                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
-                        {
-                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
-                                        ERR_R_NESTED_ASN1_ERROR);
                        return 0;
-                        }
-                if (oclass != V_ASN1_UNIVERSAL)
-                        utype = V_ASN1_OTHER;
                }
-        if (tag == -1)
+                if(oclass != V_ASN1_UNIVERSAL) utype = V_ASN1_OTHER;
-                {
+        }
+        if(tag == -1) {
                tag = utype;
                aclass = V_ASN1_UNIVERSAL;
-                }
+        }
        p = *in;
        /* Check header */
-        ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst,
+        ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst, &p, inlen, tag, aclass, opt, ctx);
-                                &p, inlen, tag, aclass, opt, ctx);
+        if(!ret) {
-        if (!ret)
-                {
                ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
                return 0;
-                }
+        } else if(ret == -1) return -1;
-        else if (ret == -1)
-                return -1;
+        ret = 0;
-        ret = 0;
        /* SEQUENCE, SET and "OTHER" are left in encoded form */
-        if ((utype == V_ASN1_SEQUENCE)
+        if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) {
-                || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER))
+                /* Clear context cache for type OTHER because the auto clear when
-                {
+                 * we have a exact match wont work
-                /* Clear context cache for type OTHER because the auto clear
-                 * when we have a exact match wont work
                 */
-                if (utype == V_ASN1_OTHER)
+                if(utype == V_ASN1_OTHER) {
-                        {
                        asn1_tlc_clear(ctx);
-                        }
                /* SEQUENCE and SET must be constructed */
-                else if (!cst)
+                } else if(!cst) {
-                        {
+                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_CONSTRUCTED);
-                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
-                                ASN1_R_TYPE_NOT_CONSTRUCTED);
                        return 0;
-                        }
+                }
                cont = *in;
                /* If indefinite length constructed find the real end */
-                if (inf)
+                if(inf) {
-                        {
+                        if(!asn1_find_end(&p, plen, inf)) goto err;
-                        if (!asn1_find_end(&p, plen, inf))
-                                 goto err;
                        len = p - cont;
-                        }
+                } else {
-                else
-                        {
                        len = p - cont + plen;
                        p += plen;
                        buf.data = NULL;
-                        }
                }
-        else if (cst)
+        } else if(cst) {
-                {
                buf.length = 0;
                buf.max = 0;
                buf.data = NULL;
@@ -878,46 +664,36 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
                 * internally irrespective of the type. So instead just check
                 * for UNIVERSAL class and ignore the tag.
                 */
-                if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL))
+                if(!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL)) goto err;
-                        {
-                        free_cont = 1;
-                        goto err;
-                        }
                len = buf.length;
                /* Append a final null to string */
-                if (!BUF_MEM_grow_clean(&buf, len + 1))
+                if(!BUF_MEM_grow_clean(&buf, len + 1)) {
-                        {
+                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
-                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
-                                                ERR_R_MALLOC_FAILURE);
                        return 0;
-                        }
+                }
                buf.data[len] = 0;
-                cont = (const unsigned char *)buf.data;
+                cont = (unsigned char *)buf.data;
                free_cont = 1;
-                }
+        } else {
-        else
-                {
                cont = p;
                len = plen;
                p += plen;
-                }
+        }
        /* We now have content length and type: translate into a structure */
-        if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it))
+        if(!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it)) goto err;
-                goto err;
        *in = p;
        ret = 1;
        err:
-        if (free_cont && buf.data) OPENSSL_free(buf.data);
+        if(free_cont && buf.data) OPENSSL_free(buf.data);
        return ret;
-        }
+}
 /* Translate ASN1 content octets into a structure */
-int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
-                        int utype, char *free_cont, const ASN1_ITEM *it)
+{
-        {
        ASN1_VALUE **opval = NULL;
        ASN1_STRING *stmp;
        ASN1_TYPE *typ = NULL;
@@ -925,62 +701,43 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
        const ASN1_PRIMITIVE_FUNCS *pf;
        ASN1_INTEGER **tint;
        pf = it->funcs;
+        if(pf && pf->prim_c2i) return pf->prim_c2i(pval, cont, len, utype, free_cont, it);
-        if (pf && pf->prim_c2i)
-                return pf->prim_c2i(pval, cont, len, utype, free_cont, it);
        /* If ANY type clear type and set pointer to internal value */
-        if (it->utype == V_ASN1_ANY)
+        if(it->utype == V_ASN1_ANY) {
-                {
+                if(!*pval) {
-                if (!*pval)
-                        {
                        typ = ASN1_TYPE_new();
-                        if (typ == NULL)
-                                goto err;
                        *pval = (ASN1_VALUE *)typ;
-                        }
+                } else typ = (ASN1_TYPE *)*pval;
-                else
+                if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL);
-                        typ = (ASN1_TYPE *)*pval;
-                if (utype != typ->type)
-                        ASN1_TYPE_set(typ, utype, NULL);
                opval = pval;
-                pval = &typ->value.asn1_value;
+                pval = (ASN1_VALUE **)&typ->value.ptr;
-                }
+        }
-        switch(utype)
+        switch(utype) {
-                {
                case V_ASN1_OBJECT:
-                if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len))
+                if(!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len)) goto err;
-                        goto err;
                break;
                case V_ASN1_NULL:
-                if (len)
+                if(len) {
-                        {
+                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_NULL_IS_WRONG_LENGTH);
-                        ASN1err(ASN1_F_ASN1_EX_C2I,
-                                                ASN1_R_NULL_IS_WRONG_LENGTH);
                        goto err;
-                        }
+                }
                *pval = (ASN1_VALUE *)1;
                break;
                case V_ASN1_BOOLEAN:
-                if (len != 1)
+                if(len != 1) {
-                        {
+                        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
-                        ASN1err(ASN1_F_ASN1_EX_C2I,
-                                                ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
                        goto err;
-                        }
+                } else {
-                else
-                        {
                        ASN1_BOOLEAN *tbool;
                        tbool = (ASN1_BOOLEAN *)pval;
                        *tbool = *cont;
-                        }
+                }
                break;
                case V_ASN1_BIT_STRING:
-                if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len))
+                if(!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len)) goto err;
-                        goto err;
                break;
                case V_ASN1_INTEGER:
@@ -988,8 +745,7 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
                case V_ASN1_ENUMERATED:
                case V_ASN1_NEG_ENUMERATED:
                tint = (ASN1_INTEGER **)pval;
-                if (!c2i_ASN1_INTEGER(tint, &cont, len))
+                if(!c2i_ASN1_INTEGER(tint, &cont, len)) goto err;
-                        goto err;
                /* Fixup type to match the expected form */
                (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG);
                break;
@@ -1013,59 +769,46 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
                case V_ASN1_SEQUENCE:
                default:
                /* All based on ASN1_STRING and handled the same */
-                if (!*pval)
+                if(!*pval) {
-                        {
                        stmp = ASN1_STRING_type_new(utype);
-                        if (!stmp)
+                        if(!stmp) {
-                                {
+                                ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
-                                ASN1err(ASN1_F_ASN1_EX_C2I,
-                                                        ERR_R_MALLOC_FAILURE);
                                goto err;
-                                }
-                        *pval = (ASN1_VALUE *)stmp;
                        }
-                else
+                        *pval = (ASN1_VALUE *)stmp;
-                        {
+                } else {
                        stmp = (ASN1_STRING *)*pval;
                        stmp->type = utype;
-                        }
+                }
                /* If we've already allocated a buffer use it */
-                if (*free_cont)
+                if(*free_cont) {
-                        {
+                        if(stmp->data) OPENSSL_free(stmp->data);
-                        if (stmp->data)
+                        stmp->data = cont;
-                                OPENSSL_free(stmp->data);
-                        stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */
                        stmp->length = len;
                        *free_cont = 0;
-                        }
+                } else {
-                else
+                        if(!ASN1_STRING_set(stmp, cont, len)) {
-                        {
+                                ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
-                        if (!ASN1_STRING_set(stmp, cont, len))
-                                {
-                                ASN1err(ASN1_F_ASN1_EX_C2I,
-                                                        ERR_R_MALLOC_FAILURE);
                                ASN1_STRING_free(stmp); 
                                *pval = NULL;
                                goto err;
-                                }
                        }
-                break;
                }
+                break;
+        }
        /* If ASN1_ANY and NULL type fix up value */
-        if (typ && (utype == V_ASN1_NULL))
+        if(typ && utype==V_ASN1_NULL) typ->value.ptr = NULL;
-                 typ->value.ptr = NULL;
        ret = 1;
        err:
-        if (!ret)
+        if(!ret)
                {
                ASN1_TYPE_free(typ);
                if (opval)
                        *opval = NULL;
                }
        return ret;
-        }
+}
 /* This function finds the end of an ASN1 structure when passed its maximum
 * length, whether it is indefinite length and a pointer to the content.
@@ -1073,11 +816,11 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
 * recurse on each indefinite length header.
 */
-static int asn1_find_end(const unsigned char **in, long len, char inf)
+static int asn1_find_end(unsigned char **in, long len, char inf)
        {
        int expected_eoc;
        long plen;
-        const unsigned char *p = *in, *q;
+        unsigned char *p = *in, *q;
        /* If not indefinite length constructed just add length */
        if (inf == 0)
                {
@@ -1087,7 +830,7 @@ static int asn1_find_end(const unsigned char **in, long len, char inf)
        expected_eoc = 1;
        /* Indefinite length constructed form. Find the end when enough EOCs
         * are found. If more indefinite length constructed headers
-         * are encountered increment the expected eoc count otherwise just
+         * are encountered increment the expected eoc count otherwise justi
         * skip to the end of the data.
         */
        while (len > 0)
@@ -1122,55 +865,38 @@ static int asn1_find_end(const unsigned char **in, long len, char inf)
        *in = p;
        return 1;
        }
 /* This function collects the asn1 data from a constructred string
 * type into a buffer. The values of 'in' and 'len' should refer
 * to the contents of the constructed type and 'inf' should be set
 * if it is indefinite length.
 */
-static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
+static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass)
-                                char inf, int tag, int aclass)
+{
-        {
+        unsigned char *p, *q;
-        const unsigned char *p, *q;
        long plen;
        char cst, ininf;
        p = *in;
        inf &= 1;
-        /* If no buffer and not indefinite length constructed just pass over
+        while(len > 0) {
-         * the encoded data */
-        if (!buf && !inf)
-                {
-                *in += len;
-                return 1;
-                }
-        while(len > 0)
-                {
                q = p;
                /* Check for EOC */
-                if (asn1_check_eoc(&p, len))
+                if(asn1_check_eoc(&p, len)) {
-                        {
+                        /* EOC is illegal outside indefinite length constructed form */
-                        /* EOC is illegal outside indefinite length
+                        if(!inf) {
-                         * constructed form */
+                                ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_UNEXPECTED_EOC);
-                        if (!inf)
-                                {
-                                ASN1err(ASN1_F_ASN1_COLLECT,
-                                        ASN1_R_UNEXPECTED_EOC);
                                return 0;
-                                }
+                        }
                        inf = 0;
                        break;
-                        }
+                }
+                if(!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p, len, tag, aclass, 0, NULL)) {
-                if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p,
-                                        len, tag, aclass, 0, NULL))
-                        {
                        ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR);
                        return 0;
-                        }
+                }
                /* If indefinite length constructed update max length */
-                if (cst)
+                if(cst) {
-                        {
 #ifdef OPENSSL_ALLOW_NESTED_ASN1_STRINGS
                        if (!asn1_collect(buf, &p, plen, ininf, tag, aclass))
                                return 0;
@@ -1178,51 +904,47 @@ static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
                        ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING);
                        return 0;
 #endif
-                        }
+                } else {
-                else if (plen && !collect_data(buf, &p, plen))
+                        if(plen && !collect_data(buf, &p, plen)) return 0;
-                        return 0;
-                len -= p - q;
                }
-        if (inf)
+                len -= p - q;
-                {
+        }
+        if(inf) {
                ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC);
                return 0;
-                }
+        }
        *in = p;
        return 1;
-        }
+}
-static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen)
+static int collect_data(BUF_MEM *buf, unsigned char **p, long plen)
-        {
+{
-        int len;
+                int len;
-        if (buf)
+                if(buf) {
-                {
+                        len = buf->length;
-                len = buf->length;
+                        if(!BUF_MEM_grow_clean(buf, len + plen)) {
-                if (!BUF_MEM_grow_clean(buf, len + plen))
+                                ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE);
-                        {
+                                return 0;
-                        ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE);
-                        return 0;
                        }
-                memcpy(buf->data + len, *p, plen);
+                        memcpy(buf->data + len, *p, plen);
                }
-        *p += plen;
+                *p += plen;
-        return 1;
+                return 1;
-        }
+}
 /* Check for ASN1 EOC and swallow it if found */
-static int asn1_check_eoc(const unsigned char **in, long len)
+static int asn1_check_eoc(unsigned char **in, long len)
-        {
+{
-        const unsigned char *p;
+        unsigned char *p;
-        if (len < 2) return 0;
+        if(len < 2) return 0;
        p = *in;
-        if (!p[0] && !p[1])
+        if(!p[0] && !p[1]) {
-                {
                *in += 2;
                return 1;
-                }
-        return 0;
        }
+        return 0;
+}
 /* Check an ASN1 tag and length: a bit like ASN1_get_object
 * but it sets the length for indefinite length constructed
@@ -1231,32 +953,25 @@ static int asn1_check_eoc(const unsigned char **in, long len)
 * header length just read.
 */
-static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
+static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, char *cst,
-                                char *inf, char *cst,
+                unsigned char **in, long len, int exptag, int expclass, char opt, ASN1_TLC *ctx)
-                                const unsigned char **in, long len,
+{
-                                int exptag, int expclass, char opt,
-                                ASN1_TLC *ctx)
-        {
        int i;
        int ptag, pclass;
        long plen;
-        const unsigned char *p, *q;
+        unsigned char *p, *q;
        p = *in;
        q = p;
-        if (ctx && ctx->valid)
+        if(ctx && ctx->valid) {
-                {
                i = ctx->ret;
                plen = ctx->plen;
                pclass = ctx->pclass;
                ptag = ctx->ptag;
                p += ctx->hdrlen;
-                }
+        } else {
-        else
-                {
                i = ASN1_get_object(&p, &plen, &ptag, &pclass, len);
-                if (ctx)
+                if(ctx) {
-                        {
                        ctx->ret = i;
                        ctx->plen = plen;
                        ctx->pclass = pclass;
@@ -1266,57 +981,43 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
                        /* If definite length, and no error, length +
                         * header can't exceed total amount of data available. 
                         */
-                        if (!(i & 0x81) && ((plen + ctx->hdrlen) > len))
+                        if(!(i & 0x81) && ((plen + ctx->hdrlen) > len)) {
-                                {
+                                ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG);
-                                ASN1err(ASN1_F_ASN1_CHECK_TLEN,
-                                                        ASN1_R_TOO_LONG);
                                asn1_tlc_clear(ctx);
                                return 0;
-                                }
                        }
                }
+        }
-        if (i & 0x80)
+        if(i & 0x80) {
-                {
                ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER);
                asn1_tlc_clear(ctx);
                return 0;
-                }
+        }
-        if (exptag >= 0)
+        if(exptag >= 0) {
-                {
+                if((exptag != ptag) || (expclass != pclass)) {
-                if ((exptag != ptag) || (expclass != pclass))
+                        /* If type is OPTIONAL, not an error, but indicate missing
-                        {
+                         * type.
-                        /* If type is OPTIONAL, not an error:
-                         * indicate missing type.
                         */
-                        if (opt) return -1;
+                        if(opt) return -1;
                        asn1_tlc_clear(ctx);
                        ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG);
                        return 0;
-                        }
-                /* We have a tag and class match:
-                 * assume we are going to do something with it */
-                asn1_tlc_clear(ctx);
                }
+                /* We have a tag and class match, so assume we are going to do something with it */
+                asn1_tlc_clear(ctx);
+        }
-        if (i & 1)
+        if(i & 1) plen = len - (p - q);
-                plen = len - (p - q);
-        if (inf)
-                *inf = i & 1;
-        if (cst)
-                *cst = i & V_ASN1_CONSTRUCTED;
-        if (olen)
+        if(inf) *inf = i & 1;
-                *olen = plen;
-        if (oclass)
+        if(cst) *cst = i & V_ASN1_CONSTRUCTED;
-                *oclass = pclass;
-        if (otag)
+        if(olen) *olen = plen;
-                *otag = ptag;
+        if(oclass) *oclass = pclass;
+        if(otag) *otag = ptag;
        *in = p;
        return 1;
-        }
+}
diff --git a/src/lib/libcrypto/asn1/tasn_enc.c b/src/lib/libcrypto/asn1/tasn_enc.c
index be19b36acd..c675c3c832 100644
--- a/src/lib/libcrypto/asn1/tasn_enc.c
+++ b/src/lib/libcrypto/asn1/tasn_enc.c
@@ -3,7 +3,7 @@
 * project 2000.
 */
 /* ====================================================================
- * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -59,119 +59,88 @@
 #include <stddef.h>
 #include <string.h>
-#include "cryptlib.h"
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/objects.h>
-static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
+static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
-                                        const ASN1_ITEM *it,
+static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *seq, unsigned char **out, int skcontlen, const ASN1_ITEM *item, int isset);
-                                        int tag, int aclass);
-static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
-                                        int skcontlen, const ASN1_ITEM *item,
-                                        int do_sort, int iclass);
-static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
-                                        const ASN1_TEMPLATE *tt,
-                                        int tag, int aclass);
-static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
-                                        const ASN1_ITEM *it, int flags);
-/* Top level i2d equivalents: the 'ndef' variant instructs the encoder
- * to use indefinite length constructed encoding, where appropriate
- */
-int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out,
-                                                const ASN1_ITEM *it)
-        {
-        return asn1_item_flags_i2d(val, out, it, ASN1_TFLG_NDEF);
-        }
-int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it)
-        {
-        return asn1_item_flags_i2d(val, out, it, 0);
-        }
-/* Encode an ASN1 item, this is use by the
+/* Encode an ASN1 item, this is compatible with the
 * standard 'i2d' function. 'out' points to 
- * a buffer to output the data to.
+ * a buffer to output the data to, in future we will
+ * have more advanced versions that can output data
+ * a piece at a time and this will simply be a special
+ * case.
 *
 * The new i2d has one additional feature. If the output
 * buffer is NULL (i.e. *out == NULL) then a buffer is
 * allocated and populated with the encoding.
 */
-static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
-                                        const ASN1_ITEM *it, int flags)
+int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it)
-        {
+{
-        if (out && !*out)
+        if(out && !*out) {
-                {
                unsigned char *p, *buf;
                int len;
-                len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags);
+                len = ASN1_item_ex_i2d(&val, NULL, it, -1, 0);
-                if (len <= 0)
+                if(len <= 0) return len;
-                        return len;
                buf = OPENSSL_malloc(len);
-                if (!buf)
+                if(!buf) return -1;
-                        return -1;
                p = buf;
-                ASN1_item_ex_i2d(&val, &p, it, -1, flags);
+                ASN1_item_ex_i2d(&val, &p, it, -1, 0);
                *out = buf;
                return len;
-                }
-        return ASN1_item_ex_i2d(&val, out, it, -1, flags);
        }
+                
+        return ASN1_item_ex_i2d(&val, out, it, -1, 0);
+}
 /* Encode an item, taking care of IMPLICIT tagging (if any).
 * This function performs the normal item handling: it can be
 * used in external types.
 */
-int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass)
-                        const ASN1_ITEM *it, int tag, int aclass)
+{
-        {
        const ASN1_TEMPLATE *tt = NULL;
        unsigned char *p = NULL;
-        int i, seqcontlen, seqlen, ndef = 1;
+        int i, seqcontlen, seqlen;
+        ASN1_STRING *strtmp;
        const ASN1_COMPAT_FUNCS *cf;
        const ASN1_EXTERN_FUNCS *ef;
        const ASN1_AUX *aux = it->funcs;
-        ASN1_aux_cb *asn1_cb = 0;
+        ASN1_aux_cb *asn1_cb;
+        if((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) return 0;
-        if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
+        if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb;
-                return 0;
+        else asn1_cb = 0;
-        if (aux && aux->asn1_cb)
+        switch(it->itype) {
-                 asn1_cb = aux->asn1_cb;
-        switch(it->itype)
-                {
                case ASN1_ITYPE_PRIMITIVE:
-                if (it->templates)
+                if(it->templates)
-                        return asn1_template_ex_i2d(pval, out, it->templates,
+                        return ASN1_template_i2d(pval, out, it->templates);
-                                                                tag, aclass);
                return asn1_i2d_ex_primitive(pval, out, it, tag, aclass);
                break;
                case ASN1_ITYPE_MSTRING:
-                return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
+                strtmp = (ASN1_STRING *)*pval;
+                return asn1_i2d_ex_primitive(pval, out, it, -1, 0);
                case ASN1_ITYPE_CHOICE:
-                if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
+                if(asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
                                return 0;
                i = asn1_get_choice_selector(pval, it);
-                if ((i >= 0) && (i < it->tcount))
+                if((i >= 0) && (i < it->tcount)) {
-                        {
                        ASN1_VALUE **pchval;
                        const ASN1_TEMPLATE *chtt;
                        chtt = it->templates + i;
                        pchval = asn1_get_field_ptr(pval, chtt);
-                        return asn1_template_ex_i2d(pchval, out, chtt,
+                        return ASN1_template_i2d(pchval, out, chtt);
-                                                                -1, aclass);
+                } 
-                        }
                /* Fixme: error condition if selector out of range */
-                if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
+                if(asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
                                return 0;
                break;
@@ -183,236 +152,136 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
                case ASN1_ITYPE_COMPAT:
                /* old style hackery... */
                cf = it->funcs;
-                if (out)
+                if(out) p = *out;
-                        p = *out;
                i = cf->asn1_i2d(*pval, out);
                /* Fixup for IMPLICIT tag: note this messes up for tags > 30,
                 * but so did the old code. Tags > 30 are very rare anyway.
                 */
-                if (out && (tag != -1))
+                if(out && (tag != -1))
                        *p = aclass | tag | (*p & V_ASN1_CONSTRUCTED);
                return i;
                
-                case ASN1_ITYPE_NDEF_SEQUENCE:
-                /* Use indefinite length constructed if requested */
-                if (aclass & ASN1_TFLG_NDEF) ndef = 2;
-                /* fall through */
                case ASN1_ITYPE_SEQUENCE:
                i = asn1_enc_restore(&seqcontlen, out, pval, it);
                /* An error occurred */
-                if (i < 0)
+                if(i < 0) return 0;
-                        return 0;
                /* We have a valid cached encoding... */
-                if (i > 0)
+                if(i > 0) return seqcontlen;
-                        return seqcontlen;
                /* Otherwise carry on */
                seqcontlen = 0;
                /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
-                if (tag == -1)
+                if(tag == -1) {
-                        {
                        tag = V_ASN1_SEQUENCE;
-                        /* Retain any other flags in aclass */
+                        aclass = V_ASN1_UNIVERSAL;
-                        aclass = (aclass & ~ASN1_TFLG_TAG_CLASS)
+                }
-                                        | V_ASN1_UNIVERSAL;
+                if(asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
-                        }
-                if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
                                return 0;
                /* First work out sequence content length */
-                for (i = 0, tt = it->templates; i < it->tcount; tt++, i++)
+                for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
-                        {
                        const ASN1_TEMPLATE *seqtt;
                        ASN1_VALUE **pseqval;
                        seqtt = asn1_do_adb(pval, tt, 1);
-                        if (!seqtt)
+                        if(!seqtt) return 0;
-                                return 0;
                        pseqval = asn1_get_field_ptr(pval, seqtt);
                        /* FIXME: check for errors in enhanced version */
-                        seqcontlen += asn1_template_ex_i2d(pseqval, NULL, seqtt,
+                        /* FIXME: special handling of indefinite length encoding */
-                                                                -1, aclass);
+                        seqcontlen += ASN1_template_i2d(pseqval, NULL, seqtt);
-                        }
+                }
+                seqlen = ASN1_object_size(1, seqcontlen, tag);
-                seqlen = ASN1_object_size(ndef, seqcontlen, tag);
+                if(!out) return seqlen;
-                if (!out)
-                        return seqlen;
                /* Output SEQUENCE header */
-                ASN1_put_object(out, ndef, seqcontlen, tag, aclass);
+                ASN1_put_object(out, 1, seqcontlen, tag, aclass);
-                for (i = 0, tt = it->templates; i < it->tcount; tt++, i++)
+                for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
-                        {
                        const ASN1_TEMPLATE *seqtt;
                        ASN1_VALUE **pseqval;
                        seqtt = asn1_do_adb(pval, tt, 1);
-                        if (!seqtt)
+                        if(!seqtt) return 0;
-                                return 0;
                        pseqval = asn1_get_field_ptr(pval, seqtt);
                        /* FIXME: check for errors in enhanced version */
-                        asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass);
+                        ASN1_template_i2d(pseqval, out, seqtt);
-                        }
+                }
-                if (ndef == 2)
+                if(asn1_cb  && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
-                        ASN1_put_eoc(out);
-                if (asn1_cb  && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
                                return 0;
                return seqlen;
                default:
                return 0;
-                }
-        return 0;
-        }
-int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out,
-                                                        const ASN1_TEMPLATE *tt)
-        {
-        return asn1_template_ex_i2d(pval, out, tt, -1, 0);
        }
+        return 0;
+}
-static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt)
-                                const ASN1_TEMPLATE *tt, int tag, int iclass)
+{
-        {
+        int i, ret, flags, aclass;
-        int i, ret, flags, ttag, tclass, ndef;
        flags = tt->flags;
-        /* Work out tag and class to use: tagging may come
+        aclass = flags & ASN1_TFLG_TAG_CLASS;
-         * either from the template or the arguments, not both
+        if(flags & ASN1_TFLG_SK_MASK) {
-         * because this would create ambiguity. Additionally
-         * the iclass argument may contain some additional flags
-         * which should be noted and passed down to other levels.
-         */
-        if (flags & ASN1_TFLG_TAG_MASK)
-                {
-                /* Error if argument and template tagging */
-                if (tag != -1)
-                        /* FIXME: error code here */
-                        return -1;
-                /* Get tagging from template */
-                ttag = tt->tag;
-                tclass = flags & ASN1_TFLG_TAG_CLASS;
-                }
-        else if (tag != -1)
-                {
-                /* No template tagging, get from arguments */
-                ttag = tag;
-                tclass = iclass & ASN1_TFLG_TAG_CLASS;
-                }
-        else
-                {
-                ttag = -1;
-                tclass = 0;
-                }
-        /* 
-         * Remove any class mask from iflag.
-         */
-        iclass &= ~ASN1_TFLG_TAG_CLASS;
-        /* At this point 'ttag' contains the outer tag to use,
-         * 'tclass' is the class and iclass is any flags passed
-         * to this function.
-         */
-        /* if template and arguments require ndef, use it */
-        if ((flags & ASN1_TFLG_NDEF) && (iclass & ASN1_TFLG_NDEF))
-                ndef = 2;
-        else ndef = 1;
-        if (flags & ASN1_TFLG_SK_MASK)
-                {
                /* SET OF, SEQUENCE OF */
                STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
                int isset, sktag, skaclass;
                int skcontlen, sklen;
                ASN1_VALUE *skitem;
+                if(!*pval) return 0;
-                if (!*pval)
+                if(flags & ASN1_TFLG_SET_OF) {
-                        return 0;
-                if (flags & ASN1_TFLG_SET_OF)
-                        {
                        isset = 1;
                        /* 2 means we reorder */
-                        if (flags & ASN1_TFLG_SEQUENCE_OF)
+                        if(flags & ASN1_TFLG_SEQUENCE_OF) isset = 2;
-                                isset = 2;
+                } else isset = 0;
-                        }
+                /* First work out inner tag value */
-                else isset = 0;
+                if(flags & ASN1_TFLG_IMPTAG) {
+                        sktag = tt->tag;
-                /* Work out inner tag value: if EXPLICIT
+                        skaclass = aclass;
-                 * or no tagging use underlying type.
+                } else {
-                 */
-                if ((ttag != -1) && !(flags & ASN1_TFLG_EXPTAG))
-                        {
-                        sktag = ttag;
-                        skaclass = tclass;
-                        }
-                else
-                        {
                        skaclass = V_ASN1_UNIVERSAL;
-                        if (isset)
+                        if(isset) sktag = V_ASN1_SET;
-                                sktag = V_ASN1_SET;
                        else sktag = V_ASN1_SEQUENCE;
-                        }
+                }
+                /* Now work out length of items */
-                /* Determine total length of items */
                skcontlen = 0;
-                for (i = 0; i < sk_ASN1_VALUE_num(sk); i++)
+                for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
-                        {
                        skitem = sk_ASN1_VALUE_value(sk, i);
-                        skcontlen += ASN1_item_ex_i2d(&skitem, NULL,
+                        skcontlen += ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item), -1, 0);
-                                                ASN1_ITEM_ptr(tt->item),
+                }
-                                                        -1, iclass);
+                sklen = ASN1_object_size(1, skcontlen, sktag);
-                        }
-                sklen = ASN1_object_size(ndef, skcontlen, sktag);
                /* If EXPLICIT need length of surrounding tag */
-                if (flags & ASN1_TFLG_EXPTAG)
+                if(flags & ASN1_TFLG_EXPTAG)
-                        ret = ASN1_object_size(ndef, sklen, ttag);
+                        ret = ASN1_object_size(1, sklen, tt->tag);
                else ret = sklen;
-                if (!out)
+                if(!out) return ret;
-                        return ret;
                /* Now encode this lot... */
                /* EXPLICIT tag */
-                if (flags & ASN1_TFLG_EXPTAG)
+                if(flags & ASN1_TFLG_EXPTAG)
-                        ASN1_put_object(out, ndef, sklen, ttag, tclass);
+                        ASN1_put_object(out, 1, sklen, tt->tag, aclass);
                /* SET or SEQUENCE and IMPLICIT tag */
-                ASN1_put_object(out, ndef, skcontlen, sktag, skaclass);
+                ASN1_put_object(out, 1, skcontlen, sktag, skaclass);
-                /* And the stuff itself */
+                /* And finally the stuff itself */
-                asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item),
+                asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item), isset);
-                                                                isset, iclass);
-                if (ndef == 2)
-                        {
-                        ASN1_put_eoc(out);
-                        if (flags & ASN1_TFLG_EXPTAG)
-                                ASN1_put_eoc(out);
-                        }
                return ret;
-                }
+        }
+                        
-        if (flags & ASN1_TFLG_EXPTAG)
+        if(flags & ASN1_TFLG_EXPTAG) {
-                {
                /* EXPLICIT tagging */
                /* Find length of tagged item */
-                i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item),
+                i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, 0);
-                                                                -1, iclass);
+                if(!i) return 0;
-                if (!i)
-                        return 0;
                /* Find length of EXPLICIT tag */
-                ret = ASN1_object_size(ndef, i, ttag);
+                ret = ASN1_object_size(1, i, tt->tag);
-                if (out)
+                if(out) {
-                        {
                        /* Output tag and item */
-                        ASN1_put_object(out, ndef, i, ttag, tclass);
+                        ASN1_put_object(out, 1, i, tt->tag, aclass);
-                        ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
+                        ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, 0);
-                                                                -1, iclass);
-                        if (ndef == 2)
-                                ASN1_put_eoc(out);
-                        }
-                return ret;
                }
+                return ret;
-        /* Either normal or IMPLICIT tagging: combine class and flags */
+        }
-        return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
+        if(flags & ASN1_TFLG_IMPTAG) {
-                                                ttag, tclass | iclass);
+                /* IMPLICIT tagging */
+                return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), tt->tag, aclass);
+        }
+        /* Nothing special: treat as normal */
+        return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, 0);
 }
 /* Temporary structure used to hold DER encoding of items for SET OF */
@@ -424,90 +293,72 @@ typedef	struct {
 } DER_ENC;
 static int der_cmp(const void *a, const void *b)
-        {
+{
        const DER_ENC *d1 = a, *d2 = b;
        int cmplen, i;
        cmplen = (d1->length < d2->length) ? d1->length : d2->length;
        i = memcmp(d1->data, d2->data, cmplen);
-        if (i)
+        if(i) return i;
-                return i;
        return d1->length - d2->length;
-        }
+}
 /* Output the content octets of SET OF or SEQUENCE OF */
-static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
+static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, int skcontlen, const ASN1_ITEM *item, int do_sort)
-                                        int skcontlen, const ASN1_ITEM *item,
+{
-                                        int do_sort, int iclass)
-        {
        int i;
        ASN1_VALUE *skitem;
        unsigned char *tmpdat = NULL, *p = NULL;
        DER_ENC *derlst = NULL, *tder;
-        if (do_sort)
+        if(do_sort) {
-                 {
                /* Don't need to sort less than 2 items */
-                if (sk_ASN1_VALUE_num(sk) < 2)
+                if(sk_ASN1_VALUE_num(sk) < 2) do_sort = 0;
-                        do_sort = 0;
+                else {
-                else
+                        derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) * sizeof(*derlst));
-                        {
-                        derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk)
-                                                * sizeof(*derlst));
                        tmpdat = OPENSSL_malloc(skcontlen);
-                        if (!derlst || !tmpdat)
+                        if(!derlst || !tmpdat) return 0;
-                                return 0;
-                        }
                }
+        }
        /* If not sorting just output each item */
-        if (!do_sort)
+        if(!do_sort) {
-                {
+                for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
-                for (i = 0; i < sk_ASN1_VALUE_num(sk); i++)
-                        {
                        skitem = sk_ASN1_VALUE_value(sk, i);
-                        ASN1_item_ex_i2d(&skitem, out, item, -1, iclass);
+                        ASN1_item_i2d(skitem, out, item);
-                        }
-                return 1;
                }
+                return 1;
+        }
        p = tmpdat;
        /* Doing sort: build up a list of each member's DER encoding */
-        for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)
+        for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
-                {
                skitem = sk_ASN1_VALUE_value(sk, i);
                tder->data = p;
-                tder->length = ASN1_item_ex_i2d(&skitem, &p, item, -1, iclass);
+                tder->length = ASN1_item_i2d(skitem, &p, item);
                tder->field = skitem;
-                }
+        }
        /* Now sort them */
        qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp);
        /* Output sorted DER encoding */        
        p = *out;
-        for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)
+        for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
-                {
                memcpy(p, tder->data, tder->length);
                p += tder->length;
-                }
+        }
        *out = p;
        /* If do_sort is 2 then reorder the STACK */
-        if (do_sort == 2)
+        if(do_sort == 2) {
-                {
+                for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)
-                for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk);
+                        sk_ASN1_VALUE_set(sk, i, tder->field);
-                                                        i++, tder++)
+        }
-                        (void)sk_ASN1_VALUE_set(sk, i, tder->field);
-                }
        OPENSSL_free(derlst);
        OPENSSL_free(tmpdat);
        return 1;
-        }
+}
-static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
+static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass)
-                                const ASN1_ITEM *it, int tag, int aclass)
+{
-        {
        int len;
        int utype;
        int usetag;
-        int ndef = 0;
        utype = it->utype;
@@ -523,48 +374,33 @@ static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
         * because the call to asn1_ex_i2c() could change
         * utype.
         */
-        if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) ||
+        if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) ||
           (utype == V_ASN1_OTHER))
                usetag = 0;
        else usetag = 1;
        /* -1 means omit type */
-        if (len == -1)
+        if(len == -1) return 0;
-                return 0;
-        /* -2 return is special meaning use ndef */
-        if (len == -2)
-                {
-                ndef = 2;
-                len = 0;
-                }
        /* If not implicitly tagged get tag from underlying type */
-        if (tag == -1) tag = utype;
+        if(tag == -1) tag = utype;
        /* Output tag+length followed by content octets */
-        if (out)
+        if(out) {
-                {
+                if(usetag) ASN1_put_object(out, 0, len, tag, aclass);
-                if (usetag)
-                        ASN1_put_object(out, ndef, len, tag, aclass);
                asn1_ex_i2c(pval, *out, &utype, it);
-                if (ndef)
+                *out += len;
-                        ASN1_put_eoc(out);
+        }
-                else
-                        *out += len;
-                }
-        if (usetag)
+        if(usetag) return ASN1_object_size(0, len, tag);
-                return ASN1_object_size(ndef, len, tag);
        return len;
-        }
+}
 /* Produce content octets from a structure */
-int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
+int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, const ASN1_ITEM *it)
-                                const ASN1_ITEM *it)
+{
-        {
        ASN1_BOOLEAN *tbool = NULL;
        ASN1_STRING *strtmp;
        ASN1_OBJECT *otmp;
@@ -573,36 +409,28 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
        int len;
        const ASN1_PRIMITIVE_FUNCS *pf;
        pf = it->funcs;
-        if (pf && pf->prim_i2c)
+        if(pf && pf->prim_i2c) return pf->prim_i2c(pval, cout, putype, it);
-                return pf->prim_i2c(pval, cout, putype, it);
        /* Should type be omitted? */
-        if ((it->itype != ASN1_ITYPE_PRIMITIVE)
+        if((it->itype != ASN1_ITYPE_PRIMITIVE) || (it->utype != V_ASN1_BOOLEAN)) {
-                || (it->utype != V_ASN1_BOOLEAN))
+                if(!*pval) return -1;
-                {
+        }
-                if (!*pval) return -1;
-                }
-        if (it->itype == ASN1_ITYPE_MSTRING)
+        if(it->itype == ASN1_ITYPE_MSTRING) {
-                {
                /* If MSTRING type set the underlying type */
                strtmp = (ASN1_STRING *)*pval;
                utype = strtmp->type;
                *putype = utype;
-                }
+        } else if(it->utype == V_ASN1_ANY) {
-        else if (it->utype == V_ASN1_ANY)
-                {
                /* If ANY set type and pointer to value */
                ASN1_TYPE *typ;
                typ = (ASN1_TYPE *)*pval;
                utype = typ->type;
                *putype = utype;
-                pval = &typ->value.asn1_value;
+                pval = (ASN1_VALUE **)&typ->value.ptr;
-                }
+        } else utype = *putype;
-        else utype = *putype;
-        switch(utype)
+        switch(utype) {
-                {
                case V_ASN1_OBJECT:
                otmp = (ASN1_OBJECT *)*pval;
                cont = otmp->data;
@@ -616,15 +444,12 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
                case V_ASN1_BOOLEAN:
                tbool = (ASN1_BOOLEAN *)pval;
-                if (*tbool == -1)
+                if(*tbool == -1) return -1;
-                        return -1;
                if (it->utype != V_ASN1_ANY)
                        {
                        /* Default handling if value == size field then omit */
-                        if (*tbool && (it->size > 0))
+                        if(*tbool && (it->size > 0)) return -1;
-                                return -1;
+                        if(!*tbool && !it->size) return -1;
-                        if (!*tbool && !it->size)
-                                return -1;
                        }
                c = (unsigned char)*tbool;
                cont = &c;
@@ -632,8 +457,7 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
                break;
                case V_ASN1_BIT_STRING:
-                return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval,
+                return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval, cout ? &cout : NULL);
-                                                        cout ? &cout : NULL);
                break;
                case V_ASN1_INTEGER:
@@ -643,8 +467,7 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
                /* These are all have the same content format
                 * as ASN1_INTEGER
                 */
-                return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval,
+                return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL);
-                                                        cout ? &cout : NULL);
                break;
                case V_ASN1_OCTET_STRING:
@@ -666,25 +489,12 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
                default:
                /* All based on ASN1_STRING and handled the same */
                strtmp = (ASN1_STRING *)*pval;
-                /* Special handling for NDEF */
-                if ((it->size == ASN1_TFLG_NDEF)
-                        && (strtmp->flags & ASN1_STRING_FLAG_NDEF))
-                        {
-                        if (cout)
-                                {
-                                strtmp->data = cout;
-                                strtmp->length = 0;
-                                }
-                        /* Special return code */
-                        return -2;
-                        }
                cont = strtmp->data;
                len = strtmp->length;
                break;
-                }
-        if (cout && len)
-                memcpy(cout, cont, len);
-        return len;
        }
+        if(cout && len) memcpy(cout, cont, len);
+        return len;
+}
diff --git a/src/lib/libcrypto/asn1/tasn_fre.c b/src/lib/libcrypto/asn1/tasn_fre.c
index bb7c1e2af4..2dd844159e 100644
--- a/src/lib/libcrypto/asn1/tasn_fre.c
+++ b/src/lib/libcrypto/asn1/tasn_fre.c
@@ -67,40 +67,33 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c
 /* Free up an ASN1 structure */
 void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)
-        {
+{
        asn1_item_combine_free(&val, it, 0);
-        }
+}
 void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
-        {
+{
        asn1_item_combine_free(pval, it, 0);
-        }
+}
 static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
-        {
+{
        const ASN1_TEMPLATE *tt = NULL, *seqtt;
        const ASN1_EXTERN_FUNCS *ef;
        const ASN1_COMPAT_FUNCS *cf;
        const ASN1_AUX *aux = it->funcs;
        ASN1_aux_cb *asn1_cb;
        int i;
-        if (!pval)
+        if(!pval) return;
-                return;
+        if((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) return;
-        if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
+        if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb;
-                return;
+        else asn1_cb = 0;
-        if (aux && aux->asn1_cb)
-                asn1_cb = aux->asn1_cb;
-        else
-                asn1_cb = 0;
-        switch(it->itype)
+        switch(it->itype) {
-                {
                case ASN1_ITYPE_PRIMITIVE:
-                if (it->templates)
+                if(it->templates) ASN1_template_free(pval, it->templates);
-                        ASN1_template_free(pval, it->templates);
+                else ASN1_primitive_free(pval, it);
-                else
-                        ASN1_primitive_free(pval, it);
                break;
                case ASN1_ITYPE_MSTRING:
@@ -108,51 +101,41 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c
                break;
                case ASN1_ITYPE_CHOICE:
-                if (asn1_cb)
+                if(asn1_cb) {
-                        {
                        i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
-                        if (i == 2)
+                        if(i == 2) return;
-                                return;
+                }
-                        }
                i = asn1_get_choice_selector(pval, it);
-                if ((i >= 0) && (i < it->tcount))
+                if(asn1_cb) asn1_cb(ASN1_OP_FREE_PRE, pval, it);
-                        {
+                if((i >= 0) && (i < it->tcount)) {
                        ASN1_VALUE **pchval;
                        tt = it->templates + i;
                        pchval = asn1_get_field_ptr(pval, tt);
                        ASN1_template_free(pchval, tt);
-                        }
+                }
-                if (asn1_cb)
+                if(asn1_cb) asn1_cb(ASN1_OP_FREE_POST, pval, it);
-                        asn1_cb(ASN1_OP_FREE_POST, pval, it);
+                if(!combine) {
-                if (!combine)
-                        {
                        OPENSSL_free(*pval);
                        *pval = NULL;
-                        }
+                }
                break;
                case ASN1_ITYPE_COMPAT:
                cf = it->funcs;
-                if (cf && cf->asn1_free)
+                if(cf && cf->asn1_free) cf->asn1_free(*pval);
-                        cf->asn1_free(*pval);
                break;
                case ASN1_ITYPE_EXTERN:
                ef = it->funcs;
-                if (ef && ef->asn1_ex_free)
+                if(ef && ef->asn1_ex_free) ef->asn1_ex_free(pval, it);
-                        ef->asn1_ex_free(pval, it);
                break;
-                case ASN1_ITYPE_NDEF_SEQUENCE:
                case ASN1_ITYPE_SEQUENCE:
-                if (asn1_do_lock(pval, -1, it) > 0)
+                if(asn1_do_lock(pval, -1, it) > 0) return;
-                        return;
+                if(asn1_cb) {
-                if (asn1_cb)
-                        {
                        i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
-                        if (i == 2)
+                        if(i == 2) return;
-                                return;
+                }               
-                        }               
                asn1_enc_free(pval, it);
                /* If we free up as normal we will invalidate any
                 * ANY DEFINED BY field and we wont be able to 
@@ -160,84 +143,64 @@ static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int c
                 * free up in reverse order.
                 */
                tt = it->templates + it->tcount - 1;
-                for (i = 0; i < it->tcount; tt--, i++)
+                for(i = 0; i < it->tcount; tt--, i++) {
-                        {
                        ASN1_VALUE **pseqval;
                        seqtt = asn1_do_adb(pval, tt, 0);
-                        if (!seqtt)
+                        if(!seqtt) continue;
-                                continue;
                        pseqval = asn1_get_field_ptr(pval, seqtt);
                        ASN1_template_free(pseqval, seqtt);
-                        }
+                }
-                if (asn1_cb)
+                if(asn1_cb) asn1_cb(ASN1_OP_FREE_POST, pval, it);
-                        asn1_cb(ASN1_OP_FREE_POST, pval, it);
+                if(!combine) {
-                if (!combine)
-                        {
                        OPENSSL_free(*pval);
                        *pval = NULL;
-                        }
-                break;
                }
+                break;
        }
+}
 void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
-        {
+{
        int i;
-        if (tt->flags & ASN1_TFLG_SK_MASK)
+        if(tt->flags & ASN1_TFLG_SK_MASK) {
-                {
                STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
-                for (i = 0; i < sk_ASN1_VALUE_num(sk); i++)
+                for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
-                        {
                        ASN1_VALUE *vtmp;
                        vtmp = sk_ASN1_VALUE_value(sk, i);
-                        asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item),
+                        asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item), 0);
-                                                                        0);
+                }
-                        }
                sk_ASN1_VALUE_free(sk);
                *pval = NULL;
-                }
+        } else asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item),
-        else
-                asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item),
                                                tt->flags & ASN1_TFLG_COMBINE);
-        }
+}
 void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
-        {
+{
        int utype;
-        if (it)
+        if(it) {
-                {
                const ASN1_PRIMITIVE_FUNCS *pf;
                pf = it->funcs;
-                if (pf && pf->prim_free)
+                if(pf && pf->prim_free) {
-                        {
                        pf->prim_free(pval, it);
                        return;
-                        }
                }
+        }
        /* Special case: if 'it' is NULL free contents of ASN1_TYPE */
-        if (!it)
+        if(!it) {
-                {
                ASN1_TYPE *typ = (ASN1_TYPE *)*pval;
                utype = typ->type;
-                pval = &typ->value.asn1_value;
+                pval = (ASN1_VALUE **)&typ->value.ptr;
-                if (!*pval)
+                if(!*pval) return;
-                        return;
+        } else if(it->itype == ASN1_ITYPE_MSTRING) {
-                }
-        else if (it->itype == ASN1_ITYPE_MSTRING)
-                {
                utype = -1;
-                if (!*pval)
+                if(!*pval) return;
-                        return;
+        } else {
-                }
-        else
-                {
                utype = it->utype;
-                if ((utype != V_ASN1_BOOLEAN) && !*pval)
+                if((utype != V_ASN1_BOOLEAN) && !*pval) return;
-                        return;
+        }
-                }
-        switch(utype)
+        switch(utype) {
-                {
                case V_ASN1_OBJECT:
                ASN1_OBJECT_free((ASN1_OBJECT *)*pval);
                break;
@@ -261,6 +224,6 @@ void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
                ASN1_STRING_free((ASN1_STRING *)*pval);
                *pval = NULL;
                break;
-                }
-        *pval = NULL;
        }
+        *pval = NULL;
+}
diff --git a/src/lib/libcrypto/asn1/tasn_new.c b/src/lib/libcrypto/asn1/tasn_new.c
index 531dad365c..a0e3db574f 100644
--- a/src/lib/libcrypto/asn1/tasn_new.c
+++ b/src/lib/libcrypto/asn1/tasn_new.c
@@ -3,7 +3,7 @@
 * project 2000.
 */
 /* ====================================================================
- * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -64,30 +64,27 @@
 #include <openssl/asn1t.h>
 #include <string.h>
-static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
+static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine);
-                                                                int combine);
 static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
 static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
 void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
 ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it)
-        {
+{
        ASN1_VALUE *ret = NULL;
-        if (ASN1_item_ex_new(&ret, it) > 0)
+        if(ASN1_item_ex_new(&ret, it) > 0) return ret;
-                return ret;
        return NULL;
-        }
+}
 /* Allocate an ASN1 structure */
 int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
-        {
+{
        return asn1_item_ex_combine_new(pval, it, 0);
-        }
+}
-static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
+static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
-                                                                int combine)
+{
-        {
        const ASN1_TEMPLATE *tt = NULL;
        const ASN1_COMPAT_FUNCS *cf;
        const ASN1_EXTERN_FUNCS *ef;
@@ -95,155 +92,133 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
        ASN1_aux_cb *asn1_cb;
        ASN1_VALUE **pseqval;
        int i;
-        if (aux && aux->asn1_cb)
+        if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb;
-                asn1_cb = aux->asn1_cb;
+        else asn1_cb = 0;
-        else
-                asn1_cb = 0;
-        if (!combine) *pval = NULL;
+        if(!combine) *pval = NULL;
 #ifdef CRYPTO_MDEBUG
-        if (it->sname)
+        if(it->sname) CRYPTO_push_info(it->sname);
-                CRYPTO_push_info(it->sname);
 #endif
-        switch(it->itype)
+        switch(it->itype) {
-                {
                case ASN1_ITYPE_EXTERN:
                ef = it->funcs;
-                if (ef && ef->asn1_ex_new)
+                if(ef && ef->asn1_ex_new) {
-                        {
+                        if(!ef->asn1_ex_new(pval, it))
-                        if (!ef->asn1_ex_new(pval, it))
                                goto memerr;
-                        }
+                }
                break;
                case ASN1_ITYPE_COMPAT:
                cf = it->funcs;
-                if (cf && cf->asn1_new) {
+                if(cf && cf->asn1_new) {
                        *pval = cf->asn1_new();
-                        if (!*pval)
+                        if(!*pval) goto memerr;
-                                goto memerr;
                }
                break;
                case ASN1_ITYPE_PRIMITIVE:
-                if (it->templates)
+                if(it->templates) {
-                        {
+                        if(!ASN1_template_new(pval, it->templates))
-                        if (!ASN1_template_new(pval, it->templates))
                                goto memerr;
-                        }
+                } else {
-                else if (!ASN1_primitive_new(pval, it))
+                        if(!ASN1_primitive_new(pval, it))
                                goto memerr;
+                }
                break;
                case ASN1_ITYPE_MSTRING:
-                if (!ASN1_primitive_new(pval, it))
+                if(!ASN1_primitive_new(pval, it))
                                goto memerr;
                break;
                case ASN1_ITYPE_CHOICE:
-                if (asn1_cb)
+                if(asn1_cb) {
-                        {
                        i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
-                        if (!i)
+                        if(!i) goto auxerr;
-                                goto auxerr;
+                        if(i==2) {
-                        if (i==2)
-                                {
 #ifdef CRYPTO_MDEBUG
-                                if (it->sname)
+                                if(it->sname) CRYPTO_pop_info();
-                                        CRYPTO_pop_info();
 #endif
                                return 1;
-                                }
                        }
-                if (!combine)
+                }
-                        {
+                if(!combine) {
                        *pval = OPENSSL_malloc(it->size);
-                        if (!*pval)
+                        if(!*pval) goto memerr;
-                                goto memerr;
                        memset(*pval, 0, it->size);
-                        }
+                }
                asn1_set_choice_selector(pval, -1, it);
-                if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
+                if(asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
                                goto auxerr;
                break;
-                case ASN1_ITYPE_NDEF_SEQUENCE:
                case ASN1_ITYPE_SEQUENCE:
-                if (asn1_cb)
+                if(asn1_cb) {
-                        {
                        i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
-                        if (!i)
+                        if(!i) goto auxerr;
-                                goto auxerr;
+                        if(i==2) {
-                        if (i==2)
-                                {
 #ifdef CRYPTO_MDEBUG
-                                if (it->sname)
+                                if(it->sname) CRYPTO_pop_info();
-                                        CRYPTO_pop_info();
 #endif
                                return 1;
-                                }
                        }
-                if (!combine)
+                }
-                        {
+                if(!combine) {
                        *pval = OPENSSL_malloc(it->size);
-                        if (!*pval)
+                        if(!*pval) goto memerr;
-                                goto memerr;
                        memset(*pval, 0, it->size);
                        asn1_do_lock(pval, 0, it);
                        asn1_enc_init(pval, it);
-                        }
+                }
-                for (i = 0, tt = it->templates; i < it->tcount; tt++, i++)
+                for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
-                        {
                        pseqval = asn1_get_field_ptr(pval, tt);
-                        if (!ASN1_template_new(pseqval, tt))
+                        if(!ASN1_template_new(pseqval, tt)) goto memerr;
-                                goto memerr;
+                }
-                        }
+                if(asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
-                if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
                                goto auxerr;
                break;
        }
 #ifdef CRYPTO_MDEBUG
-        if (it->sname) CRYPTO_pop_info();
+        if(it->sname) CRYPTO_pop_info();
 #endif
        return 1;
        memerr:
-        ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE);
+        ASN1err(ASN1_F_ASN1_ITEM_NEW, ERR_R_MALLOC_FAILURE);
 #ifdef CRYPTO_MDEBUG
-        if (it->sname) CRYPTO_pop_info();
+        if(it->sname) CRYPTO_pop_info();
 #endif
        return 0;
        auxerr:
-        ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR);
+        ASN1err(ASN1_F_ASN1_ITEM_NEW, ASN1_R_AUX_ERROR);
        ASN1_item_ex_free(pval, it);
 #ifdef CRYPTO_MDEBUG
-        if (it->sname) CRYPTO_pop_info();
+        if(it->sname) CRYPTO_pop_info();
 #endif
        return 0;
-        }
+}
 static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
-        {
+{
        const ASN1_EXTERN_FUNCS *ef;
-        switch(it->itype)
+        switch(it->itype) {
-                {
                case ASN1_ITYPE_EXTERN:
                ef = it->funcs;
-                if (ef && ef->asn1_ex_clear) 
+                if(ef && ef->asn1_ex_clear) 
                        ef->asn1_ex_clear(pval, it);
                else *pval = NULL;
                break;
                case ASN1_ITYPE_PRIMITIVE:
-                if (it->templates) 
+                if(it->templates) 
                        asn1_template_clear(pval, it->templates);
                else
                        asn1_primitive_clear(pval, it);
@@ -256,90 +231,75 @@ static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
                case ASN1_ITYPE_COMPAT:
                case ASN1_ITYPE_CHOICE:
                case ASN1_ITYPE_SEQUENCE:
-                case ASN1_ITYPE_NDEF_SEQUENCE:
                *pval = NULL;
                break;
-                }
        }
+}
 int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
-        {
+{
        const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item);
        int ret;
-        if (tt->flags & ASN1_TFLG_OPTIONAL)
+        if(tt->flags & ASN1_TFLG_OPTIONAL) {
-                {
                asn1_template_clear(pval, tt);
                return 1;
-                }
+        }
        /* If ANY DEFINED BY nothing to do */
-        if (tt->flags & ASN1_TFLG_ADB_MASK)
+        if(tt->flags & ASN1_TFLG_ADB_MASK) {
-                {
                *pval = NULL;
                return 1;
-                }
+        }
 #ifdef CRYPTO_MDEBUG
-        if (tt->field_name)
+        if(tt->field_name) CRYPTO_push_info(tt->field_name);
-                CRYPTO_push_info(tt->field_name);
 #endif
        /* If SET OF or SEQUENCE OF, its a STACK */
-        if (tt->flags & ASN1_TFLG_SK_MASK)
+        if(tt->flags & ASN1_TFLG_SK_MASK) {
-                {
                STACK_OF(ASN1_VALUE) *skval;
                skval = sk_ASN1_VALUE_new_null();
-                if (!skval)
+                if(!skval) {
-                        {
                        ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE);
                        ret = 0;
                        goto done;
-                        }
+                }
                *pval = (ASN1_VALUE *)skval;
                ret = 1;
                goto done;
-                }
+        }
        /* Otherwise pass it back to the item routine */
        ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE);
        done:
 #ifdef CRYPTO_MDEBUG
-        if (it->sname)
+        if(it->sname) CRYPTO_pop_info();
-                CRYPTO_pop_info();
 #endif
        return ret;
-        }
+}
 static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
-        {
+{
        /* If ADB or STACK just NULL the field */
-        if (tt->flags & (ASN1_TFLG_ADB_MASK|ASN1_TFLG_SK_MASK)) 
+        if(tt->flags & (ASN1_TFLG_ADB_MASK|ASN1_TFLG_SK_MASK)) 
                *pval = NULL;
        else
                asn1_item_clear(pval, ASN1_ITEM_ptr(tt->item));
-        }
+}
-/* NB: could probably combine most of the real XXX_new() behaviour and junk
+/* NB: could probably combine most of the real XXX_new() behaviour and junk all the old
- * all the old functions.
+ * functions.
 */
 int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
-        {
+{
        ASN1_TYPE *typ;
        int utype;
+        const ASN1_PRIMITIVE_FUNCS *pf;
-        if (it && it->funcs)
+        pf = it->funcs;
-                {
+        if(pf && pf->prim_new) return pf->prim_new(pval, it);
-                const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
+        if(!it || (it->itype == ASN1_ITYPE_MSTRING)) utype = -1;
-                if (pf->prim_new)
+        else utype = it->utype;
-                        return pf->prim_new(pval, it);
+        switch(utype) {
-                }
-        if (!it || (it->itype == ASN1_ITYPE_MSTRING))
-                utype = -1;
-        else
-                utype = it->utype;
-        switch(utype)
-                {
                case V_ASN1_OBJECT:
                *pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef);
                return 1;
@@ -357,8 +317,7 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
                case V_ASN1_ANY:
                typ = OPENSSL_malloc(sizeof(ASN1_TYPE));
-                if (!typ)
+                if(!typ) return 0;
-                        return 0;
                typ->value.ptr = NULL;
                typ->type = -1;
                *pval = (ASN1_VALUE *)typ;
@@ -367,29 +326,26 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
                default:
                *pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype);
                break;
-                }
-        if (*pval)
-                return 1;
-        return 0;
        }
+        if(*pval) return 1;
+        return 0;
+}
 void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
-        {
+{
        int utype;
-        if (it && it->funcs)
+        const ASN1_PRIMITIVE_FUNCS *pf;
-                {
+        pf = it->funcs;
-                const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
+        if(pf) {
-                if (pf->prim_clear)
+                if(pf->prim_clear)
                        pf->prim_clear(pval, it);
                else 
                        *pval = NULL;
                return;
-                }
+        }
-        if (!it || (it->itype == ASN1_ITYPE_MSTRING))
+        if(!it || (it->itype == ASN1_ITYPE_MSTRING)) utype = -1;
-                utype = -1;
+        else utype = it->utype;
-        else
+        if(utype == V_ASN1_BOOLEAN)
-                utype = it->utype;
-        if (utype == V_ASN1_BOOLEAN)
                *(ASN1_BOOLEAN *)pval = it->size;
        else *pval = NULL;
-        }
+}
diff --git a/src/lib/libcrypto/asn1/tasn_typ.c b/src/lib/libcrypto/asn1/tasn_typ.c
index 6f17f1bec7..804d2eeba2 100644
--- a/src/lib/libcrypto/asn1/tasn_typ.c
+++ b/src/lib/libcrypto/asn1/tasn_typ.c
@@ -131,7 +131,3 @@ IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
 IMPLEMENT_ASN1_TYPE_ex(ASN1_BOOLEAN, ASN1_BOOLEAN, -1)
 IMPLEMENT_ASN1_TYPE_ex(ASN1_TBOOLEAN, ASN1_BOOLEAN, 1)
 IMPLEMENT_ASN1_TYPE_ex(ASN1_FBOOLEAN, ASN1_BOOLEAN, 0)
-/* Special, OCTET STRING with indefinite length constructed support */
-IMPLEMENT_ASN1_TYPE_ex(ASN1_OCTET_STRING_NDEF, ASN1_OCTET_STRING, ASN1_TFLG_NDEF)
diff --git a/src/lib/libcrypto/asn1/tasn_utl.c b/src/lib/libcrypto/asn1/tasn_utl.c
index 34d520b180..8996ce8c13 100644
--- a/src/lib/libcrypto/asn1/tasn_utl.c
+++ b/src/lib/libcrypto/asn1/tasn_utl.c
@@ -3,7 +3,7 @@
 * project 2000.
 */
 /* ====================================================================
- * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -74,23 +74,23 @@
 */
 int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it)
-        {
+{
        int *sel = offset2ptr(*pval, it->utype);
        return *sel;
-        }
+}
 /* Given an ASN1_ITEM CHOICE type set
 * the selector value, return old value.
 */
 int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it)
-        {       
+{       
        int *sel, ret;
        sel = offset2ptr(*pval, it->utype);
        ret = *sel;
        *sel = value;
        return ret;
-        }
+}
 /* Do reference counting. The value 'op' decides what to do. 
 * if it is +1 then the count is incremented. If op is 0 count is
@@ -99,134 +99,114 @@ int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it)
 */
 int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
-        {
+{
        const ASN1_AUX *aux;
        int *lck, ret;
-        if ((it->itype != ASN1_ITYPE_SEQUENCE)
+        if(it->itype != ASN1_ITYPE_SEQUENCE) return 0;
-           && (it->itype != ASN1_ITYPE_NDEF_SEQUENCE))
-                return 0;
        aux = it->funcs;
-        if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT))
+        if(!aux || !(aux->flags & ASN1_AFLG_REFCOUNT)) return 0;
-                return 0;
        lck = offset2ptr(*pval, aux->ref_offset);
-        if (op == 0)
+        if(op == 0) {
-                {
                *lck = 1;
                return 1;
-                }
+        }
        ret = CRYPTO_add(lck, op, aux->ref_lock);
 #ifdef REF_PRINT
        fprintf(stderr, "%s: Reference Count: %d\n", it->sname, *lck);
 #endif
 #ifdef REF_CHECK
-        if (ret < 0) 
+        if(ret < 0) 
                fprintf(stderr, "%s, bad reference count\n", it->sname);
 #endif
        return ret;
-        }
+}
 static ASN1_ENCODING *asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it)
-        {
+{
        const ASN1_AUX *aux;
-        if (!pval || !*pval)
+        if(!pval || !*pval) return NULL;
-                return NULL;
        aux = it->funcs;
-        if (!aux || !(aux->flags & ASN1_AFLG_ENCODING))
+        if(!aux || !(aux->flags & ASN1_AFLG_ENCODING)) return NULL;
-                return NULL;
        return offset2ptr(*pval, aux->enc_offset);
-        }
+}
 void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it)
-        {
+{
        ASN1_ENCODING *enc;
        enc = asn1_get_enc_ptr(pval, it);
-        if (enc)
+        if(enc) {
-                {
                enc->enc = NULL;
                enc->len = 0;
                enc->modified = 1;
-                }
        }
+}
 void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
-        {
+{
        ASN1_ENCODING *enc;
        enc = asn1_get_enc_ptr(pval, it);
-        if (enc)
+        if(enc) {
-                {
+                if(enc->enc) OPENSSL_free(enc->enc);
-                if (enc->enc)
-                        OPENSSL_free(enc->enc);
                enc->enc = NULL;
                enc->len = 0;
                enc->modified = 1;
-                }
        }
+}
-int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
+int asn1_enc_save(ASN1_VALUE **pval, unsigned char *in, int inlen, const ASN1_ITEM *it)
-                                                         const ASN1_ITEM *it)
+{
-        {
        ASN1_ENCODING *enc;
        enc = asn1_get_enc_ptr(pval, it);
-        if (!enc)
+        if(!enc) return 1;
-                return 1;
-        if (enc->enc)
+        if(enc->enc) OPENSSL_free(enc->enc);
-                OPENSSL_free(enc->enc);
        enc->enc = OPENSSL_malloc(inlen);
-        if (!enc->enc)
+        if(!enc->enc) return 0;
-                return 0;
        memcpy(enc->enc, in, inlen);
        enc->len = inlen;
        enc->modified = 0;
        return 1;
-        }
+}
                
-int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
+int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it)
-                                                        const ASN1_ITEM *it)
+{
-        {
        ASN1_ENCODING *enc;
        enc = asn1_get_enc_ptr(pval, it);
-        if (!enc || enc->modified)
+        if(!enc || enc->modified) return 0;
-                return 0;
+        if(out) {
-        if (out)
-                {
                memcpy(*out, enc->enc, enc->len);
                *out += enc->len;
-                }
-        if (len)
-                *len = enc->len;
-        return 1;
        }
+        if(len) *len = enc->len;
+        return 1;
+}
 /* Given an ASN1_TEMPLATE get a pointer to a field */
 ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
-        {
+{
        ASN1_VALUE **pvaltmp;
-        if (tt->flags & ASN1_TFLG_COMBINE)
+        if(tt->flags & ASN1_TFLG_COMBINE) return pval;
-                return pval;
        pvaltmp = offset2ptr(*pval, tt->offset);
        /* NOTE for BOOLEAN types the field is just a plain
         * int so we can't return int **, so settle for
         * (int *).
         */
        return pvaltmp;
-        }
+}
 /* Handle ANY DEFINED BY template, find the selector, look up
 * the relevant ASN1_TEMPLATE in the table and return it.
 */
-const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt,
+const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr)
-                                                                int nullerr)
+{
-        {
        const ASN1_ADB *adb;
        const ASN1_ADB_TABLE *atbl;
        long selector;
        ASN1_VALUE **sfld;
        int i;
-        if (!(tt->flags & ASN1_TFLG_ADB_MASK))
+        if(!(tt->flags & ASN1_TFLG_ADB_MASK)) return tt;
-                return tt;
        /* Else ANY DEFINED BY ... get the table */
        adb = ASN1_ADB_ptr(tt->item);
@@ -235,18 +215,16 @@ const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt,
        sfld = offset2ptr(*pval, adb->offset);
        /* Check if NULL */
-        if (!sfld)
+        if(!sfld) {
-                {
+                if(!adb->null_tt) goto err;
-                if (!adb->null_tt)
-                        goto err;
                return adb->null_tt;
-                }
+        }
        /* Convert type to a long:
         * NB: don't check for NID_undef here because it
         * might be a legitimate value in the table
         */
-        if (tt->flags & ASN1_TFLG_ADB_OID) 
+        if(tt->flags & ASN1_TFLG_ADB_OID) 
                selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld);
        else 
                selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld);
@@ -259,21 +237,17 @@ const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt,
         * linear search.
         */
-        for (atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++)
+        for(atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++)
-                if (atbl->value == selector)
+                if(atbl->value == selector) return &atbl->tt;
-                        return &atbl->tt;
        /* FIXME: need to search application table too */
        /* No match, return default type */
-        if (!adb->default_tt)
+        if(!adb->default_tt) goto err;          
-                goto err;               
        return adb->default_tt;
        
        err:
        /* FIXME: should log the value or OID of unsupported type */
-        if (nullerr)
+        if(nullerr) ASN1err(ASN1_F_ASN1_DO_ADB, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE);
-                ASN1err(ASN1_F_ASN1_DO_ADB,
-                        ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE);
        return NULL;
-        }
+}
diff --git a/src/lib/libcrypto/asn1/x_algor.c b/src/lib/libcrypto/asn1/x_algor.c
index 33533aba86..00b9ea54a1 100644
--- a/src/lib/libcrypto/asn1/x_algor.c
+++ b/src/lib/libcrypto/asn1/x_algor.c
@@ -66,65 +66,8 @@ ASN1_SEQUENCE(X509_ALGOR) = {
        ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY)
 } ASN1_SEQUENCE_END(X509_ALGOR)
-ASN1_ITEM_TEMPLATE(X509_ALGORS) = 
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR)
-ASN1_ITEM_TEMPLATE_END(X509_ALGORS)
 IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR)
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_ALGORS, X509_ALGORS, X509_ALGORS)
 IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR)
 IMPLEMENT_STACK_OF(X509_ALGOR)
 IMPLEMENT_ASN1_SET_OF(X509_ALGOR)
-int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
-        {
-        if (!alg)
-                return 0;
-        if (ptype != V_ASN1_UNDEF)
-                {
-                if (alg->parameter == NULL)
-                        alg->parameter = ASN1_TYPE_new();
-                if (alg->parameter == NULL)
-                        return 0;
-                }
-        if (alg)
-                {
-                if (alg->algorithm)
-                        ASN1_OBJECT_free(alg->algorithm);
-                alg->algorithm = aobj;
-                }
-        if (ptype == 0)
-                return 1;       
-        if (ptype == V_ASN1_UNDEF)
-                {
-                if (alg->parameter)
-                        {
-                        ASN1_TYPE_free(alg->parameter);
-                        alg->parameter = NULL;
-                        }
-                }
-        else
-                ASN1_TYPE_set(alg->parameter, ptype, pval);
-        return 1;
-        }
-void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
-                                                X509_ALGOR *algor)
-        {
-        if (paobj)
-                *paobj = algor->algorithm;
-        if (pptype)
-                {
-                if (algor->parameter == NULL)
-                        {
-                        *pptype = V_ASN1_UNDEF;
-                        return;
-                        }
-                else
-                        *pptype = algor->parameter->type;
-                if (ppval)
-                        *ppval = algor->parameter->value.ptr;
-                }
-        }
diff --git a/src/lib/libcrypto/asn1/x_bignum.c b/src/lib/libcrypto/asn1/x_bignum.c
index 869c05d931..848c7a0877 100644
--- a/src/lib/libcrypto/asn1/x_bignum.c
+++ b/src/lib/libcrypto/asn1/x_bignum.c
@@ -59,7 +59,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1t.h>
-#include <openssl/bn.h>
 /* Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER as a
 * BIGNUM directly. Currently it ignores the sign which isn't a problem since all
@@ -73,7 +72,7 @@ static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
 static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
 static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
-static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+static int bn_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
 static ASN1_PRIMITIVE_FUNCS bignum_pf = {
        NULL, 0,
@@ -123,8 +122,7 @@ static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN
        return pad + BN_num_bytes(bn);
 }
-static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+static int bn_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
-                  int utype, char *free_cont, const ASN1_ITEM *it)
 {
        BIGNUM *bn;
        if(!*pval) bn_new(pval, it);
diff --git a/src/lib/libcrypto/asn1/x_cinf.c b/src/lib/libcrypto/asn1/x_cinf.c
new file mode 100644
index 0000000000..339a110eef
--- /dev/null
+++ b/src/lib/libcrypto/asn1/x_cinf.c
@@ -0,0 +1,201 @@
+/* crypto/asn1/x_cinf.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
+int i2d_X509_CINF(X509_CINF *a, unsigned char **pp)
+        {
+        int v1=0,v2=0;
+        M_ASN1_I2D_vars(a);
+        M_ASN1_I2D_len_EXP_opt(a->version,i2d_ASN1_INTEGER,0,v1);
+        M_ASN1_I2D_len(a->serialNumber,         i2d_ASN1_INTEGER);
+        M_ASN1_I2D_len(a->signature,            i2d_X509_ALGOR);
+        M_ASN1_I2D_len(a->issuer,               i2d_X509_NAME);
+        M_ASN1_I2D_len(a->validity,             i2d_X509_VAL);
+        M_ASN1_I2D_len(a->subject,              i2d_X509_NAME);
+        M_ASN1_I2D_len(a->key,                  i2d_X509_PUBKEY);
+        M_ASN1_I2D_len_IMP_opt(a->issuerUID,    i2d_ASN1_BIT_STRING);
+        M_ASN1_I2D_len_IMP_opt(a->subjectUID,   i2d_ASN1_BIT_STRING);
+        M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+                                             i2d_X509_EXTENSION,3,
+                                             V_ASN1_SEQUENCE,v2);
+        M_ASN1_I2D_seq_total();
+        M_ASN1_I2D_put_EXP_opt(a->version,i2d_ASN1_INTEGER,0,v1);
+        M_ASN1_I2D_put(a->serialNumber,         i2d_ASN1_INTEGER);
+        M_ASN1_I2D_put(a->signature,            i2d_X509_ALGOR);
+        M_ASN1_I2D_put(a->issuer,               i2d_X509_NAME);
+        M_ASN1_I2D_put(a->validity,             i2d_X509_VAL);
+        M_ASN1_I2D_put(a->subject,              i2d_X509_NAME);
+        M_ASN1_I2D_put(a->key,                  i2d_X509_PUBKEY);
+        M_ASN1_I2D_put_IMP_opt(a->issuerUID,    i2d_ASN1_BIT_STRING,1);
+        M_ASN1_I2D_put_IMP_opt(a->subjectUID,   i2d_ASN1_BIT_STRING,2);
+        M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+                                             i2d_X509_EXTENSION,3,
+                                             V_ASN1_SEQUENCE,v2);
+        M_ASN1_I2D_finish();
+        }
+X509_CINF *d2i_X509_CINF(X509_CINF **a, unsigned char **pp, long length)
+        {
+        int ver=0;
+        M_ASN1_D2I_vars(a,X509_CINF *,X509_CINF_new);
+        M_ASN1_D2I_Init();
+        M_ASN1_D2I_start_sequence();
+        /* we have the optional version field */
+        if (M_ASN1_next == (V_ASN1_CONTEXT_SPECIFIC | V_ASN1_CONSTRUCTED | 0))
+                {
+                M_ASN1_D2I_get_EXP_opt(ret->version,d2i_ASN1_INTEGER,0);
+                if (ret->version->data != NULL)
+                        ver=ret->version->data[0];
+                }
+        else
+                {
+                if (ret->version != NULL)
+                        {
+                        M_ASN1_INTEGER_free(ret->version);
+                        ret->version=NULL;
+                        }
+                }
+        M_ASN1_D2I_get(ret->serialNumber,d2i_ASN1_INTEGER);
+        M_ASN1_D2I_get(ret->signature,d2i_X509_ALGOR);
+        M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME);
+        M_ASN1_D2I_get(ret->validity,d2i_X509_VAL);
+        M_ASN1_D2I_get(ret->subject,d2i_X509_NAME);
+        M_ASN1_D2I_get(ret->key,d2i_X509_PUBKEY);
+        if (ver >= 1) /* version 2 extensions */
+                {
+                if (ret->issuerUID != NULL)
+                        {
+                        M_ASN1_BIT_STRING_free(ret->issuerUID);
+                        ret->issuerUID=NULL;
+                        }
+                if (ret->subjectUID != NULL)
+                        {
+                        M_ASN1_BIT_STRING_free(ret->subjectUID);
+                        ret->subjectUID=NULL;
+                        }
+                M_ASN1_D2I_get_IMP_opt(ret->issuerUID,d2i_ASN1_BIT_STRING,  1,
+                        V_ASN1_BIT_STRING);
+                M_ASN1_D2I_get_IMP_opt(ret->subjectUID,d2i_ASN1_BIT_STRING, 2,
+                        V_ASN1_BIT_STRING);
+                }
+/* Note: some broken certificates include extensions but don't set
+ * the version number properly. By bypassing this check they can
+ * be parsed.
+ */
+#ifdef VERSION_EXT_CHECK
+        if (ver >= 2) /* version 3 extensions */
+#endif
+                {
+                if (ret->extensions != NULL)
+                        while (sk_X509_EXTENSION_num(ret->extensions))
+                                X509_EXTENSION_free(
+                                      sk_X509_EXTENSION_pop(ret->extensions));
+                M_ASN1_D2I_get_EXP_set_opt_type(X509_EXTENSION,ret->extensions,
+                                                d2i_X509_EXTENSION,
+                                                X509_EXTENSION_free,3,
+                                                V_ASN1_SEQUENCE);
+                }
+        M_ASN1_D2I_Finish(a,X509_CINF_free,ASN1_F_D2I_X509_CINF);
+        }
+X509_CINF *X509_CINF_new(void)
+        {
+        X509_CINF *ret=NULL;
+        ASN1_CTX c;
+        M_ASN1_New_Malloc(ret,X509_CINF);
+        ret->version=NULL;
+        M_ASN1_New(ret->serialNumber,M_ASN1_INTEGER_new);
+        M_ASN1_New(ret->signature,X509_ALGOR_new);
+        M_ASN1_New(ret->issuer,X509_NAME_new);
+        M_ASN1_New(ret->validity,X509_VAL_new);
+        M_ASN1_New(ret->subject,X509_NAME_new);
+        M_ASN1_New(ret->key,X509_PUBKEY_new);
+        ret->issuerUID=NULL;
+        ret->subjectUID=NULL;
+        ret->extensions=NULL;
+        return(ret);
+        M_ASN1_New_Error(ASN1_F_X509_CINF_NEW);
+        }
+void X509_CINF_free(X509_CINF *a)
+        {
+        if (a == NULL) return;
+        M_ASN1_INTEGER_free(a->version);
+        M_ASN1_INTEGER_free(a->serialNumber);
+        X509_ALGOR_free(a->signature);
+        X509_NAME_free(a->issuer);
+        X509_VAL_free(a->validity);
+        X509_NAME_free(a->subject);
+        X509_PUBKEY_free(a->key);
+        M_ASN1_BIT_STRING_free(a->issuerUID);
+        M_ASN1_BIT_STRING_free(a->subjectUID);
+        sk_X509_EXTENSION_pop_free(a->extensions,X509_EXTENSION_free);
+        OPENSSL_free(a);
+        }
diff --git a/src/lib/libcrypto/asn1/x_crl.c b/src/lib/libcrypto/asn1/x_crl.c
index 70d56a67f2..b99f8fc522 100644
--- a/src/lib/libcrypto/asn1/x_crl.c
+++ b/src/lib/libcrypto/asn1/x_crl.c
@@ -84,7 +84,7 @@ static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
                 * would affect the output of X509_CRL_print().
                 */
                case ASN1_OP_D2I_POST:
-                (void)sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp);
+                sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp);
                break;
        }
        return 1;
diff --git a/src/lib/libcrypto/asn1/x_exten.c b/src/lib/libcrypto/asn1/x_exten.c
index 1732e66712..702421b6c8 100644
--- a/src/lib/libcrypto/asn1/x_exten.c
+++ b/src/lib/libcrypto/asn1/x_exten.c
@@ -67,10 +67,5 @@ ASN1_SEQUENCE(X509_EXTENSION) = {
        ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
 } ASN1_SEQUENCE_END(X509_EXTENSION)
-ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) = 
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION)
-ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS)
 IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION)
-IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)
 IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION)
diff --git a/src/lib/libcrypto/asn1/x_long.c b/src/lib/libcrypto/asn1/x_long.c
index 0db233cb95..c5f25956cb 100644
--- a/src/lib/libcrypto/asn1/x_long.c
+++ b/src/lib/libcrypto/asn1/x_long.c
@@ -59,7 +59,6 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1t.h>
-#include <openssl/bn.h>
 /* Custom primitive type for long handling. This converts between an ASN1_INTEGER
 * and a long directly.
@@ -70,7 +69,7 @@ static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
 static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
 static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
-static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
 static ASN1_PRIMITIVE_FUNCS long_pf = {
        NULL, 0,
@@ -137,14 +136,13 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const A
        return clen + pad;
 }
-static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
-                    int utype, char *free_cont, const ASN1_ITEM *it)
 {
        int neg, i;
        long ltmp;
        unsigned long utmp = 0;
        char *cp = (char *)pval;
-        if(len > (int)sizeof(long)) {
+        if(len > sizeof(long)) {
                ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
                return 0;
        }
diff --git a/src/lib/libcrypto/asn1/x_name.c b/src/lib/libcrypto/asn1/x_name.c
index 04380abc3f..31f3377b64 100644
--- a/src/lib/libcrypto/asn1/x_name.c
+++ b/src/lib/libcrypto/asn1/x_name.c
@@ -61,7 +61,7 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
-static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it,
+static int x509_name_ex_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it,
                                        int tag, int aclass, char opt, ASN1_TLC *ctx);
 static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
@@ -123,7 +123,7 @@ static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
        return 1;
 memerr:
-        ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE);
+        ASN1err(ASN1_F_X509_NAME_NEW, ERR_R_MALLOC_FAILURE);
        if (ret)
                {
                if (ret->entries)
@@ -156,48 +156,48 @@ static void sk_internal_free(void *a)
        sk_free(a);
 }
-static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it,
+static int x509_name_ex_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it,
                                        int tag, int aclass, char opt, ASN1_TLC *ctx)
 {
-        const unsigned char *p = *in, *q;
+        unsigned char *p = *in, *q;
-        union { STACK *s; ASN1_VALUE *a; } intname = {NULL};
+        STACK *intname = NULL, **intname_pp = &intname;
-        union { X509_NAME *x; ASN1_VALUE *a; } nm = {NULL};
        int i, j, ret;
+        X509_NAME *nm = NULL, **nm_pp = &nm;
        STACK_OF(X509_NAME_ENTRY) *entries;
        X509_NAME_ENTRY *entry;
        q = p;
        /* Get internal representation of Name */
-        ret = ASN1_item_ex_d2i(&intname.a,
+        ret = ASN1_item_ex_d2i((ASN1_VALUE **)intname_pp,
                               &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
                               tag, aclass, opt, ctx);
        
        if(ret <= 0) return ret;
        if(*val) x509_name_ex_free(val, NULL);
-        if(!x509_name_ex_new(&nm.a, NULL)) goto err;
+        if(!x509_name_ex_new((ASN1_VALUE **)nm_pp, NULL)) goto err;
        /* We've decoded it: now cache encoding */
-        if(!BUF_MEM_grow(nm.x->bytes, p - q)) goto err;
+        if(!BUF_MEM_grow(nm->bytes, p - q)) goto err;
-        memcpy(nm.x->bytes->data, q, p - q);
+        memcpy(nm->bytes->data, q, p - q);
        /* Convert internal representation to X509_NAME structure */
-        for(i = 0; i < sk_num(intname.s); i++) {
+        for(i = 0; i < sk_num(intname); i++) {
-                entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname.s, i);
+                entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname, i);
                for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
                        entry = sk_X509_NAME_ENTRY_value(entries, j);
                        entry->set = i;
-                        if(!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
+                        if(!sk_X509_NAME_ENTRY_push(nm->entries, entry))
                                goto err;
                }
                sk_X509_NAME_ENTRY_free(entries);
        }
-        sk_free(intname.s);
+        sk_free(intname);
-        nm.x->modified = 0;
+        nm->modified = 0;
-        *val = nm.a;
+        *val = (ASN1_VALUE *)nm;
        *in = p;
        return ret;
        err:
-        ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+        ASN1err(ASN1_F_D2I_X509_NAME, ERR_R_NESTED_ASN1_ERROR);
        return 0;
 }
@@ -219,36 +219,36 @@ static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_IT
 static int x509_name_encode(X509_NAME *a)
 {
-        union { STACK *s; ASN1_VALUE *a; } intname = {NULL};
+        STACK *intname = NULL, **intname_pp = &intname;
        int len;
        unsigned char *p;
        STACK_OF(X509_NAME_ENTRY) *entries = NULL;
        X509_NAME_ENTRY *entry;
        int i, set = -1;
-        intname.s = sk_new_null();
+        intname = sk_new_null();
-        if(!intname.s) goto memerr;
+        if(!intname) goto memerr;
        for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
                entry = sk_X509_NAME_ENTRY_value(a->entries, i);
                if(entry->set != set) {
                        entries = sk_X509_NAME_ENTRY_new_null();
                        if(!entries) goto memerr;
-                        if(!sk_push(intname.s, (char *)entries)) goto memerr;
+                        if(!sk_push(intname, (char *)entries)) goto memerr;
                        set = entry->set;
                }
                if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr;
        }
-        len = ASN1_item_ex_i2d(&intname.a, NULL,
+        len = ASN1_item_ex_i2d((ASN1_VALUE **)intname_pp, NULL,
                               ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
        if (!BUF_MEM_grow(a->bytes,len)) goto memerr;
        p=(unsigned char *)a->bytes->data;
-        ASN1_item_ex_i2d(&intname.a,
+        ASN1_item_ex_i2d((ASN1_VALUE **)intname_pp,
                         &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
-        sk_pop_free(intname.s, sk_internal_free);
+        sk_pop_free(intname, sk_internal_free);
        a->modified = 0;
        return len;
        memerr:
-        sk_pop_free(intname.s, sk_internal_free);
+        sk_pop_free(intname, sk_internal_free);
-        ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE);
+        ASN1err(ASN1_F_D2I_X509_NAME, ERR_R_MALLOC_FAILURE);
        return -1;
 }
diff --git a/src/lib/libcrypto/asn1/x_pkey.c b/src/lib/libcrypto/asn1/x_pkey.c
index 8453618426..f1c6221ac3 100644
--- a/src/lib/libcrypto/asn1/x_pkey.c
+++ b/src/lib/libcrypto/asn1/x_pkey.c
@@ -69,15 +69,15 @@ int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp)
        return(0);
        }
-X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp, long length)
+X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, unsigned char **pp, long length)
        {
        int i;
        M_ASN1_D2I_vars(a,X509_PKEY *,X509_PKEY_new);
        M_ASN1_D2I_Init();
        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get_x(X509_ALGOR,ret->enc_algor,d2i_X509_ALGOR);
+        M_ASN1_D2I_get(ret->enc_algor,d2i_X509_ALGOR);
-        M_ASN1_D2I_get_x(ASN1_OCTET_STRING,ret->enc_pkey,d2i_ASN1_OCTET_STRING);
+        M_ASN1_D2I_get(ret->enc_pkey,d2i_ASN1_OCTET_STRING);
        ret->cipher.cipher=EVP_get_cipherbyname(
                OBJ_nid2ln(OBJ_obj2nid(ret->enc_algor->algorithm)));
diff --git a/src/lib/libcrypto/asn1/x_pubkey.c b/src/lib/libcrypto/asn1/x_pubkey.c
index 91c2756116..7d6d71af88 100644
--- a/src/lib/libcrypto/asn1/x_pubkey.c
+++ b/src/lib/libcrypto/asn1/x_pubkey.c
@@ -60,23 +60,16 @@
 #include "cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
 /* Minor tweak to operation: free up EVP_PKEY */
 static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
-        {
+{
-        if (operation == ASN1_OP_FREE_POST)
+        if(operation == ASN1_OP_FREE_POST) {
-                {
                X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
                EVP_PKEY_free(pubkey->pkey);
-                }
-        return 1;
        }
+        return 1;
+}
 ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = {
        ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR),
@@ -118,12 +111,13 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
                        a->parameter->type=V_ASN1_NULL;
                        }
                }
+        else
 #ifndef OPENSSL_NO_DSA
-        else if (pkey->type == EVP_PKEY_DSA)
+                if (pkey->type == EVP_PKEY_DSA)
                {
                unsigned char *pp;
                DSA *dsa;
-                
                dsa=pkey->pkey.dsa;
                dsa->write_params=0;
                ASN1_TYPE_free(a->parameter);
@@ -157,64 +151,8 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
                        }
                OPENSSL_free(p);
                }
+        else
 #endif
-#ifndef OPENSSL_NO_EC
-        else if (pkey->type == EVP_PKEY_EC)
-                {
-                int nid=0;
-                unsigned char *pp;
-                EC_KEY *ec_key;
-                const EC_GROUP *group;
-                
-                ec_key = pkey->pkey.ec;
-                ASN1_TYPE_free(a->parameter);
-                if ((a->parameter = ASN1_TYPE_new()) == NULL)
-                        {
-                        X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
-                        goto err;
-                        }
-                group = EC_KEY_get0_group(ec_key);
-                if (EC_GROUP_get_asn1_flag(group)
-                     && (nid = EC_GROUP_get_curve_name(group)))
-                        {
-                        /* just set the OID */
-                        a->parameter->type = V_ASN1_OBJECT;
-                        a->parameter->value.object = OBJ_nid2obj(nid);
-                        }
-                else /* explicit parameters */
-                        {
-                        if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
-                                {
-                                X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
-                                goto err;
-                                }
-                        if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
-                                {
-                                X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
-                                goto err;
-                                }       
-                        pp = p;
-                        if (!i2d_ECParameters(ec_key, &pp))
-                                {
-                                X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
-                                OPENSSL_free(p);
-                                goto err;
-                                }
-                        a->parameter->type = V_ASN1_SEQUENCE;
-                        if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL)
-                                {
-                                X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
-                                OPENSSL_free(p);
-                                goto err;
-                                }
-                        ASN1_STRING_set(a->parameter->value.sequence, p, i);
-                        OPENSSL_free(p);
-                        }
-                }
-#endif
-        else if (1)
                {
                X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);
                goto err;
@@ -233,7 +171,7 @@ int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
                X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
                goto err;
                }
-        /* Set number of unused bits to zero */
+        /* Set number of unused bits to zero */
        pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
        pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
@@ -260,8 +198,8 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
        EVP_PKEY *ret=NULL;
        long j;
        int type;
-        const unsigned char *p;
+        unsigned char *p;
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
+#ifndef OPENSSL_NO_DSA
        const unsigned char *cp;
        X509_ALGOR *a;
 #endif
@@ -269,106 +207,40 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
        if (key == NULL) goto err;
        if (key->pkey != NULL)
-                {
+            {
-                CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+            CRYPTO_add(&key->pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
-                return(key->pkey);
+            return(key->pkey);
-                }
+            }
        if (key->public_key == NULL) goto err;
        type=OBJ_obj2nid(key->algor->algorithm);
-        if ((ret = EVP_PKEY_new()) == NULL)
+        p=key->public_key->data;
+        j=key->public_key->length;
+        if ((ret=d2i_PublicKey(type,NULL,&p,(long)j)) == NULL)
                {
-                X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
+                X509err(X509_F_X509_PUBKEY_GET,X509_R_ERR_ASN1_LIB);
                goto err;
                }
-        ret->type = EVP_PKEY_type(type);
+        ret->save_parameters=0;
-        /* the parameters must be extracted before the public key (ECDSA!) */
-        
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
-        a=key->algor;
-#endif
-        if (0)
-                ;
 #ifndef OPENSSL_NO_DSA
-        else if (ret->type == EVP_PKEY_DSA)
+        a=key->algor;
+        if (ret->type == EVP_PKEY_DSA)
                {
                if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
                        {
-                        if ((ret->pkey.dsa = DSA_new()) == NULL)
-                                {
-                                X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
-                                goto err;
-                                }
                        ret->pkey.dsa->write_params=0;
                        cp=p=a->parameter->value.sequence->data;
                        j=a->parameter->value.sequence->length;
-                        if (!d2i_DSAparams(&ret->pkey.dsa, &cp, (long)j))
+                        if (!d2i_DSAparams(&ret->pkey.dsa,&cp,(long)j))
                                goto err;
                        }
                ret->save_parameters=1;
                }
 #endif
-#ifndef OPENSSL_NO_EC
+        key->pkey=ret;
-        else if (ret->type == EVP_PKEY_EC)
+        CRYPTO_add(&ret->references,1,CRYPTO_LOCK_EVP_PKEY);
-                {
-                if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
-                        {
-                        /* type == V_ASN1_SEQUENCE => we have explicit parameters
-                         * (e.g. parameters in the X9_62_EC_PARAMETERS-structure )
-                         */
-                        if ((ret->pkey.ec= EC_KEY_new()) == NULL)
-                                {
-                                X509err(X509_F_X509_PUBKEY_GET, 
-                                        ERR_R_MALLOC_FAILURE);
-                                goto err;
-                                }
-                        cp = p = a->parameter->value.sequence->data;
-                        j = a->parameter->value.sequence->length;
-                        if (!d2i_ECParameters(&ret->pkey.ec, &cp, (long)j))
-                                {
-                                X509err(X509_F_X509_PUBKEY_GET, ERR_R_EC_LIB);
-                                goto err;
-                                }
-                        }
-                else if (a->parameter && (a->parameter->type == V_ASN1_OBJECT))
-                        {
-                        /* type == V_ASN1_OBJECT => the parameters are given
-                         * by an asn1 OID
-                         */
-                        EC_KEY   *ec_key;
-                        EC_GROUP *group;
-                        if (ret->pkey.ec == NULL)
-                                ret->pkey.ec = EC_KEY_new();
-                        ec_key = ret->pkey.ec;
-                        if (ec_key == NULL)
-                                goto err;
-                        group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));
-                        if (group == NULL)
-                                goto err;
-                        EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
-                        if (EC_KEY_set_group(ec_key, group) == 0)
-                                goto err;
-                        EC_GROUP_free(group);
-                        }
-                        /* the case implicitlyCA is currently not implemented */
-                ret->save_parameters = 1;
-                }
-#endif
-        p=key->public_key->data;
-        j=key->public_key->length;
-        if (!d2i_PublicKey(type, &ret, &p, (long)j))
-                {
-                X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB);
-                goto err;
-                }
-        key->pkey = ret;
-        CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
        return(ret);
 err:
        if (ret != NULL)
@@ -380,9 +252,9 @@ err:
 * and encode or decode as X509_PUBKEY
 */
-EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp,
+EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, unsigned char **pp,
             long length)
-        {
+{
        X509_PUBKEY *xpk;
        EVP_PKEY *pktmp;
        xpk = d2i_X509_PUBKEY(NULL, pp, length);
@@ -390,16 +262,15 @@ EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp,
        pktmp = X509_PUBKEY_get(xpk);
        X509_PUBKEY_free(xpk);
        if(!pktmp) return NULL;
-        if(a)
+        if(a) {
-                {
                EVP_PKEY_free(*a);
                *a = pktmp;
-                }
-        return pktmp;
        }
+        return pktmp;
+}
 int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
-        {
+{
        X509_PUBKEY *xpk=NULL;
        int ret;
        if(!a) return 0;
@@ -407,125 +278,83 @@ int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
        ret = i2d_X509_PUBKEY(xpk, pp);
        X509_PUBKEY_free(xpk);
        return ret;
-        }
+}
 /* The following are equivalents but which return RSA and DSA
 * keys
 */
 #ifndef OPENSSL_NO_RSA
-RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp,
+RSA *d2i_RSA_PUBKEY(RSA **a, unsigned char **pp,
             long length)
-        {
+{
        EVP_PKEY *pkey;
        RSA *key;
-        const unsigned char *q;
+        unsigned char *q;
        q = *pp;
        pkey = d2i_PUBKEY(NULL, &q, length);
-        if (!pkey) return NULL;
+        if(!pkey) return NULL;
        key = EVP_PKEY_get1_RSA(pkey);
        EVP_PKEY_free(pkey);
-        if (!key) return NULL;
+        if(!key) return NULL;
        *pp = q;
-        if (a)
+        if(a) {
-                {
                RSA_free(*a);
                *a = key;
-                }
-        return key;
        }
+        return key;
+}
 int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
-        {
+{
        EVP_PKEY *pktmp;
        int ret;
-        if (!a) return 0;
+        if(!a) return 0;
        pktmp = EVP_PKEY_new();
-        if (!pktmp)
+        if(!pktmp) {
-                {
                ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
                return 0;
-                }
+        }
        EVP_PKEY_set1_RSA(pktmp, a);
        ret = i2d_PUBKEY(pktmp, pp);
        EVP_PKEY_free(pktmp);
        return ret;
-        }
+}
 #endif
 #ifndef OPENSSL_NO_DSA
-DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp,
+DSA *d2i_DSA_PUBKEY(DSA **a, unsigned char **pp,
             long length)
-        {
+{
        EVP_PKEY *pkey;
        DSA *key;
-        const unsigned char *q;
+        unsigned char *q;
        q = *pp;
        pkey = d2i_PUBKEY(NULL, &q, length);
-        if (!pkey) return NULL;
+        if(!pkey) return NULL;
        key = EVP_PKEY_get1_DSA(pkey);
        EVP_PKEY_free(pkey);
-        if (!key) return NULL;
+        if(!key) return NULL;
        *pp = q;
-        if (a)
+        if(a) {
-                {
                DSA_free(*a);
                *a = key;
-                }
-        return key;
        }
+        return key;
+}
 int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
-        {
+{
        EVP_PKEY *pktmp;
        int ret;
        if(!a) return 0;
        pktmp = EVP_PKEY_new();
-        if(!pktmp)
+        if(!pktmp) {
-                {
                ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
                return 0;
-                }
+        }
        EVP_PKEY_set1_DSA(pktmp, a);
        ret = i2d_PUBKEY(pktmp, pp);
        EVP_PKEY_free(pktmp);
        return ret;
-        }
+}
-#endif
-#ifndef OPENSSL_NO_EC
-EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)
-        {
-        EVP_PKEY *pkey;
-        EC_KEY *key;
-        const unsigned char *q;
-        q = *pp;
-        pkey = d2i_PUBKEY(NULL, &q, length);
-        if (!pkey) return(NULL);
-        key = EVP_PKEY_get1_EC_KEY(pkey);
-        EVP_PKEY_free(pkey);
-        if (!key)  return(NULL);
-        *pp = q;
-        if (a)
-                {
-                EC_KEY_free(*a);
-                *a = key;
-                }
-        return(key);
-        }
-int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
-        {
-        EVP_PKEY *pktmp;
-        int ret;
-        if (!a) return(0);
-        if ((pktmp = EVP_PKEY_new()) == NULL)
-                {
-                ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE);
-                return(0);
-                }
-        EVP_PKEY_set1_EC_KEY(pktmp, a);
-        ret = i2d_PUBKEY(pktmp, pp);
-        EVP_PKEY_free(pktmp);
-        return(ret);
-        }
 #endif
diff --git a/src/lib/libcrypto/asn1/x_req.c b/src/lib/libcrypto/asn1/x_req.c
index 59ca8ce329..b3f18ebc12 100644
--- a/src/lib/libcrypto/asn1/x_req.c
+++ b/src/lib/libcrypto/asn1/x_req.c
@@ -102,7 +102,7 @@ ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = {
 IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO)
-ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_REQ) = {
+ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_INFO) = {
        ASN1_SIMPLE(X509_REQ, req_info, X509_REQ_INFO),
        ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR),
        ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING)
diff --git a/src/lib/libcrypto/asn1/x_x509.c b/src/lib/libcrypto/asn1/x_x509.c
index e118696625..b50167ce43 100644
--- a/src/lib/libcrypto/asn1/x_x509.c
+++ b/src/lib/libcrypto/asn1/x_x509.c
@@ -79,8 +79,6 @@ ASN1_SEQUENCE(X509_CINF) = {
 IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
 /* X509 top level structure needs a bit of customisation */
-extern void policy_cache_free(X509_POLICY_CACHE *cache);
 static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
        X509 *ret = (X509 *)*pval;
@@ -94,10 +92,6 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
                ret->ex_pathlen = -1;
                ret->skid = NULL;
                ret->akid = NULL;
-#ifndef OPENSSL_NO_RFC3779
-                ret->rfc3779_addr = NULL;
-                ret->rfc3779_asid = NULL;
-#endif
                ret->aux = NULL;
                CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
                break;
@@ -112,11 +106,6 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
                X509_CERT_AUX_free(ret->aux);
                ASN1_OCTET_STRING_free(ret->skid);
                AUTHORITY_KEYID_free(ret->akid);
-                policy_cache_free(ret->policy_cache);
-#ifndef OPENSSL_NO_RFC3779
-                sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
-                ASIdentifiers_free(ret->rfc3779_asid);
-#endif
                if (ret->name != NULL) OPENSSL_free(ret->name);
                break;
@@ -136,13 +125,11 @@ ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
 IMPLEMENT_ASN1_FUNCTIONS(X509)
 IMPLEMENT_ASN1_DUP_FUNCTION(X509)
-static ASN1_METHOD meth=
+static ASN1_METHOD meth={
-    {
+        (int (*)())  i2d_X509,
-    (I2D_OF(void))  i2d_X509,
+        (char *(*)())d2i_X509,
-    (D2I_OF(void)) d2i_X509,
+        (char *(*)())X509_new,
-    (void *(*)(void))X509_new,
+        (void (*)()) X509_free};
-    (void (*)(void *)) X509_free
-    };
 ASN1_METHOD *X509_asn1_meth(void)
        {
@@ -174,9 +161,9 @@ void *X509_get_ex_data(X509 *r, int idx)
 *
 */
-X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
+X509 *d2i_X509_AUX(X509 **a, unsigned char **pp, long length)
 {
-        const unsigned char *q;
+        unsigned char *q;
        X509 *ret;
        /* Save start position */
        q = *pp;
diff --git a/src/lib/libcrypto/asn1/x_x509a.c b/src/lib/libcrypto/asn1/x_x509a.c
index 13db5fd03f..f244768b7e 100644
--- a/src/lib/libcrypto/asn1/x_x509a.c
+++ b/src/lib/libcrypto/asn1/x_x509a.c
@@ -91,14 +91,6 @@ static X509_CERT_AUX *aux_get(X509 *x)
 int X509_alias_set1(X509 *x, unsigned char *name, int len)
 {
        X509_CERT_AUX *aux;
-        if (!name)
-                {
-                if (!x || !x->aux || !x->aux->alias)
-                        return 1;
-                ASN1_UTF8STRING_free(x->aux->alias);
-                x->aux->alias = NULL;
-                return 1;
-                }
        if(!(aux = aux_get(x))) return 0;
        if(!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) return 0;
        return ASN1_STRING_set(aux->alias, name, len);
@@ -107,14 +99,6 @@ int X509_alias_set1(X509 *x, unsigned char *name, int len)
 int X509_keyid_set1(X509 *x, unsigned char *id, int len)
 {
        X509_CERT_AUX *aux;
-        if (!id)
-                {
-                if (!x || !x->aux || !x->aux->keyid)
-                        return 1;
-                ASN1_OCTET_STRING_free(x->aux->keyid);
-                x->aux->keyid = NULL;
-                return 1;
-                }
        if(!(aux = aux_get(x))) return 0;
        if(!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) return 0;
        return ASN1_STRING_set(aux->keyid, id, len);
@@ -127,13 +111,6 @@ unsigned char *X509_alias_get0(X509 *x, int *len)
        return x->aux->alias->data;
 }
-unsigned char *X509_keyid_get0(X509 *x, int *len)
-{
-        if(!x->aux || !x->aux->keyid) return NULL;
-        if(len) *len = x->aux->keyid->length;
-        return x->aux->keyid->data;
-}
 int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj)
 {
        X509_CERT_AUX *aux;
@@ -172,9 +149,3 @@ void X509_reject_clear(X509 *x)
        }
 }
-ASN1_SEQUENCE(X509_CERT_PAIR) = {
-        ASN1_EXP_OPT(X509_CERT_PAIR, forward, X509, 0),
-        ASN1_EXP_OPT(X509_CERT_PAIR, reverse, X509, 1)
-} ASN1_SEQUENCE_END(X509_CERT_PAIR)
-IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_PAIR)
diff --git a/src/lib/libcrypto/bf/Makefile b/src/lib/libcrypto/bf/Makefile
new file mode 100644
index 0000000000..8441954a8d
--- /dev/null
+++ b/src/lib/libcrypto/bf/Makefile
@@ -0,0 +1,107 @@
+#
+# OpenSSL/crypto/blowfish/Makefile
+#
+DIR=    bf
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+BF_ENC=         bf_enc.o
+# or use
+#DES_ENC=       bx86-elf.o
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+GENERAL=Makefile
+TEST=bftest.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c 
+LIBOBJ=bf_skey.o bf_ecb.o $(BF_ENC) bf_cfb64.o bf_ofb64.o
+SRC= $(LIBSRC)
+EXHEADER= blowfish.h
+HEADER= bf_pi.h bf_locl.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+# ELF
+bx86-elf.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) bf-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@)
+# COFF
+bx86-cof.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) bf-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@)
+# a.out
+bx86-out.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) bf-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@)
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+# We need to use force because 'install' matches 'INSTALL' on case
+# insensitive systems
+FRC.install:
+install: FRC.install
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+bf_cfb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_cfb64.o: ../../include/openssl/opensslconf.h bf_cfb64.c bf_locl.h
+bf_ecb.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bf_ecb.o: bf_ecb.c bf_locl.h
+bf_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_enc.o: ../../include/openssl/opensslconf.h bf_enc.c bf_locl.h
+bf_ofb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h bf_ofb64.c
+bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_skey.o: ../../include/openssl/opensslconf.h bf_locl.h bf_pi.h bf_skey.c
diff --git a/src/lib/libcrypto/bf/Makefile.ssl b/src/lib/libcrypto/bf/Makefile.ssl
new file mode 100644
index 0000000000..be3ad77a05
--- /dev/null
+++ b/src/lib/libcrypto/bf/Makefile.ssl
@@ -0,0 +1,115 @@
+#
+# SSLeay/crypto/blowfish/Makefile
+#
+DIR=    bf
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+BF_ENC=         bf_enc.o
+# or use
+#DES_ENC=       bx86-elf.o
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+GENERAL=Makefile
+TEST=bftest.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c 
+LIBOBJ=bf_skey.o bf_ecb.o $(BF_ENC) bf_cfb64.o bf_ofb64.o
+SRC= $(LIBSRC)
+EXHEADER= blowfish.h
+HEADER= bf_pi.h bf_locl.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+# elf
+asm/bx86-elf.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) bf-586.pl elf $(CFLAGS) $(PROCESSOR) > bx86-elf.s)
+# a.out
+asm/bx86-out.o: asm/bx86unix.cpp
+        $(CPP) -DOUT asm/bx86unix.cpp | as -o asm/bx86-out.o
+# bsdi
+asm/bx86bsdi.o: asm/bx86unix.cpp
+        $(CPP) -DBSDI asm/bx86unix.cpp | sed 's/ :/:/' | as -o asm/bx86bsdi.o
+asm/bx86unix.cpp: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) bf-586.pl cpp $(PROCESSOR) >bx86unix.cpp)
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install: installs
+installs:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f asm/bx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+bf_cfb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_cfb64.o: ../../include/openssl/opensslconf.h bf_cfb64.c bf_locl.h
+bf_ecb.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bf_ecb.o: bf_ecb.c bf_locl.h
+bf_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_enc.o: ../../include/openssl/opensslconf.h bf_enc.c bf_locl.h
+bf_ofb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h bf_ofb64.c
+bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_skey.o: ../../include/openssl/opensslconf.h bf_locl.h bf_pi.h bf_skey.c
diff --git a/src/lib/libcrypto/bf/asm/bf-586.pl b/src/lib/libcrypto/bf/asm/bf-586.pl
index b556642c94..b5a4760d09 100644
--- a/src/lib/libcrypto/bf/asm/bf-586.pl
+++ b/src/lib/libcrypto/bf/asm/bf-586.pl
@@ -18,7 +18,7 @@ $tmp4="edx";
 &BF_encrypt("BF_encrypt",1);
 &BF_encrypt("BF_decrypt",0);
-&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1);
+&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1) unless $main'openbsd;
 &asm_finish();
 sub BF_encrypt
diff --git a/src/lib/libcrypto/bf/asm/bf-686.pl b/src/lib/libcrypto/bf/asm/bf-686.pl
new file mode 100644
index 0000000000..8e4c25f598
--- /dev/null
+++ b/src/lib/libcrypto/bf/asm/bf-686.pl
@@ -0,0 +1,127 @@
+#!/usr/local/bin/perl
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+require "cbc.pl";
+&asm_init($ARGV[0],"bf-686.pl");
+$BF_ROUNDS=16;
+$BF_OFF=($BF_ROUNDS+2)*4;
+$L="ecx";
+$R="edx";
+$P="edi";
+$tot="esi";
+$tmp1="eax";
+$tmp2="ebx";
+$tmp3="ebp";
+&des_encrypt("BF_encrypt",1);
+&des_encrypt("BF_decrypt",0);
+&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1);
+&asm_finish();
+&file_end();
+sub des_encrypt
+        {
+        local($name,$enc)=@_;
+        &function_begin($name,"");
+        &comment("");
+        &comment("Load the 2 words");
+        &mov("eax",&wparam(0));
+        &mov($L,&DWP(0,"eax","",0));
+        &mov($R,&DWP(4,"eax","",0));
+        &comment("");
+        &comment("P pointer, s and enc flag");
+        &mov($P,&wparam(1));
+        &xor(   $tmp1,  $tmp1);
+        &xor(   $tmp2,  $tmp2);
+        # encrypting part
+        if ($enc)
+                {
+                &xor($L,&DWP(0,$P,"",0));
+                for ($i=0; $i<$BF_ROUNDS; $i+=2)
+                        {
+                        &comment("");
+                        &comment("Round $i");
+                        &BF_ENCRYPT($i+1,$R,$L,$P,$tot,$tmp1,$tmp2,$tmp3);
+                        &comment("");
+                        &comment("Round ".sprintf("%d",$i+1));
+                        &BF_ENCRYPT($i+2,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3);
+                        }
+                &xor($R,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
+                &mov("eax",&wparam(0));
+                &mov(&DWP(0,"eax","",0),$R);
+                &mov(&DWP(4,"eax","",0),$L);
+                &function_end_A($name);
+                }
+        else
+                {
+                &xor($L,&DWP(($BF_ROUNDS+1)*4,$P,"",0));
+                for ($i=$BF_ROUNDS; $i>0; $i-=2)
+                        {
+                        &comment("");
+                        &comment("Round $i");
+                        &BF_ENCRYPT($i,$R,$L,$P,$tot,$tmp1,$tmp2,$tmp3);
+                        &comment("");
+                        &comment("Round ".sprintf("%d",$i-1));
+                        &BF_ENCRYPT($i-1,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3);
+                        }
+                &xor($R,&DWP(0,$P,"",0));
+                &mov("eax",&wparam(0));
+                &mov(&DWP(0,"eax","",0),$R);
+                &mov(&DWP(4,"eax","",0),$L);
+                &function_end_A($name);
+                }
+        &function_end_B($name);
+        }
+sub BF_ENCRYPT
+        {
+        local($i,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3)=@_;
+        &rotr(  $R,             16);
+        &mov(   $tot,           &DWP(&n2a($i*4),$P,"",0));
+        &movb(  &LB($tmp1),     &HB($R));
+        &movb(  &LB($tmp2),     &LB($R));
+        &rotr(  $R,             16);
+        &xor(   $L,             $tot);
+        &mov(   $tot,           &DWP(&n2a($BF_OFF+0x0000),$P,$tmp1,4));
+        &mov(   $tmp3,          &DWP(&n2a($BF_OFF+0x0400),$P,$tmp2,4));
+        &movb(  &LB($tmp1),     &HB($R));
+        &movb(  &LB($tmp2),     &LB($R));
+        &add(   $tot,           $tmp3);
+        &mov(   $tmp1,          &DWP(&n2a($BF_OFF+0x0800),$P,$tmp1,4)); # delay
+        &xor(   $tot,           $tmp1);
+        &mov(   $tmp3,          &DWP(&n2a($BF_OFF+0x0C00),$P,$tmp2,4));
+        &add(   $tot,           $tmp3);
+        &xor(   $tmp1,          $tmp1);
+        &xor(   $L,             $tot);                                  
+        # delay
+        }
+sub n2a
+        {
+        sprintf("%d",$_[0]);
+        }
diff --git a/src/lib/libcrypto/bf/asm/readme b/src/lib/libcrypto/bf/asm/readme
new file mode 100644
index 0000000000..2385fa3812
--- /dev/null
+++ b/src/lib/libcrypto/bf/asm/readme
@@ -0,0 +1,10 @@
+There are blowfish assembler generation scripts.
+bf-586.pl version is for the pentium and
+bf-686.pl is my original version, which is faster on the pentium pro.
+When using a bf-586.pl, the pentium pro/II is %8 slower than using
+bf-686.pl.  When using a bf-686.pl, the pentium is %16 slower
+than bf-586.pl
+So the default is bf-586.pl
diff --git a/src/lib/libcrypto/bf/bf_ecb.c b/src/lib/libcrypto/bf/bf_ecb.c
index 1607cefa32..341991636f 100644
--- a/src/lib/libcrypto/bf/bf_ecb.c
+++ b/src/lib/libcrypto/bf/bf_ecb.c
@@ -65,7 +65,7 @@
 * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
 */
-const char BF_version[]="Blowfish" OPENSSL_VERSION_PTEXT;
+const char *BF_version="Blowfish" OPENSSL_VERSION_PTEXT;
 const char *BF_options(void)
        {
diff --git a/src/lib/libcrypto/bf/bf_enc.c b/src/lib/libcrypto/bf/bf_enc.c
index 2d21d09f42..b380acf959 100644
--- a/src/lib/libcrypto/bf/bf_enc.c
+++ b/src/lib/libcrypto/bf/bf_enc.c
@@ -73,7 +73,7 @@ void BF_encrypt(BF_LONG *data, const BF_KEY *key)
        {
 #ifndef BF_PTR2
        register BF_LONG l,r;
-        register const BF_LONG *p,*s;
+    const register BF_LONG *p,*s;
        p=key->P;
        s= &(key->S[0]);
@@ -150,7 +150,7 @@ void BF_decrypt(BF_LONG *data, const BF_KEY *key)
        {
 #ifndef BF_PTR2
        register BF_LONG l,r;
-        register const BF_LONG *p,*s;
+    const register BF_LONG *p,*s;
        p=key->P;
        s= &(key->S[0]);
diff --git a/src/lib/libcrypto/bf/bf_opts.c b/src/lib/libcrypto/bf/bf_opts.c
new file mode 100644
index 0000000000..171dada2ca
--- /dev/null
+++ b/src/lib/libcrypto/bf/bf_opts.c
@@ -0,0 +1,328 @@
+/* crypto/bf/bf_opts.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
+ * This is for machines with 64k code segment size restrictions. */
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+#define TIMES
+#endif
+#include <stdio.h>
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+#include <signal.h>
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.                           -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#include <openssl/blowfish.h>
+#define BF_DEFAULT_OPTIONS
+#undef BF_ENC
+#define BF_encrypt  BF_encrypt_normal
+#undef HEADER_BF_LOCL_H
+#include "bf_enc.c"
+#define BF_PTR
+#undef BF_PTR2
+#undef BF_ENC
+#undef BF_encrypt
+#define BF_encrypt  BF_encrypt_ptr
+#undef HEADER_BF_LOCL_H
+#include "bf_enc.c"
+#undef BF_PTR
+#define BF_PTR2
+#undef BF_ENC
+#undef BF_encrypt
+#define BF_encrypt  BF_encrypt_ptr2
+#undef HEADER_BF_LOCL_H
+#include "bf_enc.c"
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
+#   define HZ   100.0
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+#define BUFSIZE ((long)1024)
+long run=0;
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+#define START   0
+#define STOP    1
+double Time_F(int s)
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+#ifdef SIGALRM
+#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);
+#else
+#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);
+#endif
+        
+#define time_it(func,name,index) \
+        print_name(name); \
+        Time_F(START); \
+        for (count=0,run=1; COND(cb); count+=4) \
+                { \
+                unsigned long d[2]; \
+                func(d,&sch); \
+                func(d,&sch); \
+                func(d,&sch); \
+                func(d,&sch); \
+                } \
+        tm[index]=Time_F(STOP); \
+        fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
+        tm[index]=((double)COUNT(cb))/tm[index];
+#define print_it(name,index) \
+        fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
+                tm[index]*8,1.0e6/tm[index]);
+int main(int argc, char **argv)
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static char key[16]={   0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                                0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+        BF_KEY sch;
+        double d,tm[16],max=0;
+        int rank[16];
+        char *str[16];
+        int max_idx=0,i,num=0,j;
+#ifndef SIGALARM
+        long ca,cb,cc,cd,ce;
+#endif
+        for (i=0; i<12; i++)
+                {
+                tm[i]=0.0;
+                rank[i]=0;
+                }
+#ifndef TIMES
+        fprintf(stderr,"To get the most accurate results, try to run this\n");
+        fprintf(stderr,"program when this computer is idle.\n");
+#endif
+        BF_set_key(&sch,16,key);
+#ifndef SIGALRM
+        fprintf(stderr,"First we calculate the approximate speed ...\n");
+        count=10;
+        do      {
+                long i;
+                unsigned long data[2];
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        BF_encrypt(data,&sch);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count;
+        cb=count*3;
+        cc=count*3*8/BUFSIZE+1;
+        cd=count*8/BUFSIZE+1;
+        ce=count/20+1;
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        alarm(10);
+#endif
+        time_it(BF_encrypt_normal,      "BF_encrypt_normal ", 0);
+        time_it(BF_encrypt_ptr,         "BF_encrypt_ptr    ", 1);
+        time_it(BF_encrypt_ptr2,        "BF_encrypt_ptr2   ", 2);
+        num+=3;
+        str[0]="<nothing>";
+        print_it("BF_encrypt_normal ",0);
+        max=tm[0];
+        max_idx=0;
+        str[1]="ptr      ";
+        print_it("BF_encrypt_ptr ",1);
+        if (max < tm[1]) { max=tm[1]; max_idx=1; }
+        str[2]="ptr2     ";
+        print_it("BF_encrypt_ptr2 ",2);
+        if (max < tm[2]) { max=tm[2]; max_idx=2; }
+        printf("options    BF ecb/s\n");
+        printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]);
+        d=tm[max_idx];
+        tm[max_idx]= -2.0;
+        max= -1.0;
+        for (;;)
+                {
+                for (i=0; i<3; i++)
+                        {
+                        if (max < tm[i]) { max=tm[i]; j=i; }
+                        }
+                if (max < 0.0) break;
+                printf("%s %12.2f  %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0);
+                tm[j]= -2.0;
+                max= -1.0;
+                }
+        switch (max_idx)
+                {
+        case 0:
+                printf("-DBF_DEFAULT_OPTIONS\n");
+                break;
+        case 1:
+                printf("-DBF_PTR\n");
+                break;
+        case 2:
+                printf("-DBF_PTR2\n");
+                break;
+                }
+        exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libcrypto/bf/bf_skey.c b/src/lib/libcrypto/bf/bf_skey.c
index 3673cdee6e..1931aba83f 100644
--- a/src/lib/libcrypto/bf/bf_skey.c
+++ b/src/lib/libcrypto/bf/bf_skey.c
@@ -58,11 +58,13 @@
 #include <stdio.h>
 #include <string.h>
+#include <openssl/crypto.h>
 #include <openssl/blowfish.h>
+#include <openssl/fips.h>
 #include "bf_locl.h"
 #include "bf_pi.h"
-void BF_set_key(BF_KEY *key, int len, const unsigned char *data)
+FIPS_NON_FIPS_VCIPHER_Init(BF)
        {
        int i;
        BF_LONG *p,ri,in[2];
diff --git a/src/lib/libcrypto/bf/bfs.cpp b/src/lib/libcrypto/bf/bfs.cpp
new file mode 100644
index 0000000000..d74c457760
--- /dev/null
+++ b/src/lib/libcrypto/bf/bfs.cpp
@@ -0,0 +1,67 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/blowfish.h>
+void main(int argc,char *argv[])
+        {
+        BF_KEY key;
+        unsigned long s1,s2,e1,e2;
+        unsigned long data[2];
+        int i,j;
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<1000; i++) /**/
+                        {
+                        BF_encrypt(&data[0],&key);
+                        GetTSC(s1);
+                        BF_encrypt(&data[0],&key);
+                        BF_encrypt(&data[0],&key);
+                        BF_encrypt(&data[0],&key);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        BF_encrypt(&data[0],&key);
+                        BF_encrypt(&data[0],&key);
+                        BF_encrypt(&data[0],&key);
+                        BF_encrypt(&data[0],&key);
+                        GetTSC(e2);
+                        BF_encrypt(&data[0],&key);
+                        }
+                printf("blowfish %d %d (%d)\n",
+                        e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+                }
+        }
diff --git a/src/lib/libcrypto/bf/bfspeed.c b/src/lib/libcrypto/bf/bfspeed.c
new file mode 100644
index 0000000000..f346af64f3
--- /dev/null
+++ b/src/lib/libcrypto/bf/bfspeed.c
@@ -0,0 +1,274 @@
+/* crypto/bf/bfspeed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+#define TIMES
+#endif
+#include <stdio.h>
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+#include <signal.h>
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.                           -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#include <openssl/blowfish.h>
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+#ifndef CLK_TCK
+#define HZ      100.0
+#else /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif
+#endif
+#define BUFSIZE ((long)1024)
+long run=0;
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+#define START   0
+#define STOP    1
+double Time_F(int s)
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+int main(int argc, char **argv)
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static unsigned char key[] ={
+                        0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                        0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
+                        };
+        BF_KEY sch;
+        double a,b,c,d;
+#ifndef SIGALRM
+        long ca,cb,cc;
+#endif
+#ifndef TIMES
+        printf("To get the most accurate results, try to run this\n");
+        printf("program when this computer is idle.\n");
+#endif
+#ifndef SIGALRM
+        printf("First we calculate the approximate speed ...\n");
+        BF_set_key(&sch,16,key);
+        count=10;
+        do      {
+                long i;
+                BF_LONG data[2];
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        BF_encrypt(data,&sch);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count/512;
+        cb=count;
+        cc=count*8/BUFSIZE+1;
+        printf("Doing BF_set_key %ld times\n",ca);
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        printf("Doing BF_set_key for 10 seconds\n");
+        alarm(10);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(ca); count+=4)
+                {
+                BF_set_key(&sch,16,key);
+                BF_set_key(&sch,16,key);
+                BF_set_key(&sch,16,key);
+                BF_set_key(&sch,16,key);
+                }
+        d=Time_F(STOP);
+        printf("%ld BF_set_key's in %.2f seconds\n",count,d);
+        a=((double)COUNT(ca))/d;
+#ifdef SIGALRM
+        printf("Doing BF_encrypt's for 10 seconds\n");
+        alarm(10);
+#else
+        printf("Doing BF_encrypt %ld times\n",cb);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cb); count+=4)
+                {
+                BF_LONG data[2];
+                BF_encrypt(data,&sch);
+                BF_encrypt(data,&sch);
+                BF_encrypt(data,&sch);
+                BF_encrypt(data,&sch);
+                }
+        d=Time_F(STOP);
+        printf("%ld BF_encrypt's in %.2f second\n",count,d);
+        b=((double)COUNT(cb)*8)/d;
+#ifdef SIGALRM
+        printf("Doing BF_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+                BUFSIZE);
+        alarm(10);
+#else
+        printf("Doing BF_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+                BUFSIZE);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cc); count++)
+                BF_cbc_encrypt(buf,buf,BUFSIZE,&sch,
+                        &(key[0]),BF_ENCRYPT);
+        d=Time_F(STOP);
+        printf("%ld BF_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+                count,BUFSIZE,d);
+        c=((double)COUNT(cc)*BUFSIZE)/d;
+        printf("Blowfish set_key       per sec = %12.3f (%9.3fuS)\n",a,1.0e6/a);
+        printf("Blowfish raw ecb bytes per sec = %12.3f (%9.3fuS)\n",b,8.0e6/b);
+        printf("Blowfish cbc     bytes per sec = %12.3f (%9.3fuS)\n",c,8.0e6/c);
+        exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libcrypto/bf/bftest.c b/src/lib/libcrypto/bf/bftest.c
new file mode 100644
index 0000000000..24d526b14b
--- /dev/null
+++ b/src/lib/libcrypto/bf/bftest.c
@@ -0,0 +1,536 @@
+/* crypto/bf/bftest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* This has been a quickly hacked 'ideatest.c'.  When I add tests for other
+ * RC2 modes, more of the code will be uncommented. */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "../e_os.h"
+#ifdef OPENSSL_NO_BF
+int main(int argc, char *argv[])
+{
+    printf("No BF support\n");
+    return(0);
+}
+#else
+#include <openssl/blowfish.h>
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+static char *bf_key[2]={
+        "abcdefghijklmnopqrstuvwxyz",
+        "Who is John Galt?"
+        };
+/* big endian */
+static BF_LONG bf_plain[2][2]={
+        {0x424c4f57L,0x46495348L},
+        {0xfedcba98L,0x76543210L}
+        };
+static BF_LONG bf_cipher[2][2]={
+        {0x324ed0feL,0xf413a203L},
+        {0xcc91732bL,0x8022f684L}
+        };
+/************/
+/* Lets use the DES test vectors :-) */
+#define NUM_TESTS 34
+static unsigned char ecb_data[NUM_TESTS][8]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10},
+        {0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57},
+        {0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E},
+        {0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86},
+        {0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E},
+        {0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6},
+        {0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE},
+        {0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6},
+        {0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE},
+        {0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16},
+        {0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F},
+        {0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46},
+        {0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E},
+        {0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76},
+        {0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07},
+        {0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F},
+        {0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7},
+        {0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF},
+        {0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6},
+        {0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF},
+        {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
+        {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
+        {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}};
+static unsigned char plain_data[NUM_TESTS][8]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42},
+        {0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA},
+        {0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72},
+        {0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A},
+        {0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2},
+        {0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A},
+        {0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2},
+        {0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A},
+        {0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02},
+        {0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A},
+        {0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32},
+        {0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA},
+        {0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62},
+        {0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2},
+        {0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA},
+        {0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92},
+        {0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A},
+        {0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2},
+        {0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}};
+static unsigned char cipher_data[NUM_TESTS][8]={
+        {0x4E,0xF9,0x97,0x45,0x61,0x98,0xDD,0x78},
+        {0x51,0x86,0x6F,0xD5,0xB8,0x5E,0xCB,0x8A},
+        {0x7D,0x85,0x6F,0x9A,0x61,0x30,0x63,0xF2},
+        {0x24,0x66,0xDD,0x87,0x8B,0x96,0x3C,0x9D},
+        {0x61,0xF9,0xC3,0x80,0x22,0x81,0xB0,0x96},
+        {0x7D,0x0C,0xC6,0x30,0xAF,0xDA,0x1E,0xC7},
+        {0x4E,0xF9,0x97,0x45,0x61,0x98,0xDD,0x78},
+        {0x0A,0xCE,0xAB,0x0F,0xC6,0xA0,0xA2,0x8D},
+        {0x59,0xC6,0x82,0x45,0xEB,0x05,0x28,0x2B},
+        {0xB1,0xB8,0xCC,0x0B,0x25,0x0F,0x09,0xA0},
+        {0x17,0x30,0xE5,0x77,0x8B,0xEA,0x1D,0xA4},
+        {0xA2,0x5E,0x78,0x56,0xCF,0x26,0x51,0xEB},
+        {0x35,0x38,0x82,0xB1,0x09,0xCE,0x8F,0x1A},
+        {0x48,0xF4,0xD0,0x88,0x4C,0x37,0x99,0x18},
+        {0x43,0x21,0x93,0xB7,0x89,0x51,0xFC,0x98},
+        {0x13,0xF0,0x41,0x54,0xD6,0x9D,0x1A,0xE5},
+        {0x2E,0xED,0xDA,0x93,0xFF,0xD3,0x9C,0x79},
+        {0xD8,0x87,0xE0,0x39,0x3C,0x2D,0xA6,0xE3},
+        {0x5F,0x99,0xD0,0x4F,0x5B,0x16,0x39,0x69},
+        {0x4A,0x05,0x7A,0x3B,0x24,0xD3,0x97,0x7B},
+        {0x45,0x20,0x31,0xC1,0xE4,0xFA,0xDA,0x8E},
+        {0x75,0x55,0xAE,0x39,0xF5,0x9B,0x87,0xBD},
+        {0x53,0xC5,0x5F,0x9C,0xB4,0x9F,0xC0,0x19},
+        {0x7A,0x8E,0x7B,0xFA,0x93,0x7E,0x89,0xA3},
+        {0xCF,0x9C,0x5D,0x7A,0x49,0x86,0xAD,0xB5},
+        {0xD1,0xAB,0xB2,0x90,0x65,0x8B,0xC7,0x78},
+        {0x55,0xCB,0x37,0x74,0xD1,0x3E,0xF2,0x01},
+        {0xFA,0x34,0xEC,0x48,0x47,0xB2,0x68,0xB2},
+        {0xA7,0x90,0x79,0x51,0x08,0xEA,0x3C,0xAE},
+        {0xC3,0x9E,0x07,0x2D,0x9F,0xAC,0x63,0x1D},
+        {0x01,0x49,0x33,0xE0,0xCD,0xAF,0xF6,0xE4},
+        {0xF2,0x1E,0x9A,0x77,0xB7,0x1C,0x49,0xBC},
+        {0x24,0x59,0x46,0x88,0x57,0x54,0x36,0x9A},
+        {0x6B,0x5C,0x5A,0x9C,0x5D,0x9E,0x0A,0x5A},
+        };
+static unsigned char cbc_key [16]={
+        0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
+        0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
+static unsigned char cbc_iv [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
+static char cbc_data[40]="7654321 Now is the time for ";
+static unsigned char cbc_ok[32]={
+        0x6B,0x77,0xB4,0xD6,0x30,0x06,0xDE,0xE6,
+        0x05,0xB1,0x56,0xE2,0x74,0x03,0x97,0x93,
+        0x58,0xDE,0xB9,0xE7,0x15,0x46,0x16,0xD9,
+        0x59,0xF1,0x65,0x2B,0xD5,0xFF,0x92,0xCC};
+static unsigned char cfb64_ok[]={
+        0xE7,0x32,0x14,0xA2,0x82,0x21,0x39,0xCA,
+        0xF2,0x6E,0xCF,0x6D,0x2E,0xB9,0xE7,0x6E,
+        0x3D,0xA3,0xDE,0x04,0xD1,0x51,0x72,0x00,
+        0x51,0x9D,0x57,0xA6,0xC3};
+static unsigned char ofb64_ok[]={
+        0xE7,0x32,0x14,0xA2,0x82,0x21,0x39,0xCA,
+        0x62,0xB3,0x43,0xCC,0x5B,0x65,0x58,0x73,
+        0x10,0xDD,0x90,0x8D,0x0C,0x24,0x1B,0x22,
+        0x63,0xC2,0xCF,0x80,0xDA};
+#define KEY_TEST_NUM    25
+static unsigned char key_test[KEY_TEST_NUM]={
+        0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87,
+        0x78,0x69,0x5a,0x4b,0x3c,0x2d,0x1e,0x0f,
+        0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
+        0x88};
+static unsigned char key_data[8]=
+        {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10};
+static unsigned char key_out[KEY_TEST_NUM][8]={
+        {0xF9,0xAD,0x59,0x7C,0x49,0xDB,0x00,0x5E},
+        {0xE9,0x1D,0x21,0xC1,0xD9,0x61,0xA6,0xD6},
+        {0xE9,0xC2,0xB7,0x0A,0x1B,0xC6,0x5C,0xF3},
+        {0xBE,0x1E,0x63,0x94,0x08,0x64,0x0F,0x05},
+        {0xB3,0x9E,0x44,0x48,0x1B,0xDB,0x1E,0x6E},
+        {0x94,0x57,0xAA,0x83,0xB1,0x92,0x8C,0x0D},
+        {0x8B,0xB7,0x70,0x32,0xF9,0x60,0x62,0x9D},
+        {0xE8,0x7A,0x24,0x4E,0x2C,0xC8,0x5E,0x82},
+        {0x15,0x75,0x0E,0x7A,0x4F,0x4E,0xC5,0x77},
+        {0x12,0x2B,0xA7,0x0B,0x3A,0xB6,0x4A,0xE0},
+        {0x3A,0x83,0x3C,0x9A,0xFF,0xC5,0x37,0xF6},
+        {0x94,0x09,0xDA,0x87,0xA9,0x0F,0x6B,0xF2},
+        {0x88,0x4F,0x80,0x62,0x50,0x60,0xB8,0xB4},
+        {0x1F,0x85,0x03,0x1C,0x19,0xE1,0x19,0x68},
+        {0x79,0xD9,0x37,0x3A,0x71,0x4C,0xA3,0x4F},
+        {0x93,0x14,0x28,0x87,0xEE,0x3B,0xE1,0x5C},
+        {0x03,0x42,0x9E,0x83,0x8C,0xE2,0xD1,0x4B},
+        {0xA4,0x29,0x9E,0x27,0x46,0x9F,0xF6,0x7B},
+        {0xAF,0xD5,0xAE,0xD1,0xC1,0xBC,0x96,0xA8},
+        {0x10,0x85,0x1C,0x0E,0x38,0x58,0xDA,0x9F},
+        {0xE6,0xF5,0x1E,0xD7,0x9B,0x9D,0xB2,0x1F},
+        {0x64,0xA6,0xE1,0x4A,0xFD,0x36,0xB4,0x6F},
+        {0x80,0xC7,0xD7,0xD4,0x5A,0x54,0x79,0xAD},
+        {0x05,0x04,0x4B,0x62,0xFA,0x52,0xD0,0x80},
+        };
+static int test(void );
+static int print_test_data(void );
+int main(int argc, char *argv[])
+        {
+        int ret;
+        if (argc > 1)
+                ret=print_test_data();
+        else
+                ret=test();
+        EXIT(ret);
+        return(0);
+        }
+static int print_test_data(void)
+        {
+        unsigned int i,j;
+        printf("ecb test data\n");
+        printf("key bytes\t\tclear bytes\t\tcipher bytes\n");
+        for (i=0; i<NUM_TESTS; i++)
+                {
+                for (j=0; j<8; j++)
+                        printf("%02X",ecb_data[i][j]);
+                printf("\t");
+                for (j=0; j<8; j++)
+                        printf("%02X",plain_data[i][j]);
+                printf("\t");
+                for (j=0; j<8; j++)
+                        printf("%02X",cipher_data[i][j]);
+                printf("\n");
+                }
+        printf("set_key test data\n");
+        printf("data[8]= ");
+        for (j=0; j<8; j++)
+                printf("%02X",key_data[j]);
+        printf("\n");
+        for (i=0; i<KEY_TEST_NUM-1; i++)
+                {
+                printf("c=");
+                for (j=0; j<8; j++)
+                        printf("%02X",key_out[i][j]);
+                printf(" k[%2u]=",i+1);
+                for (j=0; j<i+1; j++)
+                        printf("%02X",key_test[j]);
+                printf("\n");
+                }
+        printf("\nchaining mode test data\n");
+        printf("key[16]   = ");
+        for (j=0; j<16; j++)
+                printf("%02X",cbc_key[j]);
+        printf("\niv[8]     = ");
+        for (j=0; j<8; j++)
+                printf("%02X",cbc_iv[j]);
+        printf("\ndata[%d]  = '%s'",(int)strlen(cbc_data)+1,cbc_data);
+        printf("\ndata[%d]  = ",(int)strlen(cbc_data)+1);
+        for (j=0; j<strlen(cbc_data)+1; j++)
+                printf("%02X",cbc_data[j]);
+        printf("\n");
+        printf("cbc cipher text\n");
+        printf("cipher[%d]= ",32);
+        for (j=0; j<32; j++)
+                printf("%02X",cbc_ok[j]);
+        printf("\n");
+        printf("cfb64 cipher text\n");
+        printf("cipher[%d]= ",(int)strlen(cbc_data)+1);
+        for (j=0; j<strlen(cbc_data)+1; j++)
+                printf("%02X",cfb64_ok[j]);
+        printf("\n");
+        printf("ofb64 cipher text\n");
+        printf("cipher[%d]= ",(int)strlen(cbc_data)+1);
+        for (j=0; j<strlen(cbc_data)+1; j++)
+                printf("%02X",ofb64_ok[j]);
+        printf("\n");
+        return(0);
+        }
+static int test(void)
+        {
+        unsigned char cbc_in[40],cbc_out[40],iv[8];
+        int i,n,err=0;
+        BF_KEY key;
+        BF_LONG data[2]; 
+        unsigned char out[8]; 
+        BF_LONG len;
+#ifdef CHARSET_EBCDIC
+        ebcdic2ascii(cbc_data, cbc_data, strlen(cbc_data));
+#endif
+        printf("testing blowfish in raw ecb mode\n");
+        for (n=0; n<2; n++)
+                {
+#ifdef CHARSET_EBCDIC
+                ebcdic2ascii(bf_key[n], bf_key[n], strlen(bf_key[n]));
+#endif
+                BF_set_key(&key,strlen(bf_key[n]),(unsigned char *)bf_key[n]);
+                data[0]=bf_plain[n][0];
+                data[1]=bf_plain[n][1];
+                BF_encrypt(data,&key);
+                if (memcmp(&(bf_cipher[n][0]),&(data[0]),8) != 0)
+                        {
+                        printf("BF_encrypt error encrypting\n");
+                        printf("got     :");
+                        for (i=0; i<2; i++)
+                                printf("%08lX ",(unsigned long)data[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<2; i++)
+                                printf("%08lX ",(unsigned long)bf_cipher[n][i]);
+                        err=1;
+                        printf("\n");
+                        }
+                BF_decrypt(&(data[0]),&key);
+                if (memcmp(&(bf_plain[n][0]),&(data[0]),8) != 0)
+                        {
+                        printf("BF_encrypt error decrypting\n");
+                        printf("got     :");
+                        for (i=0; i<2; i++)
+                                printf("%08lX ",(unsigned long)data[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<2; i++)
+                                printf("%08lX ",(unsigned long)bf_plain[n][i]);
+                        printf("\n");
+                        err=1;
+                        }
+                }
+        printf("testing blowfish in ecb mode\n");
+        for (n=0; n<NUM_TESTS; n++)
+                {
+                BF_set_key(&key,8,ecb_data[n]);
+                BF_ecb_encrypt(&(plain_data[n][0]),out,&key,BF_ENCRYPT);
+                if (memcmp(&(cipher_data[n][0]),out,8) != 0)
+                        {
+                        printf("BF_ecb_encrypt blowfish error encrypting\n");
+                        printf("got     :");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",out[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",cipher_data[n][i]);
+                        err=1;
+                        printf("\n");
+                        }
+                BF_ecb_encrypt(out,out,&key,BF_DECRYPT);
+                if (memcmp(&(plain_data[n][0]),out,8) != 0)
+                        {
+                        printf("BF_ecb_encrypt error decrypting\n");
+                        printf("got     :");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",out[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",plain_data[n][i]);
+                        printf("\n");
+                        err=1;
+                        }
+                }
+        printf("testing blowfish set_key\n");
+        for (n=1; n<KEY_TEST_NUM; n++)
+                {
+                BF_set_key(&key,n,key_test);
+                BF_ecb_encrypt(key_data,out,&key,BF_ENCRYPT);
+                /* mips-sgi-irix6.5-gcc  vv  -mabi=64 bug workaround */
+                if (memcmp(out,&(key_out[i=n-1][0]),8) != 0)
+                        {
+                        printf("blowfish setkey error\n");
+                        err=1;
+                        }
+                }
+        printf("testing blowfish in cbc mode\n");
+        len=strlen(cbc_data)+1;
+        BF_set_key(&key,16,cbc_key);
+        memset(cbc_in,0,sizeof cbc_in);
+        memset(cbc_out,0,sizeof cbc_out);
+        memcpy(iv,cbc_iv,sizeof iv);
+        BF_cbc_encrypt((unsigned char *)cbc_data,cbc_out,len,
+                &key,iv,BF_ENCRYPT);
+        if (memcmp(cbc_out,cbc_ok,32) != 0)
+                {
+                err=1;
+                printf("BF_cbc_encrypt encrypt error\n");
+                for (i=0; i<32; i++) printf("0x%02X,",cbc_out[i]);
+                }
+        memcpy(iv,cbc_iv,8);
+        BF_cbc_encrypt(cbc_out,cbc_in,len,
+                &key,iv,BF_DECRYPT);
+        if (memcmp(cbc_in,cbc_data,strlen(cbc_data)+1) != 0)
+                {
+                printf("BF_cbc_encrypt decrypt error\n");
+                err=1;
+                }
+        printf("testing blowfish in cfb64 mode\n");
+        BF_set_key(&key,16,cbc_key);
+        memset(cbc_in,0,40);
+        memset(cbc_out,0,40);
+        memcpy(iv,cbc_iv,8);
+        n=0;
+        BF_cfb64_encrypt((unsigned char *)cbc_data,cbc_out,(long)13,
+                &key,iv,&n,BF_ENCRYPT);
+        BF_cfb64_encrypt((unsigned char *)&(cbc_data[13]),&(cbc_out[13]),len-13,
+                &key,iv,&n,BF_ENCRYPT);
+        if (memcmp(cbc_out,cfb64_ok,(int)len) != 0)
+                {
+                err=1;
+                printf("BF_cfb64_encrypt encrypt error\n");
+                for (i=0; i<(int)len; i++) printf("0x%02X,",cbc_out[i]);
+                }
+        n=0;
+        memcpy(iv,cbc_iv,8);
+        BF_cfb64_encrypt(cbc_out,cbc_in,17,
+                &key,iv,&n,BF_DECRYPT);
+        BF_cfb64_encrypt(&(cbc_out[17]),&(cbc_in[17]),len-17,
+                &key,iv,&n,BF_DECRYPT);
+        if (memcmp(cbc_in,cbc_data,(int)len) != 0)
+                {
+                printf("BF_cfb64_encrypt decrypt error\n");
+                err=1;
+                }
+        printf("testing blowfish in ofb64\n");
+        BF_set_key(&key,16,cbc_key);
+        memset(cbc_in,0,40);
+        memset(cbc_out,0,40);
+        memcpy(iv,cbc_iv,8);
+        n=0;
+        BF_ofb64_encrypt((unsigned char *)cbc_data,cbc_out,(long)13,&key,iv,&n);
+        BF_ofb64_encrypt((unsigned char *)&(cbc_data[13]),
+                &(cbc_out[13]),len-13,&key,iv,&n);
+        if (memcmp(cbc_out,ofb64_ok,(int)len) != 0)
+                {
+                err=1;
+                printf("BF_ofb64_encrypt encrypt error\n");
+                for (i=0; i<(int)len; i++) printf("0x%02X,",cbc_out[i]);
+                }
+        n=0;
+        memcpy(iv,cbc_iv,8);
+        BF_ofb64_encrypt(cbc_out,cbc_in,17,&key,iv,&n);
+        BF_ofb64_encrypt(&(cbc_out[17]),&(cbc_in[17]),len-17,&key,iv,&n);
+        if (memcmp(cbc_in,cbc_data,(int)len) != 0)
+                {
+                printf("BF_ofb64_encrypt decrypt error\n");
+                err=1;
+                }
+        return(err);
+        }
+#endif
diff --git a/src/lib/libcrypto/bf/blowfish.h b/src/lib/libcrypto/bf/blowfish.h
index cd49e85ab2..b4d8774961 100644
--- a/src/lib/libcrypto/bf/blowfish.h
+++ b/src/lib/libcrypto/bf/blowfish.h
@@ -104,7 +104,10 @@ typedef struct bf_key_st
        BF_LONG S[4*256];
        } BF_KEY;
- 
+#ifdef OPENSSL_FIPS 
+void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data);
+#endif
 void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
 void BF_encrypt(BF_LONG *data,const BF_KEY *key);
diff --git a/src/lib/libcrypto/bio/Makefile b/src/lib/libcrypto/bio/Makefile
new file mode 100644
index 0000000000..1ef6c2fb9f
--- /dev/null
+++ b/src/lib/libcrypto/bio/Makefile
@@ -0,0 +1,221 @@
+#
+# OpenSSL/crypto/bio/Makefile
+#
+DIR=    bio
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= bio_lib.c bio_cb.c bio_err.c \
+        bss_mem.c bss_null.c bss_fd.c \
+        bss_file.c bss_sock.c bss_conn.c \
+        bf_null.c bf_buff.c b_print.c b_dump.c \
+        b_sock.c bss_acpt.c bf_nbio.c bss_log.c bss_bio.c \
+        bss_dgram.c
+#       bf_lbuf.c
+LIBOBJ= bio_lib.o bio_cb.o bio_err.o \
+        bss_mem.o bss_null.o bss_fd.o \
+        bss_file.o bss_sock.o bss_conn.o \
+        bf_null.o bf_buff.o b_print.o b_dump.o \
+        b_sock.o bss_acpt.o bf_nbio.o bss_log.o bss_bio.o \
+        bss_dgram.o
+#       bf_lbuf.o
+SRC= $(LIBSRC)
+EXHEADER= bio.h
+HEADER= bio_lcl.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+b_dump.o: ../../e_os.h ../../include/openssl/bio.h
+b_dump.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+b_dump.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+b_dump.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+b_dump.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+b_dump.o: ../../include/openssl/symhacks.h ../cryptlib.h b_dump.c bio_lcl.h
+b_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+b_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+b_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+b_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+b_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+b_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+b_print.o: ../../include/openssl/symhacks.h ../cryptlib.h b_print.c
+b_sock.o: ../../e_os.h ../../include/openssl/bio.h
+b_sock.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+b_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+b_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+b_sock.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+b_sock.o: ../../include/openssl/symhacks.h ../cryptlib.h b_sock.c
+bf_buff.o: ../../e_os.h ../../include/openssl/bio.h
+bf_buff.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bf_buff.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bf_buff.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bf_buff.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bf_buff.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bf_buff.o: ../../include/openssl/symhacks.h ../cryptlib.h bf_buff.c
+bf_nbio.o: ../../e_os.h ../../include/openssl/bio.h
+bf_nbio.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bf_nbio.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bf_nbio.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bf_nbio.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bf_nbio.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bf_nbio.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bf_nbio.o: ../cryptlib.h bf_nbio.c
+bf_null.o: ../../e_os.h ../../include/openssl/bio.h
+bf_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bf_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bf_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bf_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bf_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bf_null.o: ../../include/openssl/symhacks.h ../cryptlib.h bf_null.c
+bio_cb.o: ../../e_os.h ../../include/openssl/bio.h
+bio_cb.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bio_cb.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_cb.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bio_cb.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_cb.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_cb.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_cb.c
+bio_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+bio_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bio_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_err.o: ../../include/openssl/symhacks.h bio_err.c
+bio_lib.o: ../../e_os.h ../../include/openssl/bio.h
+bio_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bio_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bio_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_lib.c
+bss_acpt.o: ../../e_os.h ../../include/openssl/bio.h
+bss_acpt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_acpt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_acpt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_acpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bss_acpt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_acpt.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_acpt.c
+bss_bio.o: ../../e_os.h ../../include/openssl/bio.h
+bss_bio.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bss_bio.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bss_bio.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bss_bio.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+bss_bio.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_bio.o: bss_bio.c
+bss_conn.o: ../../e_os.h ../../include/openssl/bio.h
+bss_conn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_conn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_conn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_conn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bss_conn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_conn.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_conn.c
+bss_dgram.o: ../../e_os.h ../../include/openssl/bio.h
+bss_dgram.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_dgram.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_dgram.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_dgram.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bss_dgram.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_dgram.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_dgram.c
+bss_fd.o: ../../e_os.h ../../include/openssl/bio.h
+bss_fd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_fd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_fd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_fd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bss_fd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_fd.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_lcl.h bss_fd.c
+bss_file.o: ../../e_os.h ../../include/openssl/bio.h
+bss_file.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_file.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_file.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_file.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bss_file.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_file.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_lcl.h bss_file.c
+bss_log.o: ../../e_os.h ../../include/openssl/bio.h
+bss_log.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_log.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_log.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_log.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bss_log.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_log.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_log.c
+bss_mem.o: ../../e_os.h ../../include/openssl/bio.h
+bss_mem.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_mem.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_mem.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_mem.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bss_mem.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_mem.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_mem.c
+bss_null.o: ../../e_os.h ../../include/openssl/bio.h
+bss_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bss_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_null.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_null.c
+bss_sock.o: ../../e_os.h ../../include/openssl/bio.h
+bss_sock.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bss_sock.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_sock.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_sock.c
diff --git a/src/lib/libcrypto/bio/Makefile.ssl b/src/lib/libcrypto/bio/Makefile.ssl
new file mode 100644
index 0000000000..d0b9e297b0
--- /dev/null
+++ b/src/lib/libcrypto/bio/Makefile.ssl
@@ -0,0 +1,216 @@
+#
+# SSLeay/crypto/bio/Makefile
+#
+DIR=    bio
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= bio_lib.c bio_cb.c bio_err.c \
+        bss_mem.c bss_null.c bss_fd.c \
+        bss_file.c bss_sock.c bss_conn.c \
+        bf_null.c bf_buff.c b_print.c b_dump.c \
+        b_sock.c bss_acpt.c bf_nbio.c bss_log.c bss_bio.c
+#       bf_lbuf.c
+LIBOBJ= bio_lib.o bio_cb.o bio_err.o \
+        bss_mem.o bss_null.o bss_fd.o \
+        bss_file.o bss_sock.o bss_conn.o \
+        bf_null.o bf_buff.o b_print.o b_dump.o \
+        b_sock.o bss_acpt.o bf_nbio.o bss_log.o bss_bio.o
+#       bf_lbuf.o
+SRC= $(LIBSRC)
+EXHEADER= bio.h
+HEADER= bss_file.c $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER); \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+b_dump.o: ../../e_os.h ../../include/openssl/bio.h
+b_dump.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+b_dump.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+b_dump.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+b_dump.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+b_dump.o: ../cryptlib.h b_dump.c
+b_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+b_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+b_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+b_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+b_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+b_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+b_print.o: ../cryptlib.h b_print.c
+b_sock.o: ../../e_os.h ../../include/openssl/bio.h
+b_sock.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+b_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+b_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+b_sock.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+b_sock.o: ../cryptlib.h b_sock.c
+bf_buff.o: ../../e_os.h ../../include/openssl/bio.h
+bf_buff.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bf_buff.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bf_buff.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bf_buff.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bf_buff.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bf_buff.o: ../cryptlib.h bf_buff.c
+bf_nbio.o: ../../e_os.h ../../include/openssl/bio.h
+bf_nbio.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bf_nbio.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bf_nbio.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bf_nbio.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bf_nbio.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bf_nbio.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bf_nbio.o: ../cryptlib.h bf_nbio.c
+bf_null.o: ../../e_os.h ../../include/openssl/bio.h
+bf_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bf_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bf_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bf_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bf_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bf_null.o: ../cryptlib.h bf_null.c
+bio_cb.o: ../../e_os.h ../../include/openssl/bio.h
+bio_cb.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bio_cb.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_cb.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bio_cb.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bio_cb.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_cb.o: ../cryptlib.h bio_cb.c
+bio_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+bio_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bio_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bio_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_err.o: bio_err.c
+bio_lib.o: ../../e_os.h ../../include/openssl/bio.h
+bio_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bio_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bio_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bio_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_lib.o: ../cryptlib.h bio_lib.c
+bss_acpt.o: ../../e_os.h ../../include/openssl/bio.h
+bss_acpt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_acpt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_acpt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_acpt.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_acpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_acpt.o: ../cryptlib.h bss_acpt.c
+bss_bio.o: ../../e_os.h ../../include/openssl/bio.h
+bss_bio.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bss_bio.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bss_bio.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bss_bio.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_bio.o: ../../include/openssl/symhacks.h bss_bio.c
+bss_conn.o: ../../e_os.h ../../include/openssl/bio.h
+bss_conn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_conn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_conn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_conn.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_conn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_conn.o: ../cryptlib.h bss_conn.c
+bss_fd.o: ../../e_os.h ../../include/openssl/bio.h
+bss_fd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_fd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_fd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_fd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_fd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_fd.o: ../cryptlib.h bss_fd.c
+bss_file.o: ../../e_os.h ../../include/openssl/bio.h
+bss_file.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_file.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_file.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_file.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_file.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_file.o: ../cryptlib.h bss_file.c
+bss_log.o: ../../e_os.h ../../include/openssl/bio.h
+bss_log.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_log.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_log.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_log.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_log.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_log.o: ../cryptlib.h bss_log.c
+bss_mem.o: ../../e_os.h ../../include/openssl/bio.h
+bss_mem.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_mem.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_mem.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_mem.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_mem.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_mem.o: ../cryptlib.h bss_mem.c
+bss_null.o: ../../e_os.h ../../include/openssl/bio.h
+bss_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_null.o: ../cryptlib.h bss_null.c
+bss_sock.o: ../../e_os.h ../../include/openssl/bio.h
+bss_sock.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_sock.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_sock.o: ../cryptlib.h bss_sock.c
diff --git a/src/lib/libcrypto/bio/b_dump.c b/src/lib/libcrypto/bio/b_dump.c
index c80ecc4295..f671e722fa 100644
--- a/src/lib/libcrypto/bio/b_dump.c
+++ b/src/lib/libcrypto/bio/b_dump.c
@@ -62,32 +62,30 @@
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bio_lcl.h"
+#include <openssl/bio.h>
 #define TRUNCATE
 #define DUMP_WIDTH      16
 #define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4))
-int BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u),
+int BIO_dump(BIO *bio, const char *s, int len)
-        void *u, const char *s, int len)
        {
-        return BIO_dump_indent_cb(cb, u, s, len, 0);
+        return BIO_dump_indent(bio, s, len, 0);
        }
-int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u),
+int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
-        void *u, const char *s, int len, int indent)
        {
        int ret=0;
        char buf[288+1],tmp[20],str[128+1];
-        int i,j,rows,trc;
+        int i,j,rows,trunc;
        unsigned char ch;
        int dump_width;
+        
-        trc=0;
+        trunc=0;
+        
 #ifdef TRUNCATE
-        for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--)
+        for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--) 
-                trc++;
+                trunc++;
 #endif
        if (indent < 0)
@@ -98,7 +96,7 @@ int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u),
                memset(str,' ',indent);
                }
        str[indent]='\0';
+        
        dump_width=DUMP_WIDTH_LESS_INDENT(indent);
        rows=(len/dump_width);
        if ((rows*dump_width)<len)
@@ -119,7 +117,7 @@ int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u),
                                {
                                ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
                                BIO_snprintf(tmp,sizeof tmp,"%02x%c",ch,
-                                        j==7?'-':' ');
+                                         j==7?'-':' ');
                                BUF_strlcat(buf,tmp,sizeof buf);
                                }
                        }
@@ -131,57 +129,28 @@ int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u),
                        ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
 #ifndef CHARSET_EBCDIC
                        BIO_snprintf(tmp,sizeof tmp,"%c",
-                                ((ch>=' ')&&(ch<='~'))?ch:'.');
+                                 ((ch>=' ')&&(ch<='~'))?ch:'.');
 #else
                        BIO_snprintf(tmp,sizeof tmp,"%c",
-                                ((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
+                                 ((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
-                                ? os_toebcdic[ch]
+                                 ? os_toebcdic[ch]
-                                : '.');
+                                 : '.');
 #endif
                        BUF_strlcat(buf,tmp,sizeof buf);
                        }
                BUF_strlcat(buf,"\n",sizeof buf);
-                /* if this is the last call then update the ddt_dump thing so
+                /* if this is the last call then update the ddt_dump thing so that
-                 * that we will move the selection point in the debug window
+                 * we will move the selection point in the debug window 
                 */
-                ret+=cb((void *)buf,strlen(buf),u);
+                ret+=BIO_write(bio,(char *)buf,strlen(buf));
                }
 #ifdef TRUNCATE
-        if (trc > 0)
+        if (trunc > 0)
                {
                BIO_snprintf(buf,sizeof buf,"%s%04x - <SPACES/NULS>\n",str,
-                        len+trc);
+                         len+trunc);
-                ret+=cb((void *)buf,strlen(buf),u);
+                ret+=BIO_write(bio,(char *)buf,strlen(buf));
                }
 #endif
        return(ret);
        }
-#ifndef OPENSSL_NO_FP_API
-static int write_fp(const void *data, size_t len, void *fp)
-        {
-        return UP_fwrite(data, len, 1, fp);
-        }
-int BIO_dump_fp(FILE *fp, const char *s, int len)
-        {
-        return BIO_dump_cb(write_fp, fp, s, len);
-        }
-int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent)
-        {
-        return BIO_dump_indent_cb(write_fp, fp, s, len, indent);
-        }
-#endif
-static int write_bio(const void *data, size_t len, void *bp)
-        {
-        return BIO_write((BIO *)bp, (const char *)data, len);
-        }
-int BIO_dump(BIO *bp, const char *s, int len)
-        {
-        return BIO_dump_cb(write_bio, bp, s, len);
-        }
-int BIO_dump_indent(BIO *bp, const char *s, int len, int indent)
-        {
-        return BIO_dump_indent_cb(write_bio, bp, s, len, indent);
-        }
diff --git a/src/lib/libcrypto/bio/b_print.c b/src/lib/libcrypto/bio/b_print.c
index 3a87b0ec0b..f2bd91d5a0 100644
--- a/src/lib/libcrypto/bio/b_print.c
+++ b/src/lib/libcrypto/bio/b_print.c
@@ -79,7 +79,7 @@
 #include <openssl/bn.h>         /* To get BN_LLONG properly defined */
 #include <openssl/bio.h>
-#if defined(BN_LLONG) || defined(SIXTY_FOUR_BIT)
+#ifdef BN_LLONG
 # ifndef HAVE_LONG_LONG
 #  define HAVE_LONG_LONG 1
 # endif
@@ -117,7 +117,7 @@
 #if HAVE_LONG_LONG
 # if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__)
-# define LLONG __int64
+# define LLONG _int64
 # else
 # define LLONG long long
 # endif
@@ -482,7 +482,7 @@ fmtint(
    int flags)
 {
    int signvalue = 0;
-    const char *prefix = "";
+    char *prefix = "";
    unsigned LLONG uvalue;
    char convert[DECIMAL_SIZE(value)+3];
    int place = 0;
@@ -513,8 +513,8 @@ fmtint(
            (caps ? "0123456789ABCDEF" : "0123456789abcdef")
            [uvalue % (unsigned) base];
        uvalue = (uvalue / (unsigned) base);
-    } while (uvalue && (place < (int)sizeof(convert)));
+    } while (uvalue && (place < sizeof convert));
-    if (place == sizeof(convert))
+    if (place == sizeof convert)
        place--;
    convert[place] = 0;
@@ -619,7 +619,6 @@ fmtfp(
    int caps = 0;
    long intpart;
    long fracpart;
-    long max10;
    if (max < 0)
        max = 6;
@@ -640,12 +639,11 @@ fmtfp(
    /* we "cheat" by converting the fractional part to integer by
       multiplying by a factor of 10 */
-    max10 = roundv(pow_10(max));
+    fracpart = roundv((pow_10(max)) * (ufvalue - intpart));
-    fracpart = roundv(pow_10(max) * (ufvalue - intpart));
-    if (fracpart >= max10) {
+    if (fracpart >= (long)pow_10(max)) {
        intpart++;
-        fracpart -= max10;
+        fracpart -= (long)pow_10(max);
    }
    /* convert integer part */
@@ -654,7 +652,7 @@ fmtfp(
            (caps ? "0123456789ABCDEF"
              : "0123456789abcdef")[intpart % 10];
        intpart = (intpart / 10);
-    } while (intpart && (iplace < (int)sizeof(iconvert)));
+    } while (intpart && (iplace < sizeof iconvert));
    if (iplace == sizeof iconvert)
        iplace--;
    iconvert[iplace] = 0;
@@ -808,6 +806,7 @@ int BIO_vprintf (BIO *bio, const char *format, va_list args)
        }
 /* As snprintf is not available everywhere, we provide our own implementation.
+ * In case of overflow or error, this returns -1.
 * This function has nothing to do with BIOs, but it's closely related
 * to BIO_printf, and we need *some* name prefix ...
 * (XXX  the function should be renamed, but to what?) */
@@ -832,10 +831,10 @@ int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
        _dopr(&buf, NULL, &n, &retlen, &truncated, format, args);
        if (truncated)
-                /* In case of truncation, return -1 like traditional snprintf.
+                /* In case of truncation, return -1 unlike traditional snprintf.
                 * (Current drafts for ISO/IEC 9899 say snprintf should return
                 * the number of characters that would have been written,
-                 * had the buffer been large enough.) */
+                 * had the buffer been large enough, as it did historically.) */
                return -1;
        else
                return (retlen <= INT_MAX) ? (int)retlen : -1;
diff --git a/src/lib/libcrypto/bio/b_sock.c b/src/lib/libcrypto/bio/b_sock.c
index ead477d8a2..c851298d1e 100644
--- a/src/lib/libcrypto/bio/b_sock.c
+++ b/src/lib/libcrypto/bio/b_sock.c
@@ -56,21 +56,14 @@
 * [including the GNU Public Licence.]
 */
+#ifndef OPENSSL_NO_SOCK
 #include <stdio.h>
 #include <stdlib.h>
 #include <errno.h>
 #define USE_SOCKETS
 #include "cryptlib.h"
 #include <openssl/bio.h>
-#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK)
-#include <netdb.h>
-#if defined(NETWARE_CLIB)
-#include <sys/ioctl.h>
-NETDB_DEFINE_CONTEXT
-#endif
-#endif
-#ifndef OPENSSL_NO_SOCK
 #ifdef OPENSSL_SYS_WIN16
 #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
@@ -86,7 +79,7 @@ NETDB_DEFINE_CONTEXT
 #define MAX_LISTEN  32
 #endif
-#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
+#ifdef OPENSSL_SYS_WINDOWS
 static int wsa_init_done=0;
 #endif
@@ -182,11 +175,11 @@ int BIO_get_port(const char *str, unsigned short *port_ptr)
                /* Note: under VMS with SOCKETSHR, it seems like the first
                 * parameter is 'char *', instead of 'const char *'
                 */
+                s=getservbyname(
 #ifndef CONST_STRICT
-                s=getservbyname((char *)str,"tcp");
+                    (char *)
-#else
-                s=getservbyname(str,"tcp");
 #endif
+                    str,"tcp");
                if(s != NULL)
                        *port_ptr=ntohs((unsigned short)s->s_port);
                CRYPTO_w_unlock(CRYPTO_LOCK_GETSERVBYNAME);
@@ -364,11 +357,7 @@ struct hostent *BIO_gethostbyname(const char *name)
 #if 1
        /* Caching gethostbyname() results forever is wrong,
         * so we have to let the true gethostbyname() worry about this */
-#if (defined(NETWARE_BSDSOCK) && !defined(__NOVELL_LIBC__))
-        return gethostbyname((char*)name);
-#else
        return gethostbyname(name);
-#endif
 #else
        struct hostent *ret;
        int i,lowi=0,j;
@@ -408,11 +397,11 @@ struct hostent *BIO_gethostbyname(const char *name)
                /* Note: under VMS with SOCKETSHR, it seems like the first
                 * parameter is 'char *', instead of 'const char *'
                 */
+                ret=gethostbyname(
 #  ifndef CONST_STRICT
-                ret=gethostbyname((char *)name);
+                    (char *)
-#  else
-                ret=gethostbyname(name);
 #  endif
+                    name);
                if (ret == NULL)
                        goto end;
@@ -464,6 +453,9 @@ int BIO_sock_init(void)
                {
                int err;
          
+#ifdef SIGINT
+                signal(SIGINT,(void (*)(int))BIO_sock_cleanup);
+#endif
                wsa_init_done=1;
                memset(&wsa_state,0,sizeof(wsa_state));
                if (WSAStartup(0x0101,&wsa_state)!=0)
@@ -481,26 +473,6 @@ int BIO_sock_init(void)
        if (sock_init())
                return (-1);
 #endif
-#if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
-    WORD wVerReq;
-    WSADATA wsaData;
-    int err;
-    if (!wsa_init_done)
-    {
-        wsa_init_done=1;
-        wVerReq = MAKEWORD( 2, 0 );
-        err = WSAStartup(wVerReq,&wsaData);
-        if (err != 0)
-        {
-            SYSerr(SYS_F_WSASTARTUP,err);
-            BIOerr(BIO_F_BIO_SOCK_INIT,BIO_R_WSASTARTUP);
-            return(-1);
-                        }
-                }
-#endif
        return(1);
        }
@@ -511,16 +483,10 @@ void BIO_sock_cleanup(void)
                {
                wsa_init_done=0;
 #ifndef OPENSSL_SYS_WINCE
-                WSACancelBlockingCall();        /* Winsock 1.1 specific */
+                WSACancelBlockingCall();
 #endif
                WSACleanup();
                }
-#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
-   if (wsa_init_done)
-        {
-        wsa_init_done=0;
-        WSACleanup();
-                }
 #endif
        }
diff --git a/src/lib/libcrypto/bio/bf_nbio.c b/src/lib/libcrypto/bio/bf_nbio.c
index c72a23c2e1..1ce2bfacc0 100644
--- a/src/lib/libcrypto/bio/bf_nbio.c
+++ b/src/lib/libcrypto/bio/bf_nbio.c
@@ -127,7 +127,7 @@ static int nbiof_read(BIO *b, char *out, int outl)
        {
        NBIO_TEST *nt;
        int ret=0;
-#if 1
+#if 0
        int num;
        unsigned char n;
 #endif
@@ -137,7 +137,7 @@ static int nbiof_read(BIO *b, char *out, int outl)
        nt=(NBIO_TEST *)b->ptr;
        BIO_clear_retry_flags(b);
-#if 1
+#if 0
        RAND_pseudo_bytes(&n,1);
        num=(n&0x07);
diff --git a/src/lib/libcrypto/bio/bio.h b/src/lib/libcrypto/bio/bio.h
index cecb6a7207..2eb703830f 100644
--- a/src/lib/libcrypto/bio/bio.h
+++ b/src/lib/libcrypto/bio/bio.h
@@ -59,14 +59,13 @@
 #ifndef HEADER_BIO_H
 #define HEADER_BIO_H
-#include <openssl/e_os2.h>
 #ifndef OPENSSL_NO_FP_API
 # include <stdio.h>
 #endif
 #include <stdarg.h>
 #include <openssl/crypto.h>
+#include <openssl/e_os2.h>
 #ifdef  __cplusplus
 extern "C" {
@@ -94,8 +93,6 @@ extern "C" {
 #define BIO_TYPE_BER            (18|0x0200)             /* BER -> bin filter */
 #define BIO_TYPE_BIO            (19|0x0400)             /* (half a) BIO pair */
 #define BIO_TYPE_LINEBUFFER     (20|0x0200)             /* filter */
-#define BIO_TYPE_DGRAM          (21|0x0400|0x0100)
-#define BIO_TYPE_COMP           (23|0x0200)             /* filter */
 #define BIO_TYPE_DESCRIPTOR     0x0100  /* socket, fd, connect or accept */
 #define BIO_TYPE_FILTER         0x0200
@@ -127,38 +124,6 @@ extern "C" {
 #define BIO_CTRL_SET_FILENAME   30      /* BIO_s_file special */
-/* dgram BIO stuff */
-#define BIO_CTRL_DGRAM_CONNECT       31  /* BIO dgram special */
-#define BIO_CTRL_DGRAM_SET_CONNECTED 32  /* allow for an externally
-                                          * connected socket to be
-                                          * passed in */ 
-#define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33 /* setsockopt, essentially */
-#define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34 /* getsockopt, essentially */
-#define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35 /* setsockopt, essentially */
-#define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36 /* getsockopt, essentially */
-#define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37 /* flag whether the last */
-#define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38 /* I/O operation tiemd out */
-                                        
-/* #ifdef IP_MTU_DISCOVER */
-#define BIO_CTRL_DGRAM_MTU_DISCOVER       39 /* set DF bit on egress packets */
-/* #endif */
-#define BIO_CTRL_DGRAM_QUERY_MTU          40 /* as kernel for current MTU */
-#define BIO_CTRL_DGRAM_GET_MTU            41 /* get cached value for MTU */
-#define BIO_CTRL_DGRAM_SET_MTU            42 /* set cached value for
-                                              * MTU. want to use this
-                                              * if asking the kernel
-                                              * fails */
-#define BIO_CTRL_DGRAM_MTU_EXCEEDED       43 /* check whether the MTU
-                                              * was exceed in the
-                                              * previous write
-                                              * operation */
-#define BIO_CTRL_DGRAM_SET_PEER           44 /* Destination for the data */
 /* modifiers */
 #define BIO_FP_READ             0x02
 #define BIO_FP_WRITE            0x04
@@ -170,11 +135,6 @@ extern "C" {
 #define BIO_FLAGS_IO_SPECIAL    0x04
 #define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
 #define BIO_FLAGS_SHOULD_RETRY  0x08
-#ifndef BIO_FLAGS_UPLINK
-/* "UPLINK" flag denotes file descriptors provided by application.
-   It defaults to 0, as most platforms don't require UPLINK interface. */
-#define BIO_FLAGS_UPLINK        0
-#endif
 /* Used in BIO_gethostbyname() */
 #define BIO_GHBN_CTRL_HITS              1
@@ -197,32 +157,28 @@ extern "C" {
 */
 #define BIO_FLAGS_MEM_RDONLY    0x200
-typedef struct bio_st BIO;
+#define BIO_set_flags(b,f) ((b)->flags|=(f))
+#define BIO_get_flags(b) ((b)->flags)
-void BIO_set_flags(BIO *b, int flags);
-int  BIO_test_flags(const BIO *b, int flags);
-void BIO_clear_flags(BIO *b, int flags);
-#define BIO_get_flags(b) BIO_test_flags(b, ~(0x0))
 #define BIO_set_retry_special(b) \
-                BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY))
+                ((b)->flags|=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY))
 #define BIO_set_retry_read(b) \
-                BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY))
+                ((b)->flags|=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY))
 #define BIO_set_retry_write(b) \
-                BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY))
+                ((b)->flags|=(BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY))
 /* These are normally used internally in BIOs */
+#define BIO_clear_flags(b,f) ((b)->flags&= ~(f))
 #define BIO_clear_retry_flags(b) \
-                BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
+                ((b)->flags&= ~(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
 #define BIO_get_retry_flags(b) \
-                BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
+                ((b)->flags&(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
 /* These should be used by the application to tell why we should retry */
-#define BIO_should_read(a)              BIO_test_flags(a, BIO_FLAGS_READ)
+#define BIO_should_read(a)              ((a)->flags & BIO_FLAGS_READ)
-#define BIO_should_write(a)             BIO_test_flags(a, BIO_FLAGS_WRITE)
+#define BIO_should_write(a)             ((a)->flags & BIO_FLAGS_WRITE)
-#define BIO_should_io_special(a)        BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL)
+#define BIO_should_io_special(a)        ((a)->flags & BIO_FLAGS_IO_SPECIAL)
-#define BIO_retry_type(a)               BIO_test_flags(a, BIO_FLAGS_RWS)
+#define BIO_retry_type(a)               ((a)->flags & BIO_FLAGS_RWS)
-#define BIO_should_retry(a)             BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY)
+#define BIO_should_retry(a)             ((a)->flags & BIO_FLAGS_SHOULD_RETRY)
 /* The next three are used in conjunction with the
 * BIO_should_io_special() condition.  After this returns true,
@@ -251,14 +207,14 @@ void BIO_clear_flags(BIO *b, int flags);
 #define BIO_cb_pre(a)   (!((a)&BIO_CB_RETURN))
 #define BIO_cb_post(a)  ((a)&BIO_CB_RETURN)
-long (*BIO_get_callback(const BIO *b)) (struct bio_st *,int,const char *,int, long,long);
+#define BIO_set_callback(b,cb)          ((b)->callback=(cb))
-void BIO_set_callback(BIO *b, 
+#define BIO_set_callback_arg(b,arg)     ((b)->cb_arg=(char *)(arg))
-        long (*callback)(struct bio_st *,int,const char *,int, long,long));
+#define BIO_get_callback_arg(b)         ((b)->cb_arg)
-char *BIO_get_callback_arg(const BIO *b);
+#define BIO_get_callback(b)             ((b)->callback)
-void BIO_set_callback_arg(BIO *b, char *arg);
+#define BIO_method_name(b)              ((b)->method->name)
+#define BIO_method_type(b)              ((b)->method->type)
-const char * BIO_method_name(const BIO *b);
+typedef struct bio_st BIO;
-int BIO_method_type(const BIO *b);
 typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long);
@@ -532,18 +488,6 @@ size_t BIO_ctrl_get_write_guarantee(BIO *b);
 size_t BIO_ctrl_get_read_request(BIO *b);
 int BIO_ctrl_reset_read_request(BIO *b);
-/* ctrl macros for dgram */
-#define BIO_ctrl_dgram_connect(b,peer)  \
-                     (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)peer)
-#define BIO_ctrl_set_connected(b, state, peer) \
-         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, state, (char *)peer)
-#define BIO_dgram_recv_timedout(b) \
-         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL)
-#define BIO_dgram_send_timedout(b) \
-         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL)
-#define BIO_dgram_set_peer(b,peer) \
-         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer)
 /* These two aren't currently implemented */
 /* int BIO_get_ex_num(BIO *bio); */
 /* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */
@@ -623,28 +567,15 @@ BIO_METHOD *BIO_f_buffer(void);
 BIO_METHOD *BIO_f_linebuffer(void);
 #endif
 BIO_METHOD *BIO_f_nbio_test(void);
-#ifndef OPENSSL_NO_DGRAM
-BIO_METHOD *BIO_s_datagram(void);
-#endif
 /* BIO_METHOD *BIO_f_ber(void); */
 int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
-int BIO_dgram_non_fatal_error(int error);
 int BIO_fd_should_retry(int i);
 int BIO_fd_non_fatal_error(int error);
-int BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u),
-                void *u, const char *s, int len);
-int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u),
-                       void *u, const char *s, int len, int indent);
 int BIO_dump(BIO *b,const char *bytes,int len);
 int BIO_dump_indent(BIO *b,const char *bytes,int len,int indent);
-#ifndef OPENSSL_NO_FP_API
-int BIO_dump_fp(FILE *fp, const char *s, int len);
-int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent);
-#endif
 struct hostent *BIO_gethostbyname(const char *name);
 /* We might want a thread-safe interface too:
 * struct hostent *BIO_gethostbyname_r(const char *name,
@@ -666,7 +597,6 @@ void BIO_sock_cleanup(void);
 int BIO_set_tcp_ndelay(int sock,int turn_on);
 BIO *BIO_new_socket(int sock, int close_flag);
-BIO *BIO_new_dgram(int fd, int close_flag);
 BIO *BIO_new_fd(int fd, int close_flag);
 BIO *BIO_new_connect(char *host_port);
 BIO *BIO_new_accept(char *host_port);
@@ -682,20 +612,10 @@ void BIO_copy_next_retry(BIO *b);
 /*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/
-#ifdef __GNUC__
+int BIO_printf(BIO *bio, const char *format, ...);
-#  define __bio_h__attr__ __attribute__
+int BIO_vprintf(BIO *bio, const char *format, va_list args);
-#else
+int BIO_snprintf(char *buf, size_t n, const char *format, ...);
-#  define __bio_h__attr__(x)
+int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args);
-#endif
-int BIO_printf(BIO *bio, const char *format, ...)
-        __bio_h__attr__((__format__(__printf__,2,3)));
-int BIO_vprintf(BIO *bio, const char *format, va_list args)
-        __bio_h__attr__((__format__(__printf__,2,0)));
-int BIO_snprintf(char *buf, size_t n, const char *format, ...)
-        __bio_h__attr__((__format__(__printf__,3,4)));
-int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
-        __bio_h__attr__((__format__(__printf__,3,0)));
-#undef __bio_h__attr__
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -709,7 +629,6 @@ void ERR_load_BIO_strings(void);
 #define BIO_F_ACPT_STATE                                 100
 #define BIO_F_BIO_ACCEPT                                 101
 #define BIO_F_BIO_BER_GET_HEADER                         102
-#define BIO_F_BIO_CALLBACK_CTRL                          131
 #define BIO_F_BIO_CTRL                                   103
 #define BIO_F_BIO_GETHOSTBYNAME                          120
 #define BIO_F_BIO_GETS                                   104
diff --git a/src/lib/libcrypto/bio/bio_err.c b/src/lib/libcrypto/bio/bio_err.c
index 6603f1c74d..8859a58ae4 100644
--- a/src/lib/libcrypto/bio/bio_err.c
+++ b/src/lib/libcrypto/bio/bio_err.c
@@ -73,7 +73,6 @@ static ERR_STRING_DATA BIO_str_functs[]=
 {ERR_FUNC(BIO_F_ACPT_STATE),    "ACPT_STATE"},
 {ERR_FUNC(BIO_F_BIO_ACCEPT),    "BIO_accept"},
 {ERR_FUNC(BIO_F_BIO_BER_GET_HEADER),    "BIO_BER_GET_HEADER"},
-{ERR_FUNC(BIO_F_BIO_CALLBACK_CTRL),     "BIO_callback_ctrl"},
 {ERR_FUNC(BIO_F_BIO_CTRL),      "BIO_ctrl"},
 {ERR_FUNC(BIO_F_BIO_GETHOSTBYNAME),     "BIO_gethostbyname"},
 {ERR_FUNC(BIO_F_BIO_GETS),      "BIO_gets"},
@@ -143,12 +142,15 @@ static ERR_STRING_DATA BIO_str_reasons[]=
 void ERR_load_BIO_strings(void)
        {
-#ifndef OPENSSL_NO_ERR
+        static int init=1;
-        if (ERR_func_error_string(BIO_str_functs[0].error) == NULL)
+        if (init)
                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
                ERR_load_strings(0,BIO_str_functs);
                ERR_load_strings(0,BIO_str_reasons);
-                }
 #endif
+                }
        }
diff --git a/src/lib/libcrypto/bio/bio_lcl.h b/src/lib/libcrypto/bio/bio_lcl.h
new file mode 100644
index 0000000000..dba2919d43
--- /dev/null
+++ b/src/lib/libcrypto/bio/bio_lcl.h
@@ -0,0 +1,28 @@
+#include <openssl/bio.h>
+#if BIO_FLAGS_UPLINK==0
+/* Shortcut UPLINK calls on most platforms... */
+#define UP_stdin        stdin
+#define UP_stdout       stdout
+#define UP_stderr       stderr
+#define UP_fprintf      fprintf
+#define UP_fgets        fgets
+#define UP_fread        fread
+#define UP_fwrite       fwrite
+#undef  UP_fsetmod
+#define UP_feof         feof
+#define UP_fclose       fclose
+#define UP_fopen        fopen
+#define UP_fseek        fseek
+#define UP_ftell        ftell
+#define UP_fflush       fflush
+#define UP_ferror       ferror
+#define UP_fileno       fileno
+#define UP_open         open
+#define UP_read         read
+#define UP_write        write
+#define UP_lseek        lseek
+#define UP_close        close
+#endif
diff --git a/src/lib/libcrypto/bio/bio_lib.c b/src/lib/libcrypto/bio/bio_lib.c
index 3f52ae953c..692c8fb5c6 100644
--- a/src/lib/libcrypto/bio/bio_lib.c
+++ b/src/lib/libcrypto/bio/bio_lib.c
@@ -141,56 +141,10 @@ int BIO_free(BIO *a)
 void BIO_vfree(BIO *a)
    { BIO_free(a); }
-void BIO_clear_flags(BIO *b, int flags)
-        {
-        b->flags &= ~flags;
-        }
-int     BIO_test_flags(const BIO *b, int flags)
-        {
-        return (b->flags & flags);
-        }
-void    BIO_set_flags(BIO *b, int flags)
-        {
-        b->flags |= flags;
-        }
-long (*BIO_get_callback(const BIO *b))(struct bio_st *,int,const char *,int, long,long)
-        {
-        return b->callback;
-        }
-void BIO_set_callback(BIO *b, long (*cb)(struct bio_st *,int,const char *,int, long,long))
-        {
-        b->callback = cb;
-        }
-void BIO_set_callback_arg(BIO *b, char *arg)
-        {
-        b->cb_arg = arg;
-        }
-char * BIO_get_callback_arg(const BIO *b)
-        {
-        return b->cb_arg;
-        }
-const char * BIO_method_name(const BIO *b)
-        {
-        return b->method->name;
-        }
-int BIO_method_type(const BIO *b)
-        {
-        return b->method->type;
-        }
 int BIO_read(BIO *b, void *out, int outl)
        {
        int i;
-        long (*cb)(BIO *,int,const char *,int,long,long);
+        long (*cb)();
        if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL))
                {
@@ -222,7 +176,7 @@ int BIO_read(BIO *b, void *out, int outl)
 int BIO_write(BIO *b, const void *in, int inl)
        {
        int i;
-        long (*cb)(BIO *,int,const char *,int,long,long);
+        long (*cb)();
        if (b == NULL)
                return(0);
@@ -257,7 +211,7 @@ int BIO_write(BIO *b, const void *in, int inl)
 int BIO_puts(BIO *b, const char *in)
        {
        int i;
-        long (*cb)(BIO *,int,const char *,int,long,long);
+        long (*cb)();
        if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL))
                {
@@ -290,7 +244,7 @@ int BIO_puts(BIO *b, const char *in)
 int BIO_gets(BIO *b, char *in, int inl)
        {
        int i;
-        long (*cb)(BIO *,int,const char *,int,long,long);
+        long (*cb)();
        if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL))
                {
@@ -351,7 +305,7 @@ char *BIO_ptr_ctrl(BIO *b, int cmd, long larg)
 long BIO_ctrl(BIO *b, int cmd, long larg, void *parg)
        {
        long ret;
-        long (*cb)(BIO *,int,const char *,int,long,long);
+        long (*cb)();
        if (b == NULL) return(0);
@@ -378,13 +332,13 @@ long BIO_ctrl(BIO *b, int cmd, long larg, void *parg)
 long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long))
        {
        long ret;
-        long (*cb)(BIO *,int,const char *,int,long,long);
+        long (*cb)();
        if (b == NULL) return(0);
        if ((b->method == NULL) || (b->method->callback_ctrl == NULL))
                {
-                BIOerr(BIO_F_BIO_CALLBACK_CTRL,BIO_R_UNSUPPORTED_METHOD);
+                BIOerr(BIO_F_BIO_CTRL,BIO_R_UNSUPPORTED_METHOD);
                return(-2);
                }
diff --git a/src/lib/libcrypto/bio/bss_acpt.c b/src/lib/libcrypto/bio/bss_acpt.c
index d090b7272f..8ea1db158b 100644
--- a/src/lib/libcrypto/bio/bss_acpt.c
+++ b/src/lib/libcrypto/bio/bss_acpt.c
@@ -56,14 +56,14 @@
 * [including the GNU Public Licence.]
 */
+#ifndef OPENSSL_NO_SOCK
 #include <stdio.h>
 #include <errno.h>
 #define USE_SOCKETS
 #include "cryptlib.h"
 #include <openssl/bio.h>
-#ifndef OPENSSL_NO_SOCK
 #ifdef OPENSSL_SYS_WIN16
 #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
 #else
diff --git a/src/lib/libcrypto/bio/bss_conn.c b/src/lib/libcrypto/bio/bss_conn.c
index c14727855b..216780ed5e 100644
--- a/src/lib/libcrypto/bio/bss_conn.c
+++ b/src/lib/libcrypto/bio/bss_conn.c
@@ -56,14 +56,14 @@
 * [including the GNU Public Licence.]
 */
+#ifndef OPENSSL_NO_SOCK
 #include <stdio.h>
 #include <errno.h>
 #define USE_SOCKETS
 #include "cryptlib.h"
 #include <openssl/bio.h>
-#ifndef OPENSSL_NO_SOCK
 #ifdef OPENSSL_SYS_WIN16
 #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
 #else
@@ -130,7 +130,7 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
        int ret= -1,i;
        unsigned long l;
        char *p,*q;
-        int (*cb)(const BIO *,int,int)=NULL;
+        int (*cb)()=NULL;
        if (c->info_callback != NULL)
                cb=c->info_callback;
@@ -590,9 +590,9 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
                break;
        case BIO_CTRL_GET_CALLBACK:
                {
-                int (**fptr)(const BIO *bio,int state,int xret);
+                int (**fptr)();
-                fptr=(int (**)(const BIO *bio,int state,int xret))ptr;
+                fptr=(int (**)())ptr;
                *fptr=data->info_callback;
                }
                break;
diff --git a/src/lib/libcrypto/bio/bss_fd.c b/src/lib/libcrypto/bio/bss_fd.c
index 4c229bf641..5e3e187de6 100644
--- a/src/lib/libcrypto/bio/bss_fd.c
+++ b/src/lib/libcrypto/bio/bss_fd.c
@@ -60,19 +60,7 @@
 #include <errno.h>
 #define USE_SOCKETS
 #include "cryptlib.h"
-/*
+#include <openssl/bio.h>
- * As for unconditional usage of "UPLINK" interface in this module.
- * Trouble is that unlike Unix file descriptors [which are indexes
- * in kernel-side per-process table], corresponding descriptors on
- * platforms which require "UPLINK" interface seem to be indexes
- * in a user-land, non-global table. Well, in fact they are indexes
- * in stdio _iob[], and recall that _iob[] was the very reason why
- * "UPLINK" interface was introduced in first place. But one way on
- * another. Neither libcrypto or libssl use this BIO meaning that
- * file descriptors can only be provided by application. Therefore
- * "UPLINK" calls are due...
- */
-#include "bio_lcl.h"
 static int fd_write(BIO *h, const char *buf, int num);
 static int fd_read(BIO *h, char *buf, int size);
@@ -112,9 +100,9 @@ BIO *BIO_new_fd(int fd,int close_flag)
 static int fd_new(BIO *bi)
        {
        bi->init=0;
-        bi->num=-1;
+        bi->num=0;
        bi->ptr=NULL;
-        bi->flags=BIO_FLAGS_UPLINK; /* essentially redundant */
+        bi->flags=0;
        return(1);
        }
@@ -125,10 +113,10 @@ static int fd_free(BIO *a)
                {
                if (a->init)
                        {
-                        UP_close(a->num);
+                        close(a->num);
                        }
                a->init=0;
-                a->flags=BIO_FLAGS_UPLINK;
+                a->flags=0;
                }
        return(1);
        }
@@ -140,7 +128,7 @@ static int fd_read(BIO *b, char *out,int outl)
        if (out != NULL)
                {
                clear_sys_error();
-                ret=UP_read(b->num,out,outl);
+                ret=read(b->num,out,outl);
                BIO_clear_retry_flags(b);
                if (ret <= 0)
                        {
@@ -155,7 +143,7 @@ static int fd_write(BIO *b, const char *in, int inl)
        {
        int ret;
        clear_sys_error();
-        ret=UP_write(b->num,in,inl);
+        ret=write(b->num,in,inl);
        BIO_clear_retry_flags(b);
        if (ret <= 0)
                {
@@ -175,11 +163,11 @@ static long fd_ctrl(BIO *b, int cmd, long num, void *ptr)
        case BIO_CTRL_RESET:
                num=0;
        case BIO_C_FILE_SEEK:
-                ret=(long)UP_lseek(b->num,num,0);
+                ret=(long)lseek(b->num,num,0);
                break;
        case BIO_C_FILE_TELL:
        case BIO_CTRL_INFO:
-                ret=(long)UP_lseek(b->num,0,1);
+                ret=(long)lseek(b->num,0,1);
                break;
        case BIO_C_SET_FD:
                fd_free(b);
diff --git a/src/lib/libcrypto/bio/bss_file.c b/src/lib/libcrypto/bio/bss_file.c
index 4df9927c43..58fade9f29 100644
--- a/src/lib/libcrypto/bio/bss_file.c
+++ b/src/lib/libcrypto/bio/bss_file.c
@@ -65,34 +65,12 @@
 #ifndef HEADER_BSS_FILE_C
 #define HEADER_BSS_FILE_C
-#if defined(__linux) || defined(__sun) || defined(__hpux)
-/* Following definition aliases fopen to fopen64 on above mentioned
- * platforms. This makes it possible to open and sequentially access
- * files larger than 2GB from 32-bit application. It does not allow to
- * traverse them beyond 2GB with fseek/ftell, but on the other hand *no*
- * 32-bit platform permits that, not with fseek/ftell. Not to mention
- * that breaking 2GB limit for seeking would require surgery to *our*
- * API. But sequential access suffices for practical cases when you
- * can run into large files, such as fingerprinting, so we can let API
- * alone. For reference, the list of 32-bit platforms which allow for
- * sequential access of large files without extra "magic" comprise *BSD,
- * Darwin, IRIX...
- */
-#ifndef _FILE_OFFSET_BITS
-#define _FILE_OFFSET_BITS 64
-#endif
-#endif
 #include <stdio.h>
 #include <errno.h>
 #include "cryptlib.h"
-#include "bio_lcl.h"
+#include <openssl/bio.h>
 #include <openssl/err.h>
-#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
-#include <nwfileio.h>
-#endif
 #if !defined(OPENSSL_NO_STDIO)
 static int MS_CALLBACK file_write(BIO *h, const char *buf, int num);
@@ -132,12 +110,8 @@ BIO *BIO_new_file(const char *filename, const char *mode)
                return(NULL);
                }
        if ((ret=BIO_new(BIO_s_file_internal())) == NULL)
-                {
-                fclose(file);
                return(NULL);
-                }
-        BIO_clear_flags(ret,BIO_FLAGS_UPLINK); /* we did fopen -> we disengage UPLINK */
        BIO_set_fp(ret,file,BIO_CLOSE);
        return(ret);
        }
@@ -149,7 +123,6 @@ BIO *BIO_new_fp(FILE *stream, int close_flag)
        if ((ret=BIO_new(BIO_s_file())) == NULL)
                return(NULL);
-        BIO_set_flags(ret,BIO_FLAGS_UPLINK); /* redundant, left for documentation puposes */
        BIO_set_fp(ret,stream,close_flag);
        return(ret);
        }
@@ -164,7 +137,6 @@ static int MS_CALLBACK file_new(BIO *bi)
        bi->init=0;
        bi->num=0;
        bi->ptr=NULL;
-        bi->flags=BIO_FLAGS_UPLINK; /* default to UPLINK */
        return(1);
        }
@@ -175,12 +147,8 @@ static int MS_CALLBACK file_free(BIO *a)
                {
                if ((a->init) && (a->ptr != NULL))
                        {
-                        if (a->flags&BIO_FLAGS_UPLINK)
+                        fclose((FILE *)a->ptr);
-                                UP_fclose (a->ptr);
-                        else
-                                fclose (a->ptr);
                        a->ptr=NULL;
-                        a->flags=BIO_FLAGS_UPLINK;
                        }
                a->init=0;
                }
@@ -193,11 +161,8 @@ static int MS_CALLBACK file_read(BIO *b, char *out, int outl)
        if (b->init && (out != NULL))
                {
-                if (b->flags&BIO_FLAGS_UPLINK)
+                ret=fread(out,1,(int)outl,(FILE *)b->ptr);
-                        ret=UP_fread(out,1,(int)outl,b->ptr);
+                if(ret == 0 && ferror((FILE *)b->ptr))
-                else
-                        ret=fread(out,1,(int)outl,(FILE *)b->ptr);
-                if(ret == 0 && (b->flags&BIO_FLAGS_UPLINK)?UP_ferror((FILE *)b->ptr):ferror((FILE *)b->ptr))
                        {
                        SYSerr(SYS_F_FREAD,get_last_sys_error());
                        BIOerr(BIO_F_FILE_READ,ERR_R_SYS_LIB);
@@ -213,11 +178,7 @@ static int MS_CALLBACK file_write(BIO *b, const char *in, int inl)
        if (b->init && (in != NULL))
                {
-                if (b->flags&BIO_FLAGS_UPLINK)
+                if (fwrite(in,(int)inl,1,(FILE *)b->ptr))
-                        ret=UP_fwrite(in,(int)inl,1,b->ptr);
-                else
-                        ret=fwrite(in,(int)inl,1,(FILE *)b->ptr);
-                if (ret)
                        ret=inl;
                /* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */
                /* according to Tim Hudson <tjh@cryptsoft.com>, the commented
@@ -238,45 +199,20 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
                {
        case BIO_C_FILE_SEEK:
        case BIO_CTRL_RESET:
-                if (b->flags&BIO_FLAGS_UPLINK)
+                ret=(long)fseek(fp,num,SEEK_SET);
-                        ret=(long)UP_fseek(b->ptr,num,0);
-                else
-                        ret=(long)fseek(fp,num,0);
                break;
        case BIO_CTRL_EOF:
-                if (b->flags&BIO_FLAGS_UPLINK)
+                ret=(long)feof(fp);
-                        ret=(long)UP_feof(fp);
-                else
-                        ret=(long)feof(fp);
                break;
        case BIO_C_FILE_TELL:
        case BIO_CTRL_INFO:
-                if (b->flags&BIO_FLAGS_UPLINK)
+                ret=ftell(fp);
-                        ret=UP_ftell(b->ptr);
-                else
-                        ret=ftell(fp);
                break;
        case BIO_C_SET_FILE_PTR:
                file_free(b);
                b->shutdown=(int)num&BIO_CLOSE;
-                b->ptr=ptr;
+                b->ptr=(char *)ptr;
                b->init=1;
-#if BIO_FLAGS_UPLINK!=0
-#if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES)
-#define _IOB_ENTRIES 20
-#endif
-#if defined(_IOB_ENTRIES)
-                /* Safety net to catch purely internal BIO_set_fp calls */
-                if ((size_t)ptr >= (size_t)stdin &&
-                    (size_t)ptr <  (size_t)(stdin+_IOB_ENTRIES))
-                        BIO_clear_flags(b,BIO_FLAGS_UPLINK);
-#endif
-#endif
-#ifdef UP_fsetmode
-                if (b->flags&BIO_FLAGS_UPLINK)
-                        UP_fsetmode(b->ptr,num&BIO_FP_TEXT?'t':'b');
-                else
-#endif
                {
 #if defined(OPENSSL_SYS_WINDOWS)
                int fd = fileno((FILE*)ptr);
@@ -284,14 +220,6 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
                        _setmode(fd,_O_TEXT);
                else
                        _setmode(fd,_O_BINARY);
-#elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
-                int fd = fileno((FILE*)ptr);
-         /* Under CLib there are differences in file modes
-         */
-                if (num & BIO_FP_TEXT)
-                        setmode(fd,O_TEXT);
-                else
-                        setmode(fd,O_BINARY);
 #elif defined(OPENSSL_SYS_MSDOS)
                int fd = fileno((FILE*)ptr);
                /* Set correct text/binary mode */
@@ -344,12 +272,6 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
                else
                        strcat(p,"t");
 #endif
-#if defined(OPENSSL_SYS_NETWARE)
-                if (!(num & BIO_FP_TEXT))
-                        strcat(p,"b");
-                else
-                        strcat(p,"t");
-#endif
                fp=fopen(ptr,p);
                if (fp == NULL)
                        {
@@ -359,9 +281,8 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
                        ret=0;
                        break;
                        }
-                b->ptr=fp;
+                b->ptr=(char *)fp;
                b->init=1;
-                BIO_clear_flags(b,BIO_FLAGS_UPLINK); /* we did fopen -> we disengage UPLINK */
                break;
        case BIO_C_GET_FILE_PTR:
                /* the ptr parameter is actually a FILE ** in this case. */
@@ -378,10 +299,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
                b->shutdown=(int)num;
                break;
        case BIO_CTRL_FLUSH:
-                if (b->flags&BIO_FLAGS_UPLINK)
+                fflush((FILE *)b->ptr);
-                        UP_fflush(b->ptr);
-                else
-                        fflush((FILE *)b->ptr);
                break;
        case BIO_CTRL_DUP:
                ret=1;
@@ -403,10 +321,7 @@ static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size)
        int ret=0;
        buf[0]='\0';
-        if (bp->flags&BIO_FLAGS_UPLINK)
+        fgets(buf,size,(FILE *)bp->ptr);
-                UP_fgets(buf,size,bp->ptr);
-        else
-                fgets(buf,size,(FILE *)bp->ptr);
        if (buf[0] != '\0')
                ret=strlen(buf);
        return(ret);
diff --git a/src/lib/libcrypto/bio/bss_log.c b/src/lib/libcrypto/bio/bss_log.c
index 6360dbc820..1eb678cac0 100644
--- a/src/lib/libcrypto/bio/bss_log.c
+++ b/src/lib/libcrypto/bio/bss_log.c
@@ -78,8 +78,6 @@
 #  include <starlet.h>
 #elif defined(__ultrix)
 #  include <sys/syslog.h>
-#elif defined(OPENSSL_SYS_NETWARE)
-#  define NO_SYSLOG
 #elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG)
 #  include <syslog.h>
 #endif
diff --git a/src/lib/libcrypto/bio/bss_rtcp.c b/src/lib/libcrypto/bio/bss_rtcp.c
new file mode 100644
index 0000000000..7dae485564
--- /dev/null
+++ b/src/lib/libcrypto/bio/bss_rtcp.c
@@ -0,0 +1,294 @@
+/* crypto/bio/bss_rtcp.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* Written by David L. Jones <jonesd@kcgl1.eng.ohio-state.edu>
+ * Date:   22-JUL-1996
+ * Revised: 25-SEP-1997         Update for 0.8.1, BIO_CTRL_SET -> BIO_C_SET_FD
+ */
+/* VMS */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+#include <iodef.h>              /* VMS IO$_ definitions */
+#include <starlet.h>
+typedef unsigned short io_channel;
+/*************************************************************************/
+struct io_status { short status, count; long flags; };
+struct rpc_msg {                /* Should have member alignment inhibited */
+   char channel;                /* 'A'-app data. 'R'-remote client 'G'-global */
+   char function;               /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */
+   unsigned short int length;   /* Amount of data returned or max to return */
+   char data[4092];             /* variable data */
+};
+#define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092)
+struct rpc_ctx {
+    int filled, pos;
+    struct rpc_msg msg;
+};
+static int rtcp_write(BIO *h,const char *buf,int num);
+static int rtcp_read(BIO *h,char *buf,int size);
+static int rtcp_puts(BIO *h,const char *str);
+static int rtcp_gets(BIO *h,char *str,int size);
+static long rtcp_ctrl(BIO *h,int cmd,long arg1,void *arg2);
+static int rtcp_new(BIO *h);
+static int rtcp_free(BIO *data);
+static BIO_METHOD rtcp_method=
+        {
+        BIO_TYPE_FD,
+        "RTCP",
+        rtcp_write,
+        rtcp_read,
+        rtcp_puts,
+        rtcp_gets,
+        rtcp_ctrl,
+        rtcp_new,
+        rtcp_free,
+        NULL,
+        };
+BIO_METHOD *BIO_s_rtcp(void)
+        {
+        return(&rtcp_method);
+        }
+/*****************************************************************************/
+/* Decnet I/O routines.
+ */
+#ifdef __DECC
+#pragma message save
+#pragma message disable DOLLARID
+#endif
+static int get ( io_channel chan, char *buffer, int maxlen, int *length )
+{
+    int status;
+    struct io_status iosb;
+    status = sys$qiow ( 0, chan, IO$_READVBLK, &iosb, 0, 0,
+        buffer, maxlen, 0, 0, 0, 0 );
+    if ( (status&1) == 1 ) status = iosb.status;
+    if ( (status&1) == 1 ) *length = iosb.count;
+    return status;
+}
+static int put ( io_channel chan, char *buffer, int length )
+{
+    int status;
+    struct io_status iosb;
+    status = sys$qiow ( 0, chan, IO$_WRITEVBLK, &iosb, 0, 0,
+        buffer, length, 0, 0, 0, 0 );
+    if ( (status&1) == 1 ) status = iosb.status;
+    return status;
+}
+#ifdef __DECC
+#pragma message restore
+#endif
+/***************************************************************************/
+static int rtcp_new(BIO *bi)
+{
+    struct rpc_ctx *ctx;
+        bi->init=1;
+        bi->num=0;
+        bi->flags = 0;
+        bi->ptr=OPENSSL_malloc(sizeof(struct rpc_ctx));
+        ctx = (struct rpc_ctx *) bi->ptr;
+        ctx->filled = 0;
+        ctx->pos = 0;
+        return(1);
+}
+static int rtcp_free(BIO *a)
+{
+        if (a == NULL) return(0);
+        if ( a->ptr ) OPENSSL_free ( a->ptr );
+        a->ptr = NULL;
+        return(1);
+}
+        
+static int rtcp_read(BIO *b, char *out, int outl)
+{
+    int status, length;
+    struct rpc_ctx *ctx;
+    /*
+     * read data, return existing.
+     */
+    ctx = (struct rpc_ctx *) b->ptr;
+    if ( ctx->pos < ctx->filled ) {
+        length = ctx->filled - ctx->pos;
+        if ( length > outl ) length = outl;
+        memmove ( out, &ctx->msg.data[ctx->pos], length );
+        ctx->pos += length;
+        return length;
+    }
+    /*
+     * Requst more data from R channel.
+     */
+    ctx->msg.channel = 'R';
+    ctx->msg.function = 'G';
+    ctx->msg.length = sizeof(ctx->msg.data);
+    status = put ( b->num, (char *) &ctx->msg, RPC_HDR_SIZE );
+    if ( (status&1) == 0 ) {
+        return -1;
+    }
+    /*
+     * Read.
+     */
+    ctx->pos = ctx->filled = 0;
+    status = get ( b->num, (char *) &ctx->msg, sizeof(ctx->msg), &length );
+    if ( (status&1) == 0 ) length = -1;
+    if ( ctx->msg.channel != 'R' || ctx->msg.function != 'C' ) {
+        length = -1;
+    }
+    ctx->filled = length - RPC_HDR_SIZE;
+    
+    if ( ctx->pos < ctx->filled ) {
+        length = ctx->filled - ctx->pos;
+        if ( length > outl ) length = outl;
+        memmove ( out, ctx->msg.data, length );
+        ctx->pos += length;
+        return length;
+    }
+    return length;
+}
+static int rtcp_write(BIO *b, const char *in, int inl)
+{
+    int status, i, segment, length;
+    struct rpc_ctx *ctx;
+    /*
+     * Output data, send in chunks no larger that sizeof(ctx->msg.data).
+     */
+    ctx = (struct rpc_ctx *) b->ptr;
+    for ( i = 0; i < inl; i += segment ) {
+        segment = inl - i;
+        if ( segment > sizeof(ctx->msg.data) ) segment = sizeof(ctx->msg.data);
+        ctx->msg.channel = 'R';
+        ctx->msg.function = 'P';
+        ctx->msg.length = segment;
+        memmove ( ctx->msg.data, &in[i], segment );
+        status = put ( b->num, (char *) &ctx->msg, segment + RPC_HDR_SIZE );
+        if ((status&1) == 0 ) { i = -1; break; }
+        status = get ( b->num, (char *) &ctx->msg, sizeof(ctx->msg), &length );
+        if ( ((status&1) == 0) || (length < RPC_HDR_SIZE) ) { i = -1; break; }
+        if ( (ctx->msg.channel != 'R') || (ctx->msg.function != 'C') ) {
+           printf("unexpected response when confirming put %c %c\n",
+                ctx->msg.channel, ctx->msg.function );
+        }
+    }
+    return(i);
+}
+static long rtcp_ctrl(BIO *b, int cmd, long num, void *ptr)
+        {
+        long ret=1;
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+        case BIO_CTRL_EOF:
+                ret = 1;
+                break;
+        case BIO_C_SET_FD:
+                b->num = num;
+                ret = 1;
+                break;
+        case BIO_CTRL_SET_CLOSE:
+        case BIO_CTRL_FLUSH:
+        case BIO_CTRL_DUP:
+                ret=1;
+                break;
+        case BIO_CTRL_GET_CLOSE:
+        case BIO_CTRL_INFO:
+        case BIO_CTRL_GET:
+        case BIO_CTRL_PENDING:
+        case BIO_CTRL_WPENDING:
+        default:
+                ret=0;
+                break;
+                }
+        return(ret);
+        }
+static int rtcp_gets(BIO *bp, char *buf, int size)
+        {
+        return(0);
+        }
+static int rtcp_puts(BIO *bp, const char *str)
+{
+    int length;
+    if (str == NULL) return(0);
+    length = strlen ( str );
+    if ( length == 0 ) return (0);
+    return rtcp_write ( bp,str, length );
+}
diff --git a/src/lib/libcrypto/bio/bss_sock.c b/src/lib/libcrypto/bio/bss_sock.c
index 472dd75821..2c1c405ec7 100644
--- a/src/lib/libcrypto/bio/bss_sock.c
+++ b/src/lib/libcrypto/bio/bss_sock.c
@@ -56,6 +56,8 @@
 * [including the GNU Public Licence.]
 */
+#ifndef OPENSSL_NO_SOCK
 #include <stdio.h>
 #include <errno.h>
 #define USE_SOCKETS
@@ -246,7 +248,7 @@ int BIO_sock_non_fatal_error(int err)
        {
        switch (err)
                {
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_NETWARE)
+#if defined(OPENSSL_SYS_WINDOWS)
 # if defined(WSAEWOULDBLOCK)
        case WSAEWOULDBLOCK:
 # endif
@@ -277,7 +279,7 @@ int BIO_sock_non_fatal_error(int err)
 #endif
 #ifdef EAGAIN
-# if EWOULDBLOCK != EAGAIN
+#if EWOULDBLOCK != EAGAIN
        case EAGAIN:
 # endif
 #endif
@@ -300,3 +302,4 @@ int BIO_sock_non_fatal_error(int err)
                }
        return(0);
        }
+#endif
diff --git a/src/lib/libcrypto/bn/Makefile b/src/lib/libcrypto/bn/Makefile
new file mode 100644
index 0000000000..e97c751390
--- /dev/null
+++ b/src/lib/libcrypto/bn/Makefile
@@ -0,0 +1,351 @@
+#
+# OpenSSL/crypto/bn/Makefile
+#
+DIR=    bn
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+BN_ASM=         bn_asm.o
+# or use
+#BN_ASM=        bn86-elf.o
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+GENERAL=Makefile
+TEST=bntest.c exptest.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \
+        bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
+        bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \
+        bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
+        bn_depr.c bn_const.c
+LIBOBJ= bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \
+        bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \
+        bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \
+        bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o \
+        bn_depr.o bn_const.o
+SRC= $(LIBSRC)
+EXHEADER= bn.h
+HEADER= bn_lcl.h bn_prime.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+bn_prime.h: bn_prime.pl
+        $(PERL) bn_prime.pl >bn_prime.h
+divtest: divtest.c ../../libcrypto.a
+        cc -I../../include divtest.c -o divtest ../../libcrypto.a
+bnbug: bnbug.c ../../libcrypto.a top
+        cc -g -I../../include bnbug.c -o bnbug ../../libcrypto.a
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+# ELF
+bn86-elf.s:     asm/bn-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) bn-586.pl elf $(CFLAGS) > ../$@)
+co86-elf.s:     asm/co-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) co-586.pl elf $(CFLAGS) > ../$@)
+mo86-elf.s:     asm/mo-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) mo-586.pl elf $(CFLAGS) > ../$@)
+# COFF
+bn86-cof.s: asm/bn-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) bn-586.pl coff $(CFLAGS) > ../$@)
+co86-cof.s: asm/co-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) co-586.pl coff $(CFLAGS) > ../$@)
+mo86-cof.s: asm/mo-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) mo-586.pl coff $(CFLAGS) > ../$@)
+# a.out
+bn86-out.s: asm/bn-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) bn-586.pl a.out $(CFLAGS) > ../$@)
+co86-out.s: asm/co-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) co-586.pl a.out $(CFLAGS) > ../$@)
+mo86-out.s: asm/mo-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) mo-586.pl a.out $(CFLAGS) > ../$@)
+sparcv8.o:      asm/sparcv8.S
+        $(CC) $(CFLAGS) -c asm/sparcv8.S
+sparcv8plus.o:  asm/sparcv8plus.S
+        $(CC) $(CFLAGS) -c asm/sparcv8plus.S
+bn-mips3.o:     asm/mips3.s
+        @if [ "$(CC)" = "gcc" ]; then \
+                ABI=`expr "$(CFLAGS)" : ".*-mabi=\([n3264]*\)"` && \
+                as -$$ABI -O -o $@ asm/mips3.s; \
+        else    $(CC) -c $(CFLAGS) -o $@ asm/mips3.s; fi
+x86_64-gcc.o:   asm/x86_64-gcc.c
+        $(CC) $(CFLAGS) -c -o $@ asm/x86_64-gcc.c
+x86_64-mont.s:  asm/x86_64-mont.pl
+        $(PERL) asm/x86_64-mont.pl $@
+bn-ia64.s:      asm/ia64.S
+        $(CC) $(CFLAGS) -E asm/ia64.S > $@
+# GNU assembler fails to compile PA-RISC2 modules, insist on calling
+# vendor assembler...
+pa-risc2W.o: asm/pa-risc2W.s
+        /usr/ccs/bin/as -o pa-risc2W.o asm/pa-risc2W.s
+pa-risc2.o: asm/pa-risc2.s
+        /usr/ccs/bin/as -o pa-risc2.o asm/pa-risc2.s
+# ppc - AIX, Linux, MacOS X...
+linux_ppc32.s: asm/ppc.pl;      $(PERL) $< $@
+linux_ppc64.s: asm/ppc.pl;      $(PERL) $< $@
+aix_ppc32.s: asm/ppc.pl;        $(PERL) asm/ppc.pl $@
+aix_ppc64.s: asm/ppc.pl;        $(PERL) asm/ppc.pl $@
+osx_ppc32.s: asm/ppc.pl;        $(PERL) $< $@
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+exptest:
+        rm -f exptest
+        gcc -I../../include -g2 -ggdb -o exptest exptest.c ../../libcrypto.a
+div:
+        rm -f a.out
+        gcc -I.. -g div.c ../../libcrypto.a
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+bn_add.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_add.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_add.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_add.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_add.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_add.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_add.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_add.c bn_lcl.h
+bn_asm.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_asm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_asm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_asm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_asm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_asm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_asm.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_asm.c bn_lcl.h
+bn_blind.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_blind.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_blind.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_blind.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_blind.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_blind.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_blind.c bn_lcl.h
+bn_const.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+bn_const.o: ../../include/openssl/ossl_typ.h bn.h bn_const.c
+bn_ctx.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_ctx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_ctx.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_ctx.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_ctx.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_ctx.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_ctx.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_ctx.c bn_lcl.h
+bn_depr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_depr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_depr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bn_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_depr.o: ../cryptlib.h bn_depr.c bn_lcl.h
+bn_div.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_div.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_div.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_div.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_div.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_div.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_div.c bn_lcl.h
+bn_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bn_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bn_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bn_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+bn_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_err.o: bn_err.c
+bn_exp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_exp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_exp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_exp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_exp.c bn_lcl.h
+bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_exp2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_exp2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_exp2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_exp2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_exp2.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_exp2.c bn_lcl.h
+bn_gcd.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_gcd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_gcd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_gcd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_gcd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_gcd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_gcd.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_gcd.c bn_lcl.h
+bn_gf2m.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_gf2m.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_gf2m.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_gf2m.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_gf2m.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_gf2m.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_gf2m.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_gf2m.c bn_lcl.h
+bn_kron.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_kron.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_kron.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_kron.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_kron.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_kron.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_kron.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_kron.c bn_lcl.h
+bn_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_lib.c
+bn_mod.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mod.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mod.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mod.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_mod.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_mod.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mod.c
+bn_mont.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mont.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mont.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_mont.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_mont.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mont.c
+bn_mpi.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mpi.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mpi.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mpi.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mpi.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_mpi.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_mpi.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mpi.c
+bn_mul.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mul.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mul.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mul.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mul.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_mul.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_mul.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_mul.c
+bn_nist.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_nist.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_nist.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_nist.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_nist.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_nist.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_nist.c
+bn_prime.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_prime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_prime.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_prime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_prime.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bn_prime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_prime.o: ../cryptlib.h bn_lcl.h bn_prime.c bn_prime.h
+bn_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_print.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_print.c
+bn_rand.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_rand.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bn_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_rand.o: ../cryptlib.h bn_lcl.h bn_rand.c
+bn_recp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_recp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_recp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_recp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_recp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_recp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_recp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_recp.c
+bn_shift.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_shift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_shift.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_shift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_shift.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_shift.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_shift.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_shift.c
+bn_sqr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_sqr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_sqr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_sqr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_sqr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_sqr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_sqr.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_sqr.c
+bn_sqrt.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_sqrt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_sqrt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_sqrt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_sqrt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_sqrt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_sqrt.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_sqrt.c
+bn_word.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_word.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_word.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_word.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_word.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_word.c
diff --git a/src/lib/libcrypto/bn/Makefile.ssl b/src/lib/libcrypto/bn/Makefile.ssl
new file mode 100644
index 0000000000..50892ef44c
--- /dev/null
+++ b/src/lib/libcrypto/bn/Makefile.ssl
@@ -0,0 +1,326 @@
+#
+# SSLeay/crypto/bn/Makefile
+#
+DIR=    bn
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+BN_ASM=         bn_asm.o
+# or use
+#BN_ASM=        bn86-elf.o
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+GENERAL=Makefile
+TEST=bntest.c exptest.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \
+        bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
+        bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \
+        bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c
+LIBOBJ= bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \
+        bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \
+        bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \
+        bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o
+SRC= $(LIBSRC)
+EXHEADER= bn.h
+HEADER= bn_lcl.h bn_prime.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+bn_prime.h: bn_prime.pl
+        $(PERL) bn_prime.pl >bn_prime.h
+divtest: divtest.c ../../libcrypto.a
+        cc -I../../include divtest.c -o divtest ../../libcrypto.a
+bnbug: bnbug.c ../../libcrypto.a top
+        cc -g -I../../include bnbug.c -o bnbug ../../libcrypto.a
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+# elf
+asm/bn86-elf.s: asm/bn-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) bn-586.pl elf $(CFLAGS) > bn86-elf.s)
+asm/co86-elf.s: asm/co-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) co-586.pl elf $(CFLAGS) > co86-elf.s)
+# a.out
+asm/bn86-out.o: asm/bn86unix.cpp
+        $(CPP) -DOUT asm/bn86unix.cpp | as -o asm/bn86-out.o
+asm/co86-out.o: asm/co86unix.cpp
+        $(CPP) -DOUT asm/co86unix.cpp | as -o asm/co86-out.o
+# bsdi
+asm/bn86bsdi.o: asm/bn86unix.cpp
+        $(CPP) -DBSDI asm/bn86unix.cpp | sed 's/ :/:/' | as -o asm/bn86bsdi.o
+asm/co86bsdi.o: asm/co86unix.cpp
+        $(CPP) -DBSDI asm/co86unix.cpp | sed 's/ :/:/' | as -o asm/co86bsdi.o
+asm/bn86unix.cpp: asm/bn-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) bn-586.pl cpp >bn86unix.cpp )
+asm/co86unix.cpp: asm/co-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) co-586.pl cpp >co86unix.cpp )
+asm/sparcv8.o: asm/sparcv8.S
+asm/sparcv8plus.o: asm/sparcv8plus.S
+# Old GNU assembler doesn't understand V9 instructions, so we
+# hire /usr/ccs/bin/as to do the job. Note that option is called
+# *-gcc27, but even gcc 2>=8 users may experience similar problem
+# if they didn't bother to upgrade GNU assembler. Such users should
+# not choose this option, but be adviced to *remove* GNU assembler
+# or upgrade it.
+asm/sparcv8plus-gcc27.o: asm/sparcv8plus.S
+        $(CC) $(ASFLAGS) -E asm/sparcv8plus.S | \
+                /usr/ccs/bin/as -xarch=v8plus - -o asm/sparcv8plus-gcc27.o
+asm/ia64.o:     asm/ia64.S
+# Some compiler drivers (most notably HP-UX and Intel C++) don't
+# understand .S extension:-( I wish I could pipe output from cc -E,
+# but it's too compiler driver/ABI dependent to cover with a single
+# rule...       <appro@fy.chalmers.se>
+asm/ia64-cpp.o: asm/ia64.S
+        $(CC) $(ASFLAGS) -E asm/ia64.S > /tmp/ia64.$$$$.s &&    \
+        $(CC) $(ASFLAGS) -c -o asm/ia64-cpp.o /tmp/ia64.$$$$.s; \
+        rm -f /tmp/ia64.$$$$.s
+asm/x86_64-gcc.o: asm/x86_64-gcc.c
+asm/pa-risc2W.o: asm/pa-risc2W.s
+        /usr/ccs/bin/as -o asm/pa-rics2W.o asm/pa-risc2W.s
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+exptest:
+        rm -f exptest
+        gcc -I../../include -g2 -ggdb -o exptest exptest.c ../../libcrypto.a
+div:
+        rm -f a.out
+        gcc -I.. -g div.c ../../libcrypto.a
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f asm/co86unix.cpp asm/bn86unix.cpp asm/*-elf.* *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bn_asm.s
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+bn_add.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_add.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_add.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_add.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_add.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_add.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_add.o: ../cryptlib.h bn_add.c bn_lcl.h
+bn_asm.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_asm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_asm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_asm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_asm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_asm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_asm.o: ../cryptlib.h bn_asm.c bn_lcl.h
+bn_blind.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_blind.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_blind.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_blind.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_blind.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_blind.o: ../cryptlib.h bn_blind.c bn_lcl.h
+bn_ctx.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_ctx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_ctx.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_ctx.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_ctx.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_ctx.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_ctx.o: ../cryptlib.h bn_ctx.c bn_lcl.h
+bn_div.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_div.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_div.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_div.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_div.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_div.o: ../cryptlib.h bn_div.c bn_lcl.h
+bn_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bn_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bn_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bn_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_err.o: ../../include/openssl/symhacks.h bn_err.c
+bn_exp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_exp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_exp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_exp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_exp.o: ../cryptlib.h bn_exp.c bn_lcl.h
+bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_exp2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_exp2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_exp2.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_exp2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_exp2.o: ../cryptlib.h bn_exp2.c bn_lcl.h
+bn_gcd.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_gcd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_gcd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_gcd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_gcd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_gcd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_gcd.o: ../cryptlib.h bn_gcd.c bn_lcl.h
+bn_kron.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h
+bn_kron.o: ../../include/openssl/opensslconf.h bn_kron.c bn_lcl.h
+bn_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_lib.o: ../cryptlib.h bn_lcl.h bn_lib.c
+bn_mod.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mod.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mod.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mod.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_mod.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_mod.o: ../cryptlib.h bn_lcl.h bn_mod.c
+bn_mont.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mont.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mont.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_mont.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_mont.o: ../cryptlib.h bn_lcl.h bn_mont.c
+bn_mpi.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mpi.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mpi.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mpi.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mpi.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_mpi.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_mpi.o: ../cryptlib.h bn_lcl.h bn_mpi.c
+bn_mul.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mul.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mul.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mul.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mul.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_mul.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_mul.o: ../cryptlib.h bn_lcl.h bn_mul.c
+bn_prime.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_prime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_prime.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_prime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_prime.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bn_prime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_prime.o: ../cryptlib.h bn_lcl.h bn_prime.c bn_prime.h
+bn_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_print.o: ../cryptlib.h bn_lcl.h bn_print.c
+bn_rand.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_rand.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bn_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_rand.o: ../cryptlib.h bn_lcl.h bn_rand.c
+bn_recp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_recp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_recp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_recp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_recp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_recp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_recp.o: ../cryptlib.h bn_lcl.h bn_recp.c
+bn_shift.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_shift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_shift.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_shift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_shift.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_shift.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_shift.o: ../cryptlib.h bn_lcl.h bn_shift.c
+bn_sqr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_sqr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_sqr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_sqr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_sqr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_sqr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_sqr.o: ../cryptlib.h bn_lcl.h bn_sqr.c
+bn_sqrt.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_sqrt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_sqrt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_sqrt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_sqrt.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_sqrt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_sqrt.o: ../cryptlib.h bn_lcl.h bn_sqrt.c
+bn_word.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_word.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_word.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_word.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_word.o: ../cryptlib.h bn_lcl.h bn_word.c
diff --git a/src/lib/libcrypto/bn/asm/README b/src/lib/libcrypto/bn/asm/README
new file mode 100644
index 0000000000..b0f3a68a06
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/README
@@ -0,0 +1,27 @@
+<OBSOLETE>
+All assember in this directory are just version of the file
+crypto/bn/bn_asm.c.
+Quite a few of these files are just the assember output from gcc since on 
+quite a few machines they are 2 times faster than the system compiler.
+For the x86, I have hand written assember because of the bad job all
+compilers seem to do on it.  This normally gives a 2 time speed up in the RSA
+routines.
+For the DEC alpha, I also hand wrote the assember (except the division which
+is just the output from the C compiler pasted on the end of the file).
+On the 2 alpha C compilers I had access to, it was not possible to do
+64b x 64b -> 128b calculations (both long and the long long data types
+were 64 bits).  So the hand assember gives access to the 128 bit result and
+a 2 times speedup :-).
+There are 3 versions of assember for the HP PA-RISC.
+pa-risc.s is the origional one which works fine and generated using gcc :-)
+pa-risc2W.s and pa-risc2.s are 64 and 32-bit PA-RISC 2.0 implementations
+by Chris Ruemmler from HP (with some help from the HP C compiler).
+</OBSOLETE>
diff --git a/src/lib/libcrypto/bn/asm/alpha.s b/src/lib/libcrypto/bn/asm/alpha.s
new file mode 100644
index 0000000000..555ff0b92d
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/alpha.s
@@ -0,0 +1,3199 @@
+ # DEC Alpha assember
+ # The bn_div_words is actually gcc output but the other parts are hand done.
+ # Thanks to tzeruch@ceddec.com for sending me the gcc output for
+ # bn_div_words.
+ # I've gone back and re-done most of routines.
+ # The key thing to remeber for the 164 CPU is that while a
+ # multiply operation takes 8 cycles, another one can only be issued
+ # after 4 cycles have elapsed.  I've done modification to help
+ # improve this.  Also, normally, a ld instruction will not be available
+ # for about 3 cycles.
+        .file   1 "bn_asm.c"
+        .set noat
+gcc2_compiled.:
+__gnu_compiled_c:
+        .text
+        .align 3
+        .globl bn_mul_add_words
+        .ent bn_mul_add_words
+bn_mul_add_words:
+bn_mul_add_words..ng:
+        .frame $30,0,$26,0
+        .prologue 0
+        .align 5
+        subq    $18,4,$18
+        bis     $31,$31,$0
+        blt     $18,$43         # if we are -1, -2, -3 or -4 goto tail code
+        ldq     $20,0($17)      # 1 1
+        ldq     $1,0($16)       # 1 1
+        .align 3
+$42:
+        mulq    $20,$19,$5      # 1 2 1 ######
+        ldq     $21,8($17)      # 2 1
+        ldq     $2,8($16)       # 2 1
+        umulh   $20,$19,$20     # 1 2   ######
+        ldq     $27,16($17)     # 3 1
+        ldq     $3,16($16)      # 3 1
+        mulq    $21,$19,$6      # 2 2 1 ######
+         ldq    $28,24($17)     # 4 1
+        addq    $1,$5,$1        # 1 2 2
+         ldq    $4,24($16)      # 4 1
+        umulh   $21,$19,$21     # 2 2   ######
+         cmpult $1,$5,$22       # 1 2 3 1
+        addq    $20,$22,$20     # 1 3 1
+         addq   $1,$0,$1        # 1 2 3 1
+        mulq    $27,$19,$7      # 3 2 1 ######
+         cmpult $1,$0,$0        # 1 2 3 2
+        addq    $2,$6,$2        # 2 2 2
+         addq   $20,$0,$0       # 1 3 2 
+        cmpult  $2,$6,$23       # 2 2 3 1
+         addq   $21,$23,$21     # 2 3 1
+        umulh   $27,$19,$27     # 3 2   ######
+         addq   $2,$0,$2        # 2 2 3 1
+        cmpult  $2,$0,$0        # 2 2 3 2
+         subq   $18,4,$18
+        mulq    $28,$19,$8      # 4 2 1 ######
+         addq   $21,$0,$0       # 2 3 2 
+        addq    $3,$7,$3        # 3 2 2
+         addq   $16,32,$16
+        cmpult  $3,$7,$24       # 3 2 3 1
+         stq    $1,-32($16)     # 1 2 4
+        umulh   $28,$19,$28     # 4 2   ######
+         addq   $27,$24,$27     # 3 3 1
+        addq    $3,$0,$3        # 3 2 3 1
+         stq    $2,-24($16)     # 2 2 4
+        cmpult  $3,$0,$0        # 3 2 3 2
+         stq    $3,-16($16)     # 3 2 4
+        addq    $4,$8,$4        # 4 2 2
+         addq   $27,$0,$0       # 3 3 2 
+        cmpult  $4,$8,$25       # 4 2 3 1
+         addq   $17,32,$17
+        addq    $28,$25,$28     # 4 3 1
+         addq   $4,$0,$4        # 4 2 3 1
+        cmpult  $4,$0,$0        # 4 2 3 2
+         stq    $4,-8($16)      # 4 2 4
+        addq    $28,$0,$0       # 4 3 2 
+         blt    $18,$43
+        ldq     $20,0($17)      # 1 1
+        ldq     $1,0($16)       # 1 1
+        br      $42
+        .align 4
+$45:
+        ldq     $20,0($17)      # 4 1
+        ldq     $1,0($16)       # 4 1
+        mulq    $20,$19,$5      # 4 2 1
+        subq    $18,1,$18
+        addq    $16,8,$16
+        addq    $17,8,$17
+        umulh   $20,$19,$20     # 4 2
+        addq    $1,$5,$1        # 4 2 2
+        cmpult  $1,$5,$22       # 4 2 3 1
+        addq    $20,$22,$20     # 4 3 1
+        addq    $1,$0,$1        # 4 2 3 1
+        cmpult  $1,$0,$0        # 4 2 3 2
+        addq    $20,$0,$0       # 4 3 2 
+        stq     $1,-8($16)      # 4 2 4
+        bgt     $18,$45
+        ret     $31,($26),1     # else exit
+        .align 4
+$43:
+        addq    $18,4,$18
+        bgt     $18,$45         # goto tail code
+        ret     $31,($26),1     # else exit
+        .end bn_mul_add_words
+        .align 3
+        .globl bn_mul_words
+        .ent bn_mul_words
+bn_mul_words:
+bn_mul_words..ng:
+        .frame $30,0,$26,0
+        .prologue 0
+        .align 5
+        subq    $18,4,$18
+        bis     $31,$31,$0
+        blt     $18,$143        # if we are -1, -2, -3 or -4 goto tail code
+        ldq     $20,0($17)      # 1 1
+        .align 3
+$142:
+        mulq    $20,$19,$5      # 1 2 1 #####
+         ldq    $21,8($17)      # 2 1
+         ldq    $27,16($17)     # 3 1
+        umulh   $20,$19,$20     # 1 2   #####
+         ldq    $28,24($17)     # 4 1
+        mulq    $21,$19,$6      # 2 2 1 #####
+         addq   $5,$0,$5        # 1 2 3 1
+        subq    $18,4,$18
+         cmpult $5,$0,$0        # 1 2 3 2
+        umulh   $21,$19,$21     # 2 2   #####
+         addq   $20,$0,$0       # 1 3 2 
+        addq    $17,32,$17
+         addq   $6,$0,$6        # 2 2 3 1
+        mulq    $27,$19,$7      # 3 2 1 #####
+         cmpult $6,$0,$0        # 2 2 3 2
+        addq    $21,$0,$0       # 2 3 2 
+         addq   $16,32,$16
+        umulh   $27,$19,$27     # 3 2   #####
+         stq    $5,-32($16)     # 1 2 4
+        mulq    $28,$19,$8      # 4 2 1 #####
+         addq   $7,$0,$7        # 3 2 3 1
+        stq     $6,-24($16)     # 2 2 4
+         cmpult $7,$0,$0        # 3 2 3 2
+        umulh   $28,$19,$28     # 4 2   #####
+         addq   $27,$0,$0       # 3 3 2 
+        stq     $7,-16($16)     # 3 2 4
+         addq   $8,$0,$8        # 4 2 3 1
+        cmpult  $8,$0,$0        # 4 2 3 2
+        addq    $28,$0,$0       # 4 3 2 
+        stq     $8,-8($16)      # 4 2 4
+        blt     $18,$143
+        ldq     $20,0($17)      # 1 1
+        br      $142
+        .align 4
+$145:
+        ldq     $20,0($17)      # 4 1
+        mulq    $20,$19,$5      # 4 2 1
+        subq    $18,1,$18
+        umulh   $20,$19,$20     # 4 2
+        addq    $5,$0,$5        # 4 2 3 1
+         addq   $16,8,$16
+        cmpult  $5,$0,$0        # 4 2 3 2
+         addq   $17,8,$17
+        addq    $20,$0,$0       # 4 3 2 
+        stq     $5,-8($16)      # 4 2 4
+        bgt     $18,$145
+        ret     $31,($26),1     # else exit
+        .align 4
+$143:
+        addq    $18,4,$18
+        bgt     $18,$145        # goto tail code
+        ret     $31,($26),1     # else exit
+        .end bn_mul_words
+        .align 3
+        .globl bn_sqr_words
+        .ent bn_sqr_words
+bn_sqr_words:
+bn_sqr_words..ng:
+        .frame $30,0,$26,0
+        .prologue 0
+        subq    $18,4,$18
+        blt     $18,$543        # if we are -1, -2, -3 or -4 goto tail code
+        ldq     $20,0($17)      # 1 1
+        .align 3
+$542:
+        mulq    $20,$20,$5              ######
+         ldq    $21,8($17)      # 1 1
+        subq    $18,4
+        umulh   $20,$20,$1              ######
+        ldq     $27,16($17)     # 1 1
+        mulq    $21,$21,$6              ######
+        ldq     $28,24($17)     # 1 1
+        stq     $5,0($16)       # r[0]
+        umulh   $21,$21,$2              ######
+        stq     $1,8($16)       # r[1]
+        mulq    $27,$27,$7              ######
+        stq     $6,16($16)      # r[0]
+        umulh   $27,$27,$3              ######
+        stq     $2,24($16)      # r[1]
+        mulq    $28,$28,$8              ######
+        stq     $7,32($16)      # r[0]
+        umulh   $28,$28,$4              ######
+        stq     $3,40($16)      # r[1]
+        addq    $16,64,$16
+        addq    $17,32,$17
+        stq     $8,-16($16)     # r[0]
+        stq     $4,-8($16)      # r[1]
+        blt     $18,$543
+        ldq     $20,0($17)      # 1 1
+        br      $542
+$442:
+        ldq     $20,0($17)   # a[0]
+        mulq    $20,$20,$5  # a[0]*w low part       r2
+        addq    $16,16,$16
+        addq    $17,8,$17
+        subq    $18,1,$18
+        umulh   $20,$20,$1  # a[0]*w high part       r3
+        stq     $5,-16($16)   # r[0]
+        stq     $1,-8($16)   # r[1]
+        bgt     $18,$442
+        ret     $31,($26),1     # else exit
+        .align 4
+$543:
+        addq    $18,4,$18
+        bgt     $18,$442        # goto tail code
+        ret     $31,($26),1     # else exit
+        .end bn_sqr_words
+        .align 3
+        .globl bn_add_words
+        .ent bn_add_words
+bn_add_words:
+bn_add_words..ng:
+        .frame $30,0,$26,0
+        .prologue 0
+        subq    $19,4,$19
+        bis     $31,$31,$0      # carry = 0
+        blt     $19,$900
+        ldq     $5,0($17)       # a[0]
+        ldq     $1,0($18)       # b[1]
+        .align 3
+$901:
+        addq    $1,$5,$1        # r=a+b;
+         ldq    $6,8($17)       # a[1]
+        cmpult  $1,$5,$22       # did we overflow?
+         ldq    $2,8($18)       # b[1]
+        addq    $1,$0,$1        # c+= overflow
+         ldq    $7,16($17)      # a[2]
+        cmpult  $1,$0,$0        # overflow?
+         ldq    $3,16($18)      # b[2]
+        addq    $0,$22,$0
+         ldq    $8,24($17)      # a[3]
+        addq    $2,$6,$2        # r=a+b;
+         ldq    $4,24($18)      # b[3]
+        cmpult  $2,$6,$23       # did we overflow?
+         addq   $3,$7,$3        # r=a+b;
+        addq    $2,$0,$2        # c+= overflow
+         cmpult $3,$7,$24       # did we overflow?
+        cmpult  $2,$0,$0        # overflow?
+         addq   $4,$8,$4        # r=a+b;
+        addq    $0,$23,$0
+         cmpult $4,$8,$25       # did we overflow?
+        addq    $3,$0,$3        # c+= overflow
+         stq    $1,0($16)       # r[0]=c
+        cmpult  $3,$0,$0        # overflow?
+         stq    $2,8($16)       # r[1]=c
+        addq    $0,$24,$0
+         stq    $3,16($16)      # r[2]=c
+        addq    $4,$0,$4        # c+= overflow
+         subq   $19,4,$19       # loop--
+        cmpult  $4,$0,$0        # overflow?
+         addq   $17,32,$17      # a++
+        addq    $0,$25,$0
+         stq    $4,24($16)      # r[3]=c
+        addq    $18,32,$18      # b++
+         addq   $16,32,$16      # r++
+        blt     $19,$900
+         ldq    $5,0($17)       # a[0]
+        ldq     $1,0($18)       # b[1]
+         br     $901
+        .align 4
+$945:
+        ldq     $5,0($17)       # a[0]
+         ldq    $1,0($18)       # b[1]
+        addq    $1,$5,$1        # r=a+b;
+         subq   $19,1,$19       # loop--
+        addq    $1,$0,$1        # c+= overflow
+         addq   $17,8,$17       # a++
+        cmpult  $1,$5,$22       # did we overflow?
+         cmpult $1,$0,$0        # overflow?
+        addq    $18,8,$18       # b++
+         stq    $1,0($16)       # r[0]=c
+        addq    $0,$22,$0
+         addq   $16,8,$16       # r++
+        bgt     $19,$945
+        ret     $31,($26),1     # else exit
+$900:
+        addq    $19,4,$19
+        bgt     $19,$945        # goto tail code
+        ret     $31,($26),1     # else exit
+        .end bn_add_words
+ #
+ # What follows was taken directly from the C compiler with a few
+ # hacks to redo the lables.
+ #
+.text
+        .align 3
+        .globl bn_div_words
+        .ent bn_div_words
+bn_div_words:
+        ldgp $29,0($27)
+bn_div_words..ng:
+        lda $30,-48($30)
+        .frame $30,48,$26,0
+        stq $26,0($30)
+        stq $9,8($30)
+        stq $10,16($30)
+        stq $11,24($30)
+        stq $12,32($30)
+        stq $13,40($30)
+        .mask 0x4003e00,-48
+        .prologue 1
+        bis $16,$16,$9
+        bis $17,$17,$10
+        bis $18,$18,$11
+        bis $31,$31,$13
+        bis $31,2,$12
+        bne $11,$119
+        lda $0,-1
+        br $31,$136
+        .align 4
+$119:
+        bis $11,$11,$16
+        jsr $26,BN_num_bits_word
+        ldgp $29,0($26)
+        subq $0,64,$1
+        beq $1,$120
+        bis $31,1,$1
+        sll $1,$0,$1
+        cmpule $9,$1,$1
+        bne $1,$120
+ #      lda $16,_IO_stderr_
+ #      lda $17,$C32
+ #      bis $0,$0,$18
+ #      jsr $26,fprintf
+ #      ldgp $29,0($26)
+        jsr $26,abort
+        ldgp $29,0($26)
+        .align 4
+$120:
+        bis $31,64,$3
+        cmpult $9,$11,$2
+        subq $3,$0,$1
+        addl $1,$31,$0
+        subq $9,$11,$1
+        cmoveq $2,$1,$9
+        beq $0,$122
+        zapnot $0,15,$2
+        subq $3,$0,$1
+        sll $11,$2,$11
+        sll $9,$2,$3
+        srl $10,$1,$1
+        sll $10,$2,$10
+        bis $3,$1,$9
+$122:
+        srl $11,32,$5
+        zapnot $11,15,$6
+        lda $7,-1
+        .align 5
+$123:
+        srl $9,32,$1
+        subq $1,$5,$1
+        bne $1,$126
+        zapnot $7,15,$27
+        br $31,$127
+        .align 4
+$126:
+        bis $9,$9,$24
+        bis $5,$5,$25
+        divqu $24,$25,$27
+$127:
+        srl $10,32,$4
+        .align 5
+$128:
+        mulq $27,$5,$1
+        subq $9,$1,$3
+        zapnot $3,240,$1
+        bne $1,$129
+        mulq $6,$27,$2
+        sll $3,32,$1
+        addq $1,$4,$1
+        cmpule $2,$1,$2
+        bne $2,$129
+        subq $27,1,$27
+        br $31,$128
+        .align 4
+$129:
+        mulq $27,$6,$1
+        mulq $27,$5,$4
+        srl $1,32,$3
+        sll $1,32,$1
+        addq $4,$3,$4
+        cmpult $10,$1,$2
+        subq $10,$1,$10
+        addq $2,$4,$2
+        cmpult $9,$2,$1
+        bis $2,$2,$4
+        beq $1,$134
+        addq $9,$11,$9
+        subq $27,1,$27
+$134:
+        subl $12,1,$12
+        subq $9,$4,$9
+        beq $12,$124
+        sll $27,32,$13
+        sll $9,32,$2
+        srl $10,32,$1
+        sll $10,32,$10
+        bis $2,$1,$9
+        br $31,$123
+        .align 4
+$124:
+        bis $13,$27,$0
+$136:
+        ldq $26,0($30)
+        ldq $9,8($30)
+        ldq $10,16($30)
+        ldq $11,24($30)
+        ldq $12,32($30)
+        ldq $13,40($30)
+        addq $30,48,$30
+        ret $31,($26),1
+        .end bn_div_words
+        .set noat
+        .text
+        .align 3
+        .globl bn_sub_words
+        .ent bn_sub_words
+bn_sub_words:
+bn_sub_words..ng:
+        .frame $30,0,$26,0
+        .prologue 0
+        subq    $19,    4,      $19
+        bis     $31,    $31,    $0
+        blt     $19,    $100
+        ldq     $1,     0($17)
+        ldq     $2,     0($18)
+$101:
+        ldq     $3,     8($17)
+        cmpult  $1,     $2,     $4
+        ldq     $5,     8($18)
+        subq    $1,     $2,     $1
+        ldq     $6,     16($17)
+        cmpult  $1,     $0,     $2
+        ldq     $7,     16($18)
+        subq    $1,     $0,     $23
+        ldq     $8,     24($17)
+        addq    $2,     $4,     $0
+        cmpult  $3,     $5,     $24
+        subq    $3,     $5,     $3
+        ldq     $22,    24($18)
+        cmpult  $3,     $0,     $5
+        subq    $3,     $0,     $25
+        addq    $5,     $24,    $0
+        cmpult  $6,     $7,     $27
+        subq    $6,     $7,     $6
+        stq     $23,    0($16)
+        cmpult  $6,     $0,     $7
+        subq    $6,     $0,     $28
+        addq    $7,     $27,    $0
+        cmpult  $8,     $22,    $21
+        subq    $8,     $22,    $8
+        stq     $25,    8($16)
+        cmpult  $8,     $0,     $22
+        subq    $8,     $0,     $20
+        addq    $22,    $21,    $0
+        stq     $28,    16($16)
+        subq    $19,    4,      $19
+        stq     $20,    24($16)
+        addq    $17,    32,     $17
+        addq    $18,    32,     $18
+        addq    $16,    32,     $16
+        blt     $19,    $100
+        ldq     $1,     0($17)
+        ldq     $2,     0($18)
+        br      $101
+$102:
+        ldq     $1,     0($17)
+        ldq     $2,     0($18)
+        cmpult  $1,     $2,     $27
+        subq    $1,     $2,     $1
+        cmpult  $1,     $0,     $2
+        subq    $1,     $0,     $1
+        stq     $1,     0($16)
+        addq    $2,     $27,    $0
+        addq    $17,    8,      $17
+        addq    $18,    8,      $18
+        addq    $16,    8,      $16
+        subq    $19,    1,      $19
+        bgt     $19,    $102
+        ret     $31,($26),1
+$100:
+        addq    $19,    4,      $19
+        bgt     $19,    $102
+$103:
+        ret     $31,($26),1
+        .end bn_sub_words
+        .text
+        .align 3
+        .globl bn_mul_comba4
+        .ent bn_mul_comba4
+bn_mul_comba4:
+bn_mul_comba4..ng:
+        .frame $30,0,$26,0
+        .prologue 0
+        ldq     $0,     0($17)
+        ldq     $1,     0($18)
+        ldq     $2,     8($17)
+        ldq     $3,     8($18)
+        ldq     $4,     16($17)
+        ldq     $5,     16($18)
+        ldq     $6,     24($17)
+        ldq     $7,     24($18)
+        bis     $31,    $31,    $23
+        mulq    $0,     $1,     $8
+        umulh   $0,     $1,     $22
+        stq     $8,     0($16)
+        bis     $31,    $31,    $8
+        mulq    $0,     $3,     $24
+        umulh   $0,     $3,     $25
+        addq    $22,    $24,    $22
+        cmpult  $22,    $24,    $27
+        addq    $27,    $25,    $25
+        addq    $23,    $25,    $23
+        cmpult  $23,    $25,    $28
+        addq    $8,     $28,    $8
+        mulq    $2,     $1,     $21
+        umulh   $2,     $1,     $20
+        addq    $22,    $21,    $22
+        cmpult  $22,    $21,    $19
+        addq    $19,    $20,    $20
+        addq    $23,    $20,    $23
+        cmpult  $23,    $20,    $17
+        addq    $8,     $17,    $8
+        stq     $22,    8($16)
+        bis     $31,    $31,    $22
+        mulq    $2,     $3,     $18
+        umulh   $2,     $3,     $24
+        addq    $23,    $18,    $23
+        cmpult  $23,    $18,    $27
+        addq    $27,    $24,    $24
+        addq    $8,     $24,    $8
+        cmpult  $8,     $24,    $25
+        addq    $22,    $25,    $22
+        mulq    $0,     $5,     $28
+        umulh   $0,     $5,     $21
+        addq    $23,    $28,    $23
+        cmpult  $23,    $28,    $19
+        addq    $19,    $21,    $21
+        addq    $8,     $21,    $8
+        cmpult  $8,     $21,    $20
+        addq    $22,    $20,    $22
+        mulq    $4,     $1,     $17
+        umulh   $4,     $1,     $18
+        addq    $23,    $17,    $23
+        cmpult  $23,    $17,    $27
+        addq    $27,    $18,    $18
+        addq    $8,     $18,    $8
+        cmpult  $8,     $18,    $24
+        addq    $22,    $24,    $22
+        stq     $23,    16($16)
+        bis     $31,    $31,    $23
+        mulq    $0,     $7,     $25
+        umulh   $0,     $7,     $28
+        addq    $8,     $25,    $8
+        cmpult  $8,     $25,    $19
+        addq    $19,    $28,    $28
+        addq    $22,    $28,    $22
+        cmpult  $22,    $28,    $21
+        addq    $23,    $21,    $23
+        mulq    $2,     $5,     $20
+        umulh   $2,     $5,     $17
+        addq    $8,     $20,    $8
+        cmpult  $8,     $20,    $27
+        addq    $27,    $17,    $17
+        addq    $22,    $17,    $22
+        cmpult  $22,    $17,    $18
+        addq    $23,    $18,    $23
+        mulq    $4,     $3,     $24
+        umulh   $4,     $3,     $25
+        addq    $8,     $24,    $8
+        cmpult  $8,     $24,    $19
+        addq    $19,    $25,    $25
+        addq    $22,    $25,    $22
+        cmpult  $22,    $25,    $28
+        addq    $23,    $28,    $23
+        mulq    $6,     $1,     $21
+        umulh   $6,     $1,     $0
+        addq    $8,     $21,    $8
+        cmpult  $8,     $21,    $20
+        addq    $20,    $0,     $0
+        addq    $22,    $0,     $22
+        cmpult  $22,    $0,     $27
+        addq    $23,    $27,    $23
+        stq     $8,     24($16)
+        bis     $31,    $31,    $8
+        mulq    $2,     $7,     $17
+        umulh   $2,     $7,     $18
+        addq    $22,    $17,    $22
+        cmpult  $22,    $17,    $24
+        addq    $24,    $18,    $18
+        addq    $23,    $18,    $23
+        cmpult  $23,    $18,    $19
+        addq    $8,     $19,    $8
+        mulq    $4,     $5,     $25
+        umulh   $4,     $5,     $28
+        addq    $22,    $25,    $22
+        cmpult  $22,    $25,    $21
+        addq    $21,    $28,    $28
+        addq    $23,    $28,    $23
+        cmpult  $23,    $28,    $20
+        addq    $8,     $20,    $8
+        mulq    $6,     $3,     $0
+        umulh   $6,     $3,     $27
+        addq    $22,    $0,     $22
+        cmpult  $22,    $0,     $1
+        addq    $1,     $27,    $27
+        addq    $23,    $27,    $23
+        cmpult  $23,    $27,    $17
+        addq    $8,     $17,    $8
+        stq     $22,    32($16)
+        bis     $31,    $31,    $22
+        mulq    $4,     $7,     $24
+        umulh   $4,     $7,     $18
+        addq    $23,    $24,    $23
+        cmpult  $23,    $24,    $19
+        addq    $19,    $18,    $18
+        addq    $8,     $18,    $8
+        cmpult  $8,     $18,    $2
+        addq    $22,    $2,     $22
+        mulq    $6,     $5,     $25
+        umulh   $6,     $5,     $21
+        addq    $23,    $25,    $23
+        cmpult  $23,    $25,    $28
+        addq    $28,    $21,    $21
+        addq    $8,     $21,    $8
+        cmpult  $8,     $21,    $20
+        addq    $22,    $20,    $22
+        stq     $23,    40($16)
+        bis     $31,    $31,    $23
+        mulq    $6,     $7,     $0
+        umulh   $6,     $7,     $1
+        addq    $8,     $0,     $8
+        cmpult  $8,     $0,     $27
+        addq    $27,    $1,     $1
+        addq    $22,    $1,     $22
+        cmpult  $22,    $1,     $17
+        addq    $23,    $17,    $23
+        stq     $8,     48($16)
+        stq     $22,    56($16)
+        ret     $31,($26),1
+        .end bn_mul_comba4
+        .text
+        .align 3
+        .globl bn_mul_comba8
+        .ent bn_mul_comba8
+bn_mul_comba8:
+bn_mul_comba8..ng:
+        .frame $30,0,$26,0
+        .prologue 0
+        ldq     $1,     0($17)
+        ldq     $2,     0($18)
+        zapnot  $1,     15,     $7
+        srl     $2,     32,     $8
+        mulq    $8,     $7,     $22
+        srl     $1,     32,     $6
+        zapnot  $2,     15,     $5
+        mulq    $5,     $6,     $4
+        mulq    $7,     $5,     $24
+        addq    $22,    $4,     $22
+        cmpult  $22,    $4,     $1
+        mulq    $6,     $8,     $3
+        beq     $1,     $173
+        bis     $31,    1,      $1
+        sll     $1,     32,     $1
+        addq    $3,     $1,     $3
+$173:
+        sll     $22,    32,     $4
+        addq    $24,    $4,     $24
+        stq     $24,    0($16)
+        ldq     $2,     0($17)
+        ldq     $1,     8($18)
+        zapnot  $2,     15,     $7
+        srl     $1,     32,     $8
+        mulq    $8,     $7,     $25
+        zapnot  $1,     15,     $5
+        mulq    $7,     $5,     $0
+        srl     $2,     32,     $6
+        mulq    $5,     $6,     $23
+        mulq    $6,     $8,     $6
+        srl     $22,    32,     $1
+        cmpult  $24,    $4,     $2
+        addq    $3,     $1,     $3
+        addq    $2,     $3,     $22
+        addq    $25,    $23,    $25
+        cmpult  $25,    $23,    $1
+        bis     $31,    1,      $2
+        beq     $1,     $177
+        sll     $2,     32,     $1
+        addq    $6,     $1,     $6
+$177:
+        sll     $25,    32,     $23
+        ldq     $1,     0($18)
+        addq    $0,     $23,    $0
+        bis     $0,     $0,     $7
+        ldq     $3,     8($17)
+        addq    $22,    $7,     $22
+        srl     $1,     32,     $8
+        cmpult  $22,    $7,     $4
+        zapnot  $3,     15,     $7
+        mulq    $8,     $7,     $28
+        zapnot  $1,     15,     $5
+        mulq    $7,     $5,     $21
+        srl     $25,    32,     $1
+        cmpult  $0,     $23,    $2
+        addq    $6,     $1,     $6
+        addq    $2,     $6,     $6
+        addq    $4,     $6,     $24
+        srl     $3,     32,     $6
+        mulq    $5,     $6,     $2
+        mulq    $6,     $8,     $6
+        addq    $28,    $2,     $28
+        cmpult  $28,    $2,     $1
+        bis     $31,    1,      $2
+        beq     $1,     $181
+        sll     $2,     32,     $1
+        addq    $6,     $1,     $6
+$181:
+        sll     $28,    32,     $2
+        addq    $21,    $2,     $21
+        bis     $21,    $21,    $7
+        addq    $22,    $7,     $22
+        stq     $22,    8($16)
+        ldq     $3,     16($17)
+        ldq     $1,     0($18)
+        cmpult  $22,    $7,     $4
+        zapnot  $3,     15,     $7
+        srl     $1,     32,     $8
+        mulq    $8,     $7,     $22
+        zapnot  $1,     15,     $5
+        mulq    $7,     $5,     $20
+        srl     $28,    32,     $1
+        cmpult  $21,    $2,     $2
+        addq    $6,     $1,     $6
+        addq    $2,     $6,     $6
+        addq    $4,     $6,     $6
+        addq    $24,    $6,     $24
+        cmpult  $24,    $6,     $23
+        srl     $3,     32,     $6
+        mulq    $5,     $6,     $2
+        mulq    $6,     $8,     $6
+        addq    $22,    $2,     $22
+        cmpult  $22,    $2,     $1
+        bis     $31,    1,      $2
+        beq     $1,     $185
+        sll     $2,     32,     $1
+        addq    $6,     $1,     $6
+$185:
+        sll     $22,    32,     $2
+        ldq     $1,     8($18)
+        addq    $20,    $2,     $20
+        bis     $20,    $20,    $7
+        ldq     $4,     8($17)
+        addq    $24,    $7,     $24
+        srl     $1,     32,     $8
+        cmpult  $24,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $25
+        zapnot  $1,     15,     $5
+        mulq    $7,     $5,     $0
+        srl     $22,    32,     $1
+        cmpult  $20,    $2,     $2
+        addq    $6,     $1,     $6
+        addq    $2,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $23,    $6,     $23
+        cmpult  $23,    $6,     $22
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $5
+        bis     $31,    1,      $21
+        addq    $25,    $5,     $25
+        cmpult  $25,    $5,     $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $189
+        sll     $21,    32,     $1
+        addq    $6,     $1,     $6
+$189:
+        sll     $25,    32,     $5
+        ldq     $2,     16($18)
+        addq    $0,     $5,     $0
+        bis     $0,     $0,     $7
+        ldq     $4,     0($17)
+        addq    $24,    $7,     $24
+        srl     $2,     32,     $8
+        cmpult  $24,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $28
+        srl     $25,    32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $0,     $5,     $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $23,    $6,     $23
+        cmpult  $23,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $2
+        addq    $1,     $22,    $22
+        addq    $28,    $25,    $28
+        cmpult  $28,    $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $193
+        sll     $21,    32,     $1
+        addq    $6,     $1,     $6
+$193:
+        sll     $28,    32,     $25
+        addq    $2,     $25,    $2
+        bis     $2,     $2,     $7
+        addq    $24,    $7,     $24
+        stq     $24,    16($16)
+        ldq     $4,     0($17)
+        ldq     $5,     24($18)
+        cmpult  $24,    $7,     $3
+        zapnot  $4,     15,     $7
+        srl     $5,     32,     $8
+        mulq    $8,     $7,     $0
+        srl     $28,    32,     $1
+        cmpult  $2,     $25,    $2
+        addq    $6,     $1,     $6
+        addq    $2,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $23,    $6,     $23
+        cmpult  $23,    $6,     $1
+        srl     $4,     32,     $6
+        zapnot  $5,     15,     $5
+        mulq    $5,     $6,     $24
+        mulq    $7,     $5,     $2
+        addq    $1,     $22,    $22
+        addq    $0,     $24,    $0
+        cmpult  $0,     $24,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $197
+        sll     $21,    32,     $1
+        addq    $6,     $1,     $6
+$197:
+        sll     $0,     32,     $24
+        ldq     $1,     16($18)
+        addq    $2,     $24,    $2
+        bis     $2,     $2,     $7
+        ldq     $4,     8($17)
+        addq    $23,    $7,     $23
+        srl     $1,     32,     $8
+        cmpult  $23,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $25
+        zapnot  $1,     15,     $5
+        mulq    $7,     $5,     $21
+        srl     $0,     32,     $1
+        cmpult  $2,     $24,    $2
+        addq    $6,     $1,     $6
+        addq    $2,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $22,    $6,     $22
+        cmpult  $22,    $6,     $24
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $5
+        bis     $31,    1,      $20
+        addq    $25,    $5,     $25
+        cmpult  $25,    $5,     $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $201
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$201:
+        sll     $25,    32,     $5
+        ldq     $2,     8($18)
+        addq    $21,    $5,     $21
+        bis     $21,    $21,    $7
+        ldq     $4,     16($17)
+        addq    $23,    $7,     $23
+        srl     $2,     32,     $8
+        cmpult  $23,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $28
+        srl     $25,    32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $21,    $5,     $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $22,    $6,     $22
+        cmpult  $22,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $5
+        addq    $1,     $24,    $24
+        addq    $28,    $25,    $28
+        cmpult  $28,    $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $205
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$205:
+        sll     $28,    32,     $25
+        ldq     $2,     0($18)
+        addq    $5,     $25,    $5
+        bis     $5,     $5,     $7
+        ldq     $4,     24($17)
+        addq    $23,    $7,     $23
+        srl     $2,     32,     $8
+        cmpult  $23,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $0
+        srl     $28,    32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $5,     $25,    $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $22,    $6,     $22
+        cmpult  $22,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $2
+        addq    $1,     $24,    $24
+        addq    $0,     $25,    $0
+        cmpult  $0,     $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $209
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$209:
+        sll     $0,     32,     $25
+        addq    $2,     $25,    $2
+        bis     $2,     $2,     $7
+        addq    $23,    $7,     $23
+        stq     $23,    24($16)
+        ldq     $4,     32($17)
+        ldq     $5,     0($18)
+        cmpult  $23,    $7,     $3
+        zapnot  $4,     15,     $7
+        srl     $5,     32,     $8
+        mulq    $8,     $7,     $28
+        srl     $0,     32,     $1
+        cmpult  $2,     $25,    $2
+        addq    $6,     $1,     $6
+        addq    $2,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $22,    $6,     $22
+        cmpult  $22,    $6,     $1
+        srl     $4,     32,     $6
+        zapnot  $5,     15,     $5
+        mulq    $5,     $6,     $23
+        mulq    $7,     $5,     $2
+        addq    $1,     $24,    $24
+        addq    $28,    $23,    $28
+        cmpult  $28,    $23,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $213
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$213:
+        sll     $28,    32,     $23
+        ldq     $1,     8($18)
+        addq    $2,     $23,    $2
+        bis     $2,     $2,     $7
+        ldq     $4,     24($17)
+        addq    $22,    $7,     $22
+        srl     $1,     32,     $8
+        cmpult  $22,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $25
+        zapnot  $1,     15,     $5
+        mulq    $7,     $5,     $0
+        srl     $28,    32,     $1
+        cmpult  $2,     $23,    $2
+        addq    $6,     $1,     $6
+        addq    $2,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $24,    $6,     $24
+        cmpult  $24,    $6,     $23
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $5
+        bis     $31,    1,      $21
+        addq    $25,    $5,     $25
+        cmpult  $25,    $5,     $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $217
+        sll     $21,    32,     $1
+        addq    $6,     $1,     $6
+$217:
+        sll     $25,    32,     $5
+        ldq     $2,     16($18)
+        addq    $0,     $5,     $0
+        bis     $0,     $0,     $7
+        ldq     $4,     16($17)
+        addq    $22,    $7,     $22
+        srl     $2,     32,     $8
+        cmpult  $22,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $28
+        srl     $25,    32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $0,     $5,     $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $24,    $6,     $24
+        cmpult  $24,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $5
+        addq    $1,     $23,    $23
+        addq    $28,    $25,    $28
+        cmpult  $28,    $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $221
+        sll     $21,    32,     $1
+        addq    $6,     $1,     $6
+$221:
+        sll     $28,    32,     $25
+        ldq     $2,     24($18)
+        addq    $5,     $25,    $5
+        bis     $5,     $5,     $7
+        ldq     $4,     8($17)
+        addq    $22,    $7,     $22
+        srl     $2,     32,     $8
+        cmpult  $22,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $0
+        srl     $28,    32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $5,     $25,    $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $24,    $6,     $24
+        cmpult  $24,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $5
+        addq    $1,     $23,    $23
+        addq    $0,     $25,    $0
+        cmpult  $0,     $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $225
+        sll     $21,    32,     $1
+        addq    $6,     $1,     $6
+$225:
+        sll     $0,     32,     $25
+        ldq     $2,     32($18)
+        addq    $5,     $25,    $5
+        bis     $5,     $5,     $7
+        ldq     $4,     0($17)
+        addq    $22,    $7,     $22
+        srl     $2,     32,     $8
+        cmpult  $22,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $28
+        srl     $0,     32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $5,     $25,    $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $24,    $6,     $24
+        cmpult  $24,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $2
+        addq    $1,     $23,    $23
+        addq    $28,    $25,    $28
+        cmpult  $28,    $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $229
+        sll     $21,    32,     $1
+        addq    $6,     $1,     $6
+$229:
+        sll     $28,    32,     $25
+        addq    $2,     $25,    $2
+        bis     $2,     $2,     $7
+        addq    $22,    $7,     $22
+        stq     $22,    32($16)
+        ldq     $4,     0($17)
+        ldq     $5,     40($18)
+        cmpult  $22,    $7,     $3
+        zapnot  $4,     15,     $7
+        srl     $5,     32,     $8
+        mulq    $8,     $7,     $0
+        srl     $28,    32,     $1
+        cmpult  $2,     $25,    $2
+        addq    $6,     $1,     $6
+        addq    $2,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $24,    $6,     $24
+        cmpult  $24,    $6,     $1
+        srl     $4,     32,     $6
+        zapnot  $5,     15,     $5
+        mulq    $5,     $6,     $22
+        mulq    $7,     $5,     $2
+        addq    $1,     $23,    $23
+        addq    $0,     $22,    $0
+        cmpult  $0,     $22,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $233
+        sll     $21,    32,     $1
+        addq    $6,     $1,     $6
+$233:
+        sll     $0,     32,     $22
+        ldq     $1,     32($18)
+        addq    $2,     $22,    $2
+        bis     $2,     $2,     $7
+        ldq     $4,     8($17)
+        addq    $24,    $7,     $24
+        srl     $1,     32,     $8
+        cmpult  $24,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $25
+        zapnot  $1,     15,     $5
+        mulq    $7,     $5,     $21
+        srl     $0,     32,     $1
+        cmpult  $2,     $22,    $2
+        addq    $6,     $1,     $6
+        addq    $2,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $23,    $6,     $23
+        cmpult  $23,    $6,     $22
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $5
+        bis     $31,    1,      $20
+        addq    $25,    $5,     $25
+        cmpult  $25,    $5,     $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $237
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$237:
+        sll     $25,    32,     $5
+        ldq     $2,     24($18)
+        addq    $21,    $5,     $21
+        bis     $21,    $21,    $7
+        ldq     $4,     16($17)
+        addq    $24,    $7,     $24
+        srl     $2,     32,     $8
+        cmpult  $24,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $28
+        srl     $25,    32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $21,    $5,     $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $23,    $6,     $23
+        cmpult  $23,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $5
+        addq    $1,     $22,    $22
+        addq    $28,    $25,    $28
+        cmpult  $28,    $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $241
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$241:
+        sll     $28,    32,     $25
+        ldq     $2,     16($18)
+        addq    $5,     $25,    $5
+        bis     $5,     $5,     $7
+        ldq     $4,     24($17)
+        addq    $24,    $7,     $24
+        srl     $2,     32,     $8
+        cmpult  $24,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $0
+        srl     $28,    32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $5,     $25,    $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $23,    $6,     $23
+        cmpult  $23,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $5
+        addq    $1,     $22,    $22
+        addq    $0,     $25,    $0
+        cmpult  $0,     $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $245
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$245:
+        sll     $0,     32,     $25
+        ldq     $2,     8($18)
+        addq    $5,     $25,    $5
+        bis     $5,     $5,     $7
+        ldq     $4,     32($17)
+        addq    $24,    $7,     $24
+        srl     $2,     32,     $8
+        cmpult  $24,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $28
+        srl     $0,     32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $5,     $25,    $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $23,    $6,     $23
+        cmpult  $23,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $5
+        addq    $1,     $22,    $22
+        addq    $28,    $25,    $28
+        cmpult  $28,    $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $249
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$249:
+        sll     $28,    32,     $25
+        ldq     $2,     0($18)
+        addq    $5,     $25,    $5
+        bis     $5,     $5,     $7
+        ldq     $4,     40($17)
+        addq    $24,    $7,     $24
+        srl     $2,     32,     $8
+        cmpult  $24,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $0
+        srl     $28,    32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $5,     $25,    $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $23,    $6,     $23
+        cmpult  $23,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $2
+        addq    $1,     $22,    $22
+        addq    $0,     $25,    $0
+        cmpult  $0,     $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $253
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$253:
+        sll     $0,     32,     $25
+        addq    $2,     $25,    $2
+        bis     $2,     $2,     $7
+        addq    $24,    $7,     $24
+        stq     $24,    40($16)
+        ldq     $4,     48($17)
+        ldq     $5,     0($18)
+        cmpult  $24,    $7,     $3
+        zapnot  $4,     15,     $7
+        srl     $5,     32,     $8
+        mulq    $8,     $7,     $28
+        srl     $0,     32,     $1
+        cmpult  $2,     $25,    $2
+        addq    $6,     $1,     $6
+        addq    $2,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $23,    $6,     $23
+        cmpult  $23,    $6,     $1
+        srl     $4,     32,     $6
+        zapnot  $5,     15,     $5
+        mulq    $5,     $6,     $24
+        mulq    $7,     $5,     $2
+        addq    $1,     $22,    $22
+        addq    $28,    $24,    $28
+        cmpult  $28,    $24,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $257
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$257:
+        sll     $28,    32,     $24
+        ldq     $1,     8($18)
+        addq    $2,     $24,    $2
+        bis     $2,     $2,     $7
+        ldq     $4,     40($17)
+        addq    $23,    $7,     $23
+        srl     $1,     32,     $8
+        cmpult  $23,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $25
+        zapnot  $1,     15,     $5
+        mulq    $7,     $5,     $0
+        srl     $28,    32,     $1
+        cmpult  $2,     $24,    $2
+        addq    $6,     $1,     $6
+        addq    $2,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $22,    $6,     $22
+        cmpult  $22,    $6,     $24
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $5
+        bis     $31,    1,      $21
+        addq    $25,    $5,     $25
+        cmpult  $25,    $5,     $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $261
+        sll     $21,    32,     $1
+        addq    $6,     $1,     $6
+$261:
+        sll     $25,    32,     $5
+        ldq     $2,     16($18)
+        addq    $0,     $5,     $0
+        bis     $0,     $0,     $7
+        ldq     $4,     32($17)
+        addq    $23,    $7,     $23
+        srl     $2,     32,     $8
+        cmpult  $23,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $28
+        srl     $25,    32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $0,     $5,     $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $22,    $6,     $22
+        cmpult  $22,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $5
+        addq    $1,     $24,    $24
+        addq    $28,    $25,    $28
+        cmpult  $28,    $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $265
+        sll     $21,    32,     $1
+        addq    $6,     $1,     $6
+$265:
+        sll     $28,    32,     $25
+        ldq     $2,     24($18)
+        addq    $5,     $25,    $5
+        bis     $5,     $5,     $7
+        ldq     $4,     24($17)
+        addq    $23,    $7,     $23
+        srl     $2,     32,     $8
+        cmpult  $23,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $0
+        srl     $28,    32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $5,     $25,    $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $22,    $6,     $22
+        cmpult  $22,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $5
+        addq    $1,     $24,    $24
+        addq    $0,     $25,    $0
+        cmpult  $0,     $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $269
+        sll     $21,    32,     $1
+        addq    $6,     $1,     $6
+$269:
+        sll     $0,     32,     $25
+        ldq     $2,     32($18)
+        addq    $5,     $25,    $5
+        bis     $5,     $5,     $7
+        ldq     $4,     16($17)
+        addq    $23,    $7,     $23
+        srl     $2,     32,     $8
+        cmpult  $23,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $28
+        srl     $0,     32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $5,     $25,    $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $22,    $6,     $22
+        cmpult  $22,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $5
+        addq    $1,     $24,    $24
+        addq    $28,    $25,    $28
+        cmpult  $28,    $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $273
+        sll     $21,    32,     $1
+        addq    $6,     $1,     $6
+$273:
+        sll     $28,    32,     $25
+        ldq     $2,     40($18)
+        addq    $5,     $25,    $5
+        bis     $5,     $5,     $7
+        ldq     $4,     8($17)
+        addq    $23,    $7,     $23
+        srl     $2,     32,     $8
+        cmpult  $23,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $0
+        srl     $28,    32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $5,     $25,    $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $22,    $6,     $22
+        cmpult  $22,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $5
+        addq    $1,     $24,    $24
+        addq    $0,     $25,    $0
+        cmpult  $0,     $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $277
+        sll     $21,    32,     $1
+        addq    $6,     $1,     $6
+$277:
+        sll     $0,     32,     $25
+        ldq     $2,     48($18)
+        addq    $5,     $25,    $5
+        bis     $5,     $5,     $7
+        ldq     $4,     0($17)
+        addq    $23,    $7,     $23
+        srl     $2,     32,     $8
+        cmpult  $23,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $28
+        srl     $0,     32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $5,     $25,    $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $22,    $6,     $22
+        cmpult  $22,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $2
+        addq    $1,     $24,    $24
+        addq    $28,    $25,    $28
+        cmpult  $28,    $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $281
+        sll     $21,    32,     $1
+        addq    $6,     $1,     $6
+$281:
+        sll     $28,    32,     $25
+        addq    $2,     $25,    $2
+        bis     $2,     $2,     $7
+        addq    $23,    $7,     $23
+        stq     $23,    48($16)
+        ldq     $4,     0($17)
+        ldq     $5,     56($18)
+        cmpult  $23,    $7,     $3
+        zapnot  $4,     15,     $7
+        srl     $5,     32,     $8
+        mulq    $8,     $7,     $0
+        srl     $28,    32,     $1
+        cmpult  $2,     $25,    $2
+        addq    $6,     $1,     $6
+        addq    $2,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $22,    $6,     $22
+        cmpult  $22,    $6,     $1
+        srl     $4,     32,     $6
+        zapnot  $5,     15,     $5
+        mulq    $5,     $6,     $23
+        mulq    $7,     $5,     $2
+        addq    $1,     $24,    $24
+        addq    $0,     $23,    $0
+        cmpult  $0,     $23,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $285
+        sll     $21,    32,     $1
+        addq    $6,     $1,     $6
+$285:
+        sll     $0,     32,     $23
+        ldq     $1,     48($18)
+        addq    $2,     $23,    $2
+        bis     $2,     $2,     $7
+        ldq     $4,     8($17)
+        addq    $22,    $7,     $22
+        srl     $1,     32,     $8
+        cmpult  $22,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $25
+        zapnot  $1,     15,     $5
+        mulq    $7,     $5,     $21
+        srl     $0,     32,     $1
+        cmpult  $2,     $23,    $2
+        addq    $6,     $1,     $6
+        addq    $2,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $24,    $6,     $24
+        cmpult  $24,    $6,     $23
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $5
+        bis     $31,    1,      $20
+        addq    $25,    $5,     $25
+        cmpult  $25,    $5,     $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $289
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$289:
+        sll     $25,    32,     $5
+        ldq     $2,     40($18)
+        addq    $21,    $5,     $21
+        bis     $21,    $21,    $7
+        ldq     $4,     16($17)
+        addq    $22,    $7,     $22
+        srl     $2,     32,     $8
+        cmpult  $22,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $28
+        srl     $25,    32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $21,    $5,     $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $24,    $6,     $24
+        cmpult  $24,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $5
+        addq    $1,     $23,    $23
+        addq    $28,    $25,    $28
+        cmpult  $28,    $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $293
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$293:
+        sll     $28,    32,     $25
+        ldq     $2,     32($18)
+        addq    $5,     $25,    $5
+        bis     $5,     $5,     $7
+        ldq     $4,     24($17)
+        addq    $22,    $7,     $22
+        srl     $2,     32,     $8
+        cmpult  $22,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $0
+        srl     $28,    32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $5,     $25,    $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $24,    $6,     $24
+        cmpult  $24,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $5
+        addq    $1,     $23,    $23
+        addq    $0,     $25,    $0
+        cmpult  $0,     $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $297
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$297:
+        sll     $0,     32,     $25
+        ldq     $2,     24($18)
+        addq    $5,     $25,    $5
+        bis     $5,     $5,     $7
+        ldq     $4,     32($17)
+        addq    $22,    $7,     $22
+        srl     $2,     32,     $8
+        cmpult  $22,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $28
+        srl     $0,     32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $5,     $25,    $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $24,    $6,     $24
+        cmpult  $24,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $5
+        addq    $1,     $23,    $23
+        addq    $28,    $25,    $28
+        cmpult  $28,    $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $301
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$301:
+        sll     $28,    32,     $25
+        ldq     $2,     16($18)
+        addq    $5,     $25,    $5
+        bis     $5,     $5,     $7
+        ldq     $4,     40($17)
+        addq    $22,    $7,     $22
+        srl     $2,     32,     $8
+        cmpult  $22,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $0
+        srl     $28,    32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $5,     $25,    $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $24,    $6,     $24
+        cmpult  $24,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $5
+        addq    $1,     $23,    $23
+        addq    $0,     $25,    $0
+        cmpult  $0,     $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $305
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$305:
+        sll     $0,     32,     $25
+        ldq     $2,     8($18)
+        addq    $5,     $25,    $5
+        bis     $5,     $5,     $7
+        ldq     $4,     48($17)
+        addq    $22,    $7,     $22
+        srl     $2,     32,     $8
+        cmpult  $22,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $28
+        srl     $0,     32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $5,     $25,    $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $24,    $6,     $24
+        cmpult  $24,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $5
+        addq    $1,     $23,    $23
+        addq    $28,    $25,    $28
+        cmpult  $28,    $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $309
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$309:
+        sll     $28,    32,     $25
+        ldq     $2,     0($18)
+        addq    $5,     $25,    $5
+        bis     $5,     $5,     $7
+        ldq     $4,     56($17)
+        addq    $22,    $7,     $22
+        srl     $2,     32,     $8
+        cmpult  $22,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $0
+        srl     $28,    32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $5,     $25,    $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $24,    $6,     $24
+        cmpult  $24,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $2
+        addq    $1,     $23,    $23
+        addq    $0,     $25,    $0
+        cmpult  $0,     $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $313
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$313:
+        sll     $0,     32,     $25
+        addq    $2,     $25,    $2
+        bis     $2,     $2,     $7
+        addq    $22,    $7,     $22
+        stq     $22,    56($16)
+        ldq     $4,     56($17)
+        ldq     $5,     8($18)
+        cmpult  $22,    $7,     $3
+        zapnot  $4,     15,     $7
+        srl     $5,     32,     $8
+        mulq    $8,     $7,     $28
+        srl     $0,     32,     $1
+        cmpult  $2,     $25,    $2
+        addq    $6,     $1,     $6
+        addq    $2,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $24,    $6,     $24
+        cmpult  $24,    $6,     $1
+        srl     $4,     32,     $6
+        zapnot  $5,     15,     $5
+        mulq    $5,     $6,     $22
+        mulq    $7,     $5,     $2
+        addq    $1,     $23,    $23
+        addq    $28,    $22,    $28
+        cmpult  $28,    $22,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $317
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$317:
+        sll     $28,    32,     $22
+        ldq     $1,     16($18)
+        addq    $2,     $22,    $2
+        bis     $2,     $2,     $7
+        ldq     $4,     48($17)
+        addq    $24,    $7,     $24
+        srl     $1,     32,     $8
+        cmpult  $24,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $25
+        zapnot  $1,     15,     $5
+        mulq    $7,     $5,     $0
+        srl     $28,    32,     $1
+        cmpult  $2,     $22,    $2
+        addq    $6,     $1,     $6
+        addq    $2,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $23,    $6,     $23
+        cmpult  $23,    $6,     $22
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $5
+        bis     $31,    1,      $21
+        addq    $25,    $5,     $25
+        cmpult  $25,    $5,     $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $321
+        sll     $21,    32,     $1
+        addq    $6,     $1,     $6
+$321:
+        sll     $25,    32,     $5
+        ldq     $2,     24($18)
+        addq    $0,     $5,     $0
+        bis     $0,     $0,     $7
+        ldq     $4,     40($17)
+        addq    $24,    $7,     $24
+        srl     $2,     32,     $8
+        cmpult  $24,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $28
+        srl     $25,    32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $0,     $5,     $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $23,    $6,     $23
+        cmpult  $23,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $5
+        addq    $1,     $22,    $22
+        addq    $28,    $25,    $28
+        cmpult  $28,    $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $325
+        sll     $21,    32,     $1
+        addq    $6,     $1,     $6
+$325:
+        sll     $28,    32,     $25
+        ldq     $2,     32($18)
+        addq    $5,     $25,    $5
+        bis     $5,     $5,     $7
+        ldq     $4,     32($17)
+        addq    $24,    $7,     $24
+        srl     $2,     32,     $8
+        cmpult  $24,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $0
+        srl     $28,    32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $5,     $25,    $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $23,    $6,     $23
+        cmpult  $23,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $5
+        addq    $1,     $22,    $22
+        addq    $0,     $25,    $0
+        cmpult  $0,     $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $329
+        sll     $21,    32,     $1
+        addq    $6,     $1,     $6
+$329:
+        sll     $0,     32,     $25
+        ldq     $2,     40($18)
+        addq    $5,     $25,    $5
+        bis     $5,     $5,     $7
+        ldq     $4,     24($17)
+        addq    $24,    $7,     $24
+        srl     $2,     32,     $8
+        cmpult  $24,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $28
+        srl     $0,     32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $5,     $25,    $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $23,    $6,     $23
+        cmpult  $23,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $5
+        addq    $1,     $22,    $22
+        addq    $28,    $25,    $28
+        cmpult  $28,    $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $333
+        sll     $21,    32,     $1
+        addq    $6,     $1,     $6
+$333:
+        sll     $28,    32,     $25
+        ldq     $2,     48($18)
+        addq    $5,     $25,    $5
+        bis     $5,     $5,     $7
+        ldq     $4,     16($17)
+        addq    $24,    $7,     $24
+        srl     $2,     32,     $8
+        cmpult  $24,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $0
+        srl     $28,    32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $5,     $25,    $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $23,    $6,     $23
+        cmpult  $23,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $5
+        addq    $1,     $22,    $22
+        addq    $0,     $25,    $0
+        cmpult  $0,     $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $337
+        sll     $21,    32,     $1
+        addq    $6,     $1,     $6
+$337:
+        sll     $0,     32,     $25
+        ldq     $2,     56($18)
+        addq    $5,     $25,    $5
+        bis     $5,     $5,     $7
+        ldq     $4,     8($17)
+        addq    $24,    $7,     $24
+        srl     $2,     32,     $8
+        cmpult  $24,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $28
+        srl     $0,     32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $5,     $25,    $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $23,    $6,     $23
+        cmpult  $23,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $2
+        addq    $1,     $22,    $22
+        addq    $28,    $25,    $28
+        cmpult  $28,    $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $341
+        sll     $21,    32,     $1
+        addq    $6,     $1,     $6
+$341:
+        sll     $28,    32,     $25
+        addq    $2,     $25,    $2
+        bis     $2,     $2,     $7
+        addq    $24,    $7,     $24
+        stq     $24,    64($16)
+        ldq     $4,     16($17)
+        ldq     $5,     56($18)
+        cmpult  $24,    $7,     $3
+        zapnot  $4,     15,     $7
+        srl     $5,     32,     $8
+        mulq    $8,     $7,     $0
+        srl     $28,    32,     $1
+        cmpult  $2,     $25,    $2
+        addq    $6,     $1,     $6
+        addq    $2,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $23,    $6,     $23
+        cmpult  $23,    $6,     $1
+        srl     $4,     32,     $6
+        zapnot  $5,     15,     $5
+        mulq    $5,     $6,     $24
+        mulq    $7,     $5,     $2
+        addq    $1,     $22,    $22
+        addq    $0,     $24,    $0
+        cmpult  $0,     $24,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $345
+        sll     $21,    32,     $1
+        addq    $6,     $1,     $6
+$345:
+        sll     $0,     32,     $24
+        ldq     $1,     48($18)
+        addq    $2,     $24,    $2
+        bis     $2,     $2,     $7
+        ldq     $4,     24($17)
+        addq    $23,    $7,     $23
+        srl     $1,     32,     $8
+        cmpult  $23,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $25
+        zapnot  $1,     15,     $5
+        mulq    $7,     $5,     $21
+        srl     $0,     32,     $1
+        cmpult  $2,     $24,    $2
+        addq    $6,     $1,     $6
+        addq    $2,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $22,    $6,     $22
+        cmpult  $22,    $6,     $24
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $5
+        bis     $31,    1,      $20
+        addq    $25,    $5,     $25
+        cmpult  $25,    $5,     $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $349
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$349:
+        sll     $25,    32,     $5
+        ldq     $2,     40($18)
+        addq    $21,    $5,     $21
+        bis     $21,    $21,    $7
+        ldq     $4,     32($17)
+        addq    $23,    $7,     $23
+        srl     $2,     32,     $8
+        cmpult  $23,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $28
+        srl     $25,    32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $21,    $5,     $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $22,    $6,     $22
+        cmpult  $22,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $5
+        addq    $1,     $24,    $24
+        addq    $28,    $25,    $28
+        cmpult  $28,    $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $353
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$353:
+        sll     $28,    32,     $25
+        ldq     $2,     32($18)
+        addq    $5,     $25,    $5
+        bis     $5,     $5,     $7
+        ldq     $4,     40($17)
+        addq    $23,    $7,     $23
+        srl     $2,     32,     $8
+        cmpult  $23,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $0
+        srl     $28,    32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $5,     $25,    $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $22,    $6,     $22
+        cmpult  $22,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $5
+        addq    $1,     $24,    $24
+        addq    $0,     $25,    $0
+        cmpult  $0,     $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $357
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$357:
+        sll     $0,     32,     $25
+        ldq     $2,     24($18)
+        addq    $5,     $25,    $5
+        bis     $5,     $5,     $7
+        ldq     $4,     48($17)
+        addq    $23,    $7,     $23
+        srl     $2,     32,     $8
+        cmpult  $23,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $28
+        srl     $0,     32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $5,     $25,    $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $22,    $6,     $22
+        cmpult  $22,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $5
+        addq    $1,     $24,    $24
+        addq    $28,    $25,    $28
+        cmpult  $28,    $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $361
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$361:
+        sll     $28,    32,     $25
+        ldq     $2,     16($18)
+        addq    $5,     $25,    $5
+        bis     $5,     $5,     $7
+        ldq     $4,     56($17)
+        addq    $23,    $7,     $23
+        srl     $2,     32,     $8
+        cmpult  $23,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $0
+        srl     $28,    32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $5,     $25,    $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $22,    $6,     $22
+        cmpult  $22,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $2
+        addq    $1,     $24,    $24
+        addq    $0,     $25,    $0
+        cmpult  $0,     $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $365
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$365:
+        sll     $0,     32,     $25
+        addq    $2,     $25,    $2
+        bis     $2,     $2,     $7
+        addq    $23,    $7,     $23
+        stq     $23,    72($16)
+        ldq     $4,     56($17)
+        ldq     $5,     24($18)
+        cmpult  $23,    $7,     $3
+        zapnot  $4,     15,     $7
+        srl     $5,     32,     $8
+        mulq    $8,     $7,     $28
+        srl     $0,     32,     $1
+        cmpult  $2,     $25,    $2
+        addq    $6,     $1,     $6
+        addq    $2,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $22,    $6,     $22
+        cmpult  $22,    $6,     $1
+        srl     $4,     32,     $6
+        zapnot  $5,     15,     $5
+        mulq    $5,     $6,     $23
+        mulq    $7,     $5,     $2
+        addq    $1,     $24,    $24
+        addq    $28,    $23,    $28
+        cmpult  $28,    $23,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $369
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$369:
+        sll     $28,    32,     $23
+        ldq     $1,     32($18)
+        addq    $2,     $23,    $2
+        bis     $2,     $2,     $7
+        ldq     $4,     48($17)
+        addq    $22,    $7,     $22
+        srl     $1,     32,     $8
+        cmpult  $22,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $25
+        zapnot  $1,     15,     $5
+        mulq    $7,     $5,     $0
+        srl     $28,    32,     $1
+        cmpult  $2,     $23,    $2
+        addq    $6,     $1,     $6
+        addq    $2,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $24,    $6,     $24
+        cmpult  $24,    $6,     $23
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $5
+        bis     $31,    1,      $21
+        addq    $25,    $5,     $25
+        cmpult  $25,    $5,     $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $373
+        sll     $21,    32,     $1
+        addq    $6,     $1,     $6
+$373:
+        sll     $25,    32,     $5
+        ldq     $2,     40($18)
+        addq    $0,     $5,     $0
+        bis     $0,     $0,     $7
+        ldq     $4,     40($17)
+        addq    $22,    $7,     $22
+        srl     $2,     32,     $8
+        cmpult  $22,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $28
+        srl     $25,    32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $0,     $5,     $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $24,    $6,     $24
+        cmpult  $24,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $5
+        addq    $1,     $23,    $23
+        addq    $28,    $25,    $28
+        cmpult  $28,    $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $377
+        sll     $21,    32,     $1
+        addq    $6,     $1,     $6
+$377:
+        sll     $28,    32,     $25
+        ldq     $2,     48($18)
+        addq    $5,     $25,    $5
+        bis     $5,     $5,     $7
+        ldq     $4,     32($17)
+        addq    $22,    $7,     $22
+        srl     $2,     32,     $8
+        cmpult  $22,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $0
+        srl     $28,    32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $5,     $25,    $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $24,    $6,     $24
+        cmpult  $24,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $5
+        addq    $1,     $23,    $23
+        addq    $0,     $25,    $0
+        cmpult  $0,     $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $381
+        sll     $21,    32,     $1
+        addq    $6,     $1,     $6
+$381:
+        sll     $0,     32,     $25
+        ldq     $2,     56($18)
+        addq    $5,     $25,    $5
+        bis     $5,     $5,     $7
+        ldq     $4,     24($17)
+        addq    $22,    $7,     $22
+        srl     $2,     32,     $8
+        cmpult  $22,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $28
+        srl     $0,     32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $5,     $25,    $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $24,    $6,     $24
+        cmpult  $24,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $2
+        addq    $1,     $23,    $23
+        addq    $28,    $25,    $28
+        cmpult  $28,    $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $385
+        sll     $21,    32,     $1
+        addq    $6,     $1,     $6
+$385:
+        sll     $28,    32,     $25
+        addq    $2,     $25,    $2
+        bis     $2,     $2,     $7
+        addq    $22,    $7,     $22
+        stq     $22,    80($16)
+        ldq     $4,     32($17)
+        ldq     $5,     56($18)
+        cmpult  $22,    $7,     $3
+        zapnot  $4,     15,     $7
+        srl     $5,     32,     $8
+        mulq    $8,     $7,     $0
+        srl     $28,    32,     $1
+        cmpult  $2,     $25,    $2
+        addq    $6,     $1,     $6
+        addq    $2,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $24,    $6,     $24
+        cmpult  $24,    $6,     $1
+        srl     $4,     32,     $6
+        zapnot  $5,     15,     $5
+        mulq    $5,     $6,     $22
+        mulq    $7,     $5,     $2
+        addq    $1,     $23,    $23
+        addq    $0,     $22,    $0
+        cmpult  $0,     $22,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $389
+        sll     $21,    32,     $1
+        addq    $6,     $1,     $6
+$389:
+        sll     $0,     32,     $22
+        ldq     $1,     48($18)
+        addq    $2,     $22,    $2
+        bis     $2,     $2,     $7
+        ldq     $4,     40($17)
+        addq    $24,    $7,     $24
+        srl     $1,     32,     $8
+        cmpult  $24,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $25
+        zapnot  $1,     15,     $5
+        mulq    $7,     $5,     $21
+        srl     $0,     32,     $1
+        cmpult  $2,     $22,    $2
+        addq    $6,     $1,     $6
+        addq    $2,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $23,    $6,     $23
+        cmpult  $23,    $6,     $22
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $5
+        bis     $31,    1,      $20
+        addq    $25,    $5,     $25
+        cmpult  $25,    $5,     $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $393
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$393:
+        sll     $25,    32,     $5
+        ldq     $2,     40($18)
+        addq    $21,    $5,     $21
+        bis     $21,    $21,    $7
+        ldq     $4,     48($17)
+        addq    $24,    $7,     $24
+        srl     $2,     32,     $8
+        cmpult  $24,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $28
+        srl     $25,    32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $21,    $5,     $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $23,    $6,     $23
+        cmpult  $23,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $5
+        addq    $1,     $22,    $22
+        addq    $28,    $25,    $28
+        cmpult  $28,    $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $397
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$397:
+        sll     $28,    32,     $25
+        ldq     $2,     32($18)
+        addq    $5,     $25,    $5
+        bis     $5,     $5,     $7
+        ldq     $4,     56($17)
+        addq    $24,    $7,     $24
+        srl     $2,     32,     $8
+        cmpult  $24,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $21
+        srl     $28,    32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $5,     $25,    $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $23,    $6,     $23
+        cmpult  $23,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $2
+        addq    $1,     $22,    $22
+        addq    $21,    $25,    $21
+        cmpult  $21,    $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $401
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$401:
+        sll     $21,    32,     $25
+        addq    $2,     $25,    $2
+        bis     $2,     $2,     $7
+        addq    $24,    $7,     $24
+        stq     $24,    88($16)
+        ldq     $4,     56($17)
+        ldq     $5,     40($18)
+        cmpult  $24,    $7,     $3
+        zapnot  $4,     15,     $7
+        srl     $5,     32,     $8
+        mulq    $8,     $7,     $0
+        srl     $21,    32,     $1
+        cmpult  $2,     $25,    $2
+        addq    $6,     $1,     $6
+        addq    $2,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $23,    $6,     $23
+        cmpult  $23,    $6,     $1
+        srl     $4,     32,     $6
+        zapnot  $5,     15,     $5
+        mulq    $5,     $6,     $24
+        mulq    $7,     $5,     $5
+        addq    $1,     $22,    $22
+        addq    $0,     $24,    $0
+        cmpult  $0,     $24,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $405
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$405:
+        sll     $0,     32,     $24
+        ldq     $2,     48($18)
+        addq    $5,     $24,    $5
+        bis     $5,     $5,     $7
+        ldq     $4,     48($17)
+        addq    $23,    $7,     $23
+        srl     $2,     32,     $8
+        cmpult  $23,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $28
+        srl     $0,     32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $5,     $24,    $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $22,    $6,     $22
+        cmpult  $22,    $6,     $24
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $5
+        addq    $28,    $25,    $28
+        cmpult  $28,    $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $409
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$409:
+        sll     $28,    32,     $25
+        ldq     $2,     56($18)
+        addq    $5,     $25,    $5
+        bis     $5,     $5,     $7
+        ldq     $4,     40($17)
+        addq    $23,    $7,     $23
+        srl     $2,     32,     $8
+        cmpult  $23,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $0
+        srl     $28,    32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $5,     $25,    $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $22,    $6,     $22
+        cmpult  $22,    $6,     $1
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $2
+        addq    $1,     $24,    $24
+        addq    $0,     $25,    $0
+        cmpult  $0,     $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $413
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$413:
+        sll     $0,     32,     $25
+        addq    $2,     $25,    $2
+        bis     $2,     $2,     $7
+        addq    $23,    $7,     $23
+        stq     $23,    96($16)
+        ldq     $4,     48($17)
+        ldq     $5,     56($18)
+        cmpult  $23,    $7,     $3
+        zapnot  $4,     15,     $7
+        srl     $5,     32,     $8
+        mulq    $8,     $7,     $28
+        srl     $0,     32,     $1
+        cmpult  $2,     $25,    $2
+        addq    $6,     $1,     $6
+        addq    $2,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $22,    $6,     $22
+        cmpult  $22,    $6,     $1
+        srl     $4,     32,     $6
+        zapnot  $5,     15,     $5
+        mulq    $5,     $6,     $23
+        mulq    $7,     $5,     $5
+        addq    $1,     $24,    $24
+        addq    $28,    $23,    $28
+        cmpult  $28,    $23,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $417
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$417:
+        sll     $28,    32,     $23
+        ldq     $2,     48($18)
+        addq    $5,     $23,    $5
+        bis     $5,     $5,     $7
+        ldq     $4,     56($17)
+        addq    $22,    $7,     $22
+        srl     $2,     32,     $8
+        cmpult  $22,    $7,     $3
+        zapnot  $4,     15,     $7
+        mulq    $8,     $7,     $0
+        srl     $28,    32,     $1
+        addq    $6,     $1,     $6
+        cmpult  $5,     $23,    $1
+        zapnot  $2,     15,     $5
+        addq    $1,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $24,    $6,     $24
+        cmpult  $24,    $6,     $23
+        srl     $4,     32,     $6
+        mulq    $5,     $6,     $25
+        mulq    $7,     $5,     $2
+        addq    $0,     $25,    $0
+        cmpult  $0,     $25,    $1
+        mulq    $6,     $8,     $6
+        beq     $1,     $421
+        sll     $20,    32,     $1
+        addq    $6,     $1,     $6
+$421:
+        sll     $0,     32,     $25
+        addq    $2,     $25,    $2
+        bis     $2,     $2,     $7
+        addq    $22,    $7,     $22
+        stq     $22,    104($16)
+        ldq     $4,     56($17)
+        ldq     $5,     56($18)
+        cmpult  $22,    $7,     $3
+        zapnot  $4,     15,     $7
+        srl     $5,     32,     $8
+        mulq    $8,     $7,     $28
+        srl     $0,     32,     $1
+        cmpult  $2,     $25,    $2
+        addq    $6,     $1,     $6
+        addq    $2,     $6,     $6
+        addq    $3,     $6,     $6
+        addq    $24,    $6,     $24
+        cmpult  $24,    $6,     $1
+        srl     $4,     32,     $6
+        zapnot  $5,     15,     $5
+        mulq    $5,     $6,     $22
+        mulq    $7,     $5,     $2
+        addq    $1,     $23,    $23
+        addq    $28,    $22,    $28
+        cmpult  $28,    $22,    $1
+        mulq    $6,     $8,     $3
+        beq     $1,     $425
+        sll     $20,    32,     $1
+        addq    $3,     $1,     $3
+$425:
+        sll     $28,    32,     $22
+        srl     $28,    32,     $1
+        addq    $2,     $22,    $2
+        addq    $3,     $1,     $3
+        bis     $2,     $2,     $7
+        addq    $24,    $7,     $24
+        cmpult  $7,     $22,    $1
+        cmpult  $24,    $7,     $2
+        addq    $1,     $3,     $6
+        addq    $2,     $6,     $6
+        stq     $24,    112($16)
+        addq    $23,    $6,     $23
+        stq     $23,    120($16)
+        ret     $31,    ($26),  1
+        .end bn_mul_comba8
+        .text
+        .align 3
+        .globl bn_sqr_comba4
+        .ent bn_sqr_comba4
+bn_sqr_comba4:
+bn_sqr_comba4..ng:
+        .frame $30,0,$26,0
+        .prologue 0
+        ldq     $0,     0($17)
+        ldq     $1,     8($17)
+        ldq     $2,     16($17)
+        ldq     $3,     24($17)
+        bis     $31,    $31,    $6
+        mulq    $0,     $0,     $4
+        umulh   $0,     $0,     $5
+        stq     $4,     0($16)
+        bis     $31,    $31,    $4
+        mulq    $0,     $1,     $7
+        umulh   $0,     $1,     $8
+        cmplt   $7,     $31,    $22
+        cmplt   $8,     $31,    $23
+        addq    $7,     $7,     $7
+        addq    $8,     $8,     $8
+        addq    $8,     $22,    $8
+        addq    $4,     $23,    $4
+        addq    $5,     $7,     $5
+        addq    $6,     $8,     $6
+        cmpult  $5,     $7,     $24
+        cmpult  $6,     $8,     $25
+        addq    $6,     $24,    $6
+        addq    $4,     $25,    $4
+        stq     $5,     8($16)
+        bis     $31,    $31,    $5
+        mulq    $1,     $1,     $27
+        umulh   $1,     $1,     $28
+        addq    $6,     $27,    $6
+        addq    $4,     $28,    $4
+        cmpult  $6,     $27,    $21
+        cmpult  $4,     $28,    $20
+        addq    $4,     $21,    $4
+        addq    $5,     $20,    $5
+        mulq    $2,     $0,     $19
+        umulh   $2,     $0,     $18
+        cmplt   $19,    $31,    $17
+        cmplt   $18,    $31,    $22
+        addq    $19,    $19,    $19
+        addq    $18,    $18,    $18
+        addq    $18,    $17,    $18
+        addq    $5,     $22,    $5
+        addq    $6,     $19,    $6
+        addq    $4,     $18,    $4
+        cmpult  $6,     $19,    $23
+        cmpult  $4,     $18,    $7
+        addq    $4,     $23,    $4
+        addq    $5,     $7,     $5
+        stq     $6,     16($16)
+        bis     $31,    $31,    $6
+        mulq    $3,     $0,     $8
+        umulh   $3,     $0,     $24
+        cmplt   $8,     $31,    $25
+        cmplt   $24,    $31,    $27
+        addq    $8,     $8,     $8
+        addq    $24,    $24,    $24
+        addq    $24,    $25,    $24
+        addq    $6,     $27,    $6
+        addq    $4,     $8,     $4
+        addq    $5,     $24,    $5
+        cmpult  $4,     $8,     $28
+        cmpult  $5,     $24,    $21
+        addq    $5,     $28,    $5
+        addq    $6,     $21,    $6
+        mulq    $2,     $1,     $20
+        umulh   $2,     $1,     $17
+        cmplt   $20,    $31,    $22
+        cmplt   $17,    $31,    $19
+        addq    $20,    $20,    $20
+        addq    $17,    $17,    $17
+        addq    $17,    $22,    $17
+        addq    $6,     $19,    $6
+        addq    $4,     $20,    $4
+        addq    $5,     $17,    $5
+        cmpult  $4,     $20,    $18
+        cmpult  $5,     $17,    $23
+        addq    $5,     $18,    $5
+        addq    $6,     $23,    $6
+        stq     $4,     24($16)
+        bis     $31,    $31,    $4
+        mulq    $2,     $2,     $7
+        umulh   $2,     $2,     $25
+        addq    $5,     $7,     $5
+        addq    $6,     $25,    $6
+        cmpult  $5,     $7,     $27
+        cmpult  $6,     $25,    $8
+        addq    $6,     $27,    $6
+        addq    $4,     $8,     $4
+        mulq    $3,     $1,     $24
+        umulh   $3,     $1,     $28
+        cmplt   $24,    $31,    $21
+        cmplt   $28,    $31,    $22
+        addq    $24,    $24,    $24
+        addq    $28,    $28,    $28
+        addq    $28,    $21,    $28
+        addq    $4,     $22,    $4
+        addq    $5,     $24,    $5
+        addq    $6,     $28,    $6
+        cmpult  $5,     $24,    $19
+        cmpult  $6,     $28,    $20
+        addq    $6,     $19,    $6
+        addq    $4,     $20,    $4
+        stq     $5,     32($16)
+        bis     $31,    $31,    $5
+        mulq    $3,     $2,     $17
+        umulh   $3,     $2,     $18
+        cmplt   $17,    $31,    $23
+        cmplt   $18,    $31,    $7
+        addq    $17,    $17,    $17
+        addq    $18,    $18,    $18
+        addq    $18,    $23,    $18
+        addq    $5,     $7,     $5
+        addq    $6,     $17,    $6
+        addq    $4,     $18,    $4
+        cmpult  $6,     $17,    $25
+        cmpult  $4,     $18,    $27
+        addq    $4,     $25,    $4
+        addq    $5,     $27,    $5
+        stq     $6,     40($16)
+        bis     $31,    $31,    $6
+        mulq    $3,     $3,     $8
+        umulh   $3,     $3,     $21
+        addq    $4,     $8,     $4
+        addq    $5,     $21,    $5
+        cmpult  $4,     $8,     $22
+        cmpult  $5,     $21,    $24
+        addq    $5,     $22,    $5
+        addq    $6,     $24,    $6
+        stq     $4,     48($16)
+        stq     $5,     56($16)
+        ret     $31,($26),1
+        .end bn_sqr_comba4
+        .text
+        .align 3
+        .globl bn_sqr_comba8
+        .ent bn_sqr_comba8
+bn_sqr_comba8:
+bn_sqr_comba8..ng:
+        .frame $30,0,$26,0
+        .prologue 0
+        ldq     $0,     0($17)
+        ldq     $1,     8($17)
+        ldq     $2,     16($17)
+        ldq     $3,     24($17)
+        ldq     $4,     32($17)
+        ldq     $5,     40($17)
+        ldq     $6,     48($17)
+        ldq     $7,     56($17)
+        bis     $31,    $31,    $23
+        mulq    $0,     $0,     $8
+        umulh   $0,     $0,     $22
+        stq     $8,     0($16)
+        bis     $31,    $31,    $8
+        mulq    $1,     $0,     $24
+        umulh   $1,     $0,     $25
+        cmplt   $24,    $31,    $27
+        cmplt   $25,    $31,    $28
+        addq    $24,    $24,    $24
+        addq    $25,    $25,    $25
+        addq    $25,    $27,    $25
+        addq    $8,     $28,    $8
+        addq    $22,    $24,    $22
+        addq    $23,    $25,    $23
+        cmpult  $22,    $24,    $21
+        cmpult  $23,    $25,    $20
+        addq    $23,    $21,    $23
+        addq    $8,     $20,    $8
+        stq     $22,    8($16)
+        bis     $31,    $31,    $22
+        mulq    $1,     $1,     $19
+        umulh   $1,     $1,     $18
+        addq    $23,    $19,    $23
+        addq    $8,     $18,    $8
+        cmpult  $23,    $19,    $17
+        cmpult  $8,     $18,    $27
+        addq    $8,     $17,    $8
+        addq    $22,    $27,    $22
+        mulq    $2,     $0,     $28
+        umulh   $2,     $0,     $24
+        cmplt   $28,    $31,    $25
+        cmplt   $24,    $31,    $21
+        addq    $28,    $28,    $28
+        addq    $24,    $24,    $24
+        addq    $24,    $25,    $24
+        addq    $22,    $21,    $22
+        addq    $23,    $28,    $23
+        addq    $8,     $24,    $8
+        cmpult  $23,    $28,    $20
+        cmpult  $8,     $24,    $19
+        addq    $8,     $20,    $8
+        addq    $22,    $19,    $22
+        stq     $23,    16($16)
+        bis     $31,    $31,    $23
+        mulq    $2,     $1,     $18
+        umulh   $2,     $1,     $17
+        cmplt   $18,    $31,    $27
+        cmplt   $17,    $31,    $25
+        addq    $18,    $18,    $18
+        addq    $17,    $17,    $17
+        addq    $17,    $27,    $17
+        addq    $23,    $25,    $23
+        addq    $8,     $18,    $8
+        addq    $22,    $17,    $22
+        cmpult  $8,     $18,    $21
+        cmpult  $22,    $17,    $28
+        addq    $22,    $21,    $22
+        addq    $23,    $28,    $23
+        mulq    $3,     $0,     $24
+        umulh   $3,     $0,     $20
+        cmplt   $24,    $31,    $19
+        cmplt   $20,    $31,    $27
+        addq    $24,    $24,    $24
+        addq    $20,    $20,    $20
+        addq    $20,    $19,    $20
+        addq    $23,    $27,    $23
+        addq    $8,     $24,    $8
+        addq    $22,    $20,    $22
+        cmpult  $8,     $24,    $25
+        cmpult  $22,    $20,    $18
+        addq    $22,    $25,    $22
+        addq    $23,    $18,    $23
+        stq     $8,     24($16)
+        bis     $31,    $31,    $8
+        mulq    $2,     $2,     $17
+        umulh   $2,     $2,     $21
+        addq    $22,    $17,    $22
+        addq    $23,    $21,    $23
+        cmpult  $22,    $17,    $28
+        cmpult  $23,    $21,    $19
+        addq    $23,    $28,    $23
+        addq    $8,     $19,    $8
+        mulq    $3,     $1,     $27
+        umulh   $3,     $1,     $24
+        cmplt   $27,    $31,    $20
+        cmplt   $24,    $31,    $25
+        addq    $27,    $27,    $27
+        addq    $24,    $24,    $24
+        addq    $24,    $20,    $24
+        addq    $8,     $25,    $8
+        addq    $22,    $27,    $22
+        addq    $23,    $24,    $23
+        cmpult  $22,    $27,    $18
+        cmpult  $23,    $24,    $17
+        addq    $23,    $18,    $23
+        addq    $8,     $17,    $8
+        mulq    $4,     $0,     $21
+        umulh   $4,     $0,     $28
+        cmplt   $21,    $31,    $19
+        cmplt   $28,    $31,    $20
+        addq    $21,    $21,    $21
+        addq    $28,    $28,    $28
+        addq    $28,    $19,    $28
+        addq    $8,     $20,    $8
+        addq    $22,    $21,    $22
+        addq    $23,    $28,    $23
+        cmpult  $22,    $21,    $25
+        cmpult  $23,    $28,    $27
+        addq    $23,    $25,    $23
+        addq    $8,     $27,    $8
+        stq     $22,    32($16)
+        bis     $31,    $31,    $22
+        mulq    $3,     $2,     $24
+        umulh   $3,     $2,     $18
+        cmplt   $24,    $31,    $17
+        cmplt   $18,    $31,    $19
+        addq    $24,    $24,    $24
+        addq    $18,    $18,    $18
+        addq    $18,    $17,    $18
+        addq    $22,    $19,    $22
+        addq    $23,    $24,    $23
+        addq    $8,     $18,    $8
+        cmpult  $23,    $24,    $20
+        cmpult  $8,     $18,    $21
+        addq    $8,     $20,    $8
+        addq    $22,    $21,    $22
+        mulq    $4,     $1,     $28
+        umulh   $4,     $1,     $25
+        cmplt   $28,    $31,    $27
+        cmplt   $25,    $31,    $17
+        addq    $28,    $28,    $28
+        addq    $25,    $25,    $25
+        addq    $25,    $27,    $25
+        addq    $22,    $17,    $22
+        addq    $23,    $28,    $23
+        addq    $8,     $25,    $8
+        cmpult  $23,    $28,    $19
+        cmpult  $8,     $25,    $24
+        addq    $8,     $19,    $8
+        addq    $22,    $24,    $22
+        mulq    $5,     $0,     $18
+        umulh   $5,     $0,     $20
+        cmplt   $18,    $31,    $21
+        cmplt   $20,    $31,    $27
+        addq    $18,    $18,    $18
+        addq    $20,    $20,    $20
+        addq    $20,    $21,    $20
+        addq    $22,    $27,    $22
+        addq    $23,    $18,    $23
+        addq    $8,     $20,    $8
+        cmpult  $23,    $18,    $17
+        cmpult  $8,     $20,    $28
+        addq    $8,     $17,    $8
+        addq    $22,    $28,    $22
+        stq     $23,    40($16)
+        bis     $31,    $31,    $23
+        mulq    $3,     $3,     $25
+        umulh   $3,     $3,     $19
+        addq    $8,     $25,    $8
+        addq    $22,    $19,    $22
+        cmpult  $8,     $25,    $24
+        cmpult  $22,    $19,    $21
+        addq    $22,    $24,    $22
+        addq    $23,    $21,    $23
+        mulq    $4,     $2,     $27
+        umulh   $4,     $2,     $18
+        cmplt   $27,    $31,    $20
+        cmplt   $18,    $31,    $17
+        addq    $27,    $27,    $27
+        addq    $18,    $18,    $18
+        addq    $18,    $20,    $18
+        addq    $23,    $17,    $23
+        addq    $8,     $27,    $8
+        addq    $22,    $18,    $22
+        cmpult  $8,     $27,    $28
+        cmpult  $22,    $18,    $25
+        addq    $22,    $28,    $22
+        addq    $23,    $25,    $23
+        mulq    $5,     $1,     $19
+        umulh   $5,     $1,     $24
+        cmplt   $19,    $31,    $21
+        cmplt   $24,    $31,    $20
+        addq    $19,    $19,    $19
+        addq    $24,    $24,    $24
+        addq    $24,    $21,    $24
+        addq    $23,    $20,    $23
+        addq    $8,     $19,    $8
+        addq    $22,    $24,    $22
+        cmpult  $8,     $19,    $17
+        cmpult  $22,    $24,    $27
+        addq    $22,    $17,    $22
+        addq    $23,    $27,    $23
+        mulq    $6,     $0,     $18
+        umulh   $6,     $0,     $28
+        cmplt   $18,    $31,    $25
+        cmplt   $28,    $31,    $21
+        addq    $18,    $18,    $18
+        addq    $28,    $28,    $28
+        addq    $28,    $25,    $28
+        addq    $23,    $21,    $23
+        addq    $8,     $18,    $8
+        addq    $22,    $28,    $22
+        cmpult  $8,     $18,    $20
+        cmpult  $22,    $28,    $19
+        addq    $22,    $20,    $22
+        addq    $23,    $19,    $23
+        stq     $8,     48($16)
+        bis     $31,    $31,    $8
+        mulq    $4,     $3,     $24
+        umulh   $4,     $3,     $17
+        cmplt   $24,    $31,    $27
+        cmplt   $17,    $31,    $25
+        addq    $24,    $24,    $24
+        addq    $17,    $17,    $17
+        addq    $17,    $27,    $17
+        addq    $8,     $25,    $8
+        addq    $22,    $24,    $22
+        addq    $23,    $17,    $23
+        cmpult  $22,    $24,    $21
+        cmpult  $23,    $17,    $18
+        addq    $23,    $21,    $23
+        addq    $8,     $18,    $8
+        mulq    $5,     $2,     $28
+        umulh   $5,     $2,     $20
+        cmplt   $28,    $31,    $19
+        cmplt   $20,    $31,    $27
+        addq    $28,    $28,    $28
+        addq    $20,    $20,    $20
+        addq    $20,    $19,    $20
+        addq    $8,     $27,    $8
+        addq    $22,    $28,    $22
+        addq    $23,    $20,    $23
+        cmpult  $22,    $28,    $25
+        cmpult  $23,    $20,    $24
+        addq    $23,    $25,    $23
+        addq    $8,     $24,    $8
+        mulq    $6,     $1,     $17
+        umulh   $6,     $1,     $21
+        cmplt   $17,    $31,    $18
+        cmplt   $21,    $31,    $19
+        addq    $17,    $17,    $17
+        addq    $21,    $21,    $21
+        addq    $21,    $18,    $21
+        addq    $8,     $19,    $8
+        addq    $22,    $17,    $22
+        addq    $23,    $21,    $23
+        cmpult  $22,    $17,    $27
+        cmpult  $23,    $21,    $28
+        addq    $23,    $27,    $23
+        addq    $8,     $28,    $8
+        mulq    $7,     $0,     $20
+        umulh   $7,     $0,     $25
+        cmplt   $20,    $31,    $24
+        cmplt   $25,    $31,    $18
+        addq    $20,    $20,    $20
+        addq    $25,    $25,    $25
+        addq    $25,    $24,    $25
+        addq    $8,     $18,    $8
+        addq    $22,    $20,    $22
+        addq    $23,    $25,    $23
+        cmpult  $22,    $20,    $19
+        cmpult  $23,    $25,    $17
+        addq    $23,    $19,    $23
+        addq    $8,     $17,    $8
+        stq     $22,    56($16)
+        bis     $31,    $31,    $22
+        mulq    $4,     $4,     $21
+        umulh   $4,     $4,     $27
+        addq    $23,    $21,    $23
+        addq    $8,     $27,    $8
+        cmpult  $23,    $21,    $28
+        cmpult  $8,     $27,    $24
+        addq    $8,     $28,    $8
+        addq    $22,    $24,    $22
+        mulq    $5,     $3,     $18
+        umulh   $5,     $3,     $20
+        cmplt   $18,    $31,    $25
+        cmplt   $20,    $31,    $19
+        addq    $18,    $18,    $18
+        addq    $20,    $20,    $20
+        addq    $20,    $25,    $20
+        addq    $22,    $19,    $22
+        addq    $23,    $18,    $23
+        addq    $8,     $20,    $8
+        cmpult  $23,    $18,    $17
+        cmpult  $8,     $20,    $21
+        addq    $8,     $17,    $8
+        addq    $22,    $21,    $22
+        mulq    $6,     $2,     $27
+        umulh   $6,     $2,     $28
+        cmplt   $27,    $31,    $24
+        cmplt   $28,    $31,    $25
+        addq    $27,    $27,    $27
+        addq    $28,    $28,    $28
+        addq    $28,    $24,    $28
+        addq    $22,    $25,    $22
+        addq    $23,    $27,    $23
+        addq    $8,     $28,    $8
+        cmpult  $23,    $27,    $19
+        cmpult  $8,     $28,    $18
+        addq    $8,     $19,    $8
+        addq    $22,    $18,    $22
+        mulq    $7,     $1,     $20
+        umulh   $7,     $1,     $17
+        cmplt   $20,    $31,    $21
+        cmplt   $17,    $31,    $24
+        addq    $20,    $20,    $20
+        addq    $17,    $17,    $17
+        addq    $17,    $21,    $17
+        addq    $22,    $24,    $22
+        addq    $23,    $20,    $23
+        addq    $8,     $17,    $8
+        cmpult  $23,    $20,    $25
+        cmpult  $8,     $17,    $27
+        addq    $8,     $25,    $8
+        addq    $22,    $27,    $22
+        stq     $23,    64($16)
+        bis     $31,    $31,    $23
+        mulq    $5,     $4,     $28
+        umulh   $5,     $4,     $19
+        cmplt   $28,    $31,    $18
+        cmplt   $19,    $31,    $21
+        addq    $28,    $28,    $28
+        addq    $19,    $19,    $19
+        addq    $19,    $18,    $19
+        addq    $23,    $21,    $23
+        addq    $8,     $28,    $8
+        addq    $22,    $19,    $22
+        cmpult  $8,     $28,    $24
+        cmpult  $22,    $19,    $20
+        addq    $22,    $24,    $22
+        addq    $23,    $20,    $23
+        mulq    $6,     $3,     $17
+        umulh   $6,     $3,     $25
+        cmplt   $17,    $31,    $27
+        cmplt   $25,    $31,    $18
+        addq    $17,    $17,    $17
+        addq    $25,    $25,    $25
+        addq    $25,    $27,    $25
+        addq    $23,    $18,    $23
+        addq    $8,     $17,    $8
+        addq    $22,    $25,    $22
+        cmpult  $8,     $17,    $21
+        cmpult  $22,    $25,    $28
+        addq    $22,    $21,    $22
+        addq    $23,    $28,    $23
+        mulq    $7,     $2,     $19
+        umulh   $7,     $2,     $24
+        cmplt   $19,    $31,    $20
+        cmplt   $24,    $31,    $27
+        addq    $19,    $19,    $19
+        addq    $24,    $24,    $24
+        addq    $24,    $20,    $24
+        addq    $23,    $27,    $23
+        addq    $8,     $19,    $8
+        addq    $22,    $24,    $22
+        cmpult  $8,     $19,    $18
+        cmpult  $22,    $24,    $17
+        addq    $22,    $18,    $22
+        addq    $23,    $17,    $23
+        stq     $8,     72($16)
+        bis     $31,    $31,    $8
+        mulq    $5,     $5,     $25
+        umulh   $5,     $5,     $21
+        addq    $22,    $25,    $22
+        addq    $23,    $21,    $23
+        cmpult  $22,    $25,    $28
+        cmpult  $23,    $21,    $20
+        addq    $23,    $28,    $23
+        addq    $8,     $20,    $8
+        mulq    $6,     $4,     $27
+        umulh   $6,     $4,     $19
+        cmplt   $27,    $31,    $24
+        cmplt   $19,    $31,    $18
+        addq    $27,    $27,    $27
+        addq    $19,    $19,    $19
+        addq    $19,    $24,    $19
+        addq    $8,     $18,    $8
+        addq    $22,    $27,    $22
+        addq    $23,    $19,    $23
+        cmpult  $22,    $27,    $17
+        cmpult  $23,    $19,    $25
+        addq    $23,    $17,    $23
+        addq    $8,     $25,    $8
+        mulq    $7,     $3,     $21
+        umulh   $7,     $3,     $28
+        cmplt   $21,    $31,    $20
+        cmplt   $28,    $31,    $24
+        addq    $21,    $21,    $21
+        addq    $28,    $28,    $28
+        addq    $28,    $20,    $28
+        addq    $8,     $24,    $8
+        addq    $22,    $21,    $22
+        addq    $23,    $28,    $23
+        cmpult  $22,    $21,    $18
+        cmpult  $23,    $28,    $27
+        addq    $23,    $18,    $23
+        addq    $8,     $27,    $8
+        stq     $22,    80($16)
+        bis     $31,    $31,    $22
+        mulq    $6,     $5,     $19
+        umulh   $6,     $5,     $17
+        cmplt   $19,    $31,    $25
+        cmplt   $17,    $31,    $20
+        addq    $19,    $19,    $19
+        addq    $17,    $17,    $17
+        addq    $17,    $25,    $17
+        addq    $22,    $20,    $22
+        addq    $23,    $19,    $23
+        addq    $8,     $17,    $8
+        cmpult  $23,    $19,    $24
+        cmpult  $8,     $17,    $21
+        addq    $8,     $24,    $8
+        addq    $22,    $21,    $22
+        mulq    $7,     $4,     $28
+        umulh   $7,     $4,     $18
+        cmplt   $28,    $31,    $27
+        cmplt   $18,    $31,    $25
+        addq    $28,    $28,    $28
+        addq    $18,    $18,    $18
+        addq    $18,    $27,    $18
+        addq    $22,    $25,    $22
+        addq    $23,    $28,    $23
+        addq    $8,     $18,    $8
+        cmpult  $23,    $28,    $20
+        cmpult  $8,     $18,    $19
+        addq    $8,     $20,    $8
+        addq    $22,    $19,    $22
+        stq     $23,    88($16)
+        bis     $31,    $31,    $23
+        mulq    $6,     $6,     $17
+        umulh   $6,     $6,     $24
+        addq    $8,     $17,    $8
+        addq    $22,    $24,    $22
+        cmpult  $8,     $17,    $21
+        cmpult  $22,    $24,    $27
+        addq    $22,    $21,    $22
+        addq    $23,    $27,    $23
+        mulq    $7,     $5,     $25
+        umulh   $7,     $5,     $28
+        cmplt   $25,    $31,    $18
+        cmplt   $28,    $31,    $20
+        addq    $25,    $25,    $25
+        addq    $28,    $28,    $28
+        addq    $28,    $18,    $28
+        addq    $23,    $20,    $23
+        addq    $8,     $25,    $8
+        addq    $22,    $28,    $22
+        cmpult  $8,     $25,    $19
+        cmpult  $22,    $28,    $17
+        addq    $22,    $19,    $22
+        addq    $23,    $17,    $23
+        stq     $8,     96($16)
+        bis     $31,    $31,    $8
+        mulq    $7,     $6,     $24
+        umulh   $7,     $6,     $21
+        cmplt   $24,    $31,    $27
+        cmplt   $21,    $31,    $18
+        addq    $24,    $24,    $24
+        addq    $21,    $21,    $21
+        addq    $21,    $27,    $21
+        addq    $8,     $18,    $8
+        addq    $22,    $24,    $22
+        addq    $23,    $21,    $23
+        cmpult  $22,    $24,    $20
+        cmpult  $23,    $21,    $25
+        addq    $23,    $20,    $23
+        addq    $8,     $25,    $8
+        stq     $22,    104($16)
+        bis     $31,    $31,    $22
+        mulq    $7,     $7,     $28
+        umulh   $7,     $7,     $19
+        addq    $23,    $28,    $23
+        addq    $8,     $19,    $8
+        cmpult  $23,    $28,    $17
+        cmpult  $8,     $19,    $27
+        addq    $8,     $17,    $8
+        addq    $22,    $27,    $22
+        stq     $23,    112($16)
+        stq     $8,     120($16)
+        ret     $31,($26),1
+        .end bn_sqr_comba8
diff --git a/src/lib/libcrypto/bn/asm/alpha.s.works b/src/lib/libcrypto/bn/asm/alpha.s.works
new file mode 100644
index 0000000000..ee6c587809
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/alpha.s.works
@@ -0,0 +1,533 @@
+ # DEC Alpha assember
+ # The bn_div64 is actually gcc output but the other parts are hand done.
+ # Thanks to tzeruch@ceddec.com for sending me the gcc output for
+ # bn_div64.
+ # I've gone back and re-done most of routines.
+ # The key thing to remeber for the 164 CPU is that while a
+ # multiply operation takes 8 cycles, another one can only be issued
+ # after 4 cycles have elapsed.  I've done modification to help
+ # improve this.  Also, normally, a ld instruction will not be available
+ # for about 3 cycles.
+        .file   1 "bn_asm.c"
+        .set noat
+gcc2_compiled.:
+__gnu_compiled_c:
+        .text
+        .align 3
+        .globl bn_mul_add_words
+        .ent bn_mul_add_words
+bn_mul_add_words:
+bn_mul_add_words..ng:
+        .frame $30,0,$26,0
+        .prologue 0
+        .align 5
+        subq    $18,4,$18
+        bis     $31,$31,$0
+        blt     $18,$43         # if we are -1, -2, -3 or -4 goto tail code
+        ldq     $20,0($17)      # 1 1
+        ldq     $1,0($16)       # 1 1
+        .align 3
+$42:
+        mulq    $20,$19,$5      # 1 2 1 ######
+        ldq     $21,8($17)      # 2 1
+        ldq     $2,8($16)       # 2 1
+        umulh   $20,$19,$20     # 1 2   ######
+        ldq     $27,16($17)     # 3 1
+        ldq     $3,16($16)      # 3 1
+        mulq    $21,$19,$6      # 2 2 1 ######
+         ldq    $28,24($17)     # 4 1
+        addq    $1,$5,$1        # 1 2 2
+         ldq    $4,24($16)      # 4 1
+        umulh   $21,$19,$21     # 2 2   ######
+         cmpult $1,$5,$22       # 1 2 3 1
+        addq    $20,$22,$20     # 1 3 1
+         addq   $1,$0,$1        # 1 2 3 1
+        mulq    $27,$19,$7      # 3 2 1 ######
+         cmpult $1,$0,$0        # 1 2 3 2
+        addq    $2,$6,$2        # 2 2 2
+         addq   $20,$0,$0       # 1 3 2 
+        cmpult  $2,$6,$23       # 2 2 3 1
+         addq   $21,$23,$21     # 2 3 1
+        umulh   $27,$19,$27     # 3 2   ######
+         addq   $2,$0,$2        # 2 2 3 1
+        cmpult  $2,$0,$0        # 2 2 3 2
+         subq   $18,4,$18
+        mulq    $28,$19,$8      # 4 2 1 ######
+         addq   $21,$0,$0       # 2 3 2 
+        addq    $3,$7,$3        # 3 2 2
+         addq   $16,32,$16
+        cmpult  $3,$7,$24       # 3 2 3 1
+         stq    $1,-32($16)     # 1 2 4
+        umulh   $28,$19,$28     # 4 2   ######
+         addq   $27,$24,$27     # 3 3 1
+        addq    $3,$0,$3        # 3 2 3 1
+         stq    $2,-24($16)     # 2 2 4
+        cmpult  $3,$0,$0        # 3 2 3 2
+         stq    $3,-16($16)     # 3 2 4
+        addq    $4,$8,$4        # 4 2 2
+         addq   $27,$0,$0       # 3 3 2 
+        cmpult  $4,$8,$25       # 4 2 3 1
+         addq   $17,32,$17
+        addq    $28,$25,$28     # 4 3 1
+         addq   $4,$0,$4        # 4 2 3 1
+        cmpult  $4,$0,$0        # 4 2 3 2
+         stq    $4,-8($16)      # 4 2 4
+        addq    $28,$0,$0       # 4 3 2 
+         blt    $18,$43
+        ldq     $20,0($17)      # 1 1
+        ldq     $1,0($16)       # 1 1
+        br      $42
+        .align 4
+$45:
+        ldq     $20,0($17)      # 4 1
+        ldq     $1,0($16)       # 4 1
+        mulq    $20,$19,$5      # 4 2 1
+        subq    $18,1,$18
+        addq    $16,8,$16
+        addq    $17,8,$17
+        umulh   $20,$19,$20     # 4 2
+        addq    $1,$5,$1        # 4 2 2
+        cmpult  $1,$5,$22       # 4 2 3 1
+        addq    $20,$22,$20     # 4 3 1
+        addq    $1,$0,$1        # 4 2 3 1
+        cmpult  $1,$0,$0        # 4 2 3 2
+        addq    $20,$0,$0       # 4 3 2 
+        stq     $1,-8($16)      # 4 2 4
+        bgt     $18,$45
+        ret     $31,($26),1     # else exit
+        .align 4
+$43:
+        addq    $18,4,$18
+        bgt     $18,$45         # goto tail code
+        ret     $31,($26),1     # else exit
+        .end bn_mul_add_words
+        .align 3
+        .globl bn_mul_words
+        .ent bn_mul_words
+bn_mul_words:
+bn_mul_words..ng:
+        .frame $30,0,$26,0
+        .prologue 0
+        .align 5
+        subq    $18,4,$18
+        bis     $31,$31,$0
+        blt     $18,$143        # if we are -1, -2, -3 or -4 goto tail code
+        ldq     $20,0($17)      # 1 1
+        .align 3
+$142:
+        mulq    $20,$19,$5      # 1 2 1 #####
+         ldq    $21,8($17)      # 2 1
+         ldq    $27,16($17)     # 3 1
+        umulh   $20,$19,$20     # 1 2   #####
+         ldq    $28,24($17)     # 4 1
+        mulq    $21,$19,$6      # 2 2 1 #####
+         addq   $5,$0,$5        # 1 2 3 1
+        subq    $18,4,$18
+         cmpult $5,$0,$0        # 1 2 3 2
+        umulh   $21,$19,$21     # 2 2   #####
+         addq   $20,$0,$0       # 1 3 2 
+        addq    $17,32,$17
+         addq   $6,$0,$6        # 2 2 3 1
+        mulq    $27,$19,$7      # 3 2 1 #####
+         cmpult $6,$0,$0        # 2 2 3 2
+        addq    $21,$0,$0       # 2 3 2 
+         addq   $16,32,$16
+        umulh   $27,$19,$27     # 3 2   #####
+         stq    $5,-32($16)     # 1 2 4
+        mulq    $28,$19,$8      # 4 2 1 #####
+         addq   $7,$0,$7        # 3 2 3 1
+        stq     $6,-24($16)     # 2 2 4
+         cmpult $7,$0,$0        # 3 2 3 2
+        umulh   $28,$19,$28     # 4 2   #####
+         addq   $27,$0,$0       # 3 3 2 
+        stq     $7,-16($16)     # 3 2 4
+         addq   $8,$0,$8        # 4 2 3 1
+        cmpult  $8,$0,$0        # 4 2 3 2
+        addq    $28,$0,$0       # 4 3 2 
+        stq     $8,-8($16)      # 4 2 4
+        blt     $18,$143
+        ldq     $20,0($17)      # 1 1
+        br      $142
+        .align 4
+$145:
+        ldq     $20,0($17)      # 4 1
+        mulq    $20,$19,$5      # 4 2 1
+        subq    $18,1,$18
+        umulh   $20,$19,$20     # 4 2
+        addq    $5,$0,$5        # 4 2 3 1
+         addq   $16,8,$16
+        cmpult  $5,$0,$0        # 4 2 3 2
+         addq   $17,8,$17
+        addq    $20,$0,$0       # 4 3 2 
+        stq     $5,-8($16)      # 4 2 4
+        bgt     $18,$145
+        ret     $31,($26),1     # else exit
+        .align 4
+$143:
+        addq    $18,4,$18
+        bgt     $18,$145        # goto tail code
+        ret     $31,($26),1     # else exit
+        .end bn_mul_words
+        .align 3
+        .globl bn_sqr_words
+        .ent bn_sqr_words
+bn_sqr_words:
+bn_sqr_words..ng:
+        .frame $30,0,$26,0
+        .prologue 0
+        subq    $18,4,$18
+        blt     $18,$543        # if we are -1, -2, -3 or -4 goto tail code
+        ldq     $20,0($17)      # 1 1
+        .align 3
+$542:
+        mulq    $20,$20,$5              ######
+         ldq    $21,8($17)      # 1 1
+        subq    $18,4
+        umulh   $20,$20,$1              ######
+        ldq     $27,16($17)     # 1 1
+        mulq    $21,$21,$6              ######
+        ldq     $28,24($17)     # 1 1
+        stq     $5,0($16)       # r[0]
+        umulh   $21,$21,$2              ######
+        stq     $1,8($16)       # r[1]
+        mulq    $27,$27,$7              ######
+        stq     $6,16($16)      # r[0]
+        umulh   $27,$27,$3              ######
+        stq     $2,24($16)      # r[1]
+        mulq    $28,$28,$8              ######
+        stq     $7,32($16)      # r[0]
+        umulh   $28,$28,$4              ######
+        stq     $3,40($16)      # r[1]
+        addq    $16,64,$16
+        addq    $17,32,$17
+        stq     $8,-16($16)     # r[0]
+        stq     $4,-8($16)      # r[1]
+        blt     $18,$543
+        ldq     $20,0($17)      # 1 1
+        br      $542
+$442:
+        ldq     $20,0($17)   # a[0]
+        mulq    $20,$20,$5  # a[0]*w low part       r2
+        addq    $16,16,$16
+        addq    $17,8,$17
+        subq    $18,1,$18
+        umulh   $20,$20,$1  # a[0]*w high part       r3
+        stq     $5,-16($16)   # r[0]
+        stq     $1,-8($16)   # r[1]
+        bgt     $18,$442
+        ret     $31,($26),1     # else exit
+        .align 4
+$543:
+        addq    $18,4,$18
+        bgt     $18,$442        # goto tail code
+        ret     $31,($26),1     # else exit
+        .end bn_sqr_words
+        .align 3
+        .globl bn_add_words
+        .ent bn_add_words
+bn_add_words:
+bn_add_words..ng:
+        .frame $30,0,$26,0
+        .prologue 0
+        subq    $19,4,$19
+        bis     $31,$31,$0      # carry = 0
+        blt     $19,$900
+        ldq     $5,0($17)       # a[0]
+        ldq     $1,0($18)       # b[1]
+        .align 3
+$901:
+        addq    $1,$5,$1        # r=a+b;
+         ldq    $6,8($17)       # a[1]
+        cmpult  $1,$5,$22       # did we overflow?
+         ldq    $2,8($18)       # b[1]
+        addq    $1,$0,$1        # c+= overflow
+         ldq    $7,16($17)      # a[2]
+        cmpult  $1,$0,$0        # overflow?
+         ldq    $3,16($18)      # b[2]
+        addq    $0,$22,$0
+         ldq    $8,24($17)      # a[3]
+        addq    $2,$6,$2        # r=a+b;
+         ldq    $4,24($18)      # b[3]
+        cmpult  $2,$6,$23       # did we overflow?
+         addq   $3,$7,$3        # r=a+b;
+        addq    $2,$0,$2        # c+= overflow
+         cmpult $3,$7,$24       # did we overflow?
+        cmpult  $2,$0,$0        # overflow?
+         addq   $4,$8,$4        # r=a+b;
+        addq    $0,$23,$0
+         cmpult $4,$8,$25       # did we overflow?
+        addq    $3,$0,$3        # c+= overflow
+         stq    $1,0($16)       # r[0]=c
+        cmpult  $3,$0,$0        # overflow?
+         stq    $2,8($16)       # r[1]=c
+        addq    $0,$24,$0
+         stq    $3,16($16)      # r[2]=c
+        addq    $4,$0,$4        # c+= overflow
+         subq   $19,4,$19       # loop--
+        cmpult  $4,$0,$0        # overflow?
+         addq   $17,32,$17      # a++
+        addq    $0,$25,$0
+         stq    $4,24($16)      # r[3]=c
+        addq    $18,32,$18      # b++
+         addq   $16,32,$16      # r++
+        blt     $19,$900
+         ldq    $5,0($17)       # a[0]
+        ldq     $1,0($18)       # b[1]
+         br     $901
+        .align 4
+$945:
+        ldq     $5,0($17)       # a[0]
+         ldq    $1,0($18)       # b[1]
+        addq    $1,$5,$1        # r=a+b;
+         subq   $19,1,$19       # loop--
+        addq    $1,$0,$1        # c+= overflow
+         addq   $17,8,$17       # a++
+        cmpult  $1,$5,$22       # did we overflow?
+         cmpult $1,$0,$0        # overflow?
+        addq    $18,8,$18       # b++
+         stq    $1,0($16)       # r[0]=c
+        addq    $0,$22,$0
+         addq   $16,8,$16       # r++
+        bgt     $19,$945
+        ret     $31,($26),1     # else exit
+$900:
+        addq    $19,4,$19
+        bgt     $19,$945        # goto tail code
+        ret     $31,($26),1     # else exit
+        .end bn_add_words
+ #
+ # What follows was taken directly from the C compiler with a few
+ # hacks to redo the lables.
+ #
+.text
+        .align 3
+        .globl bn_div64
+        .ent bn_div64
+bn_div64:
+        ldgp $29,0($27)
+bn_div64..ng:
+        lda $30,-48($30)
+        .frame $30,48,$26,0
+        stq $26,0($30)
+        stq $9,8($30)
+        stq $10,16($30)
+        stq $11,24($30)
+        stq $12,32($30)
+        stq $13,40($30)
+        .mask 0x4003e00,-48
+        .prologue 1
+        bis $16,$16,$9
+        bis $17,$17,$10
+        bis $18,$18,$11
+        bis $31,$31,$13
+        bis $31,2,$12
+        bne $11,$119
+        lda $0,-1
+        br $31,$136
+        .align 4
+$119:
+        bis $11,$11,$16
+        jsr $26,BN_num_bits_word
+        ldgp $29,0($26)
+        subq $0,64,$1
+        beq $1,$120
+        bis $31,1,$1
+        sll $1,$0,$1
+        cmpule $9,$1,$1
+        bne $1,$120
+ #      lda $16,_IO_stderr_
+ #      lda $17,$C32
+ #      bis $0,$0,$18
+ #      jsr $26,fprintf
+ #      ldgp $29,0($26)
+        jsr $26,abort
+        ldgp $29,0($26)
+        .align 4
+$120:
+        bis $31,64,$3
+        cmpult $9,$11,$2
+        subq $3,$0,$1
+        addl $1,$31,$0
+        subq $9,$11,$1
+        cmoveq $2,$1,$9
+        beq $0,$122
+        zapnot $0,15,$2
+        subq $3,$0,$1
+        sll $11,$2,$11
+        sll $9,$2,$3
+        srl $10,$1,$1
+        sll $10,$2,$10
+        bis $3,$1,$9
+$122:
+        srl $11,32,$5
+        zapnot $11,15,$6
+        lda $7,-1
+        .align 5
+$123:
+        srl $9,32,$1
+        subq $1,$5,$1
+        bne $1,$126
+        zapnot $7,15,$27
+        br $31,$127
+        .align 4
+$126:
+        bis $9,$9,$24
+        bis $5,$5,$25
+        divqu $24,$25,$27
+$127:
+        srl $10,32,$4
+        .align 5
+$128:
+        mulq $27,$5,$1
+        subq $9,$1,$3
+        zapnot $3,240,$1
+        bne $1,$129
+        mulq $6,$27,$2
+        sll $3,32,$1
+        addq $1,$4,$1
+        cmpule $2,$1,$2
+        bne $2,$129
+        subq $27,1,$27
+        br $31,$128
+        .align 4
+$129:
+        mulq $27,$6,$1
+        mulq $27,$5,$4
+        srl $1,32,$3
+        sll $1,32,$1
+        addq $4,$3,$4
+        cmpult $10,$1,$2
+        subq $10,$1,$10
+        addq $2,$4,$2
+        cmpult $9,$2,$1
+        bis $2,$2,$4
+        beq $1,$134
+        addq $9,$11,$9
+        subq $27,1,$27
+$134:
+        subl $12,1,$12
+        subq $9,$4,$9
+        beq $12,$124
+        sll $27,32,$13
+        sll $9,32,$2
+        srl $10,32,$1
+        sll $10,32,$10
+        bis $2,$1,$9
+        br $31,$123
+        .align 4
+$124:
+        bis $13,$27,$0
+$136:
+        ldq $26,0($30)
+        ldq $9,8($30)
+        ldq $10,16($30)
+        ldq $11,24($30)
+        ldq $12,32($30)
+        ldq $13,40($30)
+        addq $30,48,$30
+        ret $31,($26),1
+        .end bn_div64
+        .set noat
+        .text
+        .align 3
+        .globl bn_sub_words
+        .ent bn_sub_words
+bn_sub_words:
+bn_sub_words..ng:
+        .frame $30,0,$26,0
+        .prologue 0
+        subq    $19,    4,      $19
+        bis     $31,    $31,    $0
+        blt     $19,    $100
+        ldq     $1,     0($17)
+        ldq     $2,     0($18)
+$101:
+        ldq     $3,     8($17)
+        cmpult  $1,     $2,     $4
+        ldq     $5,     8($18)
+        subq    $1,     $2,     $1
+        ldq     $6,     16($17)
+        cmpult  $1,     $0,     $2
+        ldq     $7,     16($18)
+        subq    $1,     $0,     $23
+        ldq     $8,     24($17)
+        addq    $2,     $4,     $0
+        cmpult  $3,     $5,     $24
+        subq    $3,     $5,     $3
+        ldq     $22,    24($18)
+        cmpult  $3,     $0,     $5
+        subq    $3,     $0,     $25
+        addq    $5,     $24,    $0
+        cmpult  $6,     $7,     $27
+        subq    $6,     $7,     $6
+        stq     $23,    0($16)
+        cmpult  $6,     $0,     $7
+        subq    $6,     $0,     $28
+        addq    $7,     $27,    $0
+        cmpult  $8,     $22,    $21
+        subq    $8,     $22,    $8
+        stq     $25,    8($16)
+        cmpult  $8,     $0,     $22
+        subq    $8,     $0,     $20
+        addq    $22,    $21,    $0
+        stq     $28,    16($16)
+        subq    $19,    4,      $19
+        stq     $20,    24($16)
+        addq    $17,    32,     $17
+        addq    $18,    32,     $18
+        addq    $16,    32,     $16
+        blt     $19,    $100
+        ldq     $1,     0($17)
+        ldq     $2,     0($18)
+        br      $101
+$102:
+        ldq     $1,     0($17)
+        ldq     $2,     0($18)
+        cmpult  $1,     $2,     $27
+        subq    $1,     $2,     $1
+        cmpult  $1,     $0,     $2
+        subq    $1,     $0,     $1
+        stq     $1,     0($16)
+        addq    $2,     $27,    $0
+        addq    $17,    8,      $17
+        addq    $18,    8,      $18
+        addq    $16,    8,      $16
+        subq    $19,    1,      $19
+        bgt     $19,    $102
+        ret     $31,($26),1
+$100:
+        addq    $19,    4,      $19
+        bgt     $19,    $102
+$103:
+        ret     $31,($26),1
+        .end bn_sub_words
diff --git a/src/lib/libcrypto/bn/asm/alpha.works/add.pl b/src/lib/libcrypto/bn/asm/alpha.works/add.pl
new file mode 100644
index 0000000000..4dc76e6b69
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/alpha.works/add.pl
@@ -0,0 +1,119 @@
+#!/usr/local/bin/perl
+# alpha assember 
+sub bn_add_words
+        {
+        local($name)=@_;
+        local($cc,$a,$b,$r);
+        &init_pool(4);
+        ($cc)=GR("r0");
+        $rp=&wparam(0);
+        $ap=&wparam(1);
+        $bp=&wparam(2);
+        $count=&wparam(3);
+        &function_begin($name,"");
+        &comment("");
+        &sub($count,4,$count);
+        &mov("zero",$cc);
+        &br(&label("finish"));
+        &blt($count,&label("finish"));
+        ($a0,$b0)=&NR(2);
+        &ld($a0,&QWPw(0,$ap));
+        &ld($b0,&QWPw(0,$bp));
+##########################################################
+        &set_label("loop");
+        ($a1)=&NR(1); &ld($a1,&QWPw(1,$ap));
+        ($b1)=&NR(1); &ld($b1,&QWPw(1,$bp));
+        ($a2)=&NR(1); &ld($a2,&QWPw(2,$ap));
+        ($b2)=&NR(1); &ld($b2,&QWPw(2,$bp));
+        ($a3)=&NR(1); &ld($a3,&QWPw(3,$ap));
+        ($b3)=&NR(1); &ld($b3,&QWPw(3,$bp));
+        ($o0,$t0)=&NR(2);
+        &add($a0,$b0,$o0); 
+        &cmpult($o0,$b0,$t0);
+        &add($o0,$cc,$o0);
+        &cmpult($o0,$cc,$cc);
+        &add($cc,$t0,$cc);      &FR($t0);
+        ($t1,$o1)=&NR(2);
+        &add($a1,$b1,$o1);      &FR($a1);
+        &cmpult($o1,$b1,$t1);   &FR($b1);
+        &add($o1,$cc,$o1);
+        &cmpult($o1,$cc,$cc);
+        &add($cc,$t1,$cc);      &FR($t1);
+        ($t2,$o2)=&NR(2);
+        &add($a2,$b2,$o2);      &FR($a2);
+        &cmpult($o2,$b2,$t2);   &FR($b2);
+        &add($o2,$cc,$o2);
+        &cmpult($o2,$cc,$cc);
+        &add($cc,$t2,$cc);      &FR($t2);
+        ($t3,$o3)=&NR(2);
+        &add($a3,$b3,$o3);      &FR($a3);
+        &cmpult($o3,$b3,$t3);   &FR($b3);
+        &add($o3,$cc,$o3);
+        &cmpult($o3,$cc,$cc);
+        &add($cc,$t3,$cc);      &FR($t3);
+        &st($o0,&QWPw(0,$rp)); &FR($o0);
+        &st($o1,&QWPw(0,$rp)); &FR($o1);
+        &st($o2,&QWPw(0,$rp)); &FR($o2);
+        &st($o3,&QWPw(0,$rp)); &FR($o3);
+        &sub($count,4,$count);  # count-=4
+        &add($ap,4*$QWS,$ap);   # count+=4
+        &add($bp,4*$QWS,$bp);   # count+=4
+        &add($rp,4*$QWS,$rp);   # count+=4
+        &blt($count,&label("finish"));
+        &ld($a0,&QWPw(0,$ap));
+         &ld($b0,&QWPw(0,$bp));
+        &br(&label("loop"));
+##################################################
+        # Do the last 0..3 words
+        ($t0,$o0)=&NR(2);
+        &set_label("last_loop");
+        &ld($a0,&QWPw(0,$ap));  # get a
+        &ld($b0,&QWPw(0,$bp));  # get b
+        &add($a0,$b0,$o0); 
+        &cmpult($o0,$b0,$t0);   # will we borrow?
+        &add($o0,$cc,$o0);      # will we borrow?
+        &cmpult($o0,$cc,$cc);   # will we borrow?
+        &add($cc,$t0,$cc);      # add the borrows
+        &st($o0,&QWPw(0,$rp));  # save
+        &add($ap,$QWS,$ap);
+        &add($bp,$QWS,$bp);
+        &add($rp,$QWS,$rp);
+        &sub($count,1,$count);
+        &bgt($count,&label("last_loop"));
+        &function_end_A($name);
+######################################################
+        &set_label("finish");
+        &add($count,4,$count);
+        &bgt($count,&label("last_loop"));
+        &FR($o0,$t0,$a0,$b0);
+        &set_label("end");
+        &function_end($name);
+        &fin_pool;
+        }
+1;
diff --git a/src/lib/libcrypto/bn/asm/alpha.works/div.pl b/src/lib/libcrypto/bn/asm/alpha.works/div.pl
new file mode 100644
index 0000000000..7ec144377f
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/alpha.works/div.pl
@@ -0,0 +1,144 @@
+#!/usr/local/bin/perl
+sub bn_div64
+        {
+        local($data)=<<'EOF';
+ #
+ # What follows was taken directly from the C compiler with a few
+ # hacks to redo the lables.
+ #
+.text
+        .set noreorder
+        .set volatile
+        .align 3
+        .globl bn_div64
+        .ent bn_div64
+bn_div64:
+        ldgp $29,0($27)
+bn_div64..ng:
+        lda $30,-48($30)
+        .frame $30,48,$26,0
+        stq $26,0($30)
+        stq $9,8($30)
+        stq $10,16($30)
+        stq $11,24($30)
+        stq $12,32($30)
+        stq $13,40($30)
+        .mask 0x4003e00,-48
+        .prologue 1
+        bis $16,$16,$9
+        bis $17,$17,$10
+        bis $18,$18,$11
+        bis $31,$31,$13
+        bis $31,2,$12
+        bne $11,$9119
+        lda $0,-1
+        br $31,$9136
+        .align 4
+$9119:
+        bis $11,$11,$16
+        jsr $26,BN_num_bits_word
+        ldgp $29,0($26)
+        subq $0,64,$1
+        beq $1,$9120
+        bis $31,1,$1
+        sll $1,$0,$1
+        cmpule $9,$1,$1
+        bne $1,$9120
+ #      lda $16,_IO_stderr_
+ #      lda $17,$C32
+ #      bis $0,$0,$18
+ #      jsr $26,fprintf
+ #      ldgp $29,0($26)
+        jsr $26,abort
+        ldgp $29,0($26)
+        .align 4
+$9120:
+        bis $31,64,$3
+        cmpult $9,$11,$2
+        subq $3,$0,$1
+        addl $1,$31,$0
+        subq $9,$11,$1
+        cmoveq $2,$1,$9
+        beq $0,$9122
+        zapnot $0,15,$2
+        subq $3,$0,$1
+        sll $11,$2,$11
+        sll $9,$2,$3
+        srl $10,$1,$1
+        sll $10,$2,$10
+        bis $3,$1,$9
+$9122:
+        srl $11,32,$5
+        zapnot $11,15,$6
+        lda $7,-1
+        .align 5
+$9123:
+        srl $9,32,$1
+        subq $1,$5,$1
+        bne $1,$9126
+        zapnot $7,15,$27
+        br $31,$9127
+        .align 4
+$9126:
+        bis $9,$9,$24
+        bis $5,$5,$25
+        divqu $24,$25,$27
+$9127:
+        srl $10,32,$4
+        .align 5
+$9128:
+        mulq $27,$5,$1
+        subq $9,$1,$3
+        zapnot $3,240,$1
+        bne $1,$9129
+        mulq $6,$27,$2
+        sll $3,32,$1
+        addq $1,$4,$1
+        cmpule $2,$1,$2
+        bne $2,$9129
+        subq $27,1,$27
+        br $31,$9128
+        .align 4
+$9129:
+        mulq $27,$6,$1
+        mulq $27,$5,$4
+        srl $1,32,$3
+        sll $1,32,$1
+        addq $4,$3,$4
+        cmpult $10,$1,$2
+        subq $10,$1,$10
+        addq $2,$4,$2
+        cmpult $9,$2,$1
+        bis $2,$2,$4
+        beq $1,$9134
+        addq $9,$11,$9
+        subq $27,1,$27
+$9134:
+        subl $12,1,$12
+        subq $9,$4,$9
+        beq $12,$9124
+        sll $27,32,$13
+        sll $9,32,$2
+        srl $10,32,$1
+        sll $10,32,$10
+        bis $2,$1,$9
+        br $31,$9123
+        .align 4
+$9124:
+        bis $13,$27,$0
+$9136:
+        ldq $26,0($30)
+        ldq $9,8($30)
+        ldq $10,16($30)
+        ldq $11,24($30)
+        ldq $12,32($30)
+        ldq $13,40($30)
+        addq $30,48,$30
+        ret $31,($26),1
+        .end bn_div64
+EOF
+        &asm_add($data);
+        }
+1;
diff --git a/src/lib/libcrypto/bn/asm/alpha.works/mul.pl b/src/lib/libcrypto/bn/asm/alpha.works/mul.pl
new file mode 100644
index 0000000000..b182bae452
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/alpha.works/mul.pl
@@ -0,0 +1,116 @@
+#!/usr/local/bin/perl
+# alpha assember 
+sub bn_mul_words
+        {
+        local($name)=@_;
+        local($cc,$a,$b,$r,$couny);
+        &init_pool(4);
+        ($cc)=GR("r0");
+        $rp=&wparam(0);
+        $ap=&wparam(1);
+        $count=&wparam(2);
+        $word=&wparam(3);
+        &function_begin($name,"");
+        &comment("");
+        &sub($count,4,$count);
+        &mov("zero",$cc);
+        &br(&label("finish"));
+        &blt($count,&label("finish"));
+        ($a0,$r0)=&NR(2);
+        &ld($a0,&QWPw(0,$ap));
+        &ld($r0,&QWPw(0,$rp));
+$a=<<'EOF';
+##########################################################
+        &set_label("loop");
+        ($a1)=&NR(1); &ld($a1,&QWPw(1,$ap));
+        ($b1)=&NR(1); &ld($b1,&QWPw(1,$bp));
+        ($a2)=&NR(1); &ld($a2,&QWPw(2,$ap));
+        ($b2)=&NR(1); &ld($b2,&QWPw(2,$bp));
+        ($a3)=&NR(1); &ld($a3,&QWPw(3,$ap));
+        ($b3)=&NR(1); &ld($b3,&QWPw(3,$bp));
+        ($o0,$t0)=&NR(2);
+        &add($a0,$b0,$o0); 
+        &cmpult($o0,$b0,$t0);
+        &add($o0,$cc,$o0);
+        &cmpult($o0,$cc,$cc);
+        &add($cc,$t0,$cc);      &FR($t0);
+        ($t1,$o1)=&NR(2);
+        &add($a1,$b1,$o1);      &FR($a1);
+        &cmpult($o1,$b1,$t1);   &FR($b1);
+        &add($o1,$cc,$o1);
+        &cmpult($o1,$cc,$cc);
+        &add($cc,$t1,$cc);      &FR($t1);
+        ($t2,$o2)=&NR(2);
+        &add($a2,$b2,$o2);      &FR($a2);
+        &cmpult($o2,$b2,$t2);   &FR($b2);
+        &add($o2,$cc,$o2);
+        &cmpult($o2,$cc,$cc);
+        &add($cc,$t2,$cc);      &FR($t2);
+        ($t3,$o3)=&NR(2);
+        &add($a3,$b3,$o3);      &FR($a3);
+        &cmpult($o3,$b3,$t3);   &FR($b3);
+        &add($o3,$cc,$o3);
+        &cmpult($o3,$cc,$cc);
+        &add($cc,$t3,$cc);      &FR($t3);
+        &st($o0,&QWPw(0,$rp)); &FR($o0);
+        &st($o1,&QWPw(0,$rp)); &FR($o1);
+        &st($o2,&QWPw(0,$rp)); &FR($o2);
+        &st($o3,&QWPw(0,$rp)); &FR($o3);
+        &sub($count,4,$count);  # count-=4
+        &add($ap,4*$QWS,$ap);   # count+=4
+        &add($bp,4*$QWS,$bp);   # count+=4
+        &add($rp,4*$QWS,$rp);   # count+=4
+        &blt($count,&label("finish"));
+        &ld($a0,&QWPw(0,$ap));
+         &ld($b0,&QWPw(0,$bp));
+        &br(&label("loop"));
+EOF
+##################################################
+        # Do the last 0..3 words
+        &set_label("last_loop");
+        &ld(($a0)=&NR(1),&QWPw(0,$ap)); # get a
+        &mul($a0,$word,($l0)=&NR(1));
+         &add($ap,$QWS,$ap);
+        &muh($a0,$word,($h0)=&NR(1));   &FR($a0);
+        &add($l0,$cc,$l0);
+         &add($rp,$QWS,$rp);
+         &sub($count,1,$count);
+        &cmpult($l0,$cc,$cc);
+        &st($l0,&QWPw(-1,$rp));         &FR($l0);
+        &add($h0,$cc,$cc);              &FR($h0);
+        &bgt($count,&label("last_loop"));
+        &function_end_A($name);
+######################################################
+        &set_label("finish");
+        &add($count,4,$count);
+        &bgt($count,&label("last_loop"));
+        &set_label("end");
+        &function_end($name);
+        &fin_pool;
+        }
+1;
diff --git a/src/lib/libcrypto/bn/asm/alpha.works/mul_add.pl b/src/lib/libcrypto/bn/asm/alpha.works/mul_add.pl
new file mode 100644
index 0000000000..e37f6315fb
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/alpha.works/mul_add.pl
@@ -0,0 +1,120 @@
+#!/usr/local/bin/perl
+# alpha assember 
+sub bn_mul_add_words
+        {
+        local($name)=@_;
+        local($cc,$a,$b,$r,$couny);
+        &init_pool(4);
+        ($cc)=GR("r0");
+        $rp=&wparam(0);
+        $ap=&wparam(1);
+        $count=&wparam(2);
+        $word=&wparam(3);
+        &function_begin($name,"");
+        &comment("");
+        &sub($count,4,$count);
+        &mov("zero",$cc);
+        &br(&label("finish"));
+        &blt($count,&label("finish"));
+        ($a0,$r0)=&NR(2);
+        &ld($a0,&QWPw(0,$ap));
+        &ld($r0,&QWPw(0,$rp));
+$a=<<'EOF';
+##########################################################
+        &set_label("loop");
+        ($a1)=&NR(1); &ld($a1,&QWPw(1,$ap));
+        ($b1)=&NR(1); &ld($b1,&QWPw(1,$bp));
+        ($a2)=&NR(1); &ld($a2,&QWPw(2,$ap));
+        ($b2)=&NR(1); &ld($b2,&QWPw(2,$bp));
+        ($a3)=&NR(1); &ld($a3,&QWPw(3,$ap));
+        ($b3)=&NR(1); &ld($b3,&QWPw(3,$bp));
+        ($o0,$t0)=&NR(2);
+        &add($a0,$b0,$o0); 
+        &cmpult($o0,$b0,$t0);
+        &add($o0,$cc,$o0);
+        &cmpult($o0,$cc,$cc);
+        &add($cc,$t0,$cc);      &FR($t0);
+        ($t1,$o1)=&NR(2);
+        &add($a1,$b1,$o1);      &FR($a1);
+        &cmpult($o1,$b1,$t1);   &FR($b1);
+        &add($o1,$cc,$o1);
+        &cmpult($o1,$cc,$cc);
+        &add($cc,$t1,$cc);      &FR($t1);
+        ($t2,$o2)=&NR(2);
+        &add($a2,$b2,$o2);      &FR($a2);
+        &cmpult($o2,$b2,$t2);   &FR($b2);
+        &add($o2,$cc,$o2);
+        &cmpult($o2,$cc,$cc);
+        &add($cc,$t2,$cc);      &FR($t2);
+        ($t3,$o3)=&NR(2);
+        &add($a3,$b3,$o3);      &FR($a3);
+        &cmpult($o3,$b3,$t3);   &FR($b3);
+        &add($o3,$cc,$o3);
+        &cmpult($o3,$cc,$cc);
+        &add($cc,$t3,$cc);      &FR($t3);
+        &st($o0,&QWPw(0,$rp)); &FR($o0);
+        &st($o1,&QWPw(0,$rp)); &FR($o1);
+        &st($o2,&QWPw(0,$rp)); &FR($o2);
+        &st($o3,&QWPw(0,$rp)); &FR($o3);
+        &sub($count,4,$count);  # count-=4
+        &add($ap,4*$QWS,$ap);   # count+=4
+        &add($bp,4*$QWS,$bp);   # count+=4
+        &add($rp,4*$QWS,$rp);   # count+=4
+        &blt($count,&label("finish"));
+        &ld($a0,&QWPw(0,$ap));
+         &ld($b0,&QWPw(0,$bp));
+        &br(&label("loop"));
+EOF
+##################################################
+        # Do the last 0..3 words
+        &set_label("last_loop");
+        &ld(($a0)=&NR(1),&QWPw(0,$ap)); # get a
+        &ld(($r0)=&NR(1),&QWPw(0,$rp)); # get b
+        &mul($a0,$word,($l0)=&NR(1));
+         &sub($count,1,$count);
+         &add($ap,$QWS,$ap);
+        &muh($a0,$word,($h0)=&NR(1));   &FR($a0);
+        &add($r0,$l0,$r0);
+         &add($rp,$QWS,$rp);
+        &cmpult($r0,$l0,($t0)=&NR(1));  &FR($l0);
+         &add($r0,$cc,$r0);
+        &add($h0,$t0,$h0);              &FR($t0);
+         &cmpult($r0,$cc,$cc);
+        &st($r0,&QWPw(-1,$rp));         &FR($r0);
+         &add($h0,$cc,$cc);             &FR($h0);
+        &bgt($count,&label("last_loop"));
+        &function_end_A($name);
+######################################################
+        &set_label("finish");
+        &add($count,4,$count);
+        &bgt($count,&label("last_loop"));
+        &set_label("end");
+        &function_end($name);
+        &fin_pool;
+        }
+1;
diff --git a/src/lib/libcrypto/bn/asm/alpha.works/mul_c4.pl b/src/lib/libcrypto/bn/asm/alpha.works/mul_c4.pl
new file mode 100644
index 0000000000..5efd201281
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/alpha.works/mul_c4.pl
@@ -0,0 +1,213 @@
+#!/usr/local/bin/perl
+# alpha assember 
+sub mul_add_c
+        {
+        local($a,$b,$c0,$c1,$c2)=@_;
+        local($l1,$h1,$t1,$t2);
+        &mul($a,$b,($l1)=&NR(1));
+        &muh($a,$b,($h1)=&NR(1));
+        &add($c0,$l1,$c0);
+        &cmpult($c0,$l1,($t1)=&NR(1));  &FR($l1);
+        &add($t1,$h1,$h1);              &FR($t1);
+        &add($c1,$h1,$c1);
+        &cmpult($c1,$h1,($t2)=&NR(1));  &FR($h1);
+        &add($c2,$t2,$c2);              &FR($t2);
+        }
+sub bn_mul_comba4
+        {
+        local($name)=@_;
+        local(@a,@b,$r,$c0,$c1,$c2);
+        $cnt=1;
+        &init_pool(3);
+        $rp=&wparam(0);
+        $ap=&wparam(1);
+        $bp=&wparam(2);
+        &function_begin($name,"");
+        &comment("");
+        &ld(($a[0])=&NR(1),&QWPw(0,$ap));
+        &ld(($b[0])=&NR(1),&QWPw(0,$bp));
+        &ld(($a[1])=&NR(1),&QWPw(1,$ap));
+        &ld(($b[1])=&NR(1),&QWPw(1,$bp));
+        &mul($a[0],$b[0],($r00)=&NR(1));
+        &ld(($a[2])=&NR(1),&QWPw(2,$ap));
+        &ld(($b[2])=&NR(1),&QWPw(2,$bp));
+        &muh($a[0],$b[0],($r01)=&NR(1));
+        &FR($ap); &ld(($a[3])=&NR(1),&QWPw(3,$ap));
+        &FR($bp); &ld(($b[3])=&NR(1),&QWPw(3,$bp));
+        &mul($a[0],$b[1],($r02)=&NR(1));
+        ($R,$H1,$H2)=&NR(3);
+        &st($r00,&QWPw(0,$rp)); &FR($r00);
+        &mov("zero",$R);
+        &mul($a[1],$b[0],($r03)=&NR(1));
+        &mov("zero",$H1);
+        &mov("zero",$H0);
+         &add($R,$r01,$R);
+        &muh($a[0],$b[1],($r04)=&NR(1));
+         &cmpult($R,$r01,($t01)=&NR(1));        &FR($r01);
+         &add($R,$r02,$R);
+         &add($H1,$t01,$H1)                     &FR($t01);
+        &muh($a[1],$b[0],($r05)=&NR(1));
+         &cmpult($R,$r02,($t02)=&NR(1));        &FR($r02);
+         &add($R,$r03,$R);
+         &add($H2,$t02,$H2)                     &FR($t02);
+        &mul($a[0],$b[2],($r06)=&NR(1));
+         &cmpult($R,$r03,($t03)=&NR(1));        &FR($r03);
+         &add($H1,$t03,$H1)                     &FR($t03);
+        &st($R,&QWPw(1,$rp));
+        &add($H1,$H2,$R);
+        &mov("zero",$H1);
+         &add($R,$r04,$R);
+        &mov("zero",$H2);
+        &mul($a[1],$b[1],($r07)=&NR(1));
+         &cmpult($R,$r04,($t04)=&NR(1));        &FR($r04);
+         &add($R,$r05,$R);
+         &add($H1,$t04,$H1)                     &FR($t04);
+        &mul($a[2],$b[0],($r08)=&NR(1));
+         &cmpult($R,$r05,($t05)=&NR(1));        &FR($r05);
+         &add($R,$r01,$R);
+         &add($H2,$t05,$H2)                     &FR($t05);
+        &muh($a[0],$b[2],($r09)=&NR(1));
+         &cmpult($R,$r06,($t06)=&NR(1));        &FR($r06);
+         &add($R,$r07,$R);
+         &add($H1,$t06,$H1)                     &FR($t06);
+        &muh($a[1],$b[1],($r10)=&NR(1));
+         &cmpult($R,$r07,($t07)=&NR(1));        &FR($r07);
+         &add($R,$r08,$R);
+         &add($H2,$t07,$H2)                     &FR($t07);
+        &muh($a[2],$b[0],($r11)=&NR(1));
+         &cmpult($R,$r08,($t08)=&NR(1));        &FR($r08);
+         &add($H1,$t08,$H1)                     &FR($t08);
+        &st($R,&QWPw(2,$rp));
+        &add($H1,$H2,$R);
+        &mov("zero",$H1);
+         &add($R,$r09,$R);
+        &mov("zero",$H2);
+        &mul($a[0],$b[3],($r12)=&NR(1));
+         &cmpult($R,$r09,($t09)=&NR(1));        &FR($r09);
+         &add($R,$r10,$R);
+         &add($H1,$t09,$H1)                     &FR($t09);
+        &mul($a[1],$b[2],($r13)=&NR(1));
+         &cmpult($R,$r10,($t10)=&NR(1));        &FR($r10);
+         &add($R,$r11,$R);
+         &add($H1,$t10,$H1)                     &FR($t10);
+        &mul($a[2],$b[1],($r14)=&NR(1));
+         &cmpult($R,$r11,($t11)=&NR(1));        &FR($r11);
+         &add($R,$r12,$R);
+         &add($H1,$t11,$H1)                     &FR($t11);
+        &mul($a[3],$b[0],($r15)=&NR(1));
+         &cmpult($R,$r12,($t12)=&NR(1));        &FR($r12);
+         &add($R,$r13,$R);
+         &add($H1,$t12,$H1)                     &FR($t12);
+        &muh($a[0],$b[3],($r16)=&NR(1));
+         &cmpult($R,$r13,($t13)=&NR(1));        &FR($r13);
+         &add($R,$r14,$R);
+         &add($H1,$t13,$H1)                     &FR($t13);
+        &muh($a[1],$b[2],($r17)=&NR(1));
+         &cmpult($R,$r14,($t14)=&NR(1));        &FR($r14);
+         &add($R,$r15,$R);
+         &add($H1,$t14,$H1)                     &FR($t14);
+        &muh($a[2],$b[1],($r18)=&NR(1));
+         &cmpult($R,$r15,($t15)=&NR(1));        &FR($r15);
+         &add($H1,$t15,$H1)                     &FR($t15);
+        &st($R,&QWPw(3,$rp));
+        &add($H1,$H2,$R);
+        &mov("zero",$H1);
+         &add($R,$r16,$R);
+        &mov("zero",$H2);
+        &muh($a[3],$b[0],($r19)=&NR(1));
+         &cmpult($R,$r16,($t16)=&NR(1));        &FR($r16);
+         &add($R,$r17,$R);
+         &add($H1,$t16,$H1)                     &FR($t16);
+        &mul($a[1],$b[3],($r20)=&NR(1));
+         &cmpult($R,$r17,($t17)=&NR(1));        &FR($r17);
+         &add($R,$r18,$R);
+         &add($H1,$t17,$H1)                     &FR($t17);
+        &mul($a[2],$b[2],($r21)=&NR(1));
+         &cmpult($R,$r18,($t18)=&NR(1));        &FR($r18);
+         &add($R,$r19,$R);
+         &add($H1,$t18,$H1)                     &FR($t18);
+        &mul($a[3],$b[1],($r22)=&NR(1));
+         &cmpult($R,$r19,($t19)=&NR(1));        &FR($r19);
+         &add($R,$r20,$R);
+         &add($H1,$t19,$H1)                     &FR($t19);
+        &muh($a[1],$b[3],($r23)=&NR(1));
+         &cmpult($R,$r20,($t20)=&NR(1));        &FR($r20);
+         &add($R,$r21,$R);
+         &add($H1,$t20,$H1)                     &FR($t20);
+        &muh($a[2],$b[2],($r24)=&NR(1));
+         &cmpult($R,$r21,($t21)=&NR(1));        &FR($r21);
+         &add($R,$r22,$R);
+         &add($H1,$t21,$H1)                     &FR($t21);
+        &muh($a[3],$b[1],($r25)=&NR(1));
+         &cmpult($R,$r22,($t22)=&NR(1));        &FR($r22);
+         &add($H1,$t22,$H1)                     &FR($t22);
+        &st($R,&QWPw(4,$rp));
+        &add($H1,$H2,$R);
+        &mov("zero",$H1);
+         &add($R,$r23,$R);
+        &mov("zero",$H2);
+        &mul($a[2],$b[3],($r26)=&NR(1));
+         &cmpult($R,$r23,($t23)=&NR(1));        &FR($r23);
+         &add($R,$r24,$R);
+         &add($H1,$t23,$H1)                     &FR($t23);
+        &mul($a[3],$b[2],($r27)=&NR(1));
+         &cmpult($R,$r24,($t24)=&NR(1));        &FR($r24);
+         &add($R,$r25,$R);
+         &add($H1,$t24,$H1)                     &FR($t24);
+        &muh($a[2],$b[3],($r28)=&NR(1));
+         &cmpult($R,$r25,($t25)=&NR(1));        &FR($r25);
+         &add($R,$r26,$R);
+         &add($H1,$t25,$H1)                     &FR($t25);
+        &muh($a[3],$b[2],($r29)=&NR(1));
+         &cmpult($R,$r26,($t26)=&NR(1));        &FR($r26);
+         &add($R,$r27,$R);
+         &add($H1,$t26,$H1)                     &FR($t26);
+        &mul($a[3],$b[3],($r30)=&NR(1));
+         &cmpult($R,$r27,($t27)=&NR(1));        &FR($r27);
+         &add($H1,$t27,$H1)                     &FR($t27);
+        &st($R,&QWPw(5,$rp));
+        &add($H1,$H2,$R);
+        &mov("zero",$H1);
+         &add($R,$r28,$R);
+        &mov("zero",$H2);
+        &muh($a[3],$b[3],($r31)=&NR(1));
+         &cmpult($R,$r28,($t28)=&NR(1));        &FR($r28);
+         &add($R,$r29,$R);
+         &add($H1,$t28,$H1)                     &FR($t28);
+        ############
+         &cmpult($R,$r29,($t29)=&NR(1));        &FR($r29);
+         &add($R,$r30,$R);
+         &add($H1,$t29,$H1)                     &FR($t29);
+        ############
+         &cmpult($R,$r30,($t30)=&NR(1));        &FR($r30);
+         &add($H1,$t30,$H1)                     &FR($t30);
+        &st($R,&QWPw(6,$rp));
+        &add($H1,$H2,$R);
+         &add($R,$r31,$R);                      &FR($r31);
+        &st($R,&QWPw(7,$rp));
+        &FR($R,$H1,$H2);
+        &function_end($name);
+        &fin_pool;
+        }
+1;
diff --git a/src/lib/libcrypto/bn/asm/alpha.works/mul_c4.works.pl b/src/lib/libcrypto/bn/asm/alpha.works/mul_c4.works.pl
new file mode 100644
index 0000000000..79d86dd25c
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/alpha.works/mul_c4.works.pl
@@ -0,0 +1,98 @@
+#!/usr/local/bin/perl
+# alpha assember 
+sub mul_add_c
+        {
+        local($a,$b,$c0,$c1,$c2)=@_;
+        local($l1,$h1,$t1,$t2);
+print STDERR "count=$cnt\n"; $cnt++;
+        &mul($a,$b,($l1)=&NR(1));
+        &muh($a,$b,($h1)=&NR(1));
+        &add($c0,$l1,$c0);
+        &cmpult($c0,$l1,($t1)=&NR(1));  &FR($l1);
+        &add($t1,$h1,$h1);              &FR($t1);
+        &add($c1,$h1,$c1);
+        &cmpult($c1,$h1,($t2)=&NR(1));  &FR($h1);
+        &add($c2,$t2,$c2);              &FR($t2);
+        }
+sub bn_mul_comba4
+        {
+        local($name)=@_;
+        local(@a,@b,$r,$c0,$c1,$c2);
+        $cnt=1;
+        &init_pool(3);
+        $rp=&wparam(0);
+        $ap=&wparam(1);
+        $bp=&wparam(2);
+        &function_begin($name,"");
+        &comment("");
+        &ld(($a[0])=&NR(1),&QWPw(0,$ap));
+        &ld(($b[0])=&NR(1),&QWPw(0,$bp));
+        &ld(($a[1])=&NR(1),&QWPw(1,$ap));
+        &ld(($b[1])=&NR(1),&QWPw(1,$bp));
+        &ld(($a[2])=&NR(1),&QWPw(2,$ap));
+        &ld(($b[2])=&NR(1),&QWPw(2,$bp));
+        &ld(($a[3])=&NR(1),&QWPw(3,$ap));       &FR($ap);
+        &ld(($b[3])=&NR(1),&QWPw(3,$bp));       &FR($bp);
+        ($c0,$c1,$c2)=&NR(3);
+        &mov("zero",$c2);
+        &mul($a[0],$b[0],$c0);
+        &muh($a[0],$b[0],$c1);
+        &st($c0,&QWPw(0,$rp));                  &FR($c0); ($c0)=&NR($c0);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[0],$b[1],$c0,$c1,$c2);
+        &mul_add_c($a[1],$b[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(1,$rp));                  &FR($c0); ($c0)=&NR($c0);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[1],$b[1],$c0,$c1,$c2);
+        &mul_add_c($a[0],$b[2],$c0,$c1,$c2);
+        &mul_add_c($a[2],$b[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(2,$rp));                  &FR($c0); ($c0)=&NR($c0);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[0],$b[3],$c0,$c1,$c2);    &FR($a[0]);
+        &mul_add_c($a[1],$b[2],$c0,$c1,$c2);
+        &mul_add_c($a[2],$b[1],$c0,$c1,$c2);
+        &mul_add_c($a[3],$b[0],$c0,$c1,$c2);    &FR($b[0]);
+        &st($c0,&QWPw(3,$rp));                  &FR($c0); ($c0)=&NR($c0);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[1],$b[3],$c0,$c1,$c2);    &FR($a[1]);
+        &mul_add_c($a[2],$b[2],$c0,$c1,$c2);
+        &mul_add_c($a[3],$b[1],$c0,$c1,$c2);    &FR($b[1]);
+        &st($c0,&QWPw(4,$rp));                  &FR($c0); ($c0)=&NR($c0);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[2],$b[3],$c0,$c1,$c2);    &FR($a[2]);
+        &mul_add_c($a[3],$b[2],$c0,$c1,$c2);    &FR($b[2]);
+        &st($c0,&QWPw(5,$rp));                  &FR($c0); ($c0)=&NR($c0);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[3],$b[3],$c0,$c1,$c2);    &FR($a[3],$b[3]);
+        &st($c0,&QWPw(6,$rp));
+        &st($c1,&QWPw(7,$rp));
+        &FR($c0,$c1,$c2);
+        &function_end($name);
+        &fin_pool;
+        }
+1;
diff --git a/src/lib/libcrypto/bn/asm/alpha.works/mul_c8.pl b/src/lib/libcrypto/bn/asm/alpha.works/mul_c8.pl
new file mode 100644
index 0000000000..525ca7494b
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/alpha.works/mul_c8.pl
@@ -0,0 +1,177 @@
+#!/usr/local/bin/perl
+# alpha assember 
+sub bn_mul_comba8
+        {
+        local($name)=@_;
+        local(@a,@b,$r,$c0,$c1,$c2);
+        $cnt=1;
+        &init_pool(3);
+        $rp=&wparam(0);
+        $ap=&wparam(1);
+        $bp=&wparam(2);
+        &function_begin($name,"");
+        &comment("");
+        &stack_push(2);
+        &ld(($a[0])=&NR(1),&QWPw(0,$ap));
+        &ld(($b[0])=&NR(1),&QWPw(0,$bp));
+        &st($reg_s0,&swtmp(0)); &FR($reg_s0);
+        &st($reg_s1,&swtmp(1)); &FR($reg_s1);
+        &ld(($a[1])=&NR(1),&QWPw(1,$ap));
+        &ld(($b[1])=&NR(1),&QWPw(1,$bp));
+        &ld(($a[2])=&NR(1),&QWPw(2,$ap));
+        &ld(($b[2])=&NR(1),&QWPw(2,$bp));
+        &ld(($a[3])=&NR(1),&QWPw(3,$ap));
+        &ld(($b[3])=&NR(1),&QWPw(3,$bp));
+        &ld(($a[4])=&NR(1),&QWPw(1,$ap));
+        &ld(($b[4])=&NR(1),&QWPw(1,$bp));
+        &ld(($a[5])=&NR(1),&QWPw(1,$ap));
+        &ld(($b[5])=&NR(1),&QWPw(1,$bp));
+        &ld(($a[6])=&NR(1),&QWPw(1,$ap));
+        &ld(($b[6])=&NR(1),&QWPw(1,$bp));
+        &ld(($a[7])=&NR(1),&QWPw(1,$ap));       &FR($ap);
+        &ld(($b[7])=&NR(1),&QWPw(1,$bp));       &FR($bp);
+        ($c0,$c1,$c2)=&NR(3);
+        &mov("zero",$c2);
+        &mul($a[0],$b[0],$c0);
+        &muh($a[0],$b[0],$c1);
+        &st($c0,&QWPw(0,$rp));                  &FR($c0); ($c0)=&NR(1);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[0],$b[1],$c0,$c1,$c2);
+        &mul_add_c($a[1],$b[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(1,$rp));                  &FR($c0); ($c0)=&NR(1);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[0],$b[2],$c0,$c1,$c2);
+        &mul_add_c($a[1],$b[1],$c0,$c1,$c2);
+        &mul_add_c($a[2],$b[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(2,$rp));                  &FR($c0); ($c0)=&NR(1);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[0],$b[3],$c0,$c1,$c2);
+        &mul_add_c($a[1],$b[2],$c0,$c1,$c2);
+        &mul_add_c($a[2],$b[1],$c0,$c1,$c2);
+        &mul_add_c($a[3],$b[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(3,$rp));                  &FR($c0); ($c0)=&NR(1);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[0],$b[4],$c0,$c1,$c2);
+        &mul_add_c($a[1],$b[3],$c0,$c1,$c2);
+        &mul_add_c($a[2],$b[2],$c0,$c1,$c2);
+        &mul_add_c($a[3],$b[1],$c0,$c1,$c2);
+        &mul_add_c($a[4],$b[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(4,$rp));                  &FR($c0); ($c0)=&NR(1);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[0],$b[5],$c0,$c1,$c2);
+        &mul_add_c($a[1],$b[4],$c0,$c1,$c2);
+        &mul_add_c($a[2],$b[3],$c0,$c1,$c2);
+        &mul_add_c($a[3],$b[2],$c0,$c1,$c2);
+        &mul_add_c($a[4],$b[1],$c0,$c1,$c2);
+        &mul_add_c($a[5],$b[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(5,$rp));                  &FR($c0); ($c0)=&NR(1);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[0],$b[6],$c0,$c1,$c2);
+        &mul_add_c($a[1],$b[5],$c0,$c1,$c2);
+        &mul_add_c($a[2],$b[4],$c0,$c1,$c2);
+        &mul_add_c($a[3],$b[3],$c0,$c1,$c2);
+        &mul_add_c($a[4],$b[2],$c0,$c1,$c2);
+        &mul_add_c($a[5],$b[1],$c0,$c1,$c2);
+        &mul_add_c($a[6],$b[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(6,$rp));                  &FR($c0); ($c0)=&NR(1);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[0],$b[7],$c0,$c1,$c2);    &FR($a[0]);
+        &mul_add_c($a[1],$b[6],$c0,$c1,$c2);
+        &mul_add_c($a[2],$b[5],$c0,$c1,$c2);
+        &mul_add_c($a[3],$b[4],$c0,$c1,$c2);
+        &mul_add_c($a[4],$b[3],$c0,$c1,$c2);
+        &mul_add_c($a[5],$b[2],$c0,$c1,$c2);
+        &mul_add_c($a[6],$b[1],$c0,$c1,$c2);
+        &mul_add_c($a[7],$b[0],$c0,$c1,$c2);    &FR($b[0]);
+        &st($c0,&QWPw(7,$rp));                  &FR($c0); ($c0)=&NR(1);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[1],$b[7],$c0,$c1,$c2);    &FR($a[1]);
+        &mul_add_c($a[2],$b[6],$c0,$c1,$c2);
+        &mul_add_c($a[3],$b[5],$c0,$c1,$c2);
+        &mul_add_c($a[4],$b[4],$c0,$c1,$c2);
+        &mul_add_c($a[5],$b[3],$c0,$c1,$c2);
+        &mul_add_c($a[6],$b[2],$c0,$c1,$c2);
+        &mul_add_c($a[7],$b[1],$c0,$c1,$c2);    &FR($b[1]);
+        &st($c0,&QWPw(8,$rp));                  &FR($c0); ($c0)=&NR(1);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[2],$b[7],$c0,$c1,$c2);    &FR($a[2]);
+        &mul_add_c($a[3],$b[6],$c0,$c1,$c2);
+        &mul_add_c($a[4],$b[5],$c0,$c1,$c2);
+        &mul_add_c($a[5],$b[4],$c0,$c1,$c2);
+        &mul_add_c($a[6],$b[3],$c0,$c1,$c2);
+        &mul_add_c($a[7],$b[2],$c0,$c1,$c2);    &FR($b[2]);
+        &st($c0,&QWPw(9,$rp));                  &FR($c0); ($c0)=&NR(1);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[3],$b[7],$c0,$c1,$c2);    &FR($a[3]);
+        &mul_add_c($a[4],$b[6],$c0,$c1,$c2);
+        &mul_add_c($a[5],$b[5],$c0,$c1,$c2);
+        &mul_add_c($a[6],$b[4],$c0,$c1,$c2);
+        &mul_add_c($a[7],$b[3],$c0,$c1,$c2);    &FR($b[3]);
+        &st($c0,&QWPw(10,$rp));                 &FR($c0); ($c0)=&NR(1);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[4],$b[7],$c0,$c1,$c2);    &FR($a[4]);
+        &mul_add_c($a[5],$b[6],$c0,$c1,$c2);
+        &mul_add_c($a[6],$b[5],$c0,$c1,$c2);
+        &mul_add_c($a[7],$b[4],$c0,$c1,$c2);    &FR($b[4]);
+        &st($c0,&QWPw(11,$rp));                 &FR($c0); ($c0)=&NR(1);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[5],$b[7],$c0,$c1,$c2);    &FR($a[5]);
+        &mul_add_c($a[6],$b[6],$c0,$c1,$c2);
+        &mul_add_c($a[7],$b[5],$c0,$c1,$c2);    &FR($b[5]);
+        &st($c0,&QWPw(12,$rp));                 &FR($c0); ($c0)=&NR(1);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[6],$b[7],$c0,$c1,$c2);    &FR($a[6]);
+        &mul_add_c($a[7],$b[6],$c0,$c1,$c2);    &FR($b[6]);
+        &st($c0,&QWPw(13,$rp));                 &FR($c0); ($c0)=&NR(1);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[7],$b[7],$c0,$c1,$c2);    &FR($a[7],$b[7]);
+        &st($c0,&QWPw(14,$rp));
+        &st($c1,&QWPw(15,$rp));
+        &FR($c0,$c1,$c2);
+        &ld($reg_s0,&swtmp(0));
+        &ld($reg_s1,&swtmp(1));
+        &stack_pop(2);
+        &function_end($name);
+        &fin_pool;
+        }
+1;
diff --git a/src/lib/libcrypto/bn/asm/alpha.works/sqr.pl b/src/lib/libcrypto/bn/asm/alpha.works/sqr.pl
new file mode 100644
index 0000000000..a55b696906
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/alpha.works/sqr.pl
@@ -0,0 +1,113 @@
+#!/usr/local/bin/perl
+# alpha assember 
+sub bn_sqr_words
+        {
+        local($name)=@_;
+        local($cc,$a,$b,$r,$couny);
+        &init_pool(3);
+        ($cc)=GR("r0");
+        $rp=&wparam(0);
+        $ap=&wparam(1);
+        $count=&wparam(2);
+        &function_begin($name,"");
+        &comment("");
+        &sub($count,4,$count);
+        &mov("zero",$cc);
+        &br(&label("finish"));
+        &blt($count,&label("finish"));
+        ($a0,$r0)=&NR(2);
+        &ld($a0,&QWPw(0,$ap));
+        &ld($r0,&QWPw(0,$rp));
+$a=<<'EOF';
+##########################################################
+        &set_label("loop");
+        ($a1)=&NR(1); &ld($a1,&QWPw(1,$ap));
+        ($b1)=&NR(1); &ld($b1,&QWPw(1,$bp));
+        ($a2)=&NR(1); &ld($a2,&QWPw(2,$ap));
+        ($b2)=&NR(1); &ld($b2,&QWPw(2,$bp));
+        ($a3)=&NR(1); &ld($a3,&QWPw(3,$ap));
+        ($b3)=&NR(1); &ld($b3,&QWPw(3,$bp));
+        ($o0,$t0)=&NR(2);
+        &add($a0,$b0,$o0); 
+        &cmpult($o0,$b0,$t0);
+        &add($o0,$cc,$o0);
+        &cmpult($o0,$cc,$cc);
+        &add($cc,$t0,$cc);      &FR($t0);
+        ($t1,$o1)=&NR(2);
+        &add($a1,$b1,$o1);      &FR($a1);
+        &cmpult($o1,$b1,$t1);   &FR($b1);
+        &add($o1,$cc,$o1);
+        &cmpult($o1,$cc,$cc);
+        &add($cc,$t1,$cc);      &FR($t1);
+        ($t2,$o2)=&NR(2);
+        &add($a2,$b2,$o2);      &FR($a2);
+        &cmpult($o2,$b2,$t2);   &FR($b2);
+        &add($o2,$cc,$o2);
+        &cmpult($o2,$cc,$cc);
+        &add($cc,$t2,$cc);      &FR($t2);
+        ($t3,$o3)=&NR(2);
+        &add($a3,$b3,$o3);      &FR($a3);
+        &cmpult($o3,$b3,$t3);   &FR($b3);
+        &add($o3,$cc,$o3);
+        &cmpult($o3,$cc,$cc);
+        &add($cc,$t3,$cc);      &FR($t3);
+        &st($o0,&QWPw(0,$rp)); &FR($o0);
+        &st($o1,&QWPw(0,$rp)); &FR($o1);
+        &st($o2,&QWPw(0,$rp)); &FR($o2);
+        &st($o3,&QWPw(0,$rp)); &FR($o3);
+        &sub($count,4,$count);  # count-=4
+        &add($ap,4*$QWS,$ap);   # count+=4
+        &add($bp,4*$QWS,$bp);   # count+=4
+        &add($rp,4*$QWS,$rp);   # count+=4
+        &blt($count,&label("finish"));
+        &ld($a0,&QWPw(0,$ap));
+         &ld($b0,&QWPw(0,$bp));
+        &br(&label("loop"));
+EOF
+##################################################
+        # Do the last 0..3 words
+        &set_label("last_loop");
+        &ld(($a0)=&NR(1),&QWPw(0,$ap)); # get a
+        &mul($a0,$a0,($l0)=&NR(1));
+         &add($ap,$QWS,$ap);
+         &add($rp,2*$QWS,$rp);
+         &sub($count,1,$count);
+        &muh($a0,$a0,($h0)=&NR(1));     &FR($a0);
+        &st($l0,&QWPw(-2,$rp));         &FR($l0);
+        &st($h0,&QWPw(-1,$rp));         &FR($h0);
+        &bgt($count,&label("last_loop"));
+        &function_end_A($name);
+######################################################
+        &set_label("finish");
+        &add($count,4,$count);
+        &bgt($count,&label("last_loop"));
+        &set_label("end");
+        &function_end($name);
+        &fin_pool;
+        }
+1;
diff --git a/src/lib/libcrypto/bn/asm/alpha.works/sqr_c4.pl b/src/lib/libcrypto/bn/asm/alpha.works/sqr_c4.pl
new file mode 100644
index 0000000000..bf33f5b503
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/alpha.works/sqr_c4.pl
@@ -0,0 +1,109 @@
+#!/usr/local/bin/perl
+# alpha assember 
+sub sqr_add_c
+        {
+        local($a,$c0,$c1,$c2)=@_;
+        local($l1,$h1,$t1,$t2);
+        &mul($a,$a,($l1)=&NR(1));
+        &muh($a,$a,($h1)=&NR(1));
+        &add($c0,$l1,$c0);
+        &add($c1,$h1,$c1);
+        &cmpult($c0,$l1,($t1)=&NR(1));  &FR($l1);
+        &cmpult($c1,$h1,($t2)=&NR(1));  &FR($h1);
+        &add($c1,$t1,$c1);              &FR($t1);
+        &add($c2,$t2,$c2);              &FR($t2);
+        }
+sub sqr_add_c2
+        {
+        local($a,$b,$c0,$c1,$c2)=@_;
+        local($l1,$h1,$t1,$t2);
+        &mul($a,$b,($l1)=&NR(1));
+        &muh($a,$b,($h1)=&NR(1));
+        &cmplt($l1,"zero",($lc1)=&NR(1));
+        &cmplt($h1,"zero",($hc1)=&NR(1));
+        &add($l1,$l1,$l1);
+        &add($h1,$h1,$h1);
+        &add($h1,$lc1,$h1);             &FR($lc1);
+        &add($c2,$hc1,$c2);             &FR($hc1);
+        &add($c0,$l1,$c0);
+        &add($c1,$h1,$c1);
+        &cmpult($c0,$l1,($lc1)=&NR(1)); &FR($l1);
+        &cmpult($c1,$h1,($hc1)=&NR(1)); &FR($h1);
+        &add($c1,$lc1,$c1);             &FR($lc1);
+        &add($c2,$hc1,$c2);             &FR($hc1);
+        }
+sub bn_sqr_comba4
+        {
+        local($name)=@_;
+        local(@a,@b,$r,$c0,$c1,$c2);
+        $cnt=1;
+        &init_pool(2);
+        $rp=&wparam(0);
+        $ap=&wparam(1);
+        &function_begin($name,"");
+        &comment("");
+        &ld(($a[0])=&NR(1),&QWPw(0,$ap));
+        &ld(($a[1])=&NR(1),&QWPw(1,$ap));
+        &ld(($a[2])=&NR(1),&QWPw(2,$ap));
+        &ld(($a[3])=&NR(1),&QWPw(3,$ap)); &FR($ap);
+        ($c0,$c1,$c2)=&NR(3);
+        &mov("zero",$c2);
+        &mul($a[0],$a[0],$c0);
+        &muh($a[0],$a[0],$c1);
+        &st($c0,&QWPw(0,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c2($a[0],$a[1],$c0,$c1,$c2);
+        &st($c0,&QWPw(1,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c($a[1],$c0,$c1,$c2);
+        &sqr_add_c2($a[2],$a[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(2,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c2($a[3],$a[0],$c0,$c1,$c2);
+        &sqr_add_c2($a[2],$a[1],$c0,$c1,$c2);
+        &st($c0,&QWPw(3,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c($a[2],$c0,$c1,$c2);
+        &sqr_add_c2($a[3],$a[1],$c0,$c1,$c2);
+        &st($c0,&QWPw(4,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c2($a[3],$a[2],$c0,$c1,$c2);
+        &st($c0,&QWPw(5,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c($a[3],$c0,$c1,$c2);
+        &st($c0,&QWPw(6,$rp));
+        &st($c1,&QWPw(7,$rp));
+        &function_end($name);
+        &fin_pool;
+        }
+1;
diff --git a/src/lib/libcrypto/bn/asm/alpha.works/sqr_c8.pl b/src/lib/libcrypto/bn/asm/alpha.works/sqr_c8.pl
new file mode 100644
index 0000000000..b4afe085f1
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/alpha.works/sqr_c8.pl
@@ -0,0 +1,132 @@
+#!/usr/local/bin/perl
+# alpha assember 
+sub bn_sqr_comba8
+        {
+        local($name)=@_;
+        local(@a,@b,$r,$c0,$c1,$c2);
+        $cnt=1;
+        &init_pool(2);
+        $rp=&wparam(0);
+        $ap=&wparam(1);
+        &function_begin($name,"");
+        &comment("");
+        &ld(($a[0])=&NR(1),&QWPw(0,$ap));
+        &ld(($a[1])=&NR(1),&QWPw(1,$ap));
+        &ld(($a[2])=&NR(1),&QWPw(2,$ap));
+        &ld(($a[3])=&NR(1),&QWPw(3,$ap));
+        &ld(($a[4])=&NR(1),&QWPw(4,$ap));
+        &ld(($a[5])=&NR(1),&QWPw(5,$ap));
+        &ld(($a[6])=&NR(1),&QWPw(6,$ap));
+        &ld(($a[7])=&NR(1),&QWPw(7,$ap)); &FR($ap);
+        ($c0,$c1,$c2)=&NR(3);
+        &mov("zero",$c2);
+        &mul($a[0],$a[0],$c0);
+        &muh($a[0],$a[0],$c1);
+        &st($c0,&QWPw(0,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c2($a[1],$a[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(1,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c($a[1],$c0,$c1,$c2);
+        &sqr_add_c2($a[2],$a[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(2,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c2($a[2],$a[1],$c0,$c1,$c2);
+        &sqr_add_c2($a[3],$a[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(3,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c($a[2],$c0,$c1,$c2);
+        &sqr_add_c2($a[3],$a[1],$c0,$c1,$c2);
+        &sqr_add_c2($a[4],$a[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(4,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c2($a[3],$a[2],$c0,$c1,$c2);
+        &sqr_add_c2($a[4],$a[1],$c0,$c1,$c2);
+        &sqr_add_c2($a[5],$a[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(5,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c($a[3],$c0,$c1,$c2);
+        &sqr_add_c2($a[4],$a[2],$c0,$c1,$c2);
+        &sqr_add_c2($a[5],$a[1],$c0,$c1,$c2);
+        &sqr_add_c2($a[6],$a[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(6,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c2($a[4],$a[3],$c0,$c1,$c2);
+        &sqr_add_c2($a[5],$a[2],$c0,$c1,$c2);
+        &sqr_add_c2($a[6],$a[1],$c0,$c1,$c2);
+        &sqr_add_c2($a[7],$a[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(7,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c($a[4],$c0,$c1,$c2);
+        &sqr_add_c2($a[5],$a[3],$c0,$c1,$c2);
+        &sqr_add_c2($a[6],$a[2],$c0,$c1,$c2);
+        &sqr_add_c2($a[7],$a[1],$c0,$c1,$c2);
+        &st($c0,&QWPw(8,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c2($a[5],$a[4],$c0,$c1,$c2);
+        &sqr_add_c2($a[6],$a[3],$c0,$c1,$c2);
+        &sqr_add_c2($a[7],$a[2],$c0,$c1,$c2);
+        &st($c0,&QWPw(9,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c($a[5],$c0,$c1,$c2);
+        &sqr_add_c2($a[6],$a[4],$c0,$c1,$c2);
+        &sqr_add_c2($a[7],$a[3],$c0,$c1,$c2);
+        &st($c0,&QWPw(10,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c2($a[6],$a[5],$c0,$c1,$c2);
+        &sqr_add_c2($a[7],$a[4],$c0,$c1,$c2);
+        &st($c0,&QWPw(11,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c($a[6],$c0,$c1,$c2);
+        &sqr_add_c2($a[7],$a[5],$c0,$c1,$c2);
+        &st($c0,&QWPw(12,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c2($a[7],$a[6],$c0,$c1,$c2);
+        &st($c0,&QWPw(13,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c($a[7],$c0,$c1,$c2);
+        &st($c0,&QWPw(14,$rp));
+        &st($c1,&QWPw(15,$rp));
+        &function_end($name);
+        &fin_pool;
+        }
+1;
diff --git a/src/lib/libcrypto/bn/asm/alpha.works/sub.pl b/src/lib/libcrypto/bn/asm/alpha.works/sub.pl
new file mode 100644
index 0000000000..d998da5c21
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/alpha.works/sub.pl
@@ -0,0 +1,108 @@
+#!/usr/local/bin/perl
+# alpha assember
+sub bn_sub_words
+        {
+        local($name)=@_;
+        local($cc,$a,$b,$r);
+        &init_pool(4);
+        ($cc)=GR("r0");
+        $rp=&wparam(0);
+        $ap=&wparam(1);
+        $bp=&wparam(2);
+        $count=&wparam(3);
+        &function_begin($name,"");
+        &comment("");
+        &sub($count,4,$count);
+        &mov("zero",$cc);
+        &blt($count,&label("finish"));
+        ($a0,$b0)=&NR(2);
+        &ld($a0,&QWPw(0,$ap));
+        &ld($b0,&QWPw(0,$bp));
+##########################################################
+        &set_label("loop");
+        ($a1,$tmp,$b1,$a2,$b2,$a3,$b3,$o0)=&NR(8);
+        &ld($a1,&QWPw(1,$ap));
+         &cmpult($a0,$b0,$tmp); # will we borrow?
+        &ld($b1,&QWPw(1,$bp));
+         &sub($a0,$b0,$a0);             # do the subtract
+        &ld($a2,&QWPw(2,$ap));
+         &cmpult($a0,$cc,$b0);  # will we borrow?
+        &ld($b2,&QWPw(2,$bp));
+         &sub($a0,$cc,$o0);     # will we borrow?
+        &ld($a3,&QWPw(3,$ap));
+         &add($b0,$tmp,$cc); ($t1,$o1)=&NR(2); &FR($tmp);
+        &cmpult($a1,$b1,$t1);   # will we borrow?
+         &sub($a1,$b1,$a1);     # do the subtract
+        &ld($b3,&QWPw(3,$bp));
+         &cmpult($a1,$cc,$b1);  # will we borrow?
+        &sub($a1,$cc,$o1);      # will we borrow?
+         &add($b1,$t1,$cc); ($tmp,$o2)=&NR(2); &FR($t1,$a1,$b1);
+        
+        &cmpult($a2,$b2,$tmp);  # will we borrow?
+         &sub($a2,$b2,$a2);             # do the subtract
+        &st($o0,&QWPw(0,$rp));  &FR($o0); # save
+         &cmpult($a2,$cc,$b2);  # will we borrow?
+        &sub($a2,$cc,$o2);      # will we borrow?
+         &add($b2,$tmp,$cc); ($t3,$o3)=&NR(2); &FR($tmp,$a2,$b2);
+        &cmpult($a3,$b3,$t3);   # will we borrow?
+         &sub($a3,$b3,$a3);     # do the subtract
+        &st($o1,&QWPw(1,$rp)); &FR($o1);
+         &cmpult($a3,$cc,$b3);  # will we borrow?
+        &sub($a3,$cc,$o3);      # will we borrow?
+         &add($b3,$t3,$cc); &FR($t3,$a3,$b3);
+        &st($o2,&QWPw(2,$rp));  &FR($o2);
+         &sub($count,4,$count); # count-=4
+        &st($o3,&QWPw(3,$rp));  &FR($o3);
+         &add($ap,4*$QWS,$ap);  # count+=4
+        &add($bp,4*$QWS,$bp);   # count+=4
+         &add($rp,4*$QWS,$rp);  # count+=4
+        &blt($count,&label("finish"));
+        &ld($a0,&QWPw(0,$ap));
+         &ld($b0,&QWPw(0,$bp));
+        &br(&label("loop"));
+##################################################
+        # Do the last 0..3 words
+        &set_label("last_loop");
+        &ld($a0,&QWPw(0,$ap));  # get a
+         &ld($b0,&QWPw(0,$bp)); # get b
+        &cmpult($a0,$b0,$tmp);  # will we borrow?
+        &sub($a0,$b0,$a0);      # do the subtract
+        &cmpult($a0,$cc,$b0);   # will we borrow?
+        &sub($a0,$cc,$a0);      # will we borrow?
+        &st($a0,&QWPw(0,$rp));  # save
+        &add($b0,$tmp,$cc);     # add the borrows
+        &add($ap,$QWS,$ap);
+        &add($bp,$QWS,$bp);
+        &add($rp,$QWS,$rp);
+        &sub($count,1,$count);
+        &bgt($count,&label("last_loop"));
+        &function_end_A($name);
+######################################################
+        &set_label("finish");
+        &add($count,4,$count);
+        &bgt($count,&label("last_loop"));
+        &FR($a0,$b0);
+        &set_label("end");
+        &function_end($name);
+        &fin_pool;
+        }
+1;
diff --git a/src/lib/libcrypto/bn/asm/alpha/add.pl b/src/lib/libcrypto/bn/asm/alpha/add.pl
new file mode 100644
index 0000000000..13bf516428
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/alpha/add.pl
@@ -0,0 +1,118 @@
+#!/usr/local/bin/perl
+# alpha assember 
+sub bn_add_words
+        {
+        local($name)=@_;
+        local($cc,$a,$b,$r);
+        &init_pool(4);
+        ($cc)=GR("r0");
+        $rp=&wparam(0);
+        $ap=&wparam(1);
+        $bp=&wparam(2);
+        $count=&wparam(3);
+        &function_begin($name,"");
+        &comment("");
+        &sub($count,4,$count);
+         &mov("zero",$cc);
+        &blt($count,&label("finish"));
+        ($a0,$b0)=&NR(2);
+##########################################################
+        &set_label("loop");
+        &ld(($a0)=&NR(1),&QWPw(0,$ap));
+         &ld(($b0)=&NR(1),&QWPw(0,$bp));
+        &ld(($a1)=&NR(1),&QWPw(1,$ap));
+         &ld(($b1)=&NR(1),&QWPw(1,$bp));
+        ($o0,$t0)=&NR(2);
+        &add($a0,$b0,$o0); 
+         &ld(($a2)=&NR(1),&QWPw(2,$ap));
+        &cmpult($o0,$b0,$t0);
+         &add($o0,$cc,$o0);
+        &cmpult($o0,$cc,$cc);
+         &ld(($b2)=&NR(1),&QWPw(2,$bp));
+        &add($cc,$t0,$cc);      &FR($t0);
+        ($t1,$o1)=&NR(2);
+         &add($a1,$b1,$o1);     &FR($a1);
+        &cmpult($o1,$b1,$t1);   &FR($b1);
+         &add($o1,$cc,$o1);
+        &cmpult($o1,$cc,$cc);
+         &ld(($a3)=&NR(1),&QWPw(3,$ap));
+        &add($cc,$t1,$cc);      &FR($t1);
+        ($t2,$o2)=&NR(2);
+         &add($a2,$b2,$o2);     &FR($a2);
+        &cmpult($o2,$b2,$t2);   &FR($b2);
+         &add($o2,$cc,$o2);
+        &cmpult($o2,$cc,$cc);
+         &ld(($b3)=&NR(1),&QWPw(3,$bp));
+        &st($o0,&QWPw(0,$rp)); &FR($o0);
+         &add($cc,$t2,$cc);     &FR($t2);
+        ($t3,$o3)=&NR(2);
+        &st($o1,&QWPw(0,$rp)); &FR($o1);
+         &add($a3,$b3,$o3);     &FR($a3);
+        &cmpult($o3,$b3,$t3);   &FR($b3);
+         &add($o3,$cc,$o3);
+        &st($o2,&QWPw(0,$rp)); &FR($o2);
+         &cmpult($o3,$cc,$cc);
+        &st($o3,&QWPw(0,$rp)); &FR($o3);
+         &add($cc,$t3,$cc);     &FR($t3);
+        &sub($count,4,$count);  # count-=4
+         &add($ap,4*$QWS,$ap);  # count+=4
+        &add($bp,4*$QWS,$bp);   # count+=4
+         &add($rp,4*$QWS,$rp);  # count+=4
+        ###
+         &bge($count,&label("loop"));
+        ###
+        &br(&label("finish"));
+##################################################
+        # Do the last 0..3 words
+        ($t0,$o0)=&NR(2);
+        &set_label("last_loop");
+        &ld($a0,&QWPw(0,$ap));  # get a
+         &ld($b0,&QWPw(0,$bp)); # get b
+        &add($ap,$QWS,$ap);
+         &add($bp,$QWS,$bp);
+        &add($a0,$b0,$o0); 
+         &sub($count,1,$count);
+        &cmpult($o0,$b0,$t0);   # will we borrow?
+         &add($o0,$cc,$o0);     # will we borrow?
+        &cmpult($o0,$cc,$cc);   # will we borrow?
+         &add($rp,$QWS,$rp);
+        &st($o0,&QWPw(-1,$rp)); # save
+         &add($cc,$t0,$cc);     # add the borrows
+        ###
+         &bgt($count,&label("last_loop"));
+        &function_end_A($name);
+######################################################
+        &set_label("finish");
+        &add($count,4,$count);
+         &bgt($count,&label("last_loop"));
+        &FR($o0,$t0,$a0,$b0);
+        &set_label("end");
+        &function_end($name);
+        &fin_pool;
+        }
+1;
diff --git a/src/lib/libcrypto/bn/asm/alpha/div.pl b/src/lib/libcrypto/bn/asm/alpha/div.pl
new file mode 100644
index 0000000000..e9e680897a
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/alpha/div.pl
@@ -0,0 +1,144 @@
+#!/usr/local/bin/perl
+sub bn_div_words
+        {
+        local($data)=<<'EOF';
+ #
+ # What follows was taken directly from the C compiler with a few
+ # hacks to redo the lables.
+ #
+.text
+        .set noreorder
+        .set volatile
+        .align 3
+        .globl bn_div_words
+        .ent bn_div_words
+bn_div_words
+        ldgp $29,0($27)
+bn_div_words.ng:
+        lda $30,-48($30)
+        .frame $30,48,$26,0
+        stq $26,0($30)
+        stq $9,8($30)
+        stq $10,16($30)
+        stq $11,24($30)
+        stq $12,32($30)
+        stq $13,40($30)
+        .mask 0x4003e00,-48
+        .prologue 1
+        bis $16,$16,$9
+        bis $17,$17,$10
+        bis $18,$18,$11
+        bis $31,$31,$13
+        bis $31,2,$12
+        bne $11,$9119
+        lda $0,-1
+        br $31,$9136
+        .align 4
+$9119:
+        bis $11,$11,$16
+        jsr $26,BN_num_bits_word
+        ldgp $29,0($26)
+        subq $0,64,$1
+        beq $1,$9120
+        bis $31,1,$1
+        sll $1,$0,$1
+        cmpule $9,$1,$1
+        bne $1,$9120
+ #      lda $16,_IO_stderr_
+ #      lda $17,$C32
+ #      bis $0,$0,$18
+ #      jsr $26,fprintf
+ #      ldgp $29,0($26)
+        jsr $26,abort
+        ldgp $29,0($26)
+        .align 4
+$9120:
+        bis $31,64,$3
+        cmpult $9,$11,$2
+        subq $3,$0,$1
+        addl $1,$31,$0
+        subq $9,$11,$1
+        cmoveq $2,$1,$9
+        beq $0,$9122
+        zapnot $0,15,$2
+        subq $3,$0,$1
+        sll $11,$2,$11
+        sll $9,$2,$3
+        srl $10,$1,$1
+        sll $10,$2,$10
+        bis $3,$1,$9
+$9122:
+        srl $11,32,$5
+        zapnot $11,15,$6
+        lda $7,-1
+        .align 5
+$9123:
+        srl $9,32,$1
+        subq $1,$5,$1
+        bne $1,$9126
+        zapnot $7,15,$27
+        br $31,$9127
+        .align 4
+$9126:
+        bis $9,$9,$24
+        bis $5,$5,$25
+        divqu $24,$25,$27
+$9127:
+        srl $10,32,$4
+        .align 5
+$9128:
+        mulq $27,$5,$1
+        subq $9,$1,$3
+        zapnot $3,240,$1
+        bne $1,$9129
+        mulq $6,$27,$2
+        sll $3,32,$1
+        addq $1,$4,$1
+        cmpule $2,$1,$2
+        bne $2,$9129
+        subq $27,1,$27
+        br $31,$9128
+        .align 4
+$9129:
+        mulq $27,$6,$1
+        mulq $27,$5,$4
+        srl $1,32,$3
+        sll $1,32,$1
+        addq $4,$3,$4
+        cmpult $10,$1,$2
+        subq $10,$1,$10
+        addq $2,$4,$2
+        cmpult $9,$2,$1
+        bis $2,$2,$4
+        beq $1,$9134
+        addq $9,$11,$9
+        subq $27,1,$27
+$9134:
+        subl $12,1,$12
+        subq $9,$4,$9
+        beq $12,$9124
+        sll $27,32,$13
+        sll $9,32,$2
+        srl $10,32,$1
+        sll $10,32,$10
+        bis $2,$1,$9
+        br $31,$9123
+        .align 4
+$9124:
+        bis $13,$27,$0
+$9136:
+        ldq $26,0($30)
+        ldq $9,8($30)
+        ldq $10,16($30)
+        ldq $11,24($30)
+        ldq $12,32($30)
+        ldq $13,40($30)
+        addq $30,48,$30
+        ret $31,($26),1
+        .end bn_div_words
+EOF
+        &asm_add($data);
+        }
+1;
diff --git a/src/lib/libcrypto/bn/asm/alpha/mul.pl b/src/lib/libcrypto/bn/asm/alpha/mul.pl
new file mode 100644
index 0000000000..76c926566c
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/alpha/mul.pl
@@ -0,0 +1,104 @@
+#!/usr/local/bin/perl
+# alpha assember 
+sub bn_mul_words
+        {
+        local($name)=@_;
+        local($cc,$a,$b,$r,$couny);
+        &init_pool(4);
+        ($cc)=GR("r0");
+        $rp=&wparam(0);
+        $ap=&wparam(1);
+        $count=&wparam(2);
+        $word=&wparam(3);
+        &function_begin($name,"");
+        &comment("");
+        &sub($count,4,$count);
+         &mov("zero",$cc);
+        ###
+         &blt($count,&label("finish"));
+        ($a0)=&NR(1); &ld($a0,&QWPw(0,$ap));
+        &set_label("loop");
+        ($a1)=&NR(1); &ld($a1,&QWPw(1,$ap));
+         ($a2)=&NR(1); &ld($a2,&QWPw(2,$ap));
+        &muh($a0,$word,($h0)=&NR(1));   &FR($a0);
+         ($a3)=&NR(1); &ld($a3,&QWPw(3,$ap));
+                                                        ### wait 8
+        &mul($a0,$word,($l0)=&NR(1));   &FR($a0);
+                                                        ### wait 8
+        &muh($a1,$word,($h1)=&NR(1));   &FR($a1);
+         &add($l0,$cc,$l0);                             ### wait 8
+        &mul($a1,$word,($l1)=&NR(1));   &FR($a1);
+         &cmpult($l0,$cc,$cc);                          ### wait 8
+        &muh($a2,$word,($h2)=&NR(1));   &FR($a2);
+         &add($h0,$cc,$cc);     &FR($h0);               ### wait 8
+        &mul($a2,$word,($l2)=&NR(1));   &FR($a2);
+         &add($l1,$cc,$l1);                             ### wait 8
+        &st($l0,&QWPw(0,$rp));          &FR($l0);
+         &cmpult($l1,$cc,$cc);                          ### wait 8
+        &muh($a3,$word,($h3)=&NR(1));   &FR($a3);
+         &add($h1,$cc,$cc);             &FR($h1);
+        &mul($a3,$word,($l3)=&NR(1));   &FR($a3);
+         &add($l2,$cc,$l2);
+        &st($l1,&QWPw(1,$rp));          &FR($l1);
+         &cmpult($l2,$cc,$cc);
+        &add($h2,$cc,$cc);              &FR($h2);
+         &sub($count,4,$count); # count-=4
+        &st($l2,&QWPw(2,$rp));          &FR($l2);
+         &add($l3,$cc,$l3);
+        &cmpult($l3,$cc,$cc);
+         &add($bp,4*$QWS,$bp);  # count+=4
+        &add($h3,$cc,$cc);              &FR($h3);
+         &add($ap,4*$QWS,$ap);  # count+=4
+        &st($l3,&QWPw(3,$rp));          &FR($l3);
+         &add($rp,4*$QWS,$rp);  # count+=4
+        ###
+         &blt($count,&label("finish"));
+         ($a0)=&NR(1); &ld($a0,&QWPw(0,$ap));
+        &br(&label("finish"));
+##################################################
+##################################################
+        # Do the last 0..3 words
+        &set_label("last_loop");
+        &ld(($a0)=&NR(1),&QWPw(0,$ap)); # get a
+         ###
+        ###
+         ###
+        &muh($a0,$word,($h0)=&NR(1));
+         ### Wait 8 for next mul issue
+        &mul($a0,$word,($l0)=&NR(1)); &FR($a0)
+         &add($ap,$QWS,$ap);
+        ### Loose 12 until result is available
+        &add($rp,$QWS,$rp);
+         &sub($count,1,$count);
+        &add($l0,$cc,$l0);
+         ###
+        &st($l0,&QWPw(-1,$rp));         &FR($l0);
+         &cmpult($l0,$cc,$cc);
+        &add($h0,$cc,$cc);              &FR($h0);
+         &bgt($count,&label("last_loop"));
+        &function_end_A($name);
+######################################################
+        &set_label("finish");
+        &add($count,4,$count);
+        &bgt($count,&label("last_loop"));
+        &set_label("end");
+        &function_end($name);
+        &fin_pool;
+        }
+1;
diff --git a/src/lib/libcrypto/bn/asm/alpha/mul_add.pl b/src/lib/libcrypto/bn/asm/alpha/mul_add.pl
new file mode 100644
index 0000000000..0d6df69bc4
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/alpha/mul_add.pl
@@ -0,0 +1,123 @@
+#!/usr/local/bin/perl
+# alpha assember 
+sub bn_mul_add_words
+        {
+        local($name)=@_;
+        local($cc,$a,$b,$r,$couny);
+        &init_pool(4);
+        ($cc)=GR("r0");
+        $rp=&wparam(0);
+        $ap=&wparam(1);
+        $count=&wparam(2);
+        $word=&wparam(3);
+        &function_begin($name,"");
+        &comment("");
+        &sub($count,4,$count);
+         &mov("zero",$cc);
+        ###
+         &blt($count,&label("finish"));
+        &ld(($a0)=&NR(1),&QWPw(0,$ap));
+$a=<<'EOF';
+##########################################################
+        &set_label("loop");
+        &ld(($r0)=&NR(1),&QWPw(0,$rp));
+         &ld(($a1)=&NR(1),&QWPw(1,$ap));
+        &muh($a0,$word,($h0)=&NR(1));
+         &ld(($r1)=&NR(1),&QWPw(1,$rp));
+        &ld(($a2)=&NR(1),&QWPw(2,$ap));
+         ###
+        &mul($a0,$word,($l0)=&NR(1));   &FR($a0);
+         &ld(($r2)=&NR(1),&QWPw(2,$rp));
+        &muh($a1,$word,($h1)=&NR(1));
+         &ld(($a3)=&NR(1),&QWPw(3,$ap));
+        &mul($a1,$word,($l1)=&NR(1));   &FR($a1);
+         &ld(($r3)=&NR(1),&QWPw(3,$rp));
+        &add($r0,$l0,$r0);
+         &add($r1,$l1,$r1);
+        &cmpult($r0,$l0,($t0)=&NR(1));  &FR($l0);
+         &cmpult($r1,$l1,($t1)=&NR(1)); &FR($l1);
+        &muh($a2,$word,($h2)=&NR(1));
+         &add($r0,$cc,$r0);
+        &add($h0,$t0,$h0);              &FR($t0);
+         &cmpult($r0,$cc,$cc);
+        &add($h1,$t1,$h1);              &FR($t1);
+         &add($h0,$cc,$cc);             &FR($h0);
+        &mul($a2,$word,($l2)=&NR(1));   &FR($a2);
+         &add($r1,$cc,$r1);
+        &cmpult($r1,$cc,$cc);
+         &add($r2,$l2,$r2);
+        &add($h1,$cc,$cc);              &FR($h1);
+         &cmpult($r2,$l2,($t2)=&NR(1)); &FR($l2);
+        &muh($a3,$word,($h3)=&NR(1));
+         &add($r2,$cc,$r2);
+        &st($r0,&QWPw(0,$rp)); &FR($r0);
+         &add($h2,$t2,$h2);             &FR($t2);
+        &st($r1,&QWPw(1,$rp)); &FR($r1);
+         &cmpult($r2,$cc,$cc);
+        &mul($a3,$word,($l3)=&NR(1));   &FR($a3);
+         &add($h2,$cc,$cc);             &FR($h2);
+        &st($r2,&QWPw(2,$rp)); &FR($r2);
+         &sub($count,4,$count); # count-=4
+         &add($rp,4*$QWS,$rp);  # count+=4
+        &add($r3,$l3,$r3);
+         &add($ap,4*$QWS,$ap);  # count+=4
+        &cmpult($r3,$l3,($t3)=&NR(1));  &FR($l3);
+         &add($r3,$cc,$r3);
+        &add($h3,$t3,$h3);              &FR($t3);
+         &cmpult($r3,$cc,$cc);
+        &st($r3,&QWPw(-1,$rp)); &FR($r3);
+         &add($h3,$cc,$cc);             &FR($h3);
+        ###
+         &blt($count,&label("finish"));
+        &ld(($a0)=&NR(1),&QWPw(0,$ap));
+         &br(&label("loop"));
+EOF
+##################################################
+        # Do the last 0..3 words
+        &set_label("last_loop");
+        &ld(($a0)=&NR(1),&QWPw(0,$ap)); # get a
+         &ld(($r0)=&NR(1),&QWPw(0,$rp));        # get b
+        ###
+         ###
+        &muh($a0,$word,($h0)=&NR(1));   &FR($a0);
+         ### wait 8
+        &mul($a0,$word,($l0)=&NR(1));   &FR($a0);
+         &add($rp,$QWS,$rp);
+        &add($ap,$QWS,$ap);
+         &sub($count,1,$count);
+        ### wait 3 until l0 is available
+        &add($r0,$l0,$r0);
+         ###
+        &cmpult($r0,$l0,($t0)=&NR(1));  &FR($l0);
+         &add($r0,$cc,$r0);
+        &add($h0,$t0,$h0);              &FR($t0);
+         &cmpult($r0,$cc,$cc);
+        &add($h0,$cc,$cc);              &FR($h0);
+        &st($r0,&QWPw(-1,$rp));         &FR($r0);
+         &bgt($count,&label("last_loop"));
+        &function_end_A($name);
+######################################################
+        &set_label("finish");
+        &add($count,4,$count);
+         &bgt($count,&label("last_loop"));
+        &set_label("end");
+        &function_end($name);
+        &fin_pool;
+        }
+1;
diff --git a/src/lib/libcrypto/bn/asm/alpha/mul_c4.pl b/src/lib/libcrypto/bn/asm/alpha/mul_c4.pl
new file mode 100644
index 0000000000..9cc876ded4
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/alpha/mul_c4.pl
@@ -0,0 +1,215 @@
+#!/usr/local/bin/perl
+# alpha assember 
+# upto
+sub mul_add_c
+        {
+        local($a,$b,$c0,$c1,$c2)=@_;
+        local($l1,$h1,$t1,$t2);
+        &mul($a,$b,($l1)=&NR(1));
+        &muh($a,$b,($h1)=&NR(1));
+        &add($c0,$l1,$c0);
+        &cmpult($c0,$l1,($t1)=&NR(1));  &FR($l1);
+        &add($t1,$h1,$h1);              &FR($t1);
+        &add($c1,$h1,$c1);
+        &cmpult($c1,$h1,($t2)=&NR(1));  &FR($h1);
+        &add($c2,$t2,$c2);              &FR($t2);
+        }
+sub bn_mul_comba4
+        {
+        local($name)=@_;
+        local(@a,@b,$r,$c0,$c1,$c2);
+        $cnt=1;
+        &init_pool(3);
+        $rp=&wparam(0);
+        $ap=&wparam(1);
+        $bp=&wparam(2);
+        &function_begin($name,"");
+        &comment("");
+        &ld(($a[0])=&NR(1),&QWPw(0,$ap));
+        &ld(($b[0])=&NR(1),&QWPw(0,$bp));
+        &ld(($a[1])=&NR(1),&QWPw(1,$ap));
+        &ld(($b[1])=&NR(1),&QWPw(1,$bp));
+        &mul($a[0],$b[0],($r00)=&NR(1));
+        &ld(($a[2])=&NR(1),&QWPw(2,$ap));
+        &ld(($b[2])=&NR(1),&QWPw(2,$bp));
+        &muh($a[0],$b[0],($r01)=&NR(1));
+        &FR($ap); &ld(($a[3])=&NR(1),&QWPw(3,$ap));
+        &FR($bp); &ld(($b[3])=&NR(1),&QWPw(3,$bp));
+        &mul($a[0],$b[1],($r02)=&NR(1));
+        ($R,$H1,$H2)=&NR(3);
+        &st($r00,&QWPw(0,$rp)); &FR($r00);
+        &mov("zero",$R);
+        &mul($a[1],$b[0],($r03)=&NR(1));
+        &mov("zero",$H1);
+        &mov("zero",$H0);
+         &add($R,$r01,$R);
+        &muh($a[0],$b[1],($r04)=&NR(1));
+         &cmpult($R,$r01,($t01)=&NR(1));        &FR($r01);
+         &add($R,$r02,$R);
+         &add($H1,$t01,$H1)                     &FR($t01);
+        &muh($a[1],$b[0],($r05)=&NR(1));
+         &cmpult($R,$r02,($t02)=&NR(1));        &FR($r02);
+         &add($R,$r03,$R);
+         &add($H2,$t02,$H2)                     &FR($t02);
+        &mul($a[0],$b[2],($r06)=&NR(1));
+         &cmpult($R,$r03,($t03)=&NR(1));        &FR($r03);
+         &add($H1,$t03,$H1)                     &FR($t03);
+        &st($R,&QWPw(1,$rp));
+        &add($H1,$H2,$R);
+        &mov("zero",$H1);
+         &add($R,$r04,$R);
+        &mov("zero",$H2);
+        &mul($a[1],$b[1],($r07)=&NR(1));
+         &cmpult($R,$r04,($t04)=&NR(1));        &FR($r04);
+         &add($R,$r05,$R);
+         &add($H1,$t04,$H1)                     &FR($t04);
+        &mul($a[2],$b[0],($r08)=&NR(1));
+         &cmpult($R,$r05,($t05)=&NR(1));        &FR($r05);
+         &add($R,$r01,$R);
+         &add($H2,$t05,$H2)                     &FR($t05);
+        &muh($a[0],$b[2],($r09)=&NR(1));
+         &cmpult($R,$r06,($t06)=&NR(1));        &FR($r06);
+         &add($R,$r07,$R);
+         &add($H1,$t06,$H1)                     &FR($t06);
+        &muh($a[1],$b[1],($r10)=&NR(1));
+         &cmpult($R,$r07,($t07)=&NR(1));        &FR($r07);
+         &add($R,$r08,$R);
+         &add($H2,$t07,$H2)                     &FR($t07);
+        &muh($a[2],$b[0],($r11)=&NR(1));
+         &cmpult($R,$r08,($t08)=&NR(1));        &FR($r08);
+         &add($H1,$t08,$H1)                     &FR($t08);
+        &st($R,&QWPw(2,$rp));
+        &add($H1,$H2,$R);
+        &mov("zero",$H1);
+         &add($R,$r09,$R);
+        &mov("zero",$H2);
+        &mul($a[0],$b[3],($r12)=&NR(1));
+         &cmpult($R,$r09,($t09)=&NR(1));        &FR($r09);
+         &add($R,$r10,$R);
+         &add($H1,$t09,$H1)                     &FR($t09);
+        &mul($a[1],$b[2],($r13)=&NR(1));
+         &cmpult($R,$r10,($t10)=&NR(1));        &FR($r10);
+         &add($R,$r11,$R);
+         &add($H1,$t10,$H1)                     &FR($t10);
+        &mul($a[2],$b[1],($r14)=&NR(1));
+         &cmpult($R,$r11,($t11)=&NR(1));        &FR($r11);
+         &add($R,$r12,$R);
+         &add($H1,$t11,$H1)                     &FR($t11);
+        &mul($a[3],$b[0],($r15)=&NR(1));
+         &cmpult($R,$r12,($t12)=&NR(1));        &FR($r12);
+         &add($R,$r13,$R);
+         &add($H1,$t12,$H1)                     &FR($t12);
+        &muh($a[0],$b[3],($r16)=&NR(1));
+         &cmpult($R,$r13,($t13)=&NR(1));        &FR($r13);
+         &add($R,$r14,$R);
+         &add($H1,$t13,$H1)                     &FR($t13);
+        &muh($a[1],$b[2],($r17)=&NR(1));
+         &cmpult($R,$r14,($t14)=&NR(1));        &FR($r14);
+         &add($R,$r15,$R);
+         &add($H1,$t14,$H1)                     &FR($t14);
+        &muh($a[2],$b[1],($r18)=&NR(1));
+         &cmpult($R,$r15,($t15)=&NR(1));        &FR($r15);
+         &add($H1,$t15,$H1)                     &FR($t15);
+        &st($R,&QWPw(3,$rp));
+        &add($H1,$H2,$R);
+        &mov("zero",$H1);
+         &add($R,$r16,$R);
+        &mov("zero",$H2);
+        &muh($a[3],$b[0],($r19)=&NR(1));
+         &cmpult($R,$r16,($t16)=&NR(1));        &FR($r16);
+         &add($R,$r17,$R);
+         &add($H1,$t16,$H1)                     &FR($t16);
+        &mul($a[1],$b[3],($r20)=&NR(1));
+         &cmpult($R,$r17,($t17)=&NR(1));        &FR($r17);
+         &add($R,$r18,$R);
+         &add($H1,$t17,$H1)                     &FR($t17);
+        &mul($a[2],$b[2],($r21)=&NR(1));
+         &cmpult($R,$r18,($t18)=&NR(1));        &FR($r18);
+         &add($R,$r19,$R);
+         &add($H1,$t18,$H1)                     &FR($t18);
+        &mul($a[3],$b[1],($r22)=&NR(1));
+         &cmpult($R,$r19,($t19)=&NR(1));        &FR($r19);
+         &add($R,$r20,$R);
+         &add($H1,$t19,$H1)                     &FR($t19);
+        &muh($a[1],$b[3],($r23)=&NR(1));
+         &cmpult($R,$r20,($t20)=&NR(1));        &FR($r20);
+         &add($R,$r21,$R);
+         &add($H1,$t20,$H1)                     &FR($t20);
+        &muh($a[2],$b[2],($r24)=&NR(1));
+         &cmpult($R,$r21,($t21)=&NR(1));        &FR($r21);
+         &add($R,$r22,$R);
+         &add($H1,$t21,$H1)                     &FR($t21);
+        &muh($a[3],$b[1],($r25)=&NR(1));
+         &cmpult($R,$r22,($t22)=&NR(1));        &FR($r22);
+         &add($H1,$t22,$H1)                     &FR($t22);
+        &st($R,&QWPw(4,$rp));
+        &add($H1,$H2,$R);
+        &mov("zero",$H1);
+         &add($R,$r23,$R);
+        &mov("zero",$H2);
+        &mul($a[2],$b[3],($r26)=&NR(1));
+         &cmpult($R,$r23,($t23)=&NR(1));        &FR($r23);
+         &add($R,$r24,$R);
+         &add($H1,$t23,$H1)                     &FR($t23);
+        &mul($a[3],$b[2],($r27)=&NR(1));
+         &cmpult($R,$r24,($t24)=&NR(1));        &FR($r24);
+         &add($R,$r25,$R);
+         &add($H1,$t24,$H1)                     &FR($t24);
+        &muh($a[2],$b[3],($r28)=&NR(1));
+         &cmpult($R,$r25,($t25)=&NR(1));        &FR($r25);
+         &add($R,$r26,$R);
+         &add($H1,$t25,$H1)                     &FR($t25);
+        &muh($a[3],$b[2],($r29)=&NR(1));
+         &cmpult($R,$r26,($t26)=&NR(1));        &FR($r26);
+         &add($R,$r27,$R);
+         &add($H1,$t26,$H1)                     &FR($t26);
+        &mul($a[3],$b[3],($r30)=&NR(1));
+         &cmpult($R,$r27,($t27)=&NR(1));        &FR($r27);
+         &add($H1,$t27,$H1)                     &FR($t27);
+        &st($R,&QWPw(5,$rp));
+        &add($H1,$H2,$R);
+        &mov("zero",$H1);
+         &add($R,$r28,$R);
+        &mov("zero",$H2);
+        &muh($a[3],$b[3],($r31)=&NR(1));
+         &cmpult($R,$r28,($t28)=&NR(1));        &FR($r28);
+         &add($R,$r29,$R);
+         &add($H1,$t28,$H1)                     &FR($t28);
+        ############
+         &cmpult($R,$r29,($t29)=&NR(1));        &FR($r29);
+         &add($R,$r30,$R);
+         &add($H1,$t29,$H1)                     &FR($t29);
+        ############
+         &cmpult($R,$r30,($t30)=&NR(1));        &FR($r30);
+         &add($H1,$t30,$H1)                     &FR($t30);
+        &st($R,&QWPw(6,$rp));
+        &add($H1,$H2,$R);
+         &add($R,$r31,$R);                      &FR($r31);
+        &st($R,&QWPw(7,$rp));
+        &FR($R,$H1,$H2);
+        &function_end($name);
+        &fin_pool;
+        }
+1;
diff --git a/src/lib/libcrypto/bn/asm/alpha/mul_c4.works.pl b/src/lib/libcrypto/bn/asm/alpha/mul_c4.works.pl
new file mode 100644
index 0000000000..79d86dd25c
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/alpha/mul_c4.works.pl
@@ -0,0 +1,98 @@
+#!/usr/local/bin/perl
+# alpha assember 
+sub mul_add_c
+        {
+        local($a,$b,$c0,$c1,$c2)=@_;
+        local($l1,$h1,$t1,$t2);
+print STDERR "count=$cnt\n"; $cnt++;
+        &mul($a,$b,($l1)=&NR(1));
+        &muh($a,$b,($h1)=&NR(1));
+        &add($c0,$l1,$c0);
+        &cmpult($c0,$l1,($t1)=&NR(1));  &FR($l1);
+        &add($t1,$h1,$h1);              &FR($t1);
+        &add($c1,$h1,$c1);
+        &cmpult($c1,$h1,($t2)=&NR(1));  &FR($h1);
+        &add($c2,$t2,$c2);              &FR($t2);
+        }
+sub bn_mul_comba4
+        {
+        local($name)=@_;
+        local(@a,@b,$r,$c0,$c1,$c2);
+        $cnt=1;
+        &init_pool(3);
+        $rp=&wparam(0);
+        $ap=&wparam(1);
+        $bp=&wparam(2);
+        &function_begin($name,"");
+        &comment("");
+        &ld(($a[0])=&NR(1),&QWPw(0,$ap));
+        &ld(($b[0])=&NR(1),&QWPw(0,$bp));
+        &ld(($a[1])=&NR(1),&QWPw(1,$ap));
+        &ld(($b[1])=&NR(1),&QWPw(1,$bp));
+        &ld(($a[2])=&NR(1),&QWPw(2,$ap));
+        &ld(($b[2])=&NR(1),&QWPw(2,$bp));
+        &ld(($a[3])=&NR(1),&QWPw(3,$ap));       &FR($ap);
+        &ld(($b[3])=&NR(1),&QWPw(3,$bp));       &FR($bp);
+        ($c0,$c1,$c2)=&NR(3);
+        &mov("zero",$c2);
+        &mul($a[0],$b[0],$c0);
+        &muh($a[0],$b[0],$c1);
+        &st($c0,&QWPw(0,$rp));                  &FR($c0); ($c0)=&NR($c0);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[0],$b[1],$c0,$c1,$c2);
+        &mul_add_c($a[1],$b[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(1,$rp));                  &FR($c0); ($c0)=&NR($c0);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[1],$b[1],$c0,$c1,$c2);
+        &mul_add_c($a[0],$b[2],$c0,$c1,$c2);
+        &mul_add_c($a[2],$b[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(2,$rp));                  &FR($c0); ($c0)=&NR($c0);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[0],$b[3],$c0,$c1,$c2);    &FR($a[0]);
+        &mul_add_c($a[1],$b[2],$c0,$c1,$c2);
+        &mul_add_c($a[2],$b[1],$c0,$c1,$c2);
+        &mul_add_c($a[3],$b[0],$c0,$c1,$c2);    &FR($b[0]);
+        &st($c0,&QWPw(3,$rp));                  &FR($c0); ($c0)=&NR($c0);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[1],$b[3],$c0,$c1,$c2);    &FR($a[1]);
+        &mul_add_c($a[2],$b[2],$c0,$c1,$c2);
+        &mul_add_c($a[3],$b[1],$c0,$c1,$c2);    &FR($b[1]);
+        &st($c0,&QWPw(4,$rp));                  &FR($c0); ($c0)=&NR($c0);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[2],$b[3],$c0,$c1,$c2);    &FR($a[2]);
+        &mul_add_c($a[3],$b[2],$c0,$c1,$c2);    &FR($b[2]);
+        &st($c0,&QWPw(5,$rp));                  &FR($c0); ($c0)=&NR($c0);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[3],$b[3],$c0,$c1,$c2);    &FR($a[3],$b[3]);
+        &st($c0,&QWPw(6,$rp));
+        &st($c1,&QWPw(7,$rp));
+        &FR($c0,$c1,$c2);
+        &function_end($name);
+        &fin_pool;
+        }
+1;
diff --git a/src/lib/libcrypto/bn/asm/alpha/mul_c8.pl b/src/lib/libcrypto/bn/asm/alpha/mul_c8.pl
new file mode 100644
index 0000000000..525ca7494b
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/alpha/mul_c8.pl
@@ -0,0 +1,177 @@
+#!/usr/local/bin/perl
+# alpha assember 
+sub bn_mul_comba8
+        {
+        local($name)=@_;
+        local(@a,@b,$r,$c0,$c1,$c2);
+        $cnt=1;
+        &init_pool(3);
+        $rp=&wparam(0);
+        $ap=&wparam(1);
+        $bp=&wparam(2);
+        &function_begin($name,"");
+        &comment("");
+        &stack_push(2);
+        &ld(($a[0])=&NR(1),&QWPw(0,$ap));
+        &ld(($b[0])=&NR(1),&QWPw(0,$bp));
+        &st($reg_s0,&swtmp(0)); &FR($reg_s0);
+        &st($reg_s1,&swtmp(1)); &FR($reg_s1);
+        &ld(($a[1])=&NR(1),&QWPw(1,$ap));
+        &ld(($b[1])=&NR(1),&QWPw(1,$bp));
+        &ld(($a[2])=&NR(1),&QWPw(2,$ap));
+        &ld(($b[2])=&NR(1),&QWPw(2,$bp));
+        &ld(($a[3])=&NR(1),&QWPw(3,$ap));
+        &ld(($b[3])=&NR(1),&QWPw(3,$bp));
+        &ld(($a[4])=&NR(1),&QWPw(1,$ap));
+        &ld(($b[4])=&NR(1),&QWPw(1,$bp));
+        &ld(($a[5])=&NR(1),&QWPw(1,$ap));
+        &ld(($b[5])=&NR(1),&QWPw(1,$bp));
+        &ld(($a[6])=&NR(1),&QWPw(1,$ap));
+        &ld(($b[6])=&NR(1),&QWPw(1,$bp));
+        &ld(($a[7])=&NR(1),&QWPw(1,$ap));       &FR($ap);
+        &ld(($b[7])=&NR(1),&QWPw(1,$bp));       &FR($bp);
+        ($c0,$c1,$c2)=&NR(3);
+        &mov("zero",$c2);
+        &mul($a[0],$b[0],$c0);
+        &muh($a[0],$b[0],$c1);
+        &st($c0,&QWPw(0,$rp));                  &FR($c0); ($c0)=&NR(1);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[0],$b[1],$c0,$c1,$c2);
+        &mul_add_c($a[1],$b[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(1,$rp));                  &FR($c0); ($c0)=&NR(1);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[0],$b[2],$c0,$c1,$c2);
+        &mul_add_c($a[1],$b[1],$c0,$c1,$c2);
+        &mul_add_c($a[2],$b[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(2,$rp));                  &FR($c0); ($c0)=&NR(1);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[0],$b[3],$c0,$c1,$c2);
+        &mul_add_c($a[1],$b[2],$c0,$c1,$c2);
+        &mul_add_c($a[2],$b[1],$c0,$c1,$c2);
+        &mul_add_c($a[3],$b[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(3,$rp));                  &FR($c0); ($c0)=&NR(1);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[0],$b[4],$c0,$c1,$c2);
+        &mul_add_c($a[1],$b[3],$c0,$c1,$c2);
+        &mul_add_c($a[2],$b[2],$c0,$c1,$c2);
+        &mul_add_c($a[3],$b[1],$c0,$c1,$c2);
+        &mul_add_c($a[4],$b[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(4,$rp));                  &FR($c0); ($c0)=&NR(1);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[0],$b[5],$c0,$c1,$c2);
+        &mul_add_c($a[1],$b[4],$c0,$c1,$c2);
+        &mul_add_c($a[2],$b[3],$c0,$c1,$c2);
+        &mul_add_c($a[3],$b[2],$c0,$c1,$c2);
+        &mul_add_c($a[4],$b[1],$c0,$c1,$c2);
+        &mul_add_c($a[5],$b[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(5,$rp));                  &FR($c0); ($c0)=&NR(1);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[0],$b[6],$c0,$c1,$c2);
+        &mul_add_c($a[1],$b[5],$c0,$c1,$c2);
+        &mul_add_c($a[2],$b[4],$c0,$c1,$c2);
+        &mul_add_c($a[3],$b[3],$c0,$c1,$c2);
+        &mul_add_c($a[4],$b[2],$c0,$c1,$c2);
+        &mul_add_c($a[5],$b[1],$c0,$c1,$c2);
+        &mul_add_c($a[6],$b[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(6,$rp));                  &FR($c0); ($c0)=&NR(1);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[0],$b[7],$c0,$c1,$c2);    &FR($a[0]);
+        &mul_add_c($a[1],$b[6],$c0,$c1,$c2);
+        &mul_add_c($a[2],$b[5],$c0,$c1,$c2);
+        &mul_add_c($a[3],$b[4],$c0,$c1,$c2);
+        &mul_add_c($a[4],$b[3],$c0,$c1,$c2);
+        &mul_add_c($a[5],$b[2],$c0,$c1,$c2);
+        &mul_add_c($a[6],$b[1],$c0,$c1,$c2);
+        &mul_add_c($a[7],$b[0],$c0,$c1,$c2);    &FR($b[0]);
+        &st($c0,&QWPw(7,$rp));                  &FR($c0); ($c0)=&NR(1);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[1],$b[7],$c0,$c1,$c2);    &FR($a[1]);
+        &mul_add_c($a[2],$b[6],$c0,$c1,$c2);
+        &mul_add_c($a[3],$b[5],$c0,$c1,$c2);
+        &mul_add_c($a[4],$b[4],$c0,$c1,$c2);
+        &mul_add_c($a[5],$b[3],$c0,$c1,$c2);
+        &mul_add_c($a[6],$b[2],$c0,$c1,$c2);
+        &mul_add_c($a[7],$b[1],$c0,$c1,$c2);    &FR($b[1]);
+        &st($c0,&QWPw(8,$rp));                  &FR($c0); ($c0)=&NR(1);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[2],$b[7],$c0,$c1,$c2);    &FR($a[2]);
+        &mul_add_c($a[3],$b[6],$c0,$c1,$c2);
+        &mul_add_c($a[4],$b[5],$c0,$c1,$c2);
+        &mul_add_c($a[5],$b[4],$c0,$c1,$c2);
+        &mul_add_c($a[6],$b[3],$c0,$c1,$c2);
+        &mul_add_c($a[7],$b[2],$c0,$c1,$c2);    &FR($b[2]);
+        &st($c0,&QWPw(9,$rp));                  &FR($c0); ($c0)=&NR(1);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[3],$b[7],$c0,$c1,$c2);    &FR($a[3]);
+        &mul_add_c($a[4],$b[6],$c0,$c1,$c2);
+        &mul_add_c($a[5],$b[5],$c0,$c1,$c2);
+        &mul_add_c($a[6],$b[4],$c0,$c1,$c2);
+        &mul_add_c($a[7],$b[3],$c0,$c1,$c2);    &FR($b[3]);
+        &st($c0,&QWPw(10,$rp));                 &FR($c0); ($c0)=&NR(1);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[4],$b[7],$c0,$c1,$c2);    &FR($a[4]);
+        &mul_add_c($a[5],$b[6],$c0,$c1,$c2);
+        &mul_add_c($a[6],$b[5],$c0,$c1,$c2);
+        &mul_add_c($a[7],$b[4],$c0,$c1,$c2);    &FR($b[4]);
+        &st($c0,&QWPw(11,$rp));                 &FR($c0); ($c0)=&NR(1);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[5],$b[7],$c0,$c1,$c2);    &FR($a[5]);
+        &mul_add_c($a[6],$b[6],$c0,$c1,$c2);
+        &mul_add_c($a[7],$b[5],$c0,$c1,$c2);    &FR($b[5]);
+        &st($c0,&QWPw(12,$rp));                 &FR($c0); ($c0)=&NR(1);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[6],$b[7],$c0,$c1,$c2);    &FR($a[6]);
+        &mul_add_c($a[7],$b[6],$c0,$c1,$c2);    &FR($b[6]);
+        &st($c0,&QWPw(13,$rp));                 &FR($c0); ($c0)=&NR(1);
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &mul_add_c($a[7],$b[7],$c0,$c1,$c2);    &FR($a[7],$b[7]);
+        &st($c0,&QWPw(14,$rp));
+        &st($c1,&QWPw(15,$rp));
+        &FR($c0,$c1,$c2);
+        &ld($reg_s0,&swtmp(0));
+        &ld($reg_s1,&swtmp(1));
+        &stack_pop(2);
+        &function_end($name);
+        &fin_pool;
+        }
+1;
diff --git a/src/lib/libcrypto/bn/asm/alpha/sqr.pl b/src/lib/libcrypto/bn/asm/alpha/sqr.pl
new file mode 100644
index 0000000000..a55b696906
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/alpha/sqr.pl
@@ -0,0 +1,113 @@
+#!/usr/local/bin/perl
+# alpha assember 
+sub bn_sqr_words
+        {
+        local($name)=@_;
+        local($cc,$a,$b,$r,$couny);
+        &init_pool(3);
+        ($cc)=GR("r0");
+        $rp=&wparam(0);
+        $ap=&wparam(1);
+        $count=&wparam(2);
+        &function_begin($name,"");
+        &comment("");
+        &sub($count,4,$count);
+        &mov("zero",$cc);
+        &br(&label("finish"));
+        &blt($count,&label("finish"));
+        ($a0,$r0)=&NR(2);
+        &ld($a0,&QWPw(0,$ap));
+        &ld($r0,&QWPw(0,$rp));
+$a=<<'EOF';
+##########################################################
+        &set_label("loop");
+        ($a1)=&NR(1); &ld($a1,&QWPw(1,$ap));
+        ($b1)=&NR(1); &ld($b1,&QWPw(1,$bp));
+        ($a2)=&NR(1); &ld($a2,&QWPw(2,$ap));
+        ($b2)=&NR(1); &ld($b2,&QWPw(2,$bp));
+        ($a3)=&NR(1); &ld($a3,&QWPw(3,$ap));
+        ($b3)=&NR(1); &ld($b3,&QWPw(3,$bp));
+        ($o0,$t0)=&NR(2);
+        &add($a0,$b0,$o0); 
+        &cmpult($o0,$b0,$t0);
+        &add($o0,$cc,$o0);
+        &cmpult($o0,$cc,$cc);
+        &add($cc,$t0,$cc);      &FR($t0);
+        ($t1,$o1)=&NR(2);
+        &add($a1,$b1,$o1);      &FR($a1);
+        &cmpult($o1,$b1,$t1);   &FR($b1);
+        &add($o1,$cc,$o1);
+        &cmpult($o1,$cc,$cc);
+        &add($cc,$t1,$cc);      &FR($t1);
+        ($t2,$o2)=&NR(2);
+        &add($a2,$b2,$o2);      &FR($a2);
+        &cmpult($o2,$b2,$t2);   &FR($b2);
+        &add($o2,$cc,$o2);
+        &cmpult($o2,$cc,$cc);
+        &add($cc,$t2,$cc);      &FR($t2);
+        ($t3,$o3)=&NR(2);
+        &add($a3,$b3,$o3);      &FR($a3);
+        &cmpult($o3,$b3,$t3);   &FR($b3);
+        &add($o3,$cc,$o3);
+        &cmpult($o3,$cc,$cc);
+        &add($cc,$t3,$cc);      &FR($t3);
+        &st($o0,&QWPw(0,$rp)); &FR($o0);
+        &st($o1,&QWPw(0,$rp)); &FR($o1);
+        &st($o2,&QWPw(0,$rp)); &FR($o2);
+        &st($o3,&QWPw(0,$rp)); &FR($o3);
+        &sub($count,4,$count);  # count-=4
+        &add($ap,4*$QWS,$ap);   # count+=4
+        &add($bp,4*$QWS,$bp);   # count+=4
+        &add($rp,4*$QWS,$rp);   # count+=4
+        &blt($count,&label("finish"));
+        &ld($a0,&QWPw(0,$ap));
+         &ld($b0,&QWPw(0,$bp));
+        &br(&label("loop"));
+EOF
+##################################################
+        # Do the last 0..3 words
+        &set_label("last_loop");
+        &ld(($a0)=&NR(1),&QWPw(0,$ap)); # get a
+        &mul($a0,$a0,($l0)=&NR(1));
+         &add($ap,$QWS,$ap);
+         &add($rp,2*$QWS,$rp);
+         &sub($count,1,$count);
+        &muh($a0,$a0,($h0)=&NR(1));     &FR($a0);
+        &st($l0,&QWPw(-2,$rp));         &FR($l0);
+        &st($h0,&QWPw(-1,$rp));         &FR($h0);
+        &bgt($count,&label("last_loop"));
+        &function_end_A($name);
+######################################################
+        &set_label("finish");
+        &add($count,4,$count);
+        &bgt($count,&label("last_loop"));
+        &set_label("end");
+        &function_end($name);
+        &fin_pool;
+        }
+1;
diff --git a/src/lib/libcrypto/bn/asm/alpha/sqr_c4.pl b/src/lib/libcrypto/bn/asm/alpha/sqr_c4.pl
new file mode 100644
index 0000000000..bf33f5b503
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/alpha/sqr_c4.pl
@@ -0,0 +1,109 @@
+#!/usr/local/bin/perl
+# alpha assember 
+sub sqr_add_c
+        {
+        local($a,$c0,$c1,$c2)=@_;
+        local($l1,$h1,$t1,$t2);
+        &mul($a,$a,($l1)=&NR(1));
+        &muh($a,$a,($h1)=&NR(1));
+        &add($c0,$l1,$c0);
+        &add($c1,$h1,$c1);
+        &cmpult($c0,$l1,($t1)=&NR(1));  &FR($l1);
+        &cmpult($c1,$h1,($t2)=&NR(1));  &FR($h1);
+        &add($c1,$t1,$c1);              &FR($t1);
+        &add($c2,$t2,$c2);              &FR($t2);
+        }
+sub sqr_add_c2
+        {
+        local($a,$b,$c0,$c1,$c2)=@_;
+        local($l1,$h1,$t1,$t2);
+        &mul($a,$b,($l1)=&NR(1));
+        &muh($a,$b,($h1)=&NR(1));
+        &cmplt($l1,"zero",($lc1)=&NR(1));
+        &cmplt($h1,"zero",($hc1)=&NR(1));
+        &add($l1,$l1,$l1);
+        &add($h1,$h1,$h1);
+        &add($h1,$lc1,$h1);             &FR($lc1);
+        &add($c2,$hc1,$c2);             &FR($hc1);
+        &add($c0,$l1,$c0);
+        &add($c1,$h1,$c1);
+        &cmpult($c0,$l1,($lc1)=&NR(1)); &FR($l1);
+        &cmpult($c1,$h1,($hc1)=&NR(1)); &FR($h1);
+        &add($c1,$lc1,$c1);             &FR($lc1);
+        &add($c2,$hc1,$c2);             &FR($hc1);
+        }
+sub bn_sqr_comba4
+        {
+        local($name)=@_;
+        local(@a,@b,$r,$c0,$c1,$c2);
+        $cnt=1;
+        &init_pool(2);
+        $rp=&wparam(0);
+        $ap=&wparam(1);
+        &function_begin($name,"");
+        &comment("");
+        &ld(($a[0])=&NR(1),&QWPw(0,$ap));
+        &ld(($a[1])=&NR(1),&QWPw(1,$ap));
+        &ld(($a[2])=&NR(1),&QWPw(2,$ap));
+        &ld(($a[3])=&NR(1),&QWPw(3,$ap)); &FR($ap);
+        ($c0,$c1,$c2)=&NR(3);
+        &mov("zero",$c2);
+        &mul($a[0],$a[0],$c0);
+        &muh($a[0],$a[0],$c1);
+        &st($c0,&QWPw(0,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c2($a[0],$a[1],$c0,$c1,$c2);
+        &st($c0,&QWPw(1,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c($a[1],$c0,$c1,$c2);
+        &sqr_add_c2($a[2],$a[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(2,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c2($a[3],$a[0],$c0,$c1,$c2);
+        &sqr_add_c2($a[2],$a[1],$c0,$c1,$c2);
+        &st($c0,&QWPw(3,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c($a[2],$c0,$c1,$c2);
+        &sqr_add_c2($a[3],$a[1],$c0,$c1,$c2);
+        &st($c0,&QWPw(4,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c2($a[3],$a[2],$c0,$c1,$c2);
+        &st($c0,&QWPw(5,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c($a[3],$c0,$c1,$c2);
+        &st($c0,&QWPw(6,$rp));
+        &st($c1,&QWPw(7,$rp));
+        &function_end($name);
+        &fin_pool;
+        }
+1;
diff --git a/src/lib/libcrypto/bn/asm/alpha/sqr_c8.pl b/src/lib/libcrypto/bn/asm/alpha/sqr_c8.pl
new file mode 100644
index 0000000000..b4afe085f1
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/alpha/sqr_c8.pl
@@ -0,0 +1,132 @@
+#!/usr/local/bin/perl
+# alpha assember 
+sub bn_sqr_comba8
+        {
+        local($name)=@_;
+        local(@a,@b,$r,$c0,$c1,$c2);
+        $cnt=1;
+        &init_pool(2);
+        $rp=&wparam(0);
+        $ap=&wparam(1);
+        &function_begin($name,"");
+        &comment("");
+        &ld(($a[0])=&NR(1),&QWPw(0,$ap));
+        &ld(($a[1])=&NR(1),&QWPw(1,$ap));
+        &ld(($a[2])=&NR(1),&QWPw(2,$ap));
+        &ld(($a[3])=&NR(1),&QWPw(3,$ap));
+        &ld(($a[4])=&NR(1),&QWPw(4,$ap));
+        &ld(($a[5])=&NR(1),&QWPw(5,$ap));
+        &ld(($a[6])=&NR(1),&QWPw(6,$ap));
+        &ld(($a[7])=&NR(1),&QWPw(7,$ap)); &FR($ap);
+        ($c0,$c1,$c2)=&NR(3);
+        &mov("zero",$c2);
+        &mul($a[0],$a[0],$c0);
+        &muh($a[0],$a[0],$c1);
+        &st($c0,&QWPw(0,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c2($a[1],$a[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(1,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c($a[1],$c0,$c1,$c2);
+        &sqr_add_c2($a[2],$a[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(2,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c2($a[2],$a[1],$c0,$c1,$c2);
+        &sqr_add_c2($a[3],$a[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(3,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c($a[2],$c0,$c1,$c2);
+        &sqr_add_c2($a[3],$a[1],$c0,$c1,$c2);
+        &sqr_add_c2($a[4],$a[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(4,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c2($a[3],$a[2],$c0,$c1,$c2);
+        &sqr_add_c2($a[4],$a[1],$c0,$c1,$c2);
+        &sqr_add_c2($a[5],$a[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(5,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c($a[3],$c0,$c1,$c2);
+        &sqr_add_c2($a[4],$a[2],$c0,$c1,$c2);
+        &sqr_add_c2($a[5],$a[1],$c0,$c1,$c2);
+        &sqr_add_c2($a[6],$a[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(6,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c2($a[4],$a[3],$c0,$c1,$c2);
+        &sqr_add_c2($a[5],$a[2],$c0,$c1,$c2);
+        &sqr_add_c2($a[6],$a[1],$c0,$c1,$c2);
+        &sqr_add_c2($a[7],$a[0],$c0,$c1,$c2);
+        &st($c0,&QWPw(7,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c($a[4],$c0,$c1,$c2);
+        &sqr_add_c2($a[5],$a[3],$c0,$c1,$c2);
+        &sqr_add_c2($a[6],$a[2],$c0,$c1,$c2);
+        &sqr_add_c2($a[7],$a[1],$c0,$c1,$c2);
+        &st($c0,&QWPw(8,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c2($a[5],$a[4],$c0,$c1,$c2);
+        &sqr_add_c2($a[6],$a[3],$c0,$c1,$c2);
+        &sqr_add_c2($a[7],$a[2],$c0,$c1,$c2);
+        &st($c0,&QWPw(9,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c($a[5],$c0,$c1,$c2);
+        &sqr_add_c2($a[6],$a[4],$c0,$c1,$c2);
+        &sqr_add_c2($a[7],$a[3],$c0,$c1,$c2);
+        &st($c0,&QWPw(10,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c2($a[6],$a[5],$c0,$c1,$c2);
+        &sqr_add_c2($a[7],$a[4],$c0,$c1,$c2);
+        &st($c0,&QWPw(11,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c($a[6],$c0,$c1,$c2);
+        &sqr_add_c2($a[7],$a[5],$c0,$c1,$c2);
+        &st($c0,&QWPw(12,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c2($a[7],$a[6],$c0,$c1,$c2);
+        &st($c0,&QWPw(13,$rp));
+        ($c0,$c1,$c2)=($c1,$c2,$c0);
+        &mov("zero",$c2);
+        &sqr_add_c($a[7],$c0,$c1,$c2);
+        &st($c0,&QWPw(14,$rp));
+        &st($c1,&QWPw(15,$rp));
+        &function_end($name);
+        &fin_pool;
+        }
+1;
diff --git a/src/lib/libcrypto/bn/asm/alpha/sub.pl b/src/lib/libcrypto/bn/asm/alpha/sub.pl
new file mode 100644
index 0000000000..d998da5c21
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/alpha/sub.pl
@@ -0,0 +1,108 @@
+#!/usr/local/bin/perl
+# alpha assember
+sub bn_sub_words
+        {
+        local($name)=@_;
+        local($cc,$a,$b,$r);
+        &init_pool(4);
+        ($cc)=GR("r0");
+        $rp=&wparam(0);
+        $ap=&wparam(1);
+        $bp=&wparam(2);
+        $count=&wparam(3);
+        &function_begin($name,"");
+        &comment("");
+        &sub($count,4,$count);
+        &mov("zero",$cc);
+        &blt($count,&label("finish"));
+        ($a0,$b0)=&NR(2);
+        &ld($a0,&QWPw(0,$ap));
+        &ld($b0,&QWPw(0,$bp));
+##########################################################
+        &set_label("loop");
+        ($a1,$tmp,$b1,$a2,$b2,$a3,$b3,$o0)=&NR(8);
+        &ld($a1,&QWPw(1,$ap));
+         &cmpult($a0,$b0,$tmp); # will we borrow?
+        &ld($b1,&QWPw(1,$bp));
+         &sub($a0,$b0,$a0);             # do the subtract
+        &ld($a2,&QWPw(2,$ap));
+         &cmpult($a0,$cc,$b0);  # will we borrow?
+        &ld($b2,&QWPw(2,$bp));
+         &sub($a0,$cc,$o0);     # will we borrow?
+        &ld($a3,&QWPw(3,$ap));
+         &add($b0,$tmp,$cc); ($t1,$o1)=&NR(2); &FR($tmp);
+        &cmpult($a1,$b1,$t1);   # will we borrow?
+         &sub($a1,$b1,$a1);     # do the subtract
+        &ld($b3,&QWPw(3,$bp));
+         &cmpult($a1,$cc,$b1);  # will we borrow?
+        &sub($a1,$cc,$o1);      # will we borrow?
+         &add($b1,$t1,$cc); ($tmp,$o2)=&NR(2); &FR($t1,$a1,$b1);
+        
+        &cmpult($a2,$b2,$tmp);  # will we borrow?
+         &sub($a2,$b2,$a2);             # do the subtract
+        &st($o0,&QWPw(0,$rp));  &FR($o0); # save
+         &cmpult($a2,$cc,$b2);  # will we borrow?
+        &sub($a2,$cc,$o2);      # will we borrow?
+         &add($b2,$tmp,$cc); ($t3,$o3)=&NR(2); &FR($tmp,$a2,$b2);
+        &cmpult($a3,$b3,$t3);   # will we borrow?
+         &sub($a3,$b3,$a3);     # do the subtract
+        &st($o1,&QWPw(1,$rp)); &FR($o1);
+         &cmpult($a3,$cc,$b3);  # will we borrow?
+        &sub($a3,$cc,$o3);      # will we borrow?
+         &add($b3,$t3,$cc); &FR($t3,$a3,$b3);
+        &st($o2,&QWPw(2,$rp));  &FR($o2);
+         &sub($count,4,$count); # count-=4
+        &st($o3,&QWPw(3,$rp));  &FR($o3);
+         &add($ap,4*$QWS,$ap);  # count+=4
+        &add($bp,4*$QWS,$bp);   # count+=4
+         &add($rp,4*$QWS,$rp);  # count+=4
+        &blt($count,&label("finish"));
+        &ld($a0,&QWPw(0,$ap));
+         &ld($b0,&QWPw(0,$bp));
+        &br(&label("loop"));
+##################################################
+        # Do the last 0..3 words
+        &set_label("last_loop");
+        &ld($a0,&QWPw(0,$ap));  # get a
+         &ld($b0,&QWPw(0,$bp)); # get b
+        &cmpult($a0,$b0,$tmp);  # will we borrow?
+        &sub($a0,$b0,$a0);      # do the subtract
+        &cmpult($a0,$cc,$b0);   # will we borrow?
+        &sub($a0,$cc,$a0);      # will we borrow?
+        &st($a0,&QWPw(0,$rp));  # save
+        &add($b0,$tmp,$cc);     # add the borrows
+        &add($ap,$QWS,$ap);
+        &add($bp,$QWS,$bp);
+        &add($rp,$QWS,$rp);
+        &sub($count,1,$count);
+        &bgt($count,&label("last_loop"));
+        &function_end_A($name);
+######################################################
+        &set_label("finish");
+        &add($count,4,$count);
+        &bgt($count,&label("last_loop"));
+        &FR($a0,$b0);
+        &set_label("end");
+        &function_end($name);
+        &fin_pool;
+        }
+1;
diff --git a/src/lib/libcrypto/bn/asm/bn-586.pl b/src/lib/libcrypto/bn/asm/bn-586.pl
index 26c2685a72..c4de4a2bee 100644
--- a/src/lib/libcrypto/bn/asm/bn-586.pl
+++ b/src/lib/libcrypto/bn/asm/bn-586.pl
@@ -5,18 +5,13 @@ require "x86asm.pl";
 &asm_init($ARGV[0],$0);
-$sse2=0;
-for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
-&external_label("OPENSSL_ia32cap_P") if ($sse2);
 &bn_mul_add_words("bn_mul_add_words");
 &bn_mul_words("bn_mul_words");
 &bn_sqr_words("bn_sqr_words");
 &bn_div_words("bn_div_words");
 &bn_add_words("bn_add_words");
 &bn_sub_words("bn_sub_words");
-&bn_sub_part_words("bn_sub_part_words");
+#&bn_sub_part_words("bn_sub_part_words");
 &asm_finish();
@@ -24,7 +19,7 @@ sub bn_mul_add_words
        {
        local($name)=@_;
-        &function_begin($name,$sse2?"EXTRN\t_OPENSSL_ia32cap_P:DWORD":"");
+        &function_begin($name,"");
        &comment("");
        $Low="eax";
@@ -47,83 +42,6 @@ sub bn_mul_add_words
        &jz(&label("maw_finish"));
-        if ($sse2) {
-                &picmeup("eax","OPENSSL_ia32cap_P");
-                &bt(&DWP(0,"eax"),26);
-                &jnc(&label("maw_loop"));
-                &movd("mm0",$w);                # mm0 = w
-                &pxor("mm1","mm1");             # mm1 = carry_in
-                &set_label("maw_sse2_loop",0);
-                &movd("mm3",&DWP(0,$r,"",0));   # mm3 = r[0]
-                &paddq("mm1","mm3");            # mm1 = carry_in + r[0]
-                &movd("mm2",&DWP(0,$a,"",0));   # mm2 = a[0]
-                &pmuludq("mm2","mm0");          # mm2 = w*a[0]
-                &movd("mm4",&DWP(4,$a,"",0));   # mm4 = a[1]
-                &pmuludq("mm4","mm0");          # mm4 = w*a[1]
-                &movd("mm6",&DWP(8,$a,"",0));   # mm6 = a[2]
-                &pmuludq("mm6","mm0");          # mm6 = w*a[2]
-                &movd("mm7",&DWP(12,$a,"",0));  # mm7 = a[3]
-                &pmuludq("mm7","mm0");          # mm7 = w*a[3]
-                &paddq("mm1","mm2");            # mm1 = carry_in + r[0] + w*a[0]
-                &movd("mm3",&DWP(4,$r,"",0));   # mm3 = r[1]
-                &paddq("mm3","mm4");            # mm3 = r[1] + w*a[1]
-                &movd("mm5",&DWP(8,$r,"",0));   # mm5 = r[2]
-                &paddq("mm5","mm6");            # mm5 = r[2] + w*a[2]
-                &movd("mm4",&DWP(12,$r,"",0));  # mm4 = r[3]
-                &paddq("mm7","mm4");            # mm7 = r[3] + w*a[3]
-                &movd(&DWP(0,$r,"",0),"mm1");
-                &movd("mm2",&DWP(16,$a,"",0));  # mm2 = a[4]
-                &pmuludq("mm2","mm0");          # mm2 = w*a[4]
-                &psrlq("mm1",32);               # mm1 = carry0
-                &movd("mm4",&DWP(20,$a,"",0));  # mm4 = a[5]
-                &pmuludq("mm4","mm0");          # mm4 = w*a[5]
-                &paddq("mm1","mm3");            # mm1 = carry0 + r[1] + w*a[1]
-                &movd("mm6",&DWP(24,$a,"",0));  # mm6 = a[6]
-                &pmuludq("mm6","mm0");          # mm6 = w*a[6]
-                &movd(&DWP(4,$r,"",0),"mm1");
-                &psrlq("mm1",32);               # mm1 = carry1
-                &movd("mm3",&DWP(28,$a,"",0));  # mm3 = a[7]
-                &add($a,32);
-                &pmuludq("mm3","mm0");          # mm3 = w*a[7]
-                &paddq("mm1","mm5");            # mm1 = carry1 + r[2] + w*a[2]
-                &movd("mm5",&DWP(16,$r,"",0));  # mm5 = r[4]
-                &paddq("mm2","mm5");            # mm2 = r[4] + w*a[4]
-                &movd(&DWP(8,$r,"",0),"mm1");
-                &psrlq("mm1",32);               # mm1 = carry2
-                &paddq("mm1","mm7");            # mm1 = carry2 + r[3] + w*a[3]
-                &movd("mm5",&DWP(20,$r,"",0));  # mm5 = r[5]
-                &paddq("mm4","mm5");            # mm4 = r[5] + w*a[5]
-                &movd(&DWP(12,$r,"",0),"mm1");
-                &psrlq("mm1",32);               # mm1 = carry3
-                &paddq("mm1","mm2");            # mm1 = carry3 + r[4] + w*a[4]
-                &movd("mm5",&DWP(24,$r,"",0));  # mm5 = r[6]
-                &paddq("mm6","mm5");            # mm6 = r[6] + w*a[6]
-                &movd(&DWP(16,$r,"",0),"mm1");
-                &psrlq("mm1",32);               # mm1 = carry4
-                &paddq("mm1","mm4");            # mm1 = carry4 + r[5] + w*a[5]
-                &movd("mm5",&DWP(28,$r,"",0));  # mm5 = r[7]
-                &paddq("mm3","mm5");            # mm3 = r[7] + w*a[7]
-                &movd(&DWP(20,$r,"",0),"mm1");
-                &psrlq("mm1",32);               # mm1 = carry5
-                &paddq("mm1","mm6");            # mm1 = carry5 + r[6] + w*a[6]
-                &movd(&DWP(24,$r,"",0),"mm1");
-                &psrlq("mm1",32);               # mm1 = carry6
-                &paddq("mm1","mm3");            # mm1 = carry6 + r[7] + w*a[7]
-                &movd(&DWP(28,$r,"",0),"mm1");
-                &add($r,32);
-                &psrlq("mm1",32);               # mm1 = carry_out
-                &sub("ecx",8);
-                &jnz(&label("maw_sse2_loop"));
-                &movd($c,"mm1");                # c = carry_out
-                &emms();
-                &jmp(&label("maw_finish"));
-        }
        &set_label("maw_loop",0);
        &mov(&swtmp(0),"ecx");  #
diff --git a/src/lib/libcrypto/bn/asm/bn-alpha.pl b/src/lib/libcrypto/bn/asm/bn-alpha.pl
new file mode 100644
index 0000000000..302edf2376
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/bn-alpha.pl
@@ -0,0 +1,571 @@
+#!/usr/local/bin/perl
+# I have this in perl so I can use more usefull register names and then convert
+# them into alpha registers.
+#
+$d=&data();
+$d =~ s/CC/0/g;
+$d =~ s/R1/1/g;
+$d =~ s/R2/2/g;
+$d =~ s/R3/3/g;
+$d =~ s/R4/4/g;
+$d =~ s/L1/5/g;
+$d =~ s/L2/6/g;
+$d =~ s/L3/7/g;
+$d =~ s/L4/8/g;
+$d =~ s/O1/22/g;
+$d =~ s/O2/23/g;
+$d =~ s/O3/24/g;
+$d =~ s/O4/25/g;
+$d =~ s/A1/20/g;
+$d =~ s/A2/21/g;
+$d =~ s/A3/27/g;
+$d =~ s/A4/28/g;
+if (0){
+}
+print $d;
+sub data
+        {
+        local($data)=<<'EOF';
+ # DEC Alpha assember
+ # The bn_div_words is actually gcc output but the other parts are hand done.
+ # Thanks to tzeruch@ceddec.com for sending me the gcc output for
+ # bn_div_words.
+ # I've gone back and re-done most of routines.
+ # The key thing to remeber for the 164 CPU is that while a
+ # multiply operation takes 8 cycles, another one can only be issued
+ # after 4 cycles have elapsed.  I've done modification to help
+ # improve this.  Also, normally, a ld instruction will not be available
+ # for about 3 cycles.
+        .file   1 "bn_asm.c"
+        .set noat
+gcc2_compiled.:
+__gnu_compiled_c:
+        .text
+        .align 3
+        .globl bn_mul_add_words
+        .ent bn_mul_add_words
+bn_mul_add_words:
+bn_mul_add_words..ng:
+        .frame $30,0,$26,0
+        .prologue 0
+        .align 5
+        subq    $18,4,$18
+        bis     $31,$31,$CC
+        blt     $18,$43         # if we are -1, -2, -3 or -4 goto tail code
+        ldq     $A1,0($17)      # 1 1
+        ldq     $R1,0($16)      # 1 1
+        .align 3
+$42:
+        mulq    $A1,$19,$L1     # 1 2 1 ######
+        ldq     $A2,8($17)      # 2 1
+        ldq     $R2,8($16)      # 2 1
+        umulh   $A1,$19,$A1     # 1 2   ######
+        ldq     $A3,16($17)     # 3 1
+        ldq     $R3,16($16)     # 3 1
+        mulq    $A2,$19,$L2     # 2 2 1 ######
+         ldq    $A4,24($17)     # 4 1
+        addq    $R1,$L1,$R1     # 1 2 2
+         ldq    $R4,24($16)     # 4 1
+        umulh   $A2,$19,$A2     # 2 2   ######
+         cmpult $R1,$L1,$O1     # 1 2 3 1
+        addq    $A1,$O1,$A1     # 1 3 1
+         addq   $R1,$CC,$R1     # 1 2 3 1
+        mulq    $A3,$19,$L3     # 3 2 1 ######
+         cmpult $R1,$CC,$CC     # 1 2 3 2
+        addq    $R2,$L2,$R2     # 2 2 2
+         addq   $A1,$CC,$CC     # 1 3 2 
+        cmpult  $R2,$L2,$O2     # 2 2 3 1
+         addq   $A2,$O2,$A2     # 2 3 1
+        umulh   $A3,$19,$A3     # 3 2   ######
+         addq   $R2,$CC,$R2     # 2 2 3 1
+        cmpult  $R2,$CC,$CC     # 2 2 3 2
+         subq   $18,4,$18
+        mulq    $A4,$19,$L4     # 4 2 1 ######
+         addq   $A2,$CC,$CC     # 2 3 2 
+        addq    $R3,$L3,$R3     # 3 2 2
+         addq   $16,32,$16
+        cmpult  $R3,$L3,$O3     # 3 2 3 1
+         stq    $R1,-32($16)    # 1 2 4
+        umulh   $A4,$19,$A4     # 4 2   ######
+         addq   $A3,$O3,$A3     # 3 3 1
+        addq    $R3,$CC,$R3     # 3 2 3 1
+         stq    $R2,-24($16)    # 2 2 4
+        cmpult  $R3,$CC,$CC     # 3 2 3 2
+         stq    $R3,-16($16)    # 3 2 4
+        addq    $R4,$L4,$R4     # 4 2 2
+         addq   $A3,$CC,$CC     # 3 3 2 
+        cmpult  $R4,$L4,$O4     # 4 2 3 1
+         addq   $17,32,$17
+        addq    $A4,$O4,$A4     # 4 3 1
+         addq   $R4,$CC,$R4     # 4 2 3 1
+        cmpult  $R4,$CC,$CC     # 4 2 3 2
+         stq    $R4,-8($16)     # 4 2 4
+        addq    $A4,$CC,$CC     # 4 3 2 
+         blt    $18,$43
+        ldq     $A1,0($17)      # 1 1
+        ldq     $R1,0($16)      # 1 1
+        br      $42
+        .align 4
+$45:
+        ldq     $A1,0($17)      # 4 1
+        ldq     $R1,0($16)      # 4 1
+        mulq    $A1,$19,$L1     # 4 2 1
+        subq    $18,1,$18
+        addq    $16,8,$16
+        addq    $17,8,$17
+        umulh   $A1,$19,$A1     # 4 2
+        addq    $R1,$L1,$R1     # 4 2 2
+        cmpult  $R1,$L1,$O1     # 4 2 3 1
+        addq    $A1,$O1,$A1     # 4 3 1
+        addq    $R1,$CC,$R1     # 4 2 3 1
+        cmpult  $R1,$CC,$CC     # 4 2 3 2
+        addq    $A1,$CC,$CC     # 4 3 2 
+        stq     $R1,-8($16)     # 4 2 4
+        bgt     $18,$45
+        ret     $31,($26),1     # else exit
+        .align 4
+$43:
+        addq    $18,4,$18
+        bgt     $18,$45         # goto tail code
+        ret     $31,($26),1     # else exit
+        .end bn_mul_add_words
+        .align 3
+        .globl bn_mul_words
+        .ent bn_mul_words
+bn_mul_words:
+bn_mul_words..ng:
+        .frame $30,0,$26,0
+        .prologue 0
+        .align 5
+        subq    $18,4,$18
+        bis     $31,$31,$CC
+        blt     $18,$143        # if we are -1, -2, -3 or -4 goto tail code
+        ldq     $A1,0($17)      # 1 1
+        .align 3
+$142:
+        mulq    $A1,$19,$L1     # 1 2 1 #####
+         ldq    $A2,8($17)      # 2 1
+         ldq    $A3,16($17)     # 3 1
+        umulh   $A1,$19,$A1     # 1 2   #####
+         ldq    $A4,24($17)     # 4 1
+        mulq    $A2,$19,$L2     # 2 2 1 #####
+         addq   $L1,$CC,$L1     # 1 2 3 1
+        subq    $18,4,$18
+         cmpult $L1,$CC,$CC     # 1 2 3 2
+        umulh   $A2,$19,$A2     # 2 2   #####
+         addq   $A1,$CC,$CC     # 1 3 2 
+        addq    $17,32,$17
+         addq   $L2,$CC,$L2     # 2 2 3 1
+        mulq    $A3,$19,$L3     # 3 2 1 #####
+         cmpult $L2,$CC,$CC     # 2 2 3 2
+        addq    $A2,$CC,$CC     # 2 3 2 
+         addq   $16,32,$16
+        umulh   $A3,$19,$A3     # 3 2   #####
+         stq    $L1,-32($16)    # 1 2 4
+        mulq    $A4,$19,$L4     # 4 2 1 #####
+         addq   $L3,$CC,$L3     # 3 2 3 1
+        stq     $L2,-24($16)    # 2 2 4
+         cmpult $L3,$CC,$CC     # 3 2 3 2
+        umulh   $A4,$19,$A4     # 4 2   #####
+         addq   $A3,$CC,$CC     # 3 3 2 
+        stq     $L3,-16($16)    # 3 2 4
+         addq   $L4,$CC,$L4     # 4 2 3 1
+        cmpult  $L4,$CC,$CC     # 4 2 3 2
+        addq    $A4,$CC,$CC     # 4 3 2 
+        stq     $L4,-8($16)     # 4 2 4
+        blt     $18,$143
+        ldq     $A1,0($17)      # 1 1
+        br      $142
+        .align 4
+$145:
+        ldq     $A1,0($17)      # 4 1
+        mulq    $A1,$19,$L1     # 4 2 1
+        subq    $18,1,$18
+        umulh   $A1,$19,$A1     # 4 2
+        addq    $L1,$CC,$L1     # 4 2 3 1
+         addq   $16,8,$16
+        cmpult  $L1,$CC,$CC     # 4 2 3 2
+         addq   $17,8,$17
+        addq    $A1,$CC,$CC     # 4 3 2 
+        stq     $L1,-8($16)     # 4 2 4
+        bgt     $18,$145
+        ret     $31,($26),1     # else exit
+        .align 4
+$143:
+        addq    $18,4,$18
+        bgt     $18,$145        # goto tail code
+        ret     $31,($26),1     # else exit
+        .end bn_mul_words
+        .align 3
+        .globl bn_sqr_words
+        .ent bn_sqr_words
+bn_sqr_words:
+bn_sqr_words..ng:
+        .frame $30,0,$26,0
+        .prologue 0
+        subq    $18,4,$18
+        blt     $18,$543        # if we are -1, -2, -3 or -4 goto tail code
+        ldq     $A1,0($17)      # 1 1
+        .align 3
+$542:
+        mulq    $A1,$A1,$L1             ######
+         ldq    $A2,8($17)      # 1 1
+        subq    $18,4
+        umulh   $A1,$A1,$R1             ######
+        ldq     $A3,16($17)     # 1 1
+        mulq    $A2,$A2,$L2             ######
+        ldq     $A4,24($17)     # 1 1
+        stq     $L1,0($16)      # r[0]
+        umulh   $A2,$A2,$R2             ######
+        stq     $R1,8($16)      # r[1]
+        mulq    $A3,$A3,$L3             ######
+        stq     $L2,16($16)     # r[0]
+        umulh   $A3,$A3,$R3             ######
+        stq     $R2,24($16)     # r[1]
+        mulq    $A4,$A4,$L4             ######
+        stq     $L3,32($16)     # r[0]
+        umulh   $A4,$A4,$R4             ######
+        stq     $R3,40($16)     # r[1]
+        addq    $16,64,$16
+        addq    $17,32,$17
+        stq     $L4,-16($16)    # r[0]
+        stq     $R4,-8($16)     # r[1]
+        blt     $18,$543
+        ldq     $A1,0($17)      # 1 1
+        br      $542
+$442:
+        ldq     $A1,0($17)   # a[0]
+        mulq    $A1,$A1,$L1  # a[0]*w low part       r2
+        addq    $16,16,$16
+        addq    $17,8,$17
+        subq    $18,1,$18
+        umulh   $A1,$A1,$R1  # a[0]*w high part       r3
+        stq     $L1,-16($16)   # r[0]
+        stq     $R1,-8($16)   # r[1]
+        bgt     $18,$442
+        ret     $31,($26),1     # else exit
+        .align 4
+$543:
+        addq    $18,4,$18
+        bgt     $18,$442        # goto tail code
+        ret     $31,($26),1     # else exit
+        .end bn_sqr_words
+        .align 3
+        .globl bn_add_words
+        .ent bn_add_words
+bn_add_words:
+bn_add_words..ng:
+        .frame $30,0,$26,0
+        .prologue 0
+        subq    $19,4,$19
+        bis     $31,$31,$CC     # carry = 0
+        blt     $19,$900
+        ldq     $L1,0($17)      # a[0]
+        ldq     $R1,0($18)      # b[1]
+        .align 3
+$901:
+        addq    $R1,$L1,$R1     # r=a+b;
+         ldq    $L2,8($17)      # a[1]
+        cmpult  $R1,$L1,$O1     # did we overflow?
+         ldq    $R2,8($18)      # b[1]
+        addq    $R1,$CC,$R1     # c+= overflow
+         ldq    $L3,16($17)     # a[2]
+        cmpult  $R1,$CC,$CC     # overflow?
+         ldq    $R3,16($18)     # b[2]
+        addq    $CC,$O1,$CC
+         ldq    $L4,24($17)     # a[3]
+        addq    $R2,$L2,$R2     # r=a+b;
+         ldq    $R4,24($18)     # b[3]
+        cmpult  $R2,$L2,$O2     # did we overflow?
+         addq   $R3,$L3,$R3     # r=a+b;
+        addq    $R2,$CC,$R2     # c+= overflow
+         cmpult $R3,$L3,$O3     # did we overflow?
+        cmpult  $R2,$CC,$CC     # overflow?
+         addq   $R4,$L4,$R4     # r=a+b;
+        addq    $CC,$O2,$CC
+         cmpult $R4,$L4,$O4     # did we overflow?
+        addq    $R3,$CC,$R3     # c+= overflow
+         stq    $R1,0($16)      # r[0]=c
+        cmpult  $R3,$CC,$CC     # overflow?
+         stq    $R2,8($16)      # r[1]=c
+        addq    $CC,$O3,$CC
+         stq    $R3,16($16)     # r[2]=c
+        addq    $R4,$CC,$R4     # c+= overflow
+         subq   $19,4,$19       # loop--
+        cmpult  $R4,$CC,$CC     # overflow?
+         addq   $17,32,$17      # a++
+        addq    $CC,$O4,$CC
+         stq    $R4,24($16)     # r[3]=c
+        addq    $18,32,$18      # b++
+         addq   $16,32,$16      # r++
+        blt     $19,$900
+         ldq    $L1,0($17)      # a[0]
+        ldq     $R1,0($18)      # b[1]
+         br     $901
+        .align 4
+$945:
+        ldq     $L1,0($17)      # a[0]
+         ldq    $R1,0($18)      # b[1]
+        addq    $R1,$L1,$R1     # r=a+b;
+         subq   $19,1,$19       # loop--
+        addq    $R1,$CC,$R1     # c+= overflow
+         addq   $17,8,$17       # a++
+        cmpult  $R1,$L1,$O1     # did we overflow?
+         cmpult $R1,$CC,$CC     # overflow?
+        addq    $18,8,$18       # b++
+         stq    $R1,0($16)      # r[0]=c
+        addq    $CC,$O1,$CC
+         addq   $16,8,$16       # r++
+        bgt     $19,$945
+        ret     $31,($26),1     # else exit
+$900:
+        addq    $19,4,$19
+        bgt     $19,$945        # goto tail code
+        ret     $31,($26),1     # else exit
+        .end bn_add_words
+        .align 3
+        .globl bn_sub_words
+        .ent bn_sub_words
+bn_sub_words:
+bn_sub_words..ng:
+        .frame $30,0,$26,0
+        .prologue 0
+        subq    $19,4,$19
+        bis     $31,$31,$CC     # carry = 0
+ br     $800
+        blt     $19,$800
+        ldq     $L1,0($17)      # a[0]
+        ldq     $R1,0($18)      # b[1]
+        .align 3
+$801:
+        addq    $R1,$L1,$R1     # r=a+b;
+         ldq    $L2,8($17)      # a[1]
+        cmpult  $R1,$L1,$O1     # did we overflow?
+         ldq    $R2,8($18)      # b[1]
+        addq    $R1,$CC,$R1     # c+= overflow
+         ldq    $L3,16($17)     # a[2]
+        cmpult  $R1,$CC,$CC     # overflow?
+         ldq    $R3,16($18)     # b[2]
+        addq    $CC,$O1,$CC
+         ldq    $L4,24($17)     # a[3]
+        addq    $R2,$L2,$R2     # r=a+b;
+         ldq    $R4,24($18)     # b[3]
+        cmpult  $R2,$L2,$O2     # did we overflow?
+         addq   $R3,$L3,$R3     # r=a+b;
+        addq    $R2,$CC,$R2     # c+= overflow
+         cmpult $R3,$L3,$O3     # did we overflow?
+        cmpult  $R2,$CC,$CC     # overflow?
+         addq   $R4,$L4,$R4     # r=a+b;
+        addq    $CC,$O2,$CC
+         cmpult $R4,$L4,$O4     # did we overflow?
+        addq    $R3,$CC,$R3     # c+= overflow
+         stq    $R1,0($16)      # r[0]=c
+        cmpult  $R3,$CC,$CC     # overflow?
+         stq    $R2,8($16)      # r[1]=c
+        addq    $CC,$O3,$CC
+         stq    $R3,16($16)     # r[2]=c
+        addq    $R4,$CC,$R4     # c+= overflow
+         subq   $19,4,$19       # loop--
+        cmpult  $R4,$CC,$CC     # overflow?
+         addq   $17,32,$17      # a++
+        addq    $CC,$O4,$CC
+         stq    $R4,24($16)     # r[3]=c
+        addq    $18,32,$18      # b++
+         addq   $16,32,$16      # r++
+        blt     $19,$800
+         ldq    $L1,0($17)      # a[0]
+        ldq     $R1,0($18)      # b[1]
+         br     $801
+        .align 4
+$845:
+        ldq     $L1,0($17)      # a[0]
+         ldq    $R1,0($18)      # b[1]
+        cmpult  $L1,$R1,$O1     # will we borrow?
+         subq   $L1,$R1,$R1     # r=a-b;
+        subq    $19,1,$19       # loop--
+         cmpult  $R1,$CC,$O2    # will we borrow?
+        subq    $R1,$CC,$R1     # c+= overflow
+         addq   $17,8,$17       # a++
+        addq    $18,8,$18       # b++
+         stq    $R1,0($16)      # r[0]=c
+        addq    $O2,$O1,$CC
+         addq   $16,8,$16       # r++
+        bgt     $19,$845
+        ret     $31,($26),1     # else exit
+$800:
+        addq    $19,4,$19
+        bgt     $19,$845        # goto tail code
+        ret     $31,($26),1     # else exit
+        .end bn_sub_words
+ #
+ # What follows was taken directly from the C compiler with a few
+ # hacks to redo the lables.
+ #
+.text
+        .align 3
+        .globl bn_div_words
+        .ent bn_div_words
+bn_div_words:
+        ldgp $29,0($27)
+bn_div_words..ng:
+        lda $30,-48($30)
+        .frame $30,48,$26,0
+        stq $26,0($30)
+        stq $9,8($30)
+        stq $10,16($30)
+        stq $11,24($30)
+        stq $12,32($30)
+        stq $13,40($30)
+        .mask 0x4003e00,-48
+        .prologue 1
+        bis $16,$16,$9
+        bis $17,$17,$10
+        bis $18,$18,$11
+        bis $31,$31,$13
+        bis $31,2,$12
+        bne $11,$119
+        lda $0,-1
+        br $31,$136
+        .align 4
+$119:
+        bis $11,$11,$16
+        jsr $26,BN_num_bits_word
+        ldgp $29,0($26)
+        subq $0,64,$1
+        beq $1,$120
+        bis $31,1,$1
+        sll $1,$0,$1
+        cmpule $9,$1,$1
+        bne $1,$120
+ #      lda $16,_IO_stderr_
+ #      lda $17,$C32
+ #      bis $0,$0,$18
+ #      jsr $26,fprintf
+ #      ldgp $29,0($26)
+        jsr $26,abort
+        ldgp $29,0($26)
+        .align 4
+$120:
+        bis $31,64,$3
+        cmpult $9,$11,$2
+        subq $3,$0,$1
+        addl $1,$31,$0
+        subq $9,$11,$1
+        cmoveq $2,$1,$9
+        beq $0,$122
+        zapnot $0,15,$2
+        subq $3,$0,$1
+        sll $11,$2,$11
+        sll $9,$2,$3
+        srl $10,$1,$1
+        sll $10,$2,$10
+        bis $3,$1,$9
+$122:
+        srl $11,32,$5
+        zapnot $11,15,$6
+        lda $7,-1
+        .align 5
+$123:
+        srl $9,32,$1
+        subq $1,$5,$1
+        bne $1,$126
+        zapnot $7,15,$27
+        br $31,$127
+        .align 4
+$126:
+        bis $9,$9,$24
+        bis $5,$5,$25
+        divqu $24,$25,$27
+$127:
+        srl $10,32,$4
+        .align 5
+$128:
+        mulq $27,$5,$1
+        subq $9,$1,$3
+        zapnot $3,240,$1
+        bne $1,$129
+        mulq $6,$27,$2
+        sll $3,32,$1
+        addq $1,$4,$1
+        cmpule $2,$1,$2
+        bne $2,$129
+        subq $27,1,$27
+        br $31,$128
+        .align 4
+$129:
+        mulq $27,$6,$1
+        mulq $27,$5,$4
+        srl $1,32,$3
+        sll $1,32,$1
+        addq $4,$3,$4
+        cmpult $10,$1,$2
+        subq $10,$1,$10
+        addq $2,$4,$2
+        cmpult $9,$2,$1
+        bis $2,$2,$4
+        beq $1,$134
+        addq $9,$11,$9
+        subq $27,1,$27
+$134:
+        subl $12,1,$12
+        subq $9,$4,$9
+        beq $12,$124
+        sll $27,32,$13
+        sll $9,32,$2
+        srl $10,32,$1
+        sll $10,32,$10
+        bis $2,$1,$9
+        br $31,$123
+        .align 4
+$124:
+        bis $13,$27,$0
+$136:
+        ldq $26,0($30)
+        ldq $9,8($30)
+        ldq $10,16($30)
+        ldq $11,24($30)
+        ldq $12,32($30)
+        ldq $13,40($30)
+        addq $30,48,$30
+        ret $31,($26),1
+        .end bn_div_words
+EOF
+        return($data);
+        }
diff --git a/src/lib/libcrypto/bn/asm/ca.pl b/src/lib/libcrypto/bn/asm/ca.pl
new file mode 100644
index 0000000000..c1ce67a6b4
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/ca.pl
@@ -0,0 +1,33 @@
+#!/usr/local/bin/perl
+# I have this in perl so I can use more usefull register names and then convert
+# them into alpha registers.
+#
+push(@INC,"perlasm","../../perlasm");
+require "alpha.pl";
+require "alpha/mul_add.pl";
+require "alpha/mul.pl";
+require "alpha/sqr.pl";
+require "alpha/add.pl";
+require "alpha/sub.pl";
+require "alpha/mul_c8.pl";
+require "alpha/mul_c4.pl";
+require "alpha/sqr_c4.pl";
+require "alpha/sqr_c8.pl";
+require "alpha/div.pl";
+&asm_init($ARGV[0],$0);
+&bn_mul_words("bn_mul_words");
+&bn_sqr_words("bn_sqr_words");
+&bn_mul_add_words("bn_mul_add_words");
+&bn_add_words("bn_add_words");
+&bn_sub_words("bn_sub_words");
+&bn_div_words("bn_div_words");
+&bn_mul_comba8("bn_mul_comba8");
+&bn_mul_comba4("bn_mul_comba4");
+&bn_sqr_comba4("bn_sqr_comba4");
+&bn_sqr_comba8("bn_sqr_comba8");
+&asm_finish();
diff --git a/src/lib/libcrypto/bn/asm/co-alpha.pl b/src/lib/libcrypto/bn/asm/co-alpha.pl
new file mode 100644
index 0000000000..67dad3e3d5
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/co-alpha.pl
@@ -0,0 +1,116 @@
+#!/usr/local/bin/perl
+# I have this in perl so I can use more usefull register names and then convert
+# them into alpha registers.
+#
+push(@INC,"perlasm","../../perlasm");
+require "alpha.pl";
+&asm_init($ARGV[0],$0);
+print &bn_sub_words("bn_sub_words");
+&asm_finish();
+sub bn_sub_words
+        {
+        local($name)=@_;
+        local($cc,$a,$b,$r);
+        $cc="r0";
+        $a0="r1"; $b0="r5"; $r0="r9";  $tmp="r13";
+        $a1="r2"; $b1="r6"; $r1="r10"; $t1="r14";
+        $a2="r3"; $b2="r7"; $r2="r11";
+        $a3="r4"; $b3="r8"; $r3="r12"; $t3="r15";
+        $rp=&wparam(0);
+        $ap=&wparam(1);
+        $bp=&wparam(2);
+        $count=&wparam(3);
+        &function_begin($name,"");
+        &comment("");
+        &sub($count,4,$count);
+        &mov("zero",$cc);
+        &blt($count,&label("finish"));
+        &ld($a0,&QWPw(0,$ap));
+        &ld($b0,&QWPw(0,$bp));
+##########################################################
+        &set_label("loop");
+        &ld($a1,&QWPw(1,$ap));
+         &cmpult($a0,$b0,$tmp); # will we borrow?
+        &ld($b1,&QWPw(1,$bp));
+         &sub($a0,$b0,$a0);             # do the subtract
+        &ld($a2,&QWPw(2,$ap));
+         &cmpult($a0,$cc,$b0);  # will we borrow?
+        &ld($b2,&QWPw(2,$bp));
+         &sub($a0,$cc,$a0);     # will we borrow?
+        &ld($a3,&QWPw(3,$ap));
+         &add($b0,$tmp,$cc);    # add the borrows
+        &cmpult($a1,$b1,$t1);   # will we borrow?
+         &sub($a1,$b1,$a1);     # do the subtract
+        &ld($b3,&QWPw(3,$bp));
+         &cmpult($a1,$cc,$b1);  # will we borrow?
+        &sub($a1,$cc,$a1);      # will we borrow?
+         &add($b1,$t1,$cc);     # add the borrows
+        &cmpult($a2,$b2,$tmp);  # will we borrow?
+         &sub($a2,$b2,$a2);             # do the subtract
+        &st($a0,&QWPw(0,$rp));  # save
+         &cmpult($a2,$cc,$b2);  # will we borrow?
+        &sub($a2,$cc,$a2);      # will we borrow?
+         &add($b2,$tmp,$cc);    # add the borrows
+        &cmpult($a3,$b3,$t3);   # will we borrow?
+         &sub($a3,$b3,$a3);             # do the subtract
+        &st($a1,&QWPw(1,$rp));  # save
+         &cmpult($a3,$cc,$b3);  # will we borrow?
+        &sub($a3,$cc,$a3);      # will we borrow?
+         &add($b3,$t3,$cc);     # add the borrows
+        &st($a2,&QWPw(2,$rp));  # save
+         &sub($count,4,$count); # count-=4
+        &st($a3,&QWPw(3,$rp));  # save
+         &add($ap,4*$QWS,$ap);  # count+=4
+        &add($bp,4*$QWS,$bp);   # count+=4
+         &add($rp,4*$QWS,$rp);  # count+=4
+        &blt($count,&label("finish"));
+        &ld($a0,&QWPw(0,$ap));
+         &ld($b0,&QWPw(0,$bp));
+        &br(&label("loop"));
+##################################################
+        # Do the last 0..3 words
+        &set_label("last_loop");
+        &ld($a0,&QWPw(0,$ap));  # get a
+         &ld($b0,&QWPw(0,$bp)); # get b
+        &cmpult($a0,$b0,$tmp);  # will we borrow?
+        &sub($a0,$b0,$a0);      # do the subtract
+        &cmpult($a0,$cc,$b0);   # will we borrow?
+        &sub($a0,$cc,$a0);      # will we borrow?
+        &st($a0,&QWPw(0,$rp));  # save
+        &add($b0,$tmp,$cc);     # add the borrows
+        &add($ap,$QWS,$ap);
+        &add($bp,$QWS,$bp);
+        &add($rp,$QWS,$rp);
+        &sub($count,1,$count);
+        &bgt($count,&label("last_loop"));
+        &function_end_A($name);
+######################################################
+        &set_label("finish");
+        &add($count,4,$count);
+        &bgt($count,&label("last_loop"));
+        &set_label("end");
+        &function_end($name);
+        }
diff --git a/src/lib/libcrypto/bn/asm/ia64.S b/src/lib/libcrypto/bn/asm/ia64.S
index 951abc53ea..7b82b820e6 100644
--- a/src/lib/libcrypto/bn/asm/ia64.S
+++ b/src/lib/libcrypto/bn/asm/ia64.S
@@ -171,21 +171,21 @@
 .skip   32      // makes the loop body aligned at 64-byte boundary
 bn_add_words:
        .prologue
+        .fframe 0
        .save   ar.pfs,r2
 { .mii; alloc           r2=ar.pfs,4,12,0,16
        cmp4.le         p6,p0=r35,r0    };;
 { .mfb; mov             r8=r0                   // return value
 (p6)    br.ret.spnt.many        b0      };;
-{ .mib; sub             r10=r35,r0,1
        .save   ar.lc,r3
+{ .mib; sub             r10=r35,r0,1
        mov             r3=ar.lc
        brp.loop.imp    .L_bn_add_words_ctop,.L_bn_add_words_cend-16
                                        }
+        .body
 { .mib; ADDP            r14=0,r32               // rp
-        .save   pr,r9
        mov             r9=pr           };;
-        .body
 { .mii; ADDP            r15=0,r33               // ap
        mov             ar.lc=r10
        mov             ar.ec=6         }
@@ -224,21 +224,21 @@ bn_add_words:
 .skip   32      // makes the loop body aligned at 64-byte boundary
 bn_sub_words:
        .prologue
+        .fframe 0
        .save   ar.pfs,r2
 { .mii; alloc           r2=ar.pfs,4,12,0,16
        cmp4.le         p6,p0=r35,r0    };;
 { .mfb; mov             r8=r0                   // return value
 (p6)    br.ret.spnt.many        b0      };;
-{ .mib; sub             r10=r35,r0,1
        .save   ar.lc,r3
+{ .mib; sub             r10=r35,r0,1
        mov             r3=ar.lc
        brp.loop.imp    .L_bn_sub_words_ctop,.L_bn_sub_words_cend-16
                                        }
+        .body
 { .mib; ADDP            r14=0,r32               // rp
-        .save   pr,r9
        mov             r9=pr           };;
-        .body
 { .mii; ADDP            r15=0,r33               // ap
        mov             ar.lc=r10
        mov             ar.ec=6         }
@@ -283,6 +283,7 @@ bn_sub_words:
 .skip   32      // makes the loop body aligned at 64-byte boundary
 bn_mul_words:
        .prologue
+        .fframe 0
        .save   ar.pfs,r2
 #ifdef XMA_TEMPTATION
 { .mfi; alloc           r2=ar.pfs,4,0,0,0       };;
@@ -293,10 +294,9 @@ bn_mul_words:
        cmp4.le         p6,p0=r34,r0
 (p6)    br.ret.spnt.many        b0              };;
-{ .mii; sub     r10=r34,r0,1
        .save   ar.lc,r3
+{ .mii; sub     r10=r34,r0,1
        mov     r3=ar.lc
-        .save   pr,r9
        mov     r9=pr                   };;
        .body
@@ -397,21 +397,22 @@ bn_mul_words:
 .skip   48      // makes the loop body aligned at 64-byte boundary
 bn_mul_add_words:
        .prologue
+        .fframe 0
        .save   ar.pfs,r2
+        .save   ar.lc,r3
+        .save   pr,r9
 { .mmi; alloc           r2=ar.pfs,4,4,0,8
        cmp4.le         p6,p0=r34,r0
-        .save   ar.lc,r3
        mov             r3=ar.lc        };;
 { .mib; mov             r8=r0           // return value
        sub             r10=r34,r0,1
 (p6)    br.ret.spnt.many        b0      };;
+        .body
 { .mib; setf.sig        f8=r35          // w
-        .save   pr,r9
        mov             r9=pr
        brp.loop.imp    .L_bn_mul_add_words_ctop,.L_bn_mul_add_words_cend-16
                                        }
-        .body
 { .mmi; ADDP            r14=0,r32       // rp
        ADDP            r15=0,r33       // ap
        mov             ar.lc=r10       }
@@ -465,6 +466,7 @@ bn_mul_add_words:
 .skip   32      // makes the loop body aligned at 64-byte boundary 
 bn_sqr_words:
        .prologue
+        .fframe 0
        .save   ar.pfs,r2
 { .mii; alloc           r2=ar.pfs,3,0,0,0
        sxt4            r34=r34         };;
@@ -474,10 +476,9 @@ bn_sqr_words:
        nop.f           0x0
 (p6)    br.ret.spnt.many        b0      };;
-{ .mii; sub     r10=r34,r0,1
        .save   ar.lc,r3
+{ .mii; sub     r10=r34,r0,1
        mov     r3=ar.lc
-        .save   pr,r9
        mov     r9=pr                   };;
        .body
@@ -544,6 +545,7 @@ bn_sqr_words:
 .align  64
 bn_sqr_comba8:
        .prologue
+        .fframe 0
        .save   ar.pfs,r2
 #if defined(_HPUX_SOURCE) && !defined(_LP64)
 { .mii; alloc   r2=ar.pfs,2,1,0,0
@@ -615,6 +617,7 @@ bn_sqr_comba8:
 .align  64
 bn_mul_comba8:
        .prologue
+        .fframe 0
        .save   ar.pfs,r2
 #if defined(_HPUX_SOURCE) && !defined(_LP64)
 { .mii; alloc   r2=ar.pfs,3,0,0,0
@@ -1172,6 +1175,7 @@ bn_mul_comba8:
 .align  64
 bn_sqr_comba4:
        .prologue
+        .fframe 0
        .save   ar.pfs,r2
 #if defined(_HPUX_SOURCE) && !defined(_LP64)
 { .mii; alloc   r2=ar.pfs,2,1,0,0
@@ -1204,6 +1208,7 @@ bn_sqr_comba4:
 .align  64
 bn_mul_comba4:
        .prologue
+        .fframe 0
        .save   ar.pfs,r2
 #if defined(_HPUX_SOURCE) && !defined(_LP64)
 { .mii; alloc   r2=ar.pfs,3,0,0,0
@@ -1406,11 +1411,11 @@ equ=p24
 .align  64
 bn_div_words:
        .prologue
+        .fframe 0
        .save   ar.pfs,r2
-{ .mii; alloc           r2=ar.pfs,3,5,0,8
        .save   b0,r3
+{ .mii; alloc           r2=ar.pfs,3,5,0,8
        mov             r3=b0
-        .save   pr,r10
        mov             r10=pr          };;
 { .mmb; cmp.eq          p6,p0=r34,r0
        mov             r8=-1
diff --git a/src/lib/libcrypto/bn/asm/mips1.s b/src/lib/libcrypto/bn/asm/mips1.s
new file mode 100644
index 0000000000..44fa1254c7
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/mips1.s
@@ -0,0 +1,539 @@
+/* This assember is for R2000/R3000 machines, or higher ones that do
+ * no want to do any 64 bit arithmatic.
+ * Make sure that the SSLeay bignum library is compiled with 
+ * THIRTY_TWO_BIT set.
+ * This must either be compiled with the system CC, or, if you use GNU gas,
+ * cc -E mips1.s|gas -o mips1.o
+ */
+        .set    reorder
+        .set    noat
+#define R1      $1
+#define CC      $2
+#define R2      $3
+#define R3      $8
+#define R4      $9
+#define L1      $10
+#define L2      $11
+#define L3      $12
+#define L4      $13
+#define H1      $14
+#define H2      $15
+#define H3      $24
+#define H4      $25
+#define P1      $4
+#define P2      $5
+#define P3      $6
+#define P4      $7
+        .align  2
+        .ent    bn_mul_add_words
+        .globl  bn_mul_add_words
+.text
+bn_mul_add_words:
+        .frame  $sp,0,$31
+        .mask   0x00000000,0
+        .fmask  0x00000000,0
+        #blt    P3,4,$lab34
+        
+        subu    R1,P3,4
+        move    CC,$0
+        bltz    R1,$lab34
+$lab2:  
+        lw      R1,0(P1)
+         lw     L1,0(P2)
+        lw      R2,4(P1)
+         lw     L2,4(P2)
+        lw      R3,8(P1)
+         lw     L3,8(P2)
+        lw      R4,12(P1)
+         lw     L4,12(P2)
+        multu   L1,P4
+         addu   R1,R1,CC
+        mflo    L1
+         sltu   CC,R1,CC
+        addu    R1,R1,L1
+         mfhi   H1
+        sltu    L1,R1,L1
+         sw     R1,0(P1)
+        addu    CC,CC,L1
+         multu  L2,P4
+        addu    CC,H1,CC
+        mflo    L2
+         addu   R2,R2,CC
+        sltu    CC,R2,CC
+         mfhi   H2
+        addu    R2,R2,L2
+         addu   P2,P2,16
+        sltu    L2,R2,L2
+         sw     R2,4(P1)
+        addu    CC,CC,L2
+         multu  L3,P4
+        addu    CC,H2,CC
+        mflo    L3
+         addu   R3,R3,CC
+        sltu    CC,R3,CC
+         mfhi   H3
+        addu    R3,R3,L3
+         addu   P1,P1,16
+        sltu    L3,R3,L3
+         sw     R3,-8(P1)
+        addu    CC,CC,L3
+         multu  L4,P4
+        addu    CC,H3,CC
+        mflo    L4
+         addu   R4,R4,CC
+        sltu    CC,R4,CC
+         mfhi   H4
+        addu    R4,R4,L4
+         subu   P3,P3,4
+        sltu    L4,R4,L4
+        addu    CC,CC,L4
+        addu    CC,H4,CC
+        subu    R1,P3,4
+        sw      R4,-4(P1)       # delay slot
+        bgez    R1,$lab2
+        bleu    P3,0,$lab3
+        .align  2
+$lab33: 
+        lw      L1,0(P2)
+         lw     R1,0(P1)
+        multu   L1,P4
+         addu   R1,R1,CC
+        sltu    CC,R1,CC
+         addu   P1,P1,4
+        mflo    L1
+         mfhi   H1
+        addu    R1,R1,L1
+         addu   P2,P2,4
+        sltu    L1,R1,L1
+         subu   P3,P3,1
+        addu    CC,CC,L1
+         sw     R1,-4(P1)
+        addu    CC,H1,CC
+         bgtz   P3,$lab33
+        j       $31
+        .align  2
+$lab3:
+        j       $31
+        .align  2
+$lab34:
+        bgt     P3,0,$lab33
+        j       $31
+        .end    bn_mul_add_words
+        .align  2
+        # Program Unit: bn_mul_words
+        .ent    bn_mul_words
+        .globl  bn_mul_words
+.text
+bn_mul_words:
+        .frame  $sp,0,$31
+        .mask   0x00000000,0
+        .fmask  0x00000000,0
+        
+        subu    P3,P3,4
+        move    CC,$0
+        bltz    P3,$lab45
+$lab44: 
+        lw      L1,0(P2)
+         lw     L2,4(P2)
+        lw      L3,8(P2)
+         lw     L4,12(P2)
+        multu   L1,P4
+         subu   P3,P3,4
+        mflo    L1
+         mfhi   H1
+        addu    L1,L1,CC
+         multu  L2,P4
+        sltu    CC,L1,CC
+         sw     L1,0(P1)
+        addu    CC,H1,CC
+         mflo   L2
+        mfhi    H2
+         addu   L2,L2,CC
+        multu   L3,P4
+         sltu   CC,L2,CC
+        sw      L2,4(P1)
+         addu   CC,H2,CC
+        mflo    L3
+         mfhi   H3
+        addu    L3,L3,CC
+         multu  L4,P4
+        sltu    CC,L3,CC
+         sw     L3,8(P1)
+        addu    CC,H3,CC
+         mflo   L4
+        mfhi    H4
+         addu   L4,L4,CC
+        addu    P1,P1,16
+         sltu   CC,L4,CC
+        addu    P2,P2,16
+         addu   CC,H4,CC
+        sw      L4,-4(P1)
+        bgez    P3,$lab44
+        b       $lab45
+$lab46:
+        lw      L1,0(P2)
+         addu   P1,P1,4
+        multu   L1,P4
+         addu   P2,P2,4
+        mflo    L1
+         mfhi   H1
+        addu    L1,L1,CC
+         subu   P3,P3,1
+        sltu    CC,L1,CC
+         sw     L1,-4(P1)
+        addu    CC,H1,CC
+         bgtz   P3,$lab46
+        j       $31
+$lab45:
+        addu    P3,P3,4
+        bgtz    P3,$lab46
+        j       $31
+        .align  2
+        .end    bn_mul_words
+        # Program Unit: bn_sqr_words
+        .ent    bn_sqr_words
+        .globl  bn_sqr_words
+.text
+bn_sqr_words:
+        .frame  $sp,0,$31
+        .mask   0x00000000,0
+        .fmask  0x00000000,0
+        
+        subu    P3,P3,4
+        bltz    P3,$lab55
+$lab54:
+        lw      L1,0(P2)
+         lw     L2,4(P2)
+        lw      L3,8(P2)
+         lw     L4,12(P2)
+        multu   L1,L1
+         subu   P3,P3,4
+        mflo    L1
+         mfhi   H1
+        sw      L1,0(P1)
+         sw     H1,4(P1)
+        multu   L2,L2
+         addu   P1,P1,32
+        mflo    L2
+         mfhi   H2
+        sw      L2,-24(P1)
+         sw     H2,-20(P1)
+        multu   L3,L3
+         addu   P2,P2,16
+        mflo    L3
+         mfhi   H3
+        sw      L3,-16(P1)
+         sw     H3,-12(P1)
+        multu   L4,L4
+        mflo    L4
+         mfhi   H4
+        sw      L4,-8(P1)
+         sw     H4,-4(P1)
+        bgtz    P3,$lab54
+        b       $lab55
+$lab56: 
+        lw      L1,0(P2)
+        addu    P1,P1,8
+        multu   L1,L1
+        addu    P2,P2,4
+        subu    P3,P3,1
+        mflo    L1
+        mfhi    H1
+        sw      L1,-8(P1)
+        sw      H1,-4(P1)
+        bgtz    P3,$lab56
+        j       $31
+$lab55:
+        addu    P3,P3,4
+        bgtz    P3,$lab56
+        j       $31
+        .align  2
+        .end    bn_sqr_words
+        # Program Unit: bn_add_words
+        .ent    bn_add_words
+        .globl  bn_add_words
+.text
+bn_add_words:    # 0x590
+        .frame  $sp,0,$31
+        .mask   0x00000000,0
+        .fmask  0x00000000,0
+        
+        subu    P4,P4,4
+        move    CC,$0
+        bltz    P4,$lab65
+$lab64: 
+        lw      L1,0(P2)
+        lw      R1,0(P3)
+        lw      L2,4(P2)
+        lw      R2,4(P3)
+        addu    L1,L1,CC
+         lw     L3,8(P2)
+        sltu    CC,L1,CC
+         addu   L1,L1,R1
+        sltu    R1,L1,R1
+         lw     R3,8(P3)
+        addu    CC,CC,R1
+         lw     L4,12(P2)
+        addu    L2,L2,CC
+         lw     R4,12(P3)
+        sltu    CC,L2,CC
+         addu   L2,L2,R2
+        sltu    R2,L2,R2
+         sw     L1,0(P1)
+        addu    CC,CC,R2
+         addu   P1,P1,16
+        addu    L3,L3,CC
+         sw     L2,-12(P1)
+ 
+        sltu    CC,L3,CC
+         addu   L3,L3,R3
+        sltu    R3,L3,R3
+         addu   P2,P2,16
+        addu    CC,CC,R3
+        addu    L4,L4,CC
+         addu   P3,P3,16
+        sltu    CC,L4,CC
+         addu   L4,L4,R4
+        subu    P4,P4,4
+         sltu   R4,L4,R4
+        sw      L3,-8(P1)
+         addu   CC,CC,R4
+        sw      L4,-4(P1)
+        bgtz    P4,$lab64
+        b       $lab65
+$lab66:
+        lw      L1,0(P2)
+         lw     R1,0(P3)
+        addu    L1,L1,CC
+         addu   P1,P1,4
+        sltu    CC,L1,CC
+         addu   P2,P2,4
+        addu    P3,P3,4
+         addu   L1,L1,R1
+        subu    P4,P4,1
+         sltu   R1,L1,R1
+        sw      L1,-4(P1)
+         addu   CC,CC,R1
+        bgtz    P4,$lab66
+        j       $31
+$lab65:
+        addu    P4,P4,4
+        bgtz    P4,$lab66
+        j       $31
+        .end    bn_add_words
+        # Program Unit: bn_div64
+        .set    at
+        .set    reorder
+        .text   
+        .align  2
+        .globl  bn_div64
+ # 321          {
+        .ent    bn_div64 2
+bn_div64:
+        subu    $sp, 64
+        sw      $31, 56($sp)
+        sw      $16, 48($sp)
+        .mask   0x80010000, -56
+        .frame  $sp, 64, $31
+        move    $9, $4
+        move    $12, $5
+        move    $16, $6
+ # 322          BN_ULONG dh,dl,q,ret=0,th,tl,t;
+        move    $31, $0
+ # 323          int i,count=2;
+        li      $13, 2
+ # 324  
+ # 325          if (d == 0) return(BN_MASK2);
+        bne     $16, 0, $80
+        li      $2, -1
+        b       $93
+$80:
+ # 326  
+ # 327          i=BN_num_bits_word(d);
+        move    $4, $16
+        sw      $31, 16($sp)
+        sw      $9, 24($sp)
+        sw      $12, 32($sp)
+        sw      $13, 40($sp)
+        .livereg        0x800ff0e,0xfff
+        jal     BN_num_bits_word
+        li      $4, 32
+        lw      $31, 16($sp)
+        lw      $9, 24($sp)
+        lw      $12, 32($sp)
+        lw      $13, 40($sp)
+        move    $3, $2
+ # 328          if ((i != BN_BITS2) && (h > (BN_ULONG)1<<i))
+        beq     $2, $4, $81
+        li      $14, 1
+        sll     $15, $14, $2
+        bleu    $9, $15, $81
+ # 329                  {
+ # 330  #if !defined(NO_STDIO) && !defined(WIN16)
+ # 331                  fprintf(stderr,"Division would overflow (%d)\n",i);
+ # 332  #endif
+ # 333                  abort();
+        sw      $3, 8($sp)
+        sw      $9, 24($sp)
+        sw      $12, 32($sp)
+        sw      $13, 40($sp)
+        sw      $31, 26($sp)
+        .livereg        0xff0e,0xfff
+        jal     abort
+        lw      $3, 8($sp)
+        li      $4, 32
+        lw      $9, 24($sp)
+        lw      $12, 32($sp)
+        lw      $13, 40($sp)
+        lw      $31, 26($sp)
+ # 334                  }
+$81:
+ # 335          i=BN_BITS2-i;
+        subu    $3, $4, $3
+ # 336          if (h >= d) h-=d;
+        bltu    $9, $16, $82
+        subu    $9, $9, $16
+$82:
+ # 337  
+ # 338          if (i)
+        beq     $3, 0, $83
+ # 339                  {
+ # 340                  d<<=i;
+        sll     $16, $16, $3
+ # 341                  h=(h<<i)|(l>>(BN_BITS2-i));
+        sll     $24, $9, $3
+        subu    $25, $4, $3
+        srl     $14, $12, $25
+        or      $9, $24, $14
+ # 342                  l<<=i;
+        sll     $12, $12, $3
+ # 343                  }
+$83:
+ # 344          dh=(d&BN_MASK2h)>>BN_BITS4;
+ # 345          dl=(d&BN_MASK2l);
+        and     $8, $16, -65536
+        srl     $8, $8, 16
+        and     $10, $16, 65535
+        li      $6, -65536
+$84:
+ # 346          for (;;)
+ # 347                  {
+ # 348                  if ((h>>BN_BITS4) == dh)
+        srl     $15, $9, 16
+        bne     $8, $15, $85
+ # 349                          q=BN_MASK2l;
+        li      $5, 65535
+        b       $86
+$85:
+ # 350                  else
+ # 351                          q=h/dh;
+        divu    $5, $9, $8
+$86:
+ # 352  
+ # 353                  for (;;)
+ # 354                          {
+ # 355                          t=(h-q*dh);
+        mul     $4, $5, $8
+        subu    $2, $9, $4
+        move    $3, $2
+ # 356                          if ((t&BN_MASK2h) ||
+ # 357                                  ((dl*q) <= (
+ # 358                                          (t<<BN_BITS4)+
+ # 359                                          ((l&BN_MASK2h)>>BN_BITS4))))
+        and     $25, $2, $6
+        bne     $25, $0, $87
+        mul     $24, $10, $5
+        sll     $14, $3, 16
+        and     $15, $12, $6
+        srl     $25, $15, 16
+        addu    $15, $14, $25
+        bgtu    $24, $15, $88
+$87:
+ # 360                                  break;
+        mul     $3, $10, $5
+        b       $89
+$88:
+ # 361                          q--;
+        addu    $5, $5, -1
+ # 362                          }
+        b       $86
+$89:
+ # 363                  th=q*dh;
+ # 364                  tl=q*dl;
+ # 365                  t=(tl>>BN_BITS4);
+ # 366                  tl=(tl<<BN_BITS4)&BN_MASK2h;
+        sll     $14, $3, 16
+        and     $2, $14, $6
+        move    $11, $2
+ # 367                  th+=t;
+        srl     $25, $3, 16
+        addu    $7, $4, $25
+ # 368  
+ # 369                  if (l < tl) th++;
+        bgeu    $12, $2, $90
+        addu    $7, $7, 1
+$90:
+ # 370                  l-=tl;
+        subu    $12, $12, $11
+ # 371                  if (h < th)
+        bgeu    $9, $7, $91
+ # 372                          {
+ # 373                          h+=d;
+        addu    $9, $9, $16
+ # 374                          q--;
+        addu    $5, $5, -1
+ # 375                          }
+$91:
+ # 376                  h-=th;
+        subu    $9, $9, $7
+ # 377  
+ # 378                  if (--count == 0) break;
+        addu    $13, $13, -1
+        beq     $13, 0, $92
+ # 379  
+ # 380                  ret=q<<BN_BITS4;
+        sll     $31, $5, 16
+ # 381                  h=((h<<BN_BITS4)|(l>>BN_BITS4))&BN_MASK2;
+        sll     $24, $9, 16
+        srl     $15, $12, 16
+        or      $9, $24, $15
+ # 382                  l=(l&BN_MASK2l)<<BN_BITS4;
+        and     $12, $12, 65535
+        sll     $12, $12, 16
+ # 383                  }
+        b       $84
+$92:
+ # 384          ret|=q;
+        or      $31, $31, $5
+ # 385          return(ret);
+        move    $2, $31
+$93:
+        lw      $16, 48($sp)
+        lw      $31, 56($sp)
+        addu    $sp, 64
+        j       $31
+        .end    bn_div64
diff --git a/src/lib/libcrypto/bn/asm/mips3.s b/src/lib/libcrypto/bn/asm/mips3.s
new file mode 100644
index 0000000000..dca4105c7d
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/mips3.s
@@ -0,0 +1,2201 @@
+.rdata
+.asciiz "mips3.s, Version 1.1"
+.asciiz "MIPS III/IV ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+/*
+ * ====================================================================
+ * Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+ * project.
+ *
+ * Rights for redistribution and usage in source and binary forms are
+ * granted according to the OpenSSL license. Warranty of any kind is
+ * disclaimed.
+ * ====================================================================
+ */
+/*
+ * This is my modest contributon to the OpenSSL project (see
+ * http://www.openssl.org/ for more information about it) and is
+ * a drop-in MIPS III/IV ISA replacement for crypto/bn/bn_asm.c
+ * module. For updates see http://fy.chalmers.se/~appro/hpe/.
+ *
+ * The module is designed to work with either of the "new" MIPS ABI(5),
+ * namely N32 or N64, offered by IRIX 6.x. It's not ment to work under
+ * IRIX 5.x not only because it doesn't support new ABIs but also
+ * because 5.x kernels put R4x00 CPU into 32-bit mode and all those
+ * 64-bit instructions (daddu, dmultu, etc.) found below gonna only
+ * cause illegal instruction exception:-(
+ *
+ * In addition the code depends on preprocessor flags set up by MIPSpro
+ * compiler driver (either as or cc) and therefore (probably?) can't be
+ * compiled by the GNU assembler. GNU C driver manages fine though...
+ * I mean as long as -mmips-as is specified or is the default option,
+ * because then it simply invokes /usr/bin/as which in turn takes
+ * perfect care of the preprocessor definitions. Another neat feature
+ * offered by the MIPSpro assembler is an optimization pass. This gave
+ * me the opportunity to have the code looking more regular as all those
+ * architecture dependent instruction rescheduling details were left to
+ * the assembler. Cool, huh?
+ *
+ * Performance improvement is astonishing! 'apps/openssl speed rsa dsa'
+ * goes way over 3 times faster!
+ *
+ *                                      <appro@fy.chalmers.se>
+ */
+#include <asm.h>
+#include <regdef.h>
+#if _MIPS_ISA>=4
+#define MOVNZ(cond,dst,src)     \
+        movn    dst,src,cond
+#else
+#define MOVNZ(cond,dst,src)     \
+        .set    noreorder;      \
+        bnezl   cond,.+8;       \
+        move    dst,src;        \
+        .set    reorder
+#endif
+.text
+.set    noat
+.set    reorder
+#define MINUS4  v1
+.align  5
+LEAF(bn_mul_add_words)
+        .set    noreorder
+        bgtzl   a2,.L_bn_mul_add_words_proceed
+        ld      t0,0(a1)
+        jr      ra
+        move    v0,zero
+        .set    reorder
+.L_bn_mul_add_words_proceed:
+        li      MINUS4,-4
+        and     ta0,a2,MINUS4
+        move    v0,zero
+        beqz    ta0,.L_bn_mul_add_words_tail
+.L_bn_mul_add_words_loop:
+        dmultu  t0,a3
+        ld      t1,0(a0)
+        ld      t2,8(a1)
+        ld      t3,8(a0)
+        ld      ta0,16(a1)
+        ld      ta1,16(a0)
+        daddu   t1,v0
+        sltu    v0,t1,v0        /* All manuals say it "compares 32-bit
+                                 * values", but it seems to work fine
+                                 * even on 64-bit registers. */
+        mflo    AT
+        mfhi    t0
+        daddu   t1,AT
+        daddu   v0,t0
+        sltu    AT,t1,AT
+        sd      t1,0(a0)
+        daddu   v0,AT
+        dmultu  t2,a3
+        ld      ta2,24(a1)
+        ld      ta3,24(a0)
+        daddu   t3,v0
+        sltu    v0,t3,v0
+        mflo    AT
+        mfhi    t2
+        daddu   t3,AT
+        daddu   v0,t2
+        sltu    AT,t3,AT
+        sd      t3,8(a0)
+        daddu   v0,AT
+        dmultu  ta0,a3
+        subu    a2,4
+        PTR_ADD a0,32
+        PTR_ADD a1,32
+        daddu   ta1,v0
+        sltu    v0,ta1,v0
+        mflo    AT
+        mfhi    ta0
+        daddu   ta1,AT
+        daddu   v0,ta0
+        sltu    AT,ta1,AT
+        sd      ta1,-16(a0)
+        daddu   v0,AT
+        dmultu  ta2,a3
+        and     ta0,a2,MINUS4
+        daddu   ta3,v0
+        sltu    v0,ta3,v0
+        mflo    AT
+        mfhi    ta2
+        daddu   ta3,AT
+        daddu   v0,ta2
+        sltu    AT,ta3,AT
+        sd      ta3,-8(a0)
+        daddu   v0,AT
+        .set    noreorder
+        bgtzl   ta0,.L_bn_mul_add_words_loop
+        ld      t0,0(a1)
+        bnezl   a2,.L_bn_mul_add_words_tail
+        ld      t0,0(a1)
+        .set    reorder
+.L_bn_mul_add_words_return:
+        jr      ra
+.L_bn_mul_add_words_tail:
+        dmultu  t0,a3
+        ld      t1,0(a0)
+        subu    a2,1
+        daddu   t1,v0
+        sltu    v0,t1,v0
+        mflo    AT
+        mfhi    t0
+        daddu   t1,AT
+        daddu   v0,t0
+        sltu    AT,t1,AT
+        sd      t1,0(a0)
+        daddu   v0,AT
+        beqz    a2,.L_bn_mul_add_words_return
+        ld      t0,8(a1)
+        dmultu  t0,a3
+        ld      t1,8(a0)
+        subu    a2,1
+        daddu   t1,v0
+        sltu    v0,t1,v0
+        mflo    AT
+        mfhi    t0
+        daddu   t1,AT
+        daddu   v0,t0
+        sltu    AT,t1,AT
+        sd      t1,8(a0)
+        daddu   v0,AT
+        beqz    a2,.L_bn_mul_add_words_return
+        ld      t0,16(a1)
+        dmultu  t0,a3
+        ld      t1,16(a0)
+        daddu   t1,v0
+        sltu    v0,t1,v0
+        mflo    AT
+        mfhi    t0
+        daddu   t1,AT
+        daddu   v0,t0
+        sltu    AT,t1,AT
+        sd      t1,16(a0)
+        daddu   v0,AT
+        jr      ra
+END(bn_mul_add_words)
+.align  5
+LEAF(bn_mul_words)
+        .set    noreorder
+        bgtzl   a2,.L_bn_mul_words_proceed
+        ld      t0,0(a1)
+        jr      ra
+        move    v0,zero
+        .set    reorder
+.L_bn_mul_words_proceed:
+        li      MINUS4,-4
+        and     ta0,a2,MINUS4
+        move    v0,zero
+        beqz    ta0,.L_bn_mul_words_tail
+.L_bn_mul_words_loop:
+        dmultu  t0,a3
+        ld      t2,8(a1)
+        ld      ta0,16(a1)
+        ld      ta2,24(a1)
+        mflo    AT
+        mfhi    t0
+        daddu   v0,AT
+        sltu    t1,v0,AT
+        sd      v0,0(a0)
+        daddu   v0,t1,t0
+        dmultu  t2,a3
+        subu    a2,4
+        PTR_ADD a0,32
+        PTR_ADD a1,32
+        mflo    AT
+        mfhi    t2
+        daddu   v0,AT
+        sltu    t3,v0,AT
+        sd      v0,-24(a0)
+        daddu   v0,t3,t2
+        dmultu  ta0,a3
+        mflo    AT
+        mfhi    ta0
+        daddu   v0,AT
+        sltu    ta1,v0,AT
+        sd      v0,-16(a0)
+        daddu   v0,ta1,ta0
+        dmultu  ta2,a3
+        and     ta0,a2,MINUS4
+        mflo    AT
+        mfhi    ta2
+        daddu   v0,AT
+        sltu    ta3,v0,AT
+        sd      v0,-8(a0)
+        daddu   v0,ta3,ta2
+        .set    noreorder
+        bgtzl   ta0,.L_bn_mul_words_loop
+        ld      t0,0(a1)
+        bnezl   a2,.L_bn_mul_words_tail
+        ld      t0,0(a1)
+        .set    reorder
+.L_bn_mul_words_return:
+        jr      ra
+.L_bn_mul_words_tail:
+        dmultu  t0,a3
+        subu    a2,1
+        mflo    AT
+        mfhi    t0
+        daddu   v0,AT
+        sltu    t1,v0,AT
+        sd      v0,0(a0)
+        daddu   v0,t1,t0
+        beqz    a2,.L_bn_mul_words_return
+        ld      t0,8(a1)
+        dmultu  t0,a3
+        subu    a2,1
+        mflo    AT
+        mfhi    t0
+        daddu   v0,AT
+        sltu    t1,v0,AT
+        sd      v0,8(a0)
+        daddu   v0,t1,t0
+        beqz    a2,.L_bn_mul_words_return
+        ld      t0,16(a1)
+        dmultu  t0,a3
+        mflo    AT
+        mfhi    t0
+        daddu   v0,AT
+        sltu    t1,v0,AT
+        sd      v0,16(a0)
+        daddu   v0,t1,t0
+        jr      ra
+END(bn_mul_words)
+.align  5
+LEAF(bn_sqr_words)
+        .set    noreorder
+        bgtzl   a2,.L_bn_sqr_words_proceed
+        ld      t0,0(a1)
+        jr      ra
+        move    v0,zero
+        .set    reorder
+.L_bn_sqr_words_proceed:
+        li      MINUS4,-4
+        and     ta0,a2,MINUS4
+        move    v0,zero
+        beqz    ta0,.L_bn_sqr_words_tail
+.L_bn_sqr_words_loop:
+        dmultu  t0,t0
+        ld      t2,8(a1)
+        ld      ta0,16(a1)
+        ld      ta2,24(a1)
+        mflo    t1
+        mfhi    t0
+        sd      t1,0(a0)
+        sd      t0,8(a0)
+        dmultu  t2,t2
+        subu    a2,4
+        PTR_ADD a0,64
+        PTR_ADD a1,32
+        mflo    t3
+        mfhi    t2
+        sd      t3,-48(a0)
+        sd      t2,-40(a0)
+        dmultu  ta0,ta0
+        mflo    ta1
+        mfhi    ta0
+        sd      ta1,-32(a0)
+        sd      ta0,-24(a0)
+        dmultu  ta2,ta2
+        and     ta0,a2,MINUS4
+        mflo    ta3
+        mfhi    ta2
+        sd      ta3,-16(a0)
+        sd      ta2,-8(a0)
+        .set    noreorder
+        bgtzl   ta0,.L_bn_sqr_words_loop
+        ld      t0,0(a1)
+        bnezl   a2,.L_bn_sqr_words_tail
+        ld      t0,0(a1)
+        .set    reorder
+.L_bn_sqr_words_return:
+        move    v0,zero
+        jr      ra
+.L_bn_sqr_words_tail:
+        dmultu  t0,t0
+        subu    a2,1
+        mflo    t1
+        mfhi    t0
+        sd      t1,0(a0)
+        sd      t0,8(a0)
+        beqz    a2,.L_bn_sqr_words_return
+        ld      t0,8(a1)
+        dmultu  t0,t0
+        subu    a2,1
+        mflo    t1
+        mfhi    t0
+        sd      t1,16(a0)
+        sd      t0,24(a0)
+        beqz    a2,.L_bn_sqr_words_return
+        ld      t0,16(a1)
+        dmultu  t0,t0
+        mflo    t1
+        mfhi    t0
+        sd      t1,32(a0)
+        sd      t0,40(a0)
+        jr      ra
+END(bn_sqr_words)
+.align  5
+LEAF(bn_add_words)
+        .set    noreorder
+        bgtzl   a3,.L_bn_add_words_proceed
+        ld      t0,0(a1)
+        jr      ra
+        move    v0,zero
+        .set    reorder
+.L_bn_add_words_proceed:
+        li      MINUS4,-4
+        and     AT,a3,MINUS4
+        move    v0,zero
+        beqz    AT,.L_bn_add_words_tail
+.L_bn_add_words_loop:
+        ld      ta0,0(a2)
+        subu    a3,4
+        ld      t1,8(a1)
+        and     AT,a3,MINUS4
+        ld      t2,16(a1)
+        PTR_ADD a2,32
+        ld      t3,24(a1)
+        PTR_ADD a0,32
+        ld      ta1,-24(a2)
+        PTR_ADD a1,32
+        ld      ta2,-16(a2)
+        ld      ta3,-8(a2)
+        daddu   ta0,t0
+        sltu    t8,ta0,t0
+        daddu   t0,ta0,v0
+        sltu    v0,t0,ta0
+        sd      t0,-32(a0)
+        daddu   v0,t8
+        daddu   ta1,t1
+        sltu    t9,ta1,t1
+        daddu   t1,ta1,v0
+        sltu    v0,t1,ta1
+        sd      t1,-24(a0)
+        daddu   v0,t9
+        daddu   ta2,t2
+        sltu    t8,ta2,t2
+        daddu   t2,ta2,v0
+        sltu    v0,t2,ta2
+        sd      t2,-16(a0)
+        daddu   v0,t8
+        
+        daddu   ta3,t3
+        sltu    t9,ta3,t3
+        daddu   t3,ta3,v0
+        sltu    v0,t3,ta3
+        sd      t3,-8(a0)
+        daddu   v0,t9
+        
+        .set    noreorder
+        bgtzl   AT,.L_bn_add_words_loop
+        ld      t0,0(a1)
+        bnezl   a3,.L_bn_add_words_tail
+        ld      t0,0(a1)
+        .set    reorder
+.L_bn_add_words_return:
+        jr      ra
+.L_bn_add_words_tail:
+        ld      ta0,0(a2)
+        daddu   ta0,t0
+        subu    a3,1
+        sltu    t8,ta0,t0
+        daddu   t0,ta0,v0
+        sltu    v0,t0,ta0
+        sd      t0,0(a0)
+        daddu   v0,t8
+        beqz    a3,.L_bn_add_words_return
+        ld      t1,8(a1)
+        ld      ta1,8(a2)
+        daddu   ta1,t1
+        subu    a3,1
+        sltu    t9,ta1,t1
+        daddu   t1,ta1,v0
+        sltu    v0,t1,ta1
+        sd      t1,8(a0)
+        daddu   v0,t9
+        beqz    a3,.L_bn_add_words_return
+        ld      t2,16(a1)
+        ld      ta2,16(a2)
+        daddu   ta2,t2
+        sltu    t8,ta2,t2
+        daddu   t2,ta2,v0
+        sltu    v0,t2,ta2
+        sd      t2,16(a0)
+        daddu   v0,t8
+        jr      ra
+END(bn_add_words)
+.align  5
+LEAF(bn_sub_words)
+        .set    noreorder
+        bgtzl   a3,.L_bn_sub_words_proceed
+        ld      t0,0(a1)
+        jr      ra
+        move    v0,zero
+        .set    reorder
+.L_bn_sub_words_proceed:
+        li      MINUS4,-4
+        and     AT,a3,MINUS4
+        move    v0,zero
+        beqz    AT,.L_bn_sub_words_tail
+.L_bn_sub_words_loop:
+        ld      ta0,0(a2)
+        subu    a3,4
+        ld      t1,8(a1)
+        and     AT,a3,MINUS4
+        ld      t2,16(a1)
+        PTR_ADD a2,32
+        ld      t3,24(a1)
+        PTR_ADD a0,32
+        ld      ta1,-24(a2)
+        PTR_ADD a1,32
+        ld      ta2,-16(a2)
+        ld      ta3,-8(a2)
+        sltu    t8,t0,ta0
+        dsubu   t0,ta0
+        dsubu   ta0,t0,v0
+        sd      ta0,-32(a0)
+        MOVNZ   (t0,v0,t8)
+        sltu    t9,t1,ta1
+        dsubu   t1,ta1
+        dsubu   ta1,t1,v0
+        sd      ta1,-24(a0)
+        MOVNZ   (t1,v0,t9)
+        sltu    t8,t2,ta2
+        dsubu   t2,ta2
+        dsubu   ta2,t2,v0
+        sd      ta2,-16(a0)
+        MOVNZ   (t2,v0,t8)
+        sltu    t9,t3,ta3
+        dsubu   t3,ta3
+        dsubu   ta3,t3,v0
+        sd      ta3,-8(a0)
+        MOVNZ   (t3,v0,t9)
+        .set    noreorder
+        bgtzl   AT,.L_bn_sub_words_loop
+        ld      t0,0(a1)
+        bnezl   a3,.L_bn_sub_words_tail
+        ld      t0,0(a1)
+        .set    reorder
+.L_bn_sub_words_return:
+        jr      ra
+.L_bn_sub_words_tail:
+        ld      ta0,0(a2)
+        subu    a3,1
+        sltu    t8,t0,ta0
+        dsubu   t0,ta0
+        dsubu   ta0,t0,v0
+        MOVNZ   (t0,v0,t8)
+        sd      ta0,0(a0)
+        beqz    a3,.L_bn_sub_words_return
+        ld      t1,8(a1)
+        subu    a3,1
+        ld      ta1,8(a2)
+        sltu    t9,t1,ta1
+        dsubu   t1,ta1
+        dsubu   ta1,t1,v0
+        MOVNZ   (t1,v0,t9)
+        sd      ta1,8(a0)
+        beqz    a3,.L_bn_sub_words_return
+        ld      t2,16(a1)
+        ld      ta2,16(a2)
+        sltu    t8,t2,ta2
+        dsubu   t2,ta2
+        dsubu   ta2,t2,v0
+        MOVNZ   (t2,v0,t8)
+        sd      ta2,16(a0)
+        jr      ra
+END(bn_sub_words)
+#undef  MINUS4
+.align 5
+LEAF(bn_div_3_words)
+        .set    reorder
+        move    a3,a0           /* we know that bn_div_words doesn't
+                                 * touch a3, ta2, ta3 and preserves a2
+                                 * so that we can save two arguments
+                                 * and return address in registers
+                                 * instead of stack:-)
+                                 */
+        ld      a0,(a3)
+        move    ta2,a1
+        ld      a1,-8(a3)
+        bne     a0,a2,.L_bn_div_3_words_proceed
+        li      v0,-1
+        jr      ra
+.L_bn_div_3_words_proceed:
+        move    ta3,ra
+        bal     bn_div_words
+        move    ra,ta3
+        dmultu  ta2,v0
+        ld      t2,-16(a3)
+        move    ta0,zero
+        mfhi    t1
+        mflo    t0
+        sltu    t8,t1,v1
+.L_bn_div_3_words_inner_loop:
+        bnez    t8,.L_bn_div_3_words_inner_loop_done
+        sgeu    AT,t2,t0
+        seq     t9,t1,v1
+        and     AT,t9
+        sltu    t3,t0,ta2
+        daddu   v1,a2
+        dsubu   t1,t3
+        dsubu   t0,ta2
+        sltu    t8,t1,v1
+        sltu    ta0,v1,a2
+        or      t8,ta0
+        .set    noreorder
+        beqzl   AT,.L_bn_div_3_words_inner_loop
+        dsubu   v0,1
+        .set    reorder
+.L_bn_div_3_words_inner_loop_done:
+        jr      ra
+END(bn_div_3_words)
+.align  5
+LEAF(bn_div_words)
+        .set    noreorder
+        bnezl   a2,.L_bn_div_words_proceed
+        move    v1,zero
+        jr      ra
+        li      v0,-1           /* I'd rather signal div-by-zero
+                                 * which can be done with 'break 7' */
+.L_bn_div_words_proceed:
+        bltz    a2,.L_bn_div_words_body
+        move    t9,v1
+        dsll    a2,1
+        bgtz    a2,.-4
+        addu    t9,1
+        .set    reorder
+        negu    t1,t9
+        li      t2,-1
+        dsll    t2,t1
+        and     t2,a0
+        dsrl    AT,a1,t1
+        .set    noreorder
+        bnezl   t2,.+8
+        break   6               /* signal overflow */
+        .set    reorder
+        dsll    a0,t9
+        dsll    a1,t9
+        or      a0,AT
+#define QT      ta0
+#define HH      ta1
+#define DH      v1
+.L_bn_div_words_body:
+        dsrl    DH,a2,32
+        sgeu    AT,a0,a2
+        .set    noreorder
+        bnezl   AT,.+8
+        dsubu   a0,a2
+        .set    reorder
+        li      QT,-1
+        dsrl    HH,a0,32
+        dsrl    QT,32   /* q=0xffffffff */
+        beq     DH,HH,.L_bn_div_words_skip_div1
+        ddivu   zero,a0,DH
+        mflo    QT
+.L_bn_div_words_skip_div1:
+        dmultu  a2,QT
+        dsll    t3,a0,32
+        dsrl    AT,a1,32
+        or      t3,AT
+        mflo    t0
+        mfhi    t1
+.L_bn_div_words_inner_loop1:
+        sltu    t2,t3,t0
+        seq     t8,HH,t1
+        sltu    AT,HH,t1
+        and     t2,t8
+        sltu    v0,t0,a2
+        or      AT,t2
+        .set    noreorder
+        beqz    AT,.L_bn_div_words_inner_loop1_done
+        dsubu   t1,v0
+        dsubu   t0,a2
+        b       .L_bn_div_words_inner_loop1
+        dsubu   QT,1
+        .set    reorder
+.L_bn_div_words_inner_loop1_done:
+        dsll    a1,32
+        dsubu   a0,t3,t0
+        dsll    v0,QT,32
+        li      QT,-1
+        dsrl    HH,a0,32
+        dsrl    QT,32   /* q=0xffffffff */
+        beq     DH,HH,.L_bn_div_words_skip_div2
+        ddivu   zero,a0,DH
+        mflo    QT
+.L_bn_div_words_skip_div2:
+#undef  DH
+        dmultu  a2,QT
+        dsll    t3,a0,32
+        dsrl    AT,a1,32
+        or      t3,AT
+        mflo    t0
+        mfhi    t1
+.L_bn_div_words_inner_loop2:
+        sltu    t2,t3,t0
+        seq     t8,HH,t1
+        sltu    AT,HH,t1
+        and     t2,t8
+        sltu    v1,t0,a2
+        or      AT,t2
+        .set    noreorder
+        beqz    AT,.L_bn_div_words_inner_loop2_done
+        dsubu   t1,v1
+        dsubu   t0,a2
+        b       .L_bn_div_words_inner_loop2
+        dsubu   QT,1
+        .set    reorder
+.L_bn_div_words_inner_loop2_done:       
+#undef  HH
+        dsubu   a0,t3,t0
+        or      v0,QT
+        dsrl    v1,a0,t9        /* v1 contains remainder if anybody wants it */
+        dsrl    a2,t9           /* restore a2 */
+        jr      ra
+#undef  QT
+END(bn_div_words)
+#define a_0     t0
+#define a_1     t1
+#define a_2     t2
+#define a_3     t3
+#define b_0     ta0
+#define b_1     ta1
+#define b_2     ta2
+#define b_3     ta3
+#define a_4     s0
+#define a_5     s2
+#define a_6     s4
+#define a_7     a1      /* once we load a[7] we don't need a anymore */
+#define b_4     s1
+#define b_5     s3
+#define b_6     s5
+#define b_7     a2      /* once we load b[7] we don't need b anymore */
+#define t_1     t8
+#define t_2     t9
+#define c_1     v0
+#define c_2     v1
+#define c_3     a3
+#define FRAME_SIZE      48
+.align  5
+LEAF(bn_mul_comba8)
+        .set    noreorder
+        PTR_SUB sp,FRAME_SIZE
+        .frame  sp,64,ra
+        .set    reorder
+        ld      a_0,0(a1)       /* If compiled with -mips3 option on
+                                 * R5000 box assembler barks on this
+                                 * line with "shouldn't have mult/div
+                                 * as last instruction in bb (R10K
+                                 * bug)" warning. If anybody out there
+                                 * has a clue about how to circumvent
+                                 * this do send me a note.
+                                 *              <appro@fy.chalmers.se>
+                                 */
+        ld      b_0,0(a2)
+        ld      a_1,8(a1)
+        ld      a_2,16(a1)
+        ld      a_3,24(a1)
+        ld      b_1,8(a2)
+        ld      b_2,16(a2)
+        ld      b_3,24(a2)
+        dmultu  a_0,b_0         /* mul_add_c(a[0],b[0],c1,c2,c3); */
+        sd      s0,0(sp)
+        sd      s1,8(sp)
+        sd      s2,16(sp)
+        sd      s3,24(sp)
+        sd      s4,32(sp)
+        sd      s5,40(sp)
+        mflo    c_1
+        mfhi    c_2
+        dmultu  a_0,b_1         /* mul_add_c(a[0],b[1],c2,c3,c1); */
+        ld      a_4,32(a1)
+        ld      a_5,40(a1)
+        ld      a_6,48(a1)
+        ld      a_7,56(a1)
+        ld      b_4,32(a2)
+        ld      b_5,40(a2)
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   c_3,t_2,AT
+        dmultu  a_1,b_0         /* mul_add_c(a[1],b[0],c2,c3,c1); */
+        ld      b_6,48(a2)
+        ld      b_7,56(a2)
+        sd      c_1,0(a0)       /* r[0]=c1; */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    c_1,c_3,t_2
+        sd      c_2,8(a0)       /* r[1]=c2; */
+        dmultu  a_2,b_0         /* mul_add_c(a[2],b[0],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        dmultu  a_1,b_1         /* mul_add_c(a[1],b[1],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    c_2,c_1,t_2
+        dmultu  a_0,b_2         /* mul_add_c(a[0],b[2],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        sd      c_3,16(a0)      /* r[2]=c3; */
+        dmultu  a_0,b_3         /* mul_add_c(a[0],b[3],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    c_3,c_2,t_2
+        dmultu  a_1,b_2         /* mul_add_c(a[1],b[2],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_2,b_1         /* mul_add_c(a[2],b[1],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_3,b_0         /* mul_add_c(a[3],b[0],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        sd      c_1,24(a0)      /* r[3]=c1; */
+        dmultu  a_4,b_0         /* mul_add_c(a[4],b[0],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    c_1,c_3,t_2
+        dmultu  a_3,b_1         /* mul_add_c(a[3],b[1],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_2,b_2         /* mul_add_c(a[2],b[2],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_1,b_3         /* mul_add_c(a[1],b[3],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_0,b_4         /* mul_add_c(a[0],b[4],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        sd      c_2,32(a0)      /* r[4]=c2; */
+        dmultu  a_0,b_5         /* mul_add_c(a[0],b[5],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    c_2,c_1,t_2
+        dmultu  a_1,b_4         /* mul_add_c(a[1],b[4],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_2,b_3         /* mul_add_c(a[2],b[3],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_3,b_2         /* mul_add_c(a[3],b[2],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_4,b_1         /* mul_add_c(a[4],b[1],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_5,b_0         /* mul_add_c(a[5],b[0],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        sd      c_3,40(a0)      /* r[5]=c3; */
+        dmultu  a_6,b_0         /* mul_add_c(a[6],b[0],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    c_3,c_2,t_2
+        dmultu  a_5,b_1         /* mul_add_c(a[5],b[1],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_4,b_2         /* mul_add_c(a[4],b[2],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_3,b_3         /* mul_add_c(a[3],b[3],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_2,b_4         /* mul_add_c(a[2],b[4],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_1,b_5         /* mul_add_c(a[1],b[5],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_0,b_6         /* mul_add_c(a[0],b[6],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        sd      c_1,48(a0)      /* r[6]=c1; */
+        dmultu  a_0,b_7         /* mul_add_c(a[0],b[7],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    c_1,c_3,t_2
+        dmultu  a_1,b_6         /* mul_add_c(a[1],b[6],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_2,b_5         /* mul_add_c(a[2],b[5],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_3,b_4         /* mul_add_c(a[3],b[4],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_4,b_3         /* mul_add_c(a[4],b[3],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_5,b_2         /* mul_add_c(a[5],b[2],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_6,b_1         /* mul_add_c(a[6],b[1],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_7,b_0         /* mul_add_c(a[7],b[0],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        sd      c_2,56(a0)      /* r[7]=c2; */
+        dmultu  a_7,b_1         /* mul_add_c(a[7],b[1],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    c_2,c_1,t_2
+        dmultu  a_6,b_2         /* mul_add_c(a[6],b[2],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_5,b_3         /* mul_add_c(a[5],b[3],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_4,b_4         /* mul_add_c(a[4],b[4],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_3,b_5         /* mul_add_c(a[3],b[5],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_2,b_6         /* mul_add_c(a[2],b[6],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_1,b_7         /* mul_add_c(a[1],b[7],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        sd      c_3,64(a0)      /* r[8]=c3; */
+        dmultu  a_2,b_7         /* mul_add_c(a[2],b[7],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    c_3,c_2,t_2
+        dmultu  a_3,b_6         /* mul_add_c(a[3],b[6],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_4,b_5         /* mul_add_c(a[4],b[5],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_5,b_4         /* mul_add_c(a[5],b[4],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_6,b_3         /* mul_add_c(a[6],b[3],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_7,b_2         /* mul_add_c(a[7],b[2],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        sd      c_1,72(a0)      /* r[9]=c1; */
+        dmultu  a_7,b_3         /* mul_add_c(a[7],b[3],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    c_1,c_3,t_2
+        dmultu  a_6,b_4         /* mul_add_c(a[6],b[4],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_5,b_5         /* mul_add_c(a[5],b[5],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_4,b_6         /* mul_add_c(a[4],b[6],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_3,b_7         /* mul_add_c(a[3],b[7],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        sd      c_2,80(a0)      /* r[10]=c2; */
+        dmultu  a_4,b_7         /* mul_add_c(a[4],b[7],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    c_2,c_1,t_2
+        dmultu  a_5,b_6         /* mul_add_c(a[5],b[6],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_6,b_5         /* mul_add_c(a[6],b[5],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_7,b_4         /* mul_add_c(a[7],b[4],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        sd      c_3,88(a0)      /* r[11]=c3; */
+        dmultu  a_7,b_5         /* mul_add_c(a[7],b[5],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    c_3,c_2,t_2
+        dmultu  a_6,b_6         /* mul_add_c(a[6],b[6],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_5,b_7         /* mul_add_c(a[5],b[7],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        sd      c_1,96(a0)      /* r[12]=c1; */
+        dmultu  a_6,b_7         /* mul_add_c(a[6],b[7],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    c_1,c_3,t_2
+        dmultu  a_7,b_6         /* mul_add_c(a[7],b[6],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        sd      c_2,104(a0)     /* r[13]=c2; */
+        dmultu  a_7,b_7         /* mul_add_c(a[7],b[7],c3,c1,c2); */
+        ld      s0,0(sp)
+        ld      s1,8(sp)
+        ld      s2,16(sp)
+        ld      s3,24(sp)
+        ld      s4,32(sp)
+        ld      s5,40(sp)
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sd      c_3,112(a0)     /* r[14]=c3; */
+        sd      c_1,120(a0)     /* r[15]=c1; */
+        PTR_ADD sp,FRAME_SIZE
+        jr      ra
+END(bn_mul_comba8)
+.align  5
+LEAF(bn_mul_comba4)
+        .set    reorder
+        ld      a_0,0(a1)
+        ld      b_0,0(a2)
+        ld      a_1,8(a1)
+        ld      a_2,16(a1)
+        dmultu  a_0,b_0         /* mul_add_c(a[0],b[0],c1,c2,c3); */
+        ld      a_3,24(a1)
+        ld      b_1,8(a2)
+        ld      b_2,16(a2)
+        ld      b_3,24(a2)
+        mflo    c_1
+        mfhi    c_2
+        sd      c_1,0(a0)
+        dmultu  a_0,b_1         /* mul_add_c(a[0],b[1],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   c_3,t_2,AT
+        dmultu  a_1,b_0         /* mul_add_c(a[1],b[0],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    c_1,c_3,t_2
+        sd      c_2,8(a0)
+        dmultu  a_2,b_0         /* mul_add_c(a[2],b[0],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        dmultu  a_1,b_1         /* mul_add_c(a[1],b[1],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    c_2,c_1,t_2
+        dmultu  a_0,b_2         /* mul_add_c(a[0],b[2],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        sd      c_3,16(a0)
+        dmultu  a_0,b_3         /* mul_add_c(a[0],b[3],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    c_3,c_2,t_2
+        dmultu  a_1,b_2         /* mul_add_c(a[1],b[2],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_2,b_1         /* mul_add_c(a[2],b[1],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_3,b_0         /* mul_add_c(a[3],b[0],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        sd      c_1,24(a0)
+        dmultu  a_3,b_1         /* mul_add_c(a[3],b[1],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    c_1,c_3,t_2
+        dmultu  a_2,b_2         /* mul_add_c(a[2],b[2],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_1,b_3         /* mul_add_c(a[1],b[3],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        sd      c_2,32(a0)
+        dmultu  a_2,b_3         /* mul_add_c(a[2],b[3],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    c_2,c_1,t_2
+        dmultu  a_3,b_2         /* mul_add_c(a[3],b[2],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        sd      c_3,40(a0)
+        dmultu  a_3,b_3         /* mul_add_c(a[3],b[3],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sd      c_1,48(a0)
+        sd      c_2,56(a0)
+        jr      ra
+END(bn_mul_comba4)
+#undef  a_4
+#undef  a_5
+#undef  a_6
+#undef  a_7
+#define a_4     b_0
+#define a_5     b_1
+#define a_6     b_2
+#define a_7     b_3
+.align  5
+LEAF(bn_sqr_comba8)
+        .set    reorder
+        ld      a_0,0(a1)
+        ld      a_1,8(a1)
+        ld      a_2,16(a1)
+        ld      a_3,24(a1)
+        dmultu  a_0,a_0         /* mul_add_c(a[0],b[0],c1,c2,c3); */
+        ld      a_4,32(a1)
+        ld      a_5,40(a1)
+        ld      a_6,48(a1)
+        ld      a_7,56(a1)
+        mflo    c_1
+        mfhi    c_2
+        sd      c_1,0(a0)
+        dmultu  a_0,a_1         /* mul_add_c2(a[0],b[1],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_1,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   c_3,t_2,AT
+        sd      c_2,8(a0)
+        dmultu  a_2,a_0         /* mul_add_c2(a[2],b[0],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_2,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_1,a_1         /* mul_add_c(a[1],b[1],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        sd      c_3,16(a0)
+        dmultu  a_0,a_3         /* mul_add_c2(a[0],b[3],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_3,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_1,a_2         /* mul_add_c2(a[1],b[2],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_3,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        sd      c_1,24(a0)
+        dmultu  a_4,a_0         /* mul_add_c2(a[4],b[0],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_1,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_3,a_1         /* mul_add_c2(a[3],b[1],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_1,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_2,a_2         /* mul_add_c(a[2],b[2],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        sd      c_2,32(a0)
+        dmultu  a_0,a_5         /* mul_add_c2(a[0],b[5],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_2,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_1,a_4         /* mul_add_c2(a[1],b[4],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_2,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_2,a_3         /* mul_add_c2(a[2],b[3],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_2,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        sd      c_3,40(a0)
+        dmultu  a_6,a_0         /* mul_add_c2(a[6],b[0],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_3,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_5,a_1         /* mul_add_c2(a[5],b[1],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_3,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_4,a_2         /* mul_add_c2(a[4],b[2],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_3,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_3,a_3         /* mul_add_c(a[3],b[3],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        sd      c_1,48(a0)
+        dmultu  a_0,a_7         /* mul_add_c2(a[0],b[7],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_1,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_1,a_6         /* mul_add_c2(a[1],b[6],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_1,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_2,a_5         /* mul_add_c2(a[2],b[5],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_1,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_3,a_4         /* mul_add_c2(a[3],b[4],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_1,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        sd      c_2,56(a0)
+        dmultu  a_7,a_1         /* mul_add_c2(a[7],b[1],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_2,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_6,a_2         /* mul_add_c2(a[6],b[2],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_2,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_5,a_3         /* mul_add_c2(a[5],b[3],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_2,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_4,a_4         /* mul_add_c(a[4],b[4],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        sd      c_3,64(a0)
+        dmultu  a_2,a_7         /* mul_add_c2(a[2],b[7],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_3,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_3,a_6         /* mul_add_c2(a[3],b[6],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_3,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_4,a_5         /* mul_add_c2(a[4],b[5],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_3,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        sd      c_1,72(a0)
+        dmultu  a_7,a_3         /* mul_add_c2(a[7],b[3],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_1,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_6,a_4         /* mul_add_c2(a[6],b[4],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_1,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_5,a_5         /* mul_add_c(a[5],b[5],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        sd      c_2,80(a0)
+        dmultu  a_4,a_7         /* mul_add_c2(a[4],b[7],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_2,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_5,a_6         /* mul_add_c2(a[5],b[6],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_2,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        sd      c_3,88(a0)
+        dmultu  a_7,a_5         /* mul_add_c2(a[7],b[5],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_3,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_6,a_6         /* mul_add_c(a[6],b[6],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        sd      c_1,96(a0)
+        dmultu  a_6,a_7         /* mul_add_c2(a[6],b[7],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_1,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        sd      c_2,104(a0)
+        dmultu  a_7,a_7         /* mul_add_c(a[7],b[7],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sd      c_3,112(a0)
+        sd      c_1,120(a0)
+        jr      ra
+END(bn_sqr_comba8)
+.align  5
+LEAF(bn_sqr_comba4)
+        .set    reorder
+        ld      a_0,0(a1)
+        ld      a_1,8(a1)
+        ld      a_2,16(a1)
+        ld      a_3,24(a1)
+        dmultu  a_0,a_0         /* mul_add_c(a[0],b[0],c1,c2,c3); */
+        mflo    c_1
+        mfhi    c_2
+        sd      c_1,0(a0)
+        dmultu  a_0,a_1         /* mul_add_c2(a[0],b[1],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_1,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   c_3,t_2,AT
+        sd      c_2,8(a0)
+        dmultu  a_2,a_0         /* mul_add_c2(a[2],b[0],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_2,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        dmultu  a_1,a_1         /* mul_add_c(a[1],b[1],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        sd      c_3,16(a0)
+        dmultu  a_0,a_3         /* mul_add_c2(a[0],b[3],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_3,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        dmultu  a_1,a_2         /* mul_add_c(a2[1],b[2],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        slt     AT,t_2,zero
+        daddu   c_3,AT
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sltu    AT,c_2,t_2
+        daddu   c_3,AT
+        sd      c_1,24(a0)
+        dmultu  a_3,a_1         /* mul_add_c2(a[3],b[1],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_1,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        dmultu  a_2,a_2         /* mul_add_c(a[2],b[2],c2,c3,c1); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_2,t_1
+        sltu    AT,c_2,t_1
+        daddu   t_2,AT
+        daddu   c_3,t_2
+        sltu    AT,c_3,t_2
+        daddu   c_1,AT
+        sd      c_2,32(a0)
+        dmultu  a_2,a_3         /* mul_add_c2(a[2],b[3],c3,c1,c2); */
+        mflo    t_1
+        mfhi    t_2
+        slt     c_2,t_2,zero
+        dsll    t_2,1
+        slt     a2,t_1,zero
+        daddu   t_2,a2
+        dsll    t_1,1
+        daddu   c_3,t_1
+        sltu    AT,c_3,t_1
+        daddu   t_2,AT
+        daddu   c_1,t_2
+        sltu    AT,c_1,t_2
+        daddu   c_2,AT
+        sd      c_3,40(a0)
+        dmultu  a_3,a_3         /* mul_add_c(a[3],b[3],c1,c2,c3); */
+        mflo    t_1
+        mfhi    t_2
+        daddu   c_1,t_1
+        sltu    AT,c_1,t_1
+        daddu   t_2,AT
+        daddu   c_2,t_2
+        sd      c_1,48(a0)
+        sd      c_2,56(a0)
+        jr      ra
+END(bn_sqr_comba4)
diff --git a/src/lib/libcrypto/bn/asm/mo-586.pl b/src/lib/libcrypto/bn/asm/mo-586.pl
new file mode 100644
index 0000000000..0982293094
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/mo-586.pl
@@ -0,0 +1,603 @@
+#!/usr/bin/env perl
+# This is crypto/bn/asm/x86-mont.pl (with asciz from crypto/perlasm/x86asm.pl)
+# from OpenSSL 0.9.9-dev 
+sub ::asciz
+{ my @str=unpack("C*",shift);
+    push @str,0;
+    while ($#str>15) {
+        &data_byte(@str[0..15]);
+        foreach (0..15) { shift @str; }
+    }
+    &data_byte(@str) if (@str);
+}
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. The module is, however, dual licensed under OpenSSL and
+# CRYPTOGAMS licenses depending on where you obtain it. For further
+# details see http://www.openssl.org/~appro/cryptogams/.
+# ====================================================================
+# October 2005
+#
+# This is a "teaser" code, as it can be improved in several ways...
+# First of all non-SSE2 path should be implemented (yes, for now it
+# performs Montgomery multiplication/convolution only on SSE2-capable
+# CPUs such as P4, others fall down to original code). Then inner loop
+# can be unrolled and modulo-scheduled to improve ILP and possibly
+# moved to 128-bit XMM register bank (though it would require input
+# rearrangement and/or increase bus bandwidth utilization). Dedicated
+# squaring procedure should give further performance improvement...
+# Yet, for being draft, the code improves rsa512 *sign* benchmark by
+# 110%(!), rsa1024 one - by 70% and rsa4096 - by 20%:-)
+# December 2006
+#
+# Modulo-scheduling SSE2 loops results in further 15-20% improvement.
+# Integer-only code [being equipped with dedicated squaring procedure]
+# gives ~40% on rsa512 sign benchmark...
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+&asm_init($ARGV[0],$0);
+$sse2=0;
+for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+&external_label("OPENSSL_ia32cap_P") if ($sse2);
+&function_begin("bn_mul_mont");
+$i="edx";
+$j="ecx";
+$ap="esi";      $tp="esi";              # overlapping variables!!!
+$rp="edi";      $bp="edi";              # overlapping variables!!!
+$np="ebp";
+$num="ebx";
+$_num=&DWP(4*0,"esp");                  # stack top layout
+$_rp=&DWP(4*1,"esp");
+$_ap=&DWP(4*2,"esp");
+$_bp=&DWP(4*3,"esp");
+$_np=&DWP(4*4,"esp");
+$_n0=&DWP(4*5,"esp");   $_n0q=&QWP(4*5,"esp");
+$_sp=&DWP(4*6,"esp");
+$_bpend=&DWP(4*7,"esp");
+$frame=32;                              # size of above frame rounded up to 16n
+        &xor    ("eax","eax");
+        &mov    ("edi",&wparam(5));     # int num
+        &cmp    ("edi",4);
+        &jl     (&label("just_leave"));
+        &lea    ("esi",&wparam(0));     # put aside pointer to argument block
+        &lea    ("edx",&wparam(1));     # load ap
+        &mov    ("ebp","esp");          # saved stack pointer!
+        &add    ("edi",2);              # extra two words on top of tp
+        &neg    ("edi");
+        &lea    ("esp",&DWP(-$frame,"esp","edi",4));    # alloca($frame+4*(num+2))
+        &neg    ("edi");
+        # minimize cache contention by arraning 2K window between stack
+        # pointer and ap argument [np is also position sensitive vector,
+        # but it's assumed to be near ap, as it's allocated at ~same
+        # time].
+        &mov    ("eax","esp");
+        &sub    ("eax","edx");
+        &and    ("eax",2047);
+        &sub    ("esp","eax");          # this aligns sp and ap modulo 2048
+        &xor    ("edx","esp");
+        &and    ("edx",2048);
+        &xor    ("edx",2048);
+        &sub    ("esp","edx");          # this splits them apart modulo 4096
+        &and    ("esp",-64);            # align to cache line
+        ################################# load argument block...
+        &mov    ("eax",&DWP(0*4,"esi"));# BN_ULONG *rp
+        &mov    ("ebx",&DWP(1*4,"esi"));# const BN_ULONG *ap
+        &mov    ("ecx",&DWP(2*4,"esi"));# const BN_ULONG *bp
+        &mov    ("edx",&DWP(3*4,"esi"));# const BN_ULONG *np
+        &mov    ("esi",&DWP(4*4,"esi"));# const BN_ULONG *n0
+        #&mov   ("edi",&DWP(5*4,"esi"));# int num
+        &mov    ("esi",&DWP(0,"esi"));  # pull n0[0]
+        &mov    ($_rp,"eax");           # ... save a copy of argument block
+        &mov    ($_ap,"ebx");
+        &mov    ($_bp,"ecx");
+        &mov    ($_np,"edx");
+        &mov    ($_n0,"esi");
+        &lea    ($num,&DWP(-3,"edi"));  # num=num-1 to assist modulo-scheduling
+        #&mov   ($_num,$num);           # redundant as $num is not reused
+        &mov    ($_sp,"ebp");           # saved stack pointer!
+if($sse2) {
+$acc0="mm0";    # mmx register bank layout
+$acc1="mm1";
+$car0="mm2";
+$car1="mm3";
+$mul0="mm4";
+$mul1="mm5";
+$temp="mm6";
+$mask="mm7";
+        &picmeup("eax","OPENSSL_ia32cap_P");
+        &bt     (&DWP(0,"eax"),26);
+        &jnc    (&label("non_sse2"));
+        &mov    ("eax",-1);
+        &movd   ($mask,"eax");          # mask 32 lower bits
+        &mov    ($ap,$_ap);             # load input pointers
+        &mov    ($bp,$_bp);
+        &mov    ($np,$_np);
+        &xor    ($i,$i);                # i=0
+        &xor    ($j,$j);                # j=0
+        &movd   ($mul0,&DWP(0,$bp));            # bp[0]
+        &movd   ($mul1,&DWP(0,$ap));            # ap[0]
+        &movd   ($car1,&DWP(0,$np));            # np[0]
+        &pmuludq($mul1,$mul0);                  # ap[0]*bp[0]
+        &movq   ($car0,$mul1);
+        &movq   ($acc0,$mul1);                  # I wish movd worked for
+        &pand   ($acc0,$mask);                  # inter-register transfers
+        &pmuludq($mul1,$_n0q);                  # *=n0
+        &pmuludq($car1,$mul1);                  # "t[0]"*np[0]*n0
+        &paddq  ($car1,$acc0);
+        &movd   ($acc1,&DWP(4,$np));            # np[1]
+        &movd   ($acc0,&DWP(4,$ap));            # ap[1]
+        &psrlq  ($car0,32);
+        &psrlq  ($car1,32);
+        &inc    ($j);                           # j++
+&set_label("1st",16);
+        &pmuludq($acc0,$mul0);                  # ap[j]*bp[0]
+        &pmuludq($acc1,$mul1);                  # np[j]*m1
+        &paddq  ($car0,$acc0);                  # +=c0
+        &paddq  ($car1,$acc1);                  # +=c1
+        &movq   ($acc0,$car0);
+        &pand   ($acc0,$mask);
+        &movd   ($acc1,&DWP(4,$np,$j,4));       # np[j+1]
+        &paddq  ($car1,$acc0);                  # +=ap[j]*bp[0];
+        &movd   ($acc0,&DWP(4,$ap,$j,4));       # ap[j+1]
+        &psrlq  ($car0,32);
+        &movd   (&DWP($frame-4,"esp",$j,4),$car1);      # tp[j-1]=
+        &psrlq  ($car1,32);
+        &lea    ($j,&DWP(1,$j));
+        &cmp    ($j,$num);
+        &jl     (&label("1st"));
+        &pmuludq($acc0,$mul0);                  # ap[num-1]*bp[0]
+        &pmuludq($acc1,$mul1);                  # np[num-1]*m1
+        &paddq  ($car0,$acc0);                  # +=c0
+        &paddq  ($car1,$acc1);                  # +=c1
+        &movq   ($acc0,$car0);
+        &pand   ($acc0,$mask);
+        &paddq  ($car1,$acc0);                  # +=ap[num-1]*bp[0];
+        &movd   (&DWP($frame-4,"esp",$j,4),$car1);      # tp[num-2]=
+        &psrlq  ($car0,32);
+        &psrlq  ($car1,32);
+        &paddq  ($car1,$car0);
+        &movq   (&QWP($frame,"esp",$num,4),$car1);      # tp[num].tp[num-1]
+        &inc    ($i);                           # i++
+&set_label("outer");
+        &xor    ($j,$j);                        # j=0
+        &movd   ($mul0,&DWP(0,$bp,$i,4));       # bp[i]
+        &movd   ($mul1,&DWP(0,$ap));            # ap[0]
+        &movd   ($temp,&DWP($frame,"esp"));     # tp[0]
+        &movd   ($car1,&DWP(0,$np));            # np[0]
+        &pmuludq($mul1,$mul0);                  # ap[0]*bp[i]
+        &paddq  ($mul1,$temp);                  # +=tp[0]
+        &movq   ($acc0,$mul1);
+        &movq   ($car0,$mul1);
+        &pand   ($acc0,$mask);
+        &pmuludq($mul1,$_n0q);                  # *=n0
+        &pmuludq($car1,$mul1);
+        &paddq  ($car1,$acc0);
+        &movd   ($temp,&DWP($frame+4,"esp"));   # tp[1]
+        &movd   ($acc1,&DWP(4,$np));            # np[1]
+        &movd   ($acc0,&DWP(4,$ap));            # ap[1]
+        &psrlq  ($car0,32);
+        &psrlq  ($car1,32);
+        &paddq  ($car0,$temp);                  # +=tp[1]
+        &inc    ($j);                           # j++
+        &dec    ($num);
+&set_label("inner");
+        &pmuludq($acc0,$mul0);                  # ap[j]*bp[i]
+        &pmuludq($acc1,$mul1);                  # np[j]*m1
+        &paddq  ($car0,$acc0);                  # +=c0
+        &paddq  ($car1,$acc1);                  # +=c1
+        &movq   ($acc0,$car0);
+        &movd   ($temp,&DWP($frame+4,"esp",$j,4));# tp[j+1]
+        &pand   ($acc0,$mask);
+        &movd   ($acc1,&DWP(4,$np,$j,4));       # np[j+1]
+        &paddq  ($car1,$acc0);                  # +=ap[j]*bp[i]+tp[j]
+        &movd   ($acc0,&DWP(4,$ap,$j,4));       # ap[j+1]
+        &psrlq  ($car0,32);
+        &movd   (&DWP($frame-4,"esp",$j,4),$car1);# tp[j-1]=
+        &psrlq  ($car1,32);
+        &paddq  ($car0,$temp);                  # +=tp[j+1]
+        &dec    ($num);
+        &lea    ($j,&DWP(1,$j));                # j++
+        &jnz    (&label("inner"));
+        &mov    ($num,$j);
+        &pmuludq($acc0,$mul0);                  # ap[num-1]*bp[i]
+        &pmuludq($acc1,$mul1);                  # np[num-1]*m1
+        &paddq  ($car0,$acc0);                  # +=c0
+        &paddq  ($car1,$acc1);                  # +=c1
+        &movq   ($acc0,$car0);
+        &pand   ($acc0,$mask);
+        &paddq  ($car1,$acc0);                  # +=ap[num-1]*bp[i]+tp[num-1]
+        &movd   (&DWP($frame-4,"esp",$j,4),$car1);      # tp[num-2]=
+        &psrlq  ($car0,32);
+        &psrlq  ($car1,32);
+        &movd   ($temp,&DWP($frame+4,"esp",$num,4));    # += tp[num]
+        &paddq  ($car1,$car0);
+        &paddq  ($car1,$temp);
+        &movq   (&QWP($frame,"esp",$num,4),$car1);      # tp[num].tp[num-1]
+        &lea    ($i,&DWP(1,$i));                # i++
+        &cmp    ($i,$num);
+        &jle    (&label("outer"));
+        &emms   ();                             # done with mmx bank
+        &jmp    (&label("common_tail"));
+&set_label("non_sse2",16);
+}
+if (0) {
+        &mov    ("esp",$_sp);
+        &xor    ("eax","eax");  # signal "not fast enough [yet]"
+        &jmp    (&label("just_leave"));
+        # While the below code provides competitive performance for
+        # all key lengthes on modern Intel cores, it's still more
+        # than 10% slower for 4096-bit key elsewhere:-( "Competitive"
+        # means compared to the original integer-only assembler.
+        # 512-bit RSA sign is better by ~40%, but that's about all
+        # one can say about all CPUs...
+} else {
+$inp="esi";     # integer path uses these registers differently
+$word="edi";
+$carry="ebp";
+        &mov    ($inp,$_ap);
+        &lea    ($carry,&DWP(1,$num));
+        &mov    ($word,$_bp);
+        &xor    ($j,$j);                                # j=0
+        &mov    ("edx",$inp);
+        &and    ($carry,1);                             # see if num is even
+        &sub    ("edx",$word);                          # see if ap==bp
+        &lea    ("eax",&DWP(4,$word,$num,4));           # &bp[num]
+        &or     ($carry,"edx");
+        &mov    ($word,&DWP(0,$word));                  # bp[0]
+        &jz     (&label("bn_sqr_mont"));
+        &mov    ($_bpend,"eax");
+        &mov    ("eax",&DWP(0,$inp));
+        &xor    ("edx","edx");
+&set_label("mull",16);
+        &mov    ($carry,"edx");
+        &mul    ($word);                                # ap[j]*bp[0]
+        &add    ($carry,"eax");
+        &lea    ($j,&DWP(1,$j));
+        &adc    ("edx",0);
+        &mov    ("eax",&DWP(0,$inp,$j,4));              # ap[j+1]
+        &cmp    ($j,$num);
+        &mov    (&DWP($frame-4,"esp",$j,4),$carry);     # tp[j]=
+        &jl     (&label("mull"));
+        &mov    ($carry,"edx");
+        &mul    ($word);                                # ap[num-1]*bp[0]
+         &mov   ($word,$_n0);
+        &add    ("eax",$carry);
+         &mov   ($inp,$_np);
+        &adc    ("edx",0);
+         &imul  ($word,&DWP($frame,"esp"));             # n0*tp[0]
+        &mov    (&DWP($frame,"esp",$num,4),"eax");      # tp[num-1]=
+        &xor    ($j,$j);
+        &mov    (&DWP($frame+4,"esp",$num,4),"edx");    # tp[num]=
+        &mov    (&DWP($frame+8,"esp",$num,4),$j);       # tp[num+1]=
+        &mov    ("eax",&DWP(0,$inp));                   # np[0]
+        &mul    ($word);                                # np[0]*m
+        &add    ("eax",&DWP($frame,"esp"));             # +=tp[0]
+        &mov    ("eax",&DWP(4,$inp));                   # np[1]
+        &adc    ("edx",0);
+        &inc    ($j);
+        &jmp    (&label("2ndmadd"));
+&set_label("1stmadd",16);
+        &mov    ($carry,"edx");
+        &mul    ($word);                                # ap[j]*bp[i]
+        &add    ($carry,&DWP($frame,"esp",$j,4));       # +=tp[j]
+        &lea    ($j,&DWP(1,$j));
+        &adc    ("edx",0);
+        &add    ($carry,"eax");
+        &mov    ("eax",&DWP(0,$inp,$j,4));              # ap[j+1]
+        &adc    ("edx",0);
+        &cmp    ($j,$num);
+        &mov    (&DWP($frame-4,"esp",$j,4),$carry);     # tp[j]=
+        &jl     (&label("1stmadd"));
+        &mov    ($carry,"edx");
+        &mul    ($word);                                # ap[num-1]*bp[i]
+        &add    ("eax",&DWP($frame,"esp",$num,4));      # +=tp[num-1]
+         &mov   ($word,$_n0);
+        &adc    ("edx",0);
+         &mov   ($inp,$_np);
+        &add    ($carry,"eax");
+        &adc    ("edx",0);
+         &imul  ($word,&DWP($frame,"esp"));             # n0*tp[0]
+        &xor    ($j,$j);
+        &add    ("edx",&DWP($frame+4,"esp",$num,4));    # carry+=tp[num]
+        &mov    (&DWP($frame,"esp",$num,4),$carry);     # tp[num-1]=
+        &adc    ($j,0);
+         &mov   ("eax",&DWP(0,$inp));                   # np[0]
+        &mov    (&DWP($frame+4,"esp",$num,4),"edx");    # tp[num]=
+        &mov    (&DWP($frame+8,"esp",$num,4),$j);       # tp[num+1]=
+        &mul    ($word);                                # np[0]*m
+        &add    ("eax",&DWP($frame,"esp"));             # +=tp[0]
+        &mov    ("eax",&DWP(4,$inp));                   # np[1]
+        &adc    ("edx",0);
+        &mov    ($j,1);
+&set_label("2ndmadd",16);
+        &mov    ($carry,"edx");
+        &mul    ($word);                                # np[j]*m
+        &add    ($carry,&DWP($frame,"esp",$j,4));       # +=tp[j]
+        &lea    ($j,&DWP(1,$j));
+        &adc    ("edx",0);
+        &add    ($carry,"eax");
+        &mov    ("eax",&DWP(0,$inp,$j,4));              # np[j+1]
+        &adc    ("edx",0);
+        &cmp    ($j,$num);
+        &mov    (&DWP($frame-8,"esp",$j,4),$carry);     # tp[j-1]=
+        &jl     (&label("2ndmadd"));
+        &mov    ($carry,"edx");
+        &mul    ($word);                                # np[j]*m
+        &add    ($carry,&DWP($frame,"esp",$num,4));     # +=tp[num-1]
+        &adc    ("edx",0);
+        &add    ($carry,"eax");
+        &adc    ("edx",0);
+        &mov    (&DWP($frame-4,"esp",$num,4),$carry);   # tp[num-2]=
+        &xor    ("eax","eax");
+         &mov   ($j,$_bp);                              # &bp[i]
+        &add    ("edx",&DWP($frame+4,"esp",$num,4));    # carry+=tp[num]
+        &adc    ("eax",&DWP($frame+8,"esp",$num,4));    # +=tp[num+1]
+         &lea   ($j,&DWP(4,$j));
+        &mov    (&DWP($frame,"esp",$num,4),"edx");      # tp[num-1]=
+         &cmp   ($j,$_bpend);
+        &mov    (&DWP($frame+4,"esp",$num,4),"eax");    # tp[num]=
+        &je     (&label("common_tail"));
+        &mov    ($word,&DWP(0,$j));                     # bp[i+1]
+        &mov    ($inp,$_ap);
+        &mov    ($_bp,$j);                              # &bp[++i]
+        &xor    ($j,$j);
+        &xor    ("edx","edx");
+        &mov    ("eax",&DWP(0,$inp));
+        &jmp    (&label("1stmadd"));
+&set_label("bn_sqr_mont",16);
+$sbit=$num;
+        &mov    ($_num,$num);
+        &mov    ($_bp,$j);                              # i=0
+        &mov    ("eax",$word);                          # ap[0]
+        &mul    ($word);                                # ap[0]*ap[0]
+        &mov    (&DWP($frame,"esp"),"eax");             # tp[0]=
+        &mov    ($sbit,"edx");
+        &shr    ("edx",1);
+        &and    ($sbit,1);
+        &inc    ($j);
+&set_label("sqr",16);
+        &mov    ("eax",&DWP(0,$inp,$j,4));              # ap[j]
+        &mov    ($carry,"edx");
+        &mul    ($word);                                # ap[j]*ap[0]
+        &add    ("eax",$carry);
+        &lea    ($j,&DWP(1,$j));
+        &adc    ("edx",0);
+        &lea    ($carry,&DWP(0,$sbit,"eax",2));
+        &shr    ("eax",31);
+        &cmp    ($j,$_num);
+        &mov    ($sbit,"eax");
+        &mov    (&DWP($frame-4,"esp",$j,4),$carry);     # tp[j]=
+        &jl     (&label("sqr"));
+        &mov    ("eax",&DWP(0,$inp,$j,4));              # ap[num-1]
+        &mov    ($carry,"edx");
+        &mul    ($word);                                # ap[num-1]*ap[0]
+        &add    ("eax",$carry);
+         &mov   ($word,$_n0);
+        &adc    ("edx",0);
+         &mov   ($inp,$_np);
+        &lea    ($carry,&DWP(0,$sbit,"eax",2));
+         &imul  ($word,&DWP($frame,"esp"));             # n0*tp[0]
+        &shr    ("eax",31);
+        &mov    (&DWP($frame,"esp",$j,4),$carry);       # tp[num-1]=
+        &lea    ($carry,&DWP(0,"eax","edx",2));
+         &mov   ("eax",&DWP(0,$inp));                   # np[0]
+        &shr    ("edx",31);
+        &mov    (&DWP($frame+4,"esp",$j,4),$carry);     # tp[num]=
+        &mov    (&DWP($frame+8,"esp",$j,4),"edx");      # tp[num+1]=
+        &mul    ($word);                                # np[0]*m
+        &add    ("eax",&DWP($frame,"esp"));             # +=tp[0]
+        &mov    ($num,$j);
+        &adc    ("edx",0);
+        &mov    ("eax",&DWP(4,$inp));                   # np[1]
+        &mov    ($j,1);
+&set_label("3rdmadd",16);
+        &mov    ($carry,"edx");
+        &mul    ($word);                                # np[j]*m
+        &add    ($carry,&DWP($frame,"esp",$j,4));       # +=tp[j]
+        &adc    ("edx",0);
+        &add    ($carry,"eax");
+        &mov    ("eax",&DWP(4,$inp,$j,4));              # np[j+1]
+        &adc    ("edx",0);
+        &mov    (&DWP($frame-4,"esp",$j,4),$carry);     # tp[j-1]=
+        &mov    ($carry,"edx");
+        &mul    ($word);                                # np[j+1]*m
+        &add    ($carry,&DWP($frame+4,"esp",$j,4));     # +=tp[j+1]
+        &lea    ($j,&DWP(2,$j));
+        &adc    ("edx",0);
+        &add    ($carry,"eax");
+        &mov    ("eax",&DWP(0,$inp,$j,4));              # np[j+2]
+        &adc    ("edx",0);
+        &cmp    ($j,$num);
+        &mov    (&DWP($frame-8,"esp",$j,4),$carry);     # tp[j]=
+        &jl     (&label("3rdmadd"));
+        &mov    ($carry,"edx");
+        &mul    ($word);                                # np[j]*m
+        &add    ($carry,&DWP($frame,"esp",$num,4));     # +=tp[num-1]
+        &adc    ("edx",0);
+        &add    ($carry,"eax");
+        &adc    ("edx",0);
+        &mov    (&DWP($frame-4,"esp",$num,4),$carry);   # tp[num-2]=
+        &mov    ($j,$_bp);                              # i
+        &xor    ("eax","eax");
+        &mov    ($inp,$_ap);
+        &add    ("edx",&DWP($frame+4,"esp",$num,4));    # carry+=tp[num]
+        &adc    ("eax",&DWP($frame+8,"esp",$num,4));    # +=tp[num+1]
+        &mov    (&DWP($frame,"esp",$num,4),"edx");      # tp[num-1]=
+        &cmp    ($j,$num);
+        &mov    (&DWP($frame+4,"esp",$num,4),"eax");    # tp[num]=
+        &je     (&label("common_tail"));
+        &mov    ($word,&DWP(4,$inp,$j,4));              # ap[i]
+        &lea    ($j,&DWP(1,$j));
+        &mov    ("eax",$word);
+        &mov    ($_bp,$j);                              # ++i
+        &mul    ($word);                                # ap[i]*ap[i]
+        &add    ("eax",&DWP($frame,"esp",$j,4));        # +=tp[i]
+        &adc    ("edx",0);
+        &mov    (&DWP($frame,"esp",$j,4),"eax");        # tp[i]=
+        &xor    ($carry,$carry);
+        &cmp    ($j,$num);
+        &lea    ($j,&DWP(1,$j));
+        &je     (&label("sqrlast"));
+        &mov    ($sbit,"edx");                          # zaps $num
+        &shr    ("edx",1);
+        &and    ($sbit,1);
+&set_label("sqradd",16);
+        &mov    ("eax",&DWP(0,$inp,$j,4));              # ap[j]
+        &mov    ($carry,"edx");
+        &mul    ($word);                                # ap[j]*ap[i]
+        &add    ("eax",$carry);
+        &lea    ($carry,&DWP(0,"eax","eax"));
+        &adc    ("edx",0);
+        &shr    ("eax",31);
+        &add    ($carry,&DWP($frame,"esp",$j,4));       # +=tp[j]
+        &lea    ($j,&DWP(1,$j));
+        &adc    ("eax",0);
+        &add    ($carry,$sbit);
+        &adc    ("eax",0);
+        &cmp    ($j,$_num);
+        &mov    (&DWP($frame-4,"esp",$j,4),$carry);     # tp[j]=
+        &mov    ($sbit,"eax");
+        &jle    (&label("sqradd"));
+        &mov    ($carry,"edx");
+        &lea    ("edx",&DWP(0,$sbit,"edx",2));
+        &shr    ($carry,31);
+&set_label("sqrlast");
+        &mov    ($word,$_n0);
+        &mov    ($inp,$_np);
+        &imul   ($word,&DWP($frame,"esp"));             # n0*tp[0]
+        &add    ("edx",&DWP($frame,"esp",$j,4));        # +=tp[num]
+        &mov    ("eax",&DWP(0,$inp));                   # np[0]
+        &adc    ($carry,0);
+        &mov    (&DWP($frame,"esp",$j,4),"edx");        # tp[num]=
+        &mov    (&DWP($frame+4,"esp",$j,4),$carry);     # tp[num+1]=
+        &mul    ($word);                                # np[0]*m
+        &add    ("eax",&DWP($frame,"esp"));             # +=tp[0]
+        &lea    ($num,&DWP(-1,$j));
+        &adc    ("edx",0);
+        &mov    ($j,1);
+        &mov    ("eax",&DWP(4,$inp));                   # np[1]
+        &jmp    (&label("3rdmadd"));
+}
+&set_label("common_tail",16);
+        &mov    ($np,$_np);                     # load modulus pointer
+        &mov    ($rp,$_rp);                     # load result pointer
+        &lea    ($tp,&DWP($frame,"esp"));       # [$ap and $bp are zapped]
+        &mov    ("eax",&DWP(0,$tp));            # tp[0]
+        &mov    ($j,$num);                      # j=num-1
+        &xor    ($i,$i);                        # i=0 and clear CF!
+&set_label("sub",16);
+        &sbb    ("eax",&DWP(0,$np,$i,4));
+        &mov    (&DWP(0,$rp,$i,4),"eax");       # rp[i]=tp[i]-np[i]
+        &dec    ($j);                           # doesn't affect CF!
+        &mov    ("eax",&DWP(4,$tp,$i,4));       # tp[i+1]
+        &lea    ($i,&DWP(1,$i));                # i++
+        &jge    (&label("sub"));
+        &sbb    ("eax",0);                      # handle upmost overflow bit
+        &and    ($tp,"eax");
+        &not    ("eax");
+        &mov    ($np,$rp);
+        &and    ($np,"eax");
+        &or     ($tp,$np);                      # tp=carry?tp:rp
+&set_label("copy",16);                          # copy or in-place refresh
+        &mov    ("eax",&DWP(0,$tp,$num,4));
+        &mov    (&DWP(0,$rp,$num,4),"eax");     # rp[i]=tp[i]
+        &mov    (&DWP($frame,"esp",$num,4),$j); # zap temporary vector
+        &dec    ($num);
+        &jge    (&label("copy"));
+        &mov    ("esp",$_sp);           # pull saved stack pointer
+        &mov    ("eax",1);
+&set_label("just_leave");
+&function_end("bn_mul_mont");
+&asciz("Montgomery Multiplication for x86, CRYPTOGAMS by <appro\@openssl.org>");
+&asm_finish();
diff --git a/src/lib/libcrypto/bn/asm/pa-risc.s b/src/lib/libcrypto/bn/asm/pa-risc.s
new file mode 100644
index 0000000000..775130a191
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/pa-risc.s
@@ -0,0 +1,710 @@
+        .SPACE $PRIVATE$
+        .SUBSPA $DATA$,QUAD=1,ALIGN=8,ACCESS=31
+        .SUBSPA $BSS$,QUAD=1,ALIGN=8,ACCESS=31,ZERO,SORT=82
+        .SPACE $TEXT$
+        .SUBSPA $LIT$,QUAD=0,ALIGN=8,ACCESS=44
+        .SUBSPA $CODE$,QUAD=0,ALIGN=8,ACCESS=44,CODE_ONLY
+        .IMPORT $global$,DATA
+        .IMPORT $$dyncall,MILLICODE
+; gcc_compiled.:
+        .SPACE $TEXT$
+        .SUBSPA $CODE$
+        .align 4
+        .EXPORT bn_mul_add_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR
+bn_mul_add_words
+        .PROC
+        .CALLINFO FRAME=0,CALLS,SAVE_RP
+        .ENTRY
+        stw %r2,-20(0,%r30)
+        ldi 0,%r28
+        extru %r23,31,16,%r2
+        stw %r2,-16(0,%r30)
+        extru %r23,15,16,%r23
+        ldil L'65536,%r31
+        fldws -16(0,%r30),%fr11R
+        stw %r23,-16(0,%r30)
+        ldo 12(%r25),%r29
+        ldo 12(%r26),%r23
+        fldws -16(0,%r30),%fr11L
+L$0002
+        ldw 0(0,%r25),%r19
+        extru %r19,31,16,%r20
+        stw %r20,-16(0,%r30)
+        extru %r19,15,16,%r19
+        fldws -16(0,%r30),%fr22L
+        stw %r19,-16(0,%r30)
+        xmpyu %fr22L,%fr11R,%fr8
+        fldws -16(0,%r30),%fr22L
+        fstws %fr8R,-16(0,%r30)
+        xmpyu %fr11R,%fr22L,%fr10
+        ldw -16(0,%r30),%r2
+        stw %r20,-16(0,%r30)
+        xmpyu %fr22L,%fr11L,%fr9
+        fldws -16(0,%r30),%fr22L
+        fstws %fr10R,-16(0,%r30)
+        copy %r2,%r22
+        ldw -16(0,%r30),%r2
+        fstws %fr9R,-16(0,%r30)
+        xmpyu %fr11L,%fr22L,%fr8
+        copy %r2,%r19
+        ldw -16(0,%r30),%r2
+        fstws %fr8R,-16(0,%r30)
+        copy %r2,%r20
+        ldw -16(0,%r30),%r2
+        addl %r2,%r19,%r21
+        comclr,<<= %r19,%r21,0
+        addl %r20,%r31,%r20
+L$0005
+        extru %r21,15,16,%r19
+        addl %r20,%r19,%r20
+        zdep %r21,15,16,%r19
+        addl %r22,%r19,%r22
+        comclr,<<= %r19,%r22,0
+        addi,tr 1,%r20,%r19
+        copy %r20,%r19
+        addl %r22,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi 1,%r19,%r19
+        ldw 0(0,%r26),%r28
+        addl %r20,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi,tr 1,%r19,%r28
+        copy %r19,%r28
+        addib,= -1,%r24,L$0003
+        stw %r20,0(0,%r26)
+        ldw -8(0,%r29),%r19
+        extru %r19,31,16,%r20
+        stw %r20,-16(0,%r30)
+        extru %r19,15,16,%r19
+        fldws -16(0,%r30),%fr22L
+        stw %r19,-16(0,%r30)
+        xmpyu %fr22L,%fr11R,%fr8
+        fldws -16(0,%r30),%fr22L
+        fstws %fr8R,-16(0,%r30)
+        xmpyu %fr11R,%fr22L,%fr10
+        ldw -16(0,%r30),%r2
+        stw %r20,-16(0,%r30)
+        xmpyu %fr22L,%fr11L,%fr9
+        fldws -16(0,%r30),%fr22L
+        fstws %fr10R,-16(0,%r30)
+        copy %r2,%r22
+        ldw -16(0,%r30),%r2
+        fstws %fr9R,-16(0,%r30)
+        xmpyu %fr11L,%fr22L,%fr8
+        copy %r2,%r19
+        ldw -16(0,%r30),%r2
+        fstws %fr8R,-16(0,%r30)
+        copy %r2,%r20
+        ldw -16(0,%r30),%r2
+        addl %r2,%r19,%r21
+        comclr,<<= %r19,%r21,0
+        addl %r20,%r31,%r20
+L$0010
+        extru %r21,15,16,%r19
+        addl %r20,%r19,%r20
+        zdep %r21,15,16,%r19
+        addl %r22,%r19,%r22
+        comclr,<<= %r19,%r22,0
+        addi,tr 1,%r20,%r19
+        copy %r20,%r19
+        addl %r22,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi 1,%r19,%r19
+        ldw -8(0,%r23),%r28
+        addl %r20,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi,tr 1,%r19,%r28
+        copy %r19,%r28
+        addib,= -1,%r24,L$0003
+        stw %r20,-8(0,%r23)
+        ldw -4(0,%r29),%r19
+        extru %r19,31,16,%r20
+        stw %r20,-16(0,%r30)
+        extru %r19,15,16,%r19
+        fldws -16(0,%r30),%fr22L
+        stw %r19,-16(0,%r30)
+        xmpyu %fr22L,%fr11R,%fr8
+        fldws -16(0,%r30),%fr22L
+        fstws %fr8R,-16(0,%r30)
+        xmpyu %fr11R,%fr22L,%fr10
+        ldw -16(0,%r30),%r2
+        stw %r20,-16(0,%r30)
+        xmpyu %fr22L,%fr11L,%fr9
+        fldws -16(0,%r30),%fr22L
+        fstws %fr10R,-16(0,%r30)
+        copy %r2,%r22
+        ldw -16(0,%r30),%r2
+        fstws %fr9R,-16(0,%r30)
+        xmpyu %fr11L,%fr22L,%fr8
+        copy %r2,%r19
+        ldw -16(0,%r30),%r2
+        fstws %fr8R,-16(0,%r30)
+        copy %r2,%r20
+        ldw -16(0,%r30),%r2
+        addl %r2,%r19,%r21
+        comclr,<<= %r19,%r21,0
+        addl %r20,%r31,%r20
+L$0015
+        extru %r21,15,16,%r19
+        addl %r20,%r19,%r20
+        zdep %r21,15,16,%r19
+        addl %r22,%r19,%r22
+        comclr,<<= %r19,%r22,0
+        addi,tr 1,%r20,%r19
+        copy %r20,%r19
+        addl %r22,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi 1,%r19,%r19
+        ldw -4(0,%r23),%r28
+        addl %r20,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi,tr 1,%r19,%r28
+        copy %r19,%r28
+        addib,= -1,%r24,L$0003
+        stw %r20,-4(0,%r23)
+        ldw 0(0,%r29),%r19
+        extru %r19,31,16,%r20
+        stw %r20,-16(0,%r30)
+        extru %r19,15,16,%r19
+        fldws -16(0,%r30),%fr22L
+        stw %r19,-16(0,%r30)
+        xmpyu %fr22L,%fr11R,%fr8
+        fldws -16(0,%r30),%fr22L
+        fstws %fr8R,-16(0,%r30)
+        xmpyu %fr11R,%fr22L,%fr10
+        ldw -16(0,%r30),%r2
+        stw %r20,-16(0,%r30)
+        xmpyu %fr22L,%fr11L,%fr9
+        fldws -16(0,%r30),%fr22L
+        fstws %fr10R,-16(0,%r30)
+        copy %r2,%r22
+        ldw -16(0,%r30),%r2
+        fstws %fr9R,-16(0,%r30)
+        xmpyu %fr11L,%fr22L,%fr8
+        copy %r2,%r19
+        ldw -16(0,%r30),%r2
+        fstws %fr8R,-16(0,%r30)
+        copy %r2,%r20
+        ldw -16(0,%r30),%r2
+        addl %r2,%r19,%r21
+        comclr,<<= %r19,%r21,0
+        addl %r20,%r31,%r20
+L$0020
+        extru %r21,15,16,%r19
+        addl %r20,%r19,%r20
+        zdep %r21,15,16,%r19
+        addl %r22,%r19,%r22
+        comclr,<<= %r19,%r22,0
+        addi,tr 1,%r20,%r19
+        copy %r20,%r19
+        addl %r22,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi 1,%r19,%r19
+        ldw 0(0,%r23),%r28
+        addl %r20,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi,tr 1,%r19,%r28
+        copy %r19,%r28
+        addib,= -1,%r24,L$0003
+        stw %r20,0(0,%r23)
+        ldo 16(%r29),%r29
+        ldo 16(%r25),%r25
+        ldo 16(%r23),%r23
+        bl L$0002,0
+        ldo 16(%r26),%r26
+L$0003
+        ldw -20(0,%r30),%r2
+        bv,n 0(%r2)
+        .EXIT
+        .PROCEND
+        .align 4
+        .EXPORT bn_mul_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR
+bn_mul_words
+        .PROC
+        .CALLINFO FRAME=0,CALLS,SAVE_RP
+        .ENTRY
+        stw %r2,-20(0,%r30)
+        ldi 0,%r28
+        extru %r23,31,16,%r2
+        stw %r2,-16(0,%r30)
+        extru %r23,15,16,%r23
+        ldil L'65536,%r31
+        fldws -16(0,%r30),%fr11R
+        stw %r23,-16(0,%r30)
+        ldo 12(%r26),%r29
+        ldo 12(%r25),%r23
+        fldws -16(0,%r30),%fr11L
+L$0026
+        ldw 0(0,%r25),%r19
+        extru %r19,31,16,%r20
+        stw %r20,-16(0,%r30)
+        extru %r19,15,16,%r19
+        fldws -16(0,%r30),%fr22L
+        stw %r19,-16(0,%r30)
+        xmpyu %fr22L,%fr11R,%fr8
+        fldws -16(0,%r30),%fr22L
+        fstws %fr8R,-16(0,%r30)
+        xmpyu %fr11R,%fr22L,%fr10
+        ldw -16(0,%r30),%r2
+        stw %r20,-16(0,%r30)
+        xmpyu %fr22L,%fr11L,%fr9
+        fldws -16(0,%r30),%fr22L
+        fstws %fr10R,-16(0,%r30)
+        copy %r2,%r22
+        ldw -16(0,%r30),%r2
+        fstws %fr9R,-16(0,%r30)
+        xmpyu %fr11L,%fr22L,%fr8
+        copy %r2,%r19
+        ldw -16(0,%r30),%r2
+        fstws %fr8R,-16(0,%r30)
+        copy %r2,%r20
+        ldw -16(0,%r30),%r2
+        addl %r2,%r19,%r21
+        comclr,<<= %r19,%r21,0
+        addl %r20,%r31,%r20
+L$0029
+        extru %r21,15,16,%r19
+        addl %r20,%r19,%r20
+        zdep %r21,15,16,%r19
+        addl %r22,%r19,%r22
+        comclr,<<= %r19,%r22,0
+        addi,tr 1,%r20,%r19
+        copy %r20,%r19
+        addl %r22,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi,tr 1,%r19,%r28
+        copy %r19,%r28
+        addib,= -1,%r24,L$0027
+        stw %r20,0(0,%r26)
+        ldw -8(0,%r23),%r19
+        extru %r19,31,16,%r20
+        stw %r20,-16(0,%r30)
+        extru %r19,15,16,%r19
+        fldws -16(0,%r30),%fr22L
+        stw %r19,-16(0,%r30)
+        xmpyu %fr22L,%fr11R,%fr8
+        fldws -16(0,%r30),%fr22L
+        fstws %fr8R,-16(0,%r30)
+        xmpyu %fr11R,%fr22L,%fr10
+        ldw -16(0,%r30),%r2
+        stw %r20,-16(0,%r30)
+        xmpyu %fr22L,%fr11L,%fr9
+        fldws -16(0,%r30),%fr22L
+        fstws %fr10R,-16(0,%r30)
+        copy %r2,%r22
+        ldw -16(0,%r30),%r2
+        fstws %fr9R,-16(0,%r30)
+        xmpyu %fr11L,%fr22L,%fr8
+        copy %r2,%r19
+        ldw -16(0,%r30),%r2
+        fstws %fr8R,-16(0,%r30)
+        copy %r2,%r20
+        ldw -16(0,%r30),%r2
+        addl %r2,%r19,%r21
+        comclr,<<= %r19,%r21,0
+        addl %r20,%r31,%r20
+L$0033
+        extru %r21,15,16,%r19
+        addl %r20,%r19,%r20
+        zdep %r21,15,16,%r19
+        addl %r22,%r19,%r22
+        comclr,<<= %r19,%r22,0
+        addi,tr 1,%r20,%r19
+        copy %r20,%r19
+        addl %r22,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi,tr 1,%r19,%r28
+        copy %r19,%r28
+        addib,= -1,%r24,L$0027
+        stw %r20,-8(0,%r29)
+        ldw -4(0,%r23),%r19
+        extru %r19,31,16,%r20
+        stw %r20,-16(0,%r30)
+        extru %r19,15,16,%r19
+        fldws -16(0,%r30),%fr22L
+        stw %r19,-16(0,%r30)
+        xmpyu %fr22L,%fr11R,%fr8
+        fldws -16(0,%r30),%fr22L
+        fstws %fr8R,-16(0,%r30)
+        xmpyu %fr11R,%fr22L,%fr10
+        ldw -16(0,%r30),%r2
+        stw %r20,-16(0,%r30)
+        xmpyu %fr22L,%fr11L,%fr9
+        fldws -16(0,%r30),%fr22L
+        fstws %fr10R,-16(0,%r30)
+        copy %r2,%r22
+        ldw -16(0,%r30),%r2
+        fstws %fr9R,-16(0,%r30)
+        xmpyu %fr11L,%fr22L,%fr8
+        copy %r2,%r19
+        ldw -16(0,%r30),%r2
+        fstws %fr8R,-16(0,%r30)
+        copy %r2,%r20
+        ldw -16(0,%r30),%r2
+        addl %r2,%r19,%r21
+        comclr,<<= %r19,%r21,0
+        addl %r20,%r31,%r20
+L$0037
+        extru %r21,15,16,%r19
+        addl %r20,%r19,%r20
+        zdep %r21,15,16,%r19
+        addl %r22,%r19,%r22
+        comclr,<<= %r19,%r22,0
+        addi,tr 1,%r20,%r19
+        copy %r20,%r19
+        addl %r22,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi,tr 1,%r19,%r28
+        copy %r19,%r28
+        addib,= -1,%r24,L$0027
+        stw %r20,-4(0,%r29)
+        ldw 0(0,%r23),%r19
+        extru %r19,31,16,%r20
+        stw %r20,-16(0,%r30)
+        extru %r19,15,16,%r19
+        fldws -16(0,%r30),%fr22L
+        stw %r19,-16(0,%r30)
+        xmpyu %fr22L,%fr11R,%fr8
+        fldws -16(0,%r30),%fr22L
+        fstws %fr8R,-16(0,%r30)
+        xmpyu %fr11R,%fr22L,%fr10
+        ldw -16(0,%r30),%r2
+        stw %r20,-16(0,%r30)
+        xmpyu %fr22L,%fr11L,%fr9
+        fldws -16(0,%r30),%fr22L
+        fstws %fr10R,-16(0,%r30)
+        copy %r2,%r22
+        ldw -16(0,%r30),%r2
+        fstws %fr9R,-16(0,%r30)
+        xmpyu %fr11L,%fr22L,%fr8
+        copy %r2,%r19
+        ldw -16(0,%r30),%r2
+        fstws %fr8R,-16(0,%r30)
+        copy %r2,%r20
+        ldw -16(0,%r30),%r2
+        addl %r2,%r19,%r21
+        comclr,<<= %r19,%r21,0
+        addl %r20,%r31,%r20
+L$0041
+        extru %r21,15,16,%r19
+        addl %r20,%r19,%r20
+        zdep %r21,15,16,%r19
+        addl %r22,%r19,%r22
+        comclr,<<= %r19,%r22,0
+        addi,tr 1,%r20,%r19
+        copy %r20,%r19
+        addl %r22,%r28,%r20
+        comclr,<<= %r28,%r20,0
+        addi,tr 1,%r19,%r28
+        copy %r19,%r28
+        addib,= -1,%r24,L$0027
+        stw %r20,0(0,%r29)
+        ldo 16(%r23),%r23
+        ldo 16(%r25),%r25
+        ldo 16(%r29),%r29
+        bl L$0026,0
+        ldo 16(%r26),%r26
+L$0027
+        ldw -20(0,%r30),%r2
+        bv,n 0(%r2)
+        .EXIT
+        .PROCEND
+        .align 4
+        .EXPORT bn_sqr_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR
+bn_sqr_words
+        .PROC
+        .CALLINFO FRAME=0,NO_CALLS
+        .ENTRY
+        ldo 28(%r26),%r23
+        ldo 12(%r25),%r28
+L$0046
+        ldw 0(0,%r25),%r21
+        extru %r21,31,16,%r22
+        stw %r22,-16(0,%r30)
+        extru %r21,15,16,%r21
+        fldws -16(0,%r30),%fr10L
+        stw %r21,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        xmpyu %fr10L,%fr10R,%fr8
+        fstws %fr8R,-16(0,%r30)
+        ldw -16(0,%r30),%r29
+        stw %r22,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        stw %r21,-16(0,%r30)
+        copy %r29,%r19
+        xmpyu %fr10L,%fr10R,%fr8
+        fldws -16(0,%r30),%fr10L
+        stw %r21,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        fstws %fr8R,-16(0,%r30)
+        extru %r19,16,17,%r20
+        zdep %r19,14,15,%r19
+        ldw -16(0,%r30),%r29
+        xmpyu %fr10L,%fr10R,%fr9
+        addl %r29,%r19,%r22
+        stw %r22,0(0,%r26)
+        fstws %fr9R,-16(0,%r30)
+        ldw -16(0,%r30),%r29
+        addl %r29,%r20,%r21
+        comclr,<<= %r19,%r22,0
+        addi 1,%r21,%r21
+        addib,= -1,%r24,L$0057
+        stw %r21,-24(0,%r23)
+        ldw -8(0,%r28),%r21
+        extru %r21,31,16,%r22
+        stw %r22,-16(0,%r30)
+        extru %r21,15,16,%r21
+        fldws -16(0,%r30),%fr10L
+        stw %r21,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        xmpyu %fr10L,%fr10R,%fr8
+        fstws %fr8R,-16(0,%r30)
+        ldw -16(0,%r30),%r29
+        stw %r22,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        stw %r21,-16(0,%r30)
+        copy %r29,%r19
+        xmpyu %fr10L,%fr10R,%fr8
+        fldws -16(0,%r30),%fr10L
+        stw %r21,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        fstws %fr8R,-16(0,%r30)
+        extru %r19,16,17,%r20
+        zdep %r19,14,15,%r19
+        ldw -16(0,%r30),%r29
+        xmpyu %fr10L,%fr10R,%fr9
+        addl %r29,%r19,%r22
+        stw %r22,-20(0,%r23)
+        fstws %fr9R,-16(0,%r30)
+        ldw -16(0,%r30),%r29
+        addl %r29,%r20,%r21
+        comclr,<<= %r19,%r22,0
+        addi 1,%r21,%r21
+        addib,= -1,%r24,L$0057
+        stw %r21,-16(0,%r23)
+        ldw -4(0,%r28),%r21
+        extru %r21,31,16,%r22
+        stw %r22,-16(0,%r30)
+        extru %r21,15,16,%r21
+        fldws -16(0,%r30),%fr10L
+        stw %r21,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        xmpyu %fr10L,%fr10R,%fr8
+        fstws %fr8R,-16(0,%r30)
+        ldw -16(0,%r30),%r29
+        stw %r22,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        stw %r21,-16(0,%r30)
+        copy %r29,%r19
+        xmpyu %fr10L,%fr10R,%fr8
+        fldws -16(0,%r30),%fr10L
+        stw %r21,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        fstws %fr8R,-16(0,%r30)
+        extru %r19,16,17,%r20
+        zdep %r19,14,15,%r19
+        ldw -16(0,%r30),%r29
+        xmpyu %fr10L,%fr10R,%fr9
+        addl %r29,%r19,%r22
+        stw %r22,-12(0,%r23)
+        fstws %fr9R,-16(0,%r30)
+        ldw -16(0,%r30),%r29
+        addl %r29,%r20,%r21
+        comclr,<<= %r19,%r22,0
+        addi 1,%r21,%r21
+        addib,= -1,%r24,L$0057
+        stw %r21,-8(0,%r23)
+        ldw 0(0,%r28),%r21
+        extru %r21,31,16,%r22
+        stw %r22,-16(0,%r30)
+        extru %r21,15,16,%r21
+        fldws -16(0,%r30),%fr10L
+        stw %r21,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        xmpyu %fr10L,%fr10R,%fr8
+        fstws %fr8R,-16(0,%r30)
+        ldw -16(0,%r30),%r29
+        stw %r22,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        stw %r21,-16(0,%r30)
+        copy %r29,%r19
+        xmpyu %fr10L,%fr10R,%fr8
+        fldws -16(0,%r30),%fr10L
+        stw %r21,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        fstws %fr8R,-16(0,%r30)
+        extru %r19,16,17,%r20
+        zdep %r19,14,15,%r19
+        ldw -16(0,%r30),%r29
+        xmpyu %fr10L,%fr10R,%fr9
+        addl %r29,%r19,%r22
+        stw %r22,-4(0,%r23)
+        fstws %fr9R,-16(0,%r30)
+        ldw -16(0,%r30),%r29
+        addl %r29,%r20,%r21
+        comclr,<<= %r19,%r22,0
+        addi 1,%r21,%r21
+        addib,= -1,%r24,L$0057
+        stw %r21,0(0,%r23)
+        ldo 16(%r28),%r28
+        ldo 16(%r25),%r25
+        ldo 32(%r23),%r23
+        bl L$0046,0
+        ldo 32(%r26),%r26
+L$0057
+        bv,n 0(%r2)
+        .EXIT
+        .PROCEND
+        .IMPORT BN_num_bits_word,CODE
+        .IMPORT fprintf,CODE
+        .IMPORT __iob,DATA
+        .SPACE $TEXT$
+        .SUBSPA $LIT$
+        .align 4
+L$C0000
+        .STRING "Division would overflow\x0a\x00"
+        .IMPORT abort,CODE
+        .SPACE $TEXT$
+        .SUBSPA $CODE$
+        .align 4
+        .EXPORT bn_div64,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR
+bn_div64
+        .PROC
+        .CALLINFO FRAME=128,CALLS,SAVE_RP,ENTRY_GR=8
+        .ENTRY
+        stw %r2,-20(0,%r30)
+        stwm %r8,128(0,%r30)
+        stw %r7,-124(0,%r30)
+        stw %r4,-112(0,%r30)
+        stw %r3,-108(0,%r30)
+        copy %r26,%r3
+        copy %r25,%r4
+        stw %r6,-120(0,%r30)
+        ldi 0,%r7
+        stw %r5,-116(0,%r30)
+        movb,<> %r24,%r5,L$0059
+        ldi 2,%r6
+        bl L$0076,0
+        ldi -1,%r28
+L$0059
+        .CALL ARGW0=GR
+        bl BN_num_bits_word,%r2
+        copy %r5,%r26
+        ldi 32,%r19
+        comb,= %r19,%r28,L$0060
+        subi 31,%r28,%r19
+        mtsar %r19
+        zvdepi 1,32,%r19
+        comb,>>= %r19,%r3,L$0060
+        addil LR'__iob-$global$+32,%r27
+        ldo RR'__iob-$global$+32(%r1),%r26
+        ldil LR'L$C0000,%r25
+        .CALL ARGW0=GR,ARGW1=GR
+        bl fprintf,%r2
+        ldo RR'L$C0000(%r25),%r25
+        .CALL 
+        bl abort,%r2
+        nop
+L$0060
+        comb,>> %r5,%r3,L$0061
+        subi 32,%r28,%r28
+        sub %r3,%r5,%r3
+L$0061
+        comib,= 0,%r28,L$0062
+        subi 31,%r28,%r19
+        mtsar %r19
+        zvdep %r5,32,%r5
+        zvdep %r3,32,%r21
+        subi 32,%r28,%r20
+        mtsar %r20
+        vshd 0,%r4,%r20
+        or %r21,%r20,%r3
+        mtsar %r19
+        zvdep %r4,32,%r4
+L$0062
+        extru %r5,15,16,%r23
+        extru %r5,31,16,%r28
+L$0063
+        extru %r3,15,16,%r19
+        comb,<> %r23,%r19,L$0066
+        copy %r3,%r26
+        bl L$0067,0
+        zdepi -1,31,16,%r29
+L$0066
+        .IMPORT $$divU,MILLICODE
+        bl $$divU,%r31
+        copy %r23,%r25
+L$0067
+        stw %r29,-16(0,%r30)
+        fldws -16(0,%r30),%fr10L
+        stw %r28,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        stw %r23,-16(0,%r30)
+        xmpyu %fr10L,%fr10R,%fr8
+        fldws -16(0,%r30),%fr10R
+        fstws %fr8R,-16(0,%r30)
+        xmpyu %fr10L,%fr10R,%fr9
+        ldw -16(0,%r30),%r8
+        fstws %fr9R,-16(0,%r30)
+        copy %r8,%r22
+        ldw -16(0,%r30),%r8
+        extru %r4,15,16,%r24
+        copy %r8,%r21
+L$0068
+        sub %r3,%r21,%r20
+        copy %r20,%r19
+        depi 0,31,16,%r19
+        comib,<> 0,%r19,L$0069
+        zdep %r20,15,16,%r19
+        addl %r19,%r24,%r19
+        comb,>>= %r19,%r22,L$0069
+        sub %r22,%r28,%r22
+        sub %r21,%r23,%r21
+        bl L$0068,0
+        ldo -1(%r29),%r29
+L$0069
+        stw %r29,-16(0,%r30)
+        fldws -16(0,%r30),%fr10L
+        stw %r28,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        xmpyu %fr10L,%fr10R,%fr8
+        fstws %fr8R,-16(0,%r30)
+        ldw -16(0,%r30),%r8
+        stw %r23,-16(0,%r30)
+        fldws -16(0,%r30),%fr10R
+        copy %r8,%r19
+        xmpyu %fr10L,%fr10R,%fr8
+        fstws %fr8R,-16(0,%r30)
+        extru %r19,15,16,%r20
+        ldw -16(0,%r30),%r8
+        zdep %r19,15,16,%r19
+        addl %r8,%r20,%r20
+        comclr,<<= %r19,%r4,0
+        addi 1,%r20,%r20
+        comb,<<= %r20,%r3,L$0074
+        sub %r4,%r19,%r4
+        addl %r3,%r5,%r3
+        ldo -1(%r29),%r29
+L$0074
+        addib,= -1,%r6,L$0064
+        sub %r3,%r20,%r3
+        zdep %r29,15,16,%r7
+        shd %r3,%r4,16,%r3
+        bl L$0063,0
+        zdep %r4,15,16,%r4
+L$0064
+        or %r7,%r29,%r28
+L$0076
+        ldw -148(0,%r30),%r2
+        ldw -124(0,%r30),%r7
+        ldw -120(0,%r30),%r6
+        ldw -116(0,%r30),%r5
+        ldw -112(0,%r30),%r4
+        ldw -108(0,%r30),%r3
+        bv 0(%r2)
+        ldwm -128(0,%r30),%r8
+        .EXIT
+        .PROCEND
diff --git a/src/lib/libcrypto/bn/asm/r3000.s b/src/lib/libcrypto/bn/asm/r3000.s
new file mode 100644
index 0000000000..e95269afa3
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/r3000.s
@@ -0,0 +1,646 @@
+        .file   1 "../bn_mulw.c"
+        .set    nobopt
+        .option pic2
+ # GNU C 2.6.3 [AL 1.1, MM 40] SGI running IRIX 5.0 compiled by GNU C
+ # Cc1 defaults:
+ # -mabicalls
+ # Cc1 arguments (-G value = 0, Cpu = 3000, ISA = 1):
+ # -quiet -dumpbase -O2 -o
+gcc2_compiled.:
+__gnu_compiled_c:
+        .rdata
+        .byte   0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+        .byte   0x6e,0x3a,0x20,0x31,0x2e,0x34,0x39,0x20
+        .byte   0x24,0x0
+        .byte   0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+        .byte   0x6e,0x3a,0x20,0x31,0x2e,0x33,0x34,0x20
+        .byte   0x24,0x0
+        .byte   0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+        .byte   0x6e,0x3a,0x20,0x31,0x2e,0x35,0x20,0x24
+        .byte   0x0
+        .byte   0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+        .byte   0x6e,0x3a,0x20,0x31,0x2e,0x38,0x20,0x24
+        .byte   0x0
+        .byte   0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+        .byte   0x6e,0x3a,0x20,0x31,0x2e,0x32,0x33,0x20
+        .byte   0x24,0x0
+        .byte   0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+        .byte   0x6e,0x3a,0x20,0x31,0x2e,0x37,0x38,0x20
+        .byte   0x24,0x0
+        .byte   0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+        .byte   0x6e,0x3a,0x20,0x33,0x2e,0x37,0x30,0x20
+        .byte   0x24,0x0
+        .byte   0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+        .byte   0x6e,0x3a,0x20,0x31,0x2e,0x32,0x20,0x24
+        .byte   0x0
+        .byte   0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+        .byte   0x6e,0x3a,0x20,0x31,0x2e,0x34,0x20,0x24
+        .byte   0x0
+        .byte   0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f
+        .byte   0x6e,0x3a,0x20,0x31,0x2e,0x38,0x20,0x24
+        .byte   0x0
+        .text
+        .align  2
+        .globl  bn_mul_add_words
+        .ent    bn_mul_add_words
+bn_mul_add_words:
+        .frame  $sp,0,$31               # vars= 0, regs= 0/0, args= 0, extra= 0
+        .mask   0x00000000,0
+        .fmask  0x00000000,0
+        .set    noreorder
+        .cpload $25
+        .set    reorder
+        move    $12,$4
+        move    $14,$5
+        move    $9,$6
+        move    $13,$7
+        move    $8,$0
+        addu    $10,$12,12
+        addu    $11,$14,12
+$L2:
+        lw      $6,0($14)
+        #nop
+        multu   $13,$6
+        mfhi    $6
+        mflo    $7
+        #nop
+        move    $5,$8
+        move    $4,$0
+        lw      $3,0($12)
+        addu    $9,$9,-1
+        move    $2,$0
+        addu    $7,$7,$3
+        sltu    $8,$7,$3
+        addu    $6,$6,$2
+        addu    $6,$6,$8
+        addu    $7,$7,$5
+        sltu    $2,$7,$5
+        addu    $6,$6,$4
+        addu    $6,$6,$2
+        srl     $3,$6,0
+        move    $2,$0
+        move    $8,$3
+        .set    noreorder
+        .set    nomacro
+        beq     $9,$0,$L3
+        sw      $7,0($12)
+        .set    macro
+        .set    reorder
+        lw      $6,-8($11)
+        #nop
+        multu   $13,$6
+        mfhi    $6
+        mflo    $7
+        #nop
+        move    $5,$8
+        move    $4,$0
+        lw      $3,-8($10)
+        addu    $9,$9,-1
+        move    $2,$0
+        addu    $7,$7,$3
+        sltu    $8,$7,$3
+        addu    $6,$6,$2
+        addu    $6,$6,$8
+        addu    $7,$7,$5
+        sltu    $2,$7,$5
+        addu    $6,$6,$4
+        addu    $6,$6,$2
+        srl     $3,$6,0
+        move    $2,$0
+        move    $8,$3
+        .set    noreorder
+        .set    nomacro
+        beq     $9,$0,$L3
+        sw      $7,-8($10)
+        .set    macro
+        .set    reorder
+        lw      $6,-4($11)
+        #nop
+        multu   $13,$6
+        mfhi    $6
+        mflo    $7
+        #nop
+        move    $5,$8
+        move    $4,$0
+        lw      $3,-4($10)
+        addu    $9,$9,-1
+        move    $2,$0
+        addu    $7,$7,$3
+        sltu    $8,$7,$3
+        addu    $6,$6,$2
+        addu    $6,$6,$8
+        addu    $7,$7,$5
+        sltu    $2,$7,$5
+        addu    $6,$6,$4
+        addu    $6,$6,$2
+        srl     $3,$6,0
+        move    $2,$0
+        move    $8,$3
+        .set    noreorder
+        .set    nomacro
+        beq     $9,$0,$L3
+        sw      $7,-4($10)
+        .set    macro
+        .set    reorder
+        lw      $6,0($11)
+        #nop
+        multu   $13,$6
+        mfhi    $6
+        mflo    $7
+        #nop
+        move    $5,$8
+        move    $4,$0
+        lw      $3,0($10)
+        addu    $9,$9,-1
+        move    $2,$0
+        addu    $7,$7,$3
+        sltu    $8,$7,$3
+        addu    $6,$6,$2
+        addu    $6,$6,$8
+        addu    $7,$7,$5
+        sltu    $2,$7,$5
+        addu    $6,$6,$4
+        addu    $6,$6,$2
+        srl     $3,$6,0
+        move    $2,$0
+        move    $8,$3
+        .set    noreorder
+        .set    nomacro
+        beq     $9,$0,$L3
+        sw      $7,0($10)
+        .set    macro
+        .set    reorder
+        addu    $11,$11,16
+        addu    $14,$14,16
+        addu    $10,$10,16
+        .set    noreorder
+        .set    nomacro
+        j       $L2
+        addu    $12,$12,16
+        .set    macro
+        .set    reorder
+$L3:
+        .set    noreorder
+        .set    nomacro
+        j       $31
+        move    $2,$8
+        .set    macro
+        .set    reorder
+        .end    bn_mul_add_words
+        .align  2
+        .globl  bn_mul_words
+        .ent    bn_mul_words
+bn_mul_words:
+        .frame  $sp,0,$31               # vars= 0, regs= 0/0, args= 0, extra= 0
+        .mask   0x00000000,0
+        .fmask  0x00000000,0
+        .set    noreorder
+        .cpload $25
+        .set    reorder
+        move    $11,$4
+        move    $12,$5
+        move    $8,$6
+        move    $6,$0
+        addu    $10,$11,12
+        addu    $9,$12,12
+$L10:
+        lw      $4,0($12)
+        #nop
+        multu   $7,$4
+        mfhi    $4
+        mflo    $5
+        #nop
+        move    $3,$6
+        move    $2,$0
+        addu    $8,$8,-1
+        addu    $5,$5,$3
+        sltu    $6,$5,$3
+        addu    $4,$4,$2
+        addu    $4,$4,$6
+        srl     $3,$4,0
+        move    $2,$0
+        move    $6,$3
+        .set    noreorder
+        .set    nomacro
+        beq     $8,$0,$L11
+        sw      $5,0($11)
+        .set    macro
+        .set    reorder
+        lw      $4,-8($9)
+        #nop
+        multu   $7,$4
+        mfhi    $4
+        mflo    $5
+        #nop
+        move    $3,$6
+        move    $2,$0
+        addu    $8,$8,-1
+        addu    $5,$5,$3
+        sltu    $6,$5,$3
+        addu    $4,$4,$2
+        addu    $4,$4,$6
+        srl     $3,$4,0
+        move    $2,$0
+        move    $6,$3
+        .set    noreorder
+        .set    nomacro
+        beq     $8,$0,$L11
+        sw      $5,-8($10)
+        .set    macro
+        .set    reorder
+        lw      $4,-4($9)
+        #nop
+        multu   $7,$4
+        mfhi    $4
+        mflo    $5
+        #nop
+        move    $3,$6
+        move    $2,$0
+        addu    $8,$8,-1
+        addu    $5,$5,$3
+        sltu    $6,$5,$3
+        addu    $4,$4,$2
+        addu    $4,$4,$6
+        srl     $3,$4,0
+        move    $2,$0
+        move    $6,$3
+        .set    noreorder
+        .set    nomacro
+        beq     $8,$0,$L11
+        sw      $5,-4($10)
+        .set    macro
+        .set    reorder
+        lw      $4,0($9)
+        #nop
+        multu   $7,$4
+        mfhi    $4
+        mflo    $5
+        #nop
+        move    $3,$6
+        move    $2,$0
+        addu    $8,$8,-1
+        addu    $5,$5,$3
+        sltu    $6,$5,$3
+        addu    $4,$4,$2
+        addu    $4,$4,$6
+        srl     $3,$4,0
+        move    $2,$0
+        move    $6,$3
+        .set    noreorder
+        .set    nomacro
+        beq     $8,$0,$L11
+        sw      $5,0($10)
+        .set    macro
+        .set    reorder
+        addu    $9,$9,16
+        addu    $12,$12,16
+        addu    $10,$10,16
+        .set    noreorder
+        .set    nomacro
+        j       $L10
+        addu    $11,$11,16
+        .set    macro
+        .set    reorder
+$L11:
+        .set    noreorder
+        .set    nomacro
+        j       $31
+        move    $2,$6
+        .set    macro
+        .set    reorder
+        .end    bn_mul_words
+        .align  2
+        .globl  bn_sqr_words
+        .ent    bn_sqr_words
+bn_sqr_words:
+        .frame  $sp,0,$31               # vars= 0, regs= 0/0, args= 0, extra= 0
+        .mask   0x00000000,0
+        .fmask  0x00000000,0
+        .set    noreorder
+        .cpload $25
+        .set    reorder
+        move    $9,$4
+        addu    $7,$9,28
+        addu    $8,$5,12
+$L18:
+        lw      $2,0($5)
+        #nop
+        multu   $2,$2
+        mfhi    $2
+        mflo    $3
+        #nop
+        addu    $6,$6,-1
+        sw      $3,0($9)
+        srl     $3,$2,0
+        move    $2,$0
+        .set    noreorder
+        .set    nomacro
+        beq     $6,$0,$L19
+        sw      $3,-24($7)
+        .set    macro
+        .set    reorder
+        lw      $2,-8($8)
+        #nop
+        multu   $2,$2
+        mfhi    $2
+        mflo    $3
+        #nop
+        addu    $6,$6,-1
+        sw      $3,-20($7)
+        srl     $3,$2,0
+        move    $2,$0
+        .set    noreorder
+        .set    nomacro
+        beq     $6,$0,$L19
+        sw      $3,-16($7)
+        .set    macro
+        .set    reorder
+        lw      $2,-4($8)
+        #nop
+        multu   $2,$2
+        mfhi    $2
+        mflo    $3
+        #nop
+        addu    $6,$6,-1
+        sw      $3,-12($7)
+        srl     $3,$2,0
+        move    $2,$0
+        .set    noreorder
+        .set    nomacro
+        beq     $6,$0,$L19
+        sw      $3,-8($7)
+        .set    macro
+        .set    reorder
+        lw      $2,0($8)
+        #nop
+        multu   $2,$2
+        mfhi    $2
+        mflo    $3
+        #nop
+        addu    $6,$6,-1
+        sw      $3,-4($7)
+        srl     $3,$2,0
+        move    $2,$0
+        .set    noreorder
+        .set    nomacro
+        beq     $6,$0,$L19
+        sw      $3,0($7)
+        .set    macro
+        .set    reorder
+        addu    $8,$8,16
+        addu    $5,$5,16
+        addu    $7,$7,32
+        .set    noreorder
+        .set    nomacro
+        j       $L18
+        addu    $9,$9,32
+        .set    macro
+        .set    reorder
+$L19:
+        j       $31
+        .end    bn_sqr_words
+        .rdata
+        .align  2
+$LC0:
+        .byte   0x44,0x69,0x76,0x69,0x73,0x69,0x6f,0x6e
+        .byte   0x20,0x77,0x6f,0x75,0x6c,0x64,0x20,0x6f
+        .byte   0x76,0x65,0x72,0x66,0x6c,0x6f,0x77,0xa
+        .byte   0x0
+        .text
+        .align  2
+        .globl  bn_div64
+        .ent    bn_div64
+bn_div64:
+        .frame  $sp,56,$31              # vars= 0, regs= 7/0, args= 16, extra= 8
+        .mask   0x901f0000,-8
+        .fmask  0x00000000,0
+        .set    noreorder
+        .cpload $25
+        .set    reorder
+        subu    $sp,$sp,56
+        .cprestore 16
+        sw      $16,24($sp)
+        move    $16,$4
+        sw      $17,28($sp)
+        move    $17,$5
+        sw      $18,32($sp)
+        move    $18,$6
+        sw      $20,40($sp)
+        move    $20,$0
+        sw      $19,36($sp)
+        li      $19,0x00000002          # 2
+        sw      $31,48($sp)
+        .set    noreorder
+        .set    nomacro
+        bne     $18,$0,$L26
+        sw      $28,44($sp)
+        .set    macro
+        .set    reorder
+        .set    noreorder
+        .set    nomacro
+        j       $L43
+        li      $2,-1                   # 0xffffffff
+        .set    macro
+        .set    reorder
+$L26:
+        move    $4,$18
+        jal     BN_num_bits_word
+        move    $4,$2
+        li      $2,0x00000020           # 32
+        .set    noreorder
+        .set    nomacro
+        beq     $4,$2,$L27
+        li      $2,0x00000001           # 1
+        .set    macro
+        .set    reorder
+        sll     $2,$2,$4
+        sltu    $2,$2,$16
+        .set    noreorder
+        .set    nomacro
+        beq     $2,$0,$L44
+        li      $5,0x00000020           # 32
+        .set    macro
+        .set    reorder
+        la      $4,__iob+32
+        la      $5,$LC0
+        jal     fprintf
+        jal     abort
+$L27:
+        li      $5,0x00000020           # 32
+$L44:
+        sltu    $2,$16,$18
+        .set    noreorder
+        .set    nomacro
+        bne     $2,$0,$L28
+        subu    $4,$5,$4
+        .set    macro
+        .set    reorder
+        subu    $16,$16,$18
+$L28:
+        .set    noreorder
+        .set    nomacro
+        beq     $4,$0,$L29
+        li      $10,-65536                      # 0xffff0000
+        .set    macro
+        .set    reorder
+        sll     $18,$18,$4
+        sll     $3,$16,$4
+        subu    $2,$5,$4
+        srl     $2,$17,$2
+        or      $16,$3,$2
+        sll     $17,$17,$4
+$L29:
+        srl     $7,$18,16
+        andi    $9,$18,0xffff
+$L30:
+        srl     $2,$16,16
+        .set    noreorder
+        .set    nomacro
+        beq     $2,$7,$L34
+        li      $6,0x0000ffff           # 65535
+        .set    macro
+        .set    reorder
+        divu    $6,$16,$7
+$L34:
+        mult    $6,$9
+        mflo    $5
+        #nop
+        #nop
+        mult    $6,$7
+        and     $2,$17,$10
+        srl     $8,$2,16
+        mflo    $4
+$L35:
+        subu    $3,$16,$4
+        and     $2,$3,$10
+        .set    noreorder
+        .set    nomacro
+        bne     $2,$0,$L36
+        sll     $2,$3,16
+        .set    macro
+        .set    reorder
+        addu    $2,$2,$8
+        sltu    $2,$2,$5
+        .set    noreorder
+        .set    nomacro
+        beq     $2,$0,$L36
+        subu    $5,$5,$9
+        .set    macro
+        .set    reorder
+        subu    $4,$4,$7
+        .set    noreorder
+        .set    nomacro
+        j       $L35
+        addu    $6,$6,-1
+        .set    macro
+        .set    reorder
+$L36:
+        mult    $6,$7
+        mflo    $5
+        #nop
+        #nop
+        mult    $6,$9
+        mflo    $4
+        #nop
+        #nop
+        srl     $3,$4,16
+        sll     $2,$4,16
+        and     $4,$2,$10
+        sltu    $2,$17,$4
+        .set    noreorder
+        .set    nomacro
+        beq     $2,$0,$L40
+        addu    $5,$5,$3
+        .set    macro
+        .set    reorder
+        addu    $5,$5,1
+$L40:
+        sltu    $2,$16,$5
+        .set    noreorder
+        .set    nomacro
+        beq     $2,$0,$L41
+        subu    $17,$17,$4
+        .set    macro
+        .set    reorder
+        addu    $16,$16,$18
+        addu    $6,$6,-1
+$L41:
+        addu    $19,$19,-1
+        .set    noreorder
+        .set    nomacro
+        beq     $19,$0,$L31
+        subu    $16,$16,$5
+        .set    macro
+        .set    reorder
+        sll     $20,$6,16
+        sll     $3,$16,16
+        srl     $2,$17,16
+        or      $16,$3,$2
+        .set    noreorder
+        .set    nomacro
+        j       $L30
+        sll     $17,$17,16
+        .set    macro
+        .set    reorder
+$L31:
+        or      $2,$20,$6
+$L43:
+        lw      $31,48($sp)
+        lw      $20,40($sp)
+        lw      $19,36($sp)
+        lw      $18,32($sp)
+        lw      $17,28($sp)
+        lw      $16,24($sp)
+        addu    $sp,$sp,56
+        j       $31
+        .end    bn_div64
+        .globl abort .text
+        .globl fprintf .text
+        .globl BN_num_bits_word .text
diff --git a/src/lib/libcrypto/bn/asm/vms.mar b/src/lib/libcrypto/bn/asm/vms.mar
new file mode 100644
index 0000000000..aefab15cdb
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/vms.mar
@@ -0,0 +1,6440 @@
+        .title  vax_bn_mul_add_words  unsigned multiply & add, 32*32+32+32=>64
+;
+; w.j.m. 15-jan-1999
+;
+; it's magic ...
+;
+; ULONG bn_mul_add_words(ULONG r[],ULONG a[],int n,ULONG w) {
+;       ULONG c = 0;
+;       int i;
+;       for(i = 0; i < n; i++) <c,r[i]> := r[i] + c + a[i] * w ;
+;       return c;
+; }
+r=4 ;(AP)
+a=8 ;(AP)
+n=12 ;(AP)      n       by value (input)
+w=16 ;(AP)      w       by value (input)
+        .psect  code,nowrt
+.entry  bn_mul_add_words,^m<r2,r3,r4,r5,r6>
+        moval   @r(ap),r2
+        moval   @a(ap),r3
+        movl    n(ap),r4        ; assumed >0 by C code
+        movl    w(ap),r5
+        clrl    r6              ; c
+0$:
+        emul    r5,(r3),(r2),r0         ; w, a[], r[] considered signed
+        ; fixup for "negative" r[]
+        tstl    (r2)
+        bgeq    10$
+        incl    r1
+10$:
+        ; add in c
+        addl2   r6,r0
+        adwc    #0,r1
+        ; combined fixup for "negative" w, a[]
+        tstl    r5
+        bgeq    20$
+        addl2   (r3),r1
+20$:
+        tstl    (r3)
+        bgeq    30$
+        addl2   r5,r1
+30$:
+        movl    r0,(r2)+                ; store lo result in r[] & advance
+        addl    #4,r3                   ; advance a[]
+        movl    r1,r6                   ; store hi result => c
+        sobgtr  r4,0$
+        movl    r6,r0                   ; return c
+        ret
+        .title  vax_bn_mul_words  unsigned multiply & add, 32*32+32=>64
+;
+; w.j.m. 15-jan-1999
+;
+; it's magic ...
+;
+; ULONG bn_mul_words(ULONG r[],ULONG a[],int n,ULONG w) {
+;       ULONG c = 0;
+;       int i;
+;       for(i = 0; i < num; i++) <c,r[i]> := a[i] * w + c ;
+;       return(c);
+; }
+r=4 ;(AP)
+a=8 ;(AP)
+n=12 ;(AP)      n       by value (input)
+w=16 ;(AP)      w       by value (input)
+        .psect  code,nowrt
+.entry  bn_mul_words,^m<r2,r3,r4,r5,r6>
+        moval   @r(ap),r2       ; r2 -> r[]
+        moval   @a(ap),r3       ; r3 -> a[]
+        movl    n(ap),r4        ; r4 = loop count (assumed >0 by C code)
+        movl    w(ap),r5        ; r5 = w
+        clrl    r6              ; r6 = c
+0$:
+        ; <r1,r0> := w * a[] + c
+        emul    r5,(r3),r6,r0           ; w, a[], c considered signed
+        ; fixup for "negative" c
+        tstl    r6                      ; c
+        bgeq    10$
+        incl    r1
+10$:
+        ; combined fixup for "negative" w, a[]
+        tstl    r5                      ; w
+        bgeq    20$
+        addl2   (r3),r1                 ; a[]
+20$:
+        tstl    (r3)                    ; a[]
+        bgeq    30$
+        addl2   r5,r1                   ; w
+30$:
+        movl    r0,(r2)+                ; store lo result in r[] & advance
+        addl    #4,r3                   ; advance a[]
+        movl    r1,r6                   ; store hi result => c
+        sobgtr  r4,0$
+        movl    r6,r0                   ; return c
+        ret
+        .title  vax_bn_sqr_words  unsigned square, 32*32=>64
+;
+; w.j.m. 15-jan-1999
+;
+; it's magic ...
+;
+; void bn_sqr_words(ULONG r[],ULONG a[],int n) {
+;       int i;
+;       for(i = 0; i < n; i++) <r[2*i+1],r[2*i]> := a[i] * a[i] ;
+; }
+r=4 ;(AP)
+a=8 ;(AP)
+n=12 ;(AP)      n       by value (input)
+        .psect  code,nowrt
+.entry  bn_sqr_words,^m<r2,r3,r4,r5>
+        moval   @r(ap),r2       ; r2 -> r[]
+        moval   @a(ap),r3       ; r3 -> a[]
+        movl    n(ap),r4        ; r4 = n (assumed >0 by C code)
+0$:
+        movl    (r3)+,r5                ; r5 = a[] & advance
+        ; <r1,r0> := a[] * a[]
+        emul    r5,r5,#0,r0             ; a[] considered signed
+        ; fixup for "negative" a[]
+        tstl    r5                      ; a[]
+        bgeq    30$
+        addl2   r5,r1                   ; a[]
+        addl2   r5,r1                   ; a[]
+30$:
+        movl    r0,(r2)+                ; store lo result in r[] & advance
+        movl    r1,(r2)+                ; store hi result in r[] & advance
+        sobgtr  r4,0$
+        movl    #1,r0                   ; return SS$_NORMAL
+        ret
+        .title  vax_bn_div_words  unsigned divide
+;
+; Richard Levitte 20-Nov-2000
+;
+; ULONG bn_div_words(ULONG h, ULONG l, ULONG d)
+; {
+;       return ((ULONG)((((ULLONG)h)<<32)|l) / (ULLONG)d);
+; }
+;
+; Using EDIV would be very easy, if it didn't do signed calculations.
+; Any time any of the input numbers are signed, there are problems,
+; usually with integer overflow, at which point it returns useless
+; data (the quotient gets the value of l, and the remainder becomes 0).
+;
+; If it was just for the dividend, it would be very easy, just divide
+; it by 2 (unsigned), do the division, multiply the resulting quotient
+; and remainder by 2, add the bit that was dropped when dividing by 2
+; to the remainder, and do some adjustment so the remainder doesn't
+; end up larger than the divisor.  For some cases when the divisor is
+; negative (from EDIV's point of view, i.e. when the highest bit is set),
+; dividing the dividend by 2 isn't enough, and since some operations
+; might generate integer overflows even when the dividend is divided by
+; 4 (when the high part of the shifted down dividend ends up being exactly
+; half of the divisor, the result is the quotient 0x80000000, which is
+; negative...) it needs to be divided by 8.  Furthermore, the divisor needs
+; to be divided by 2 (unsigned) as well, to avoid more problems with the sign.
+; In this case, a little extra fiddling with the remainder is required.
+;
+; So, the simplest way to handle this is always to divide the dividend
+; by 8, and to divide the divisor by 2 if it's highest bit is set.
+; After EDIV has been used, the quotient gets multiplied by 8 if the
+; original divisor was positive, otherwise 4.  The remainder, oddly
+; enough, is *always* multiplied by 8.
+; NOTE: in the case mentioned above, where the high part of the shifted
+; down dividend ends up being exactly half the shifted down divisor, we
+; end up with a 33 bit quotient.  That's no problem however, it usually
+; means we have ended up with a too large remainder as well, and the
+; problem is fixed by the last part of the algorithm (next paragraph).
+;
+; The routine ends with comparing the resulting remainder with the
+; original divisor and if the remainder is larger, subtract the
+; original divisor from it, and increase the quotient by 1.  This is
+; done until the remainder is smaller than the divisor.
+;
+; The complete algorithm looks like this:
+;
+; d'    = d
+; l'    = l & 7
+; [h,l] = [h,l] >> 3
+; [q,r] = floor([h,l] / d)      # This is the EDIV operation
+; if (q < 0) q = -q             # I doubt this is necessary any more
+;
+; r'    = r >> 29
+; if (d' >= 0)
+;   q'  = q >> 29
+;   q   = q << 3
+; else
+;   q'  = q >> 30
+;   q   = q << 2
+; r     = (r << 3) + l'
+;
+; if (d' < 0)
+;   {
+;     [r',r] = [r',r] - q
+;     while ([r',r] < 0)
+;       {
+;         [r',r] = [r',r] + d
+;         [q',q] = [q',q] - 1
+;       }
+;   }
+;
+; while ([r',r] >= d')
+;   {
+;     [r',r] = [r',r] - d'
+;     [q',q] = [q',q] + 1
+;   }
+;
+; return q
+h=4 ;(AP)       h       by value (input)
+l=8 ;(AP)       l       by value (input)
+d=12 ;(AP)      d       by value (input)
+;r2 = l, q
+;r3 = h, r
+;r4 = d
+;r5 = l'
+;r6 = r'
+;r7 = d'
+;r8 = q'
+        .psect  code,nowrt
+.entry  bn_div_words,^m<r2,r3,r4,r5,r6,r7,r8>
+        movl    l(ap),r2
+        movl    h(ap),r3
+        movl    d(ap),r4
+        bicl3   #^XFFFFFFF8,r2,r5 ; l' = l & 7
+        bicl3   #^X00000007,r2,r2
+        bicl3   #^XFFFFFFF8,r3,r6
+        bicl3   #^X00000007,r3,r3
+        
+        addl    r6,r2
+        rotl    #-3,r2,r2       ; l = l >> 3
+        rotl    #-3,r3,r3       ; h = h >> 3
+                
+        movl    r4,r7           ; d' = d
+        movl    #0,r6           ; r' = 0
+        movl    #0,r8           ; q' = 0
+        tstl    r4
+        beql    666$            ; Uh-oh, the divisor is 0...
+        bgtr    1$
+        rotl    #-1,r4,r4       ; If d is negative, shift it right.
+        bicl2   #^X80000000,r4  ; Since d is then a large number, the
+                                ; lowest bit is insignificant
+                                ; (contradict that, and I'll fix the problem!)
+1$:     
+        ediv    r4,r2,r2,r3     ; Do the actual division
+        tstl    r2
+        bgeq    3$
+        mnegl   r2,r2           ; if q < 0, negate it
+3$:     
+        tstl    r7
+        blss    4$
+        rotl    #3,r2,r2        ;   q = q << 3
+        bicl3   #^XFFFFFFF8,r2,r8 ;    q' gets the high bits from q
+        bicl3   #^X00000007,r2,r2
+        bsb     41$
+4$:                             ; else
+        rotl    #2,r2,r2        ;   q = q << 2
+        bicl3   #^XFFFFFFFC,r2,r8 ;   q' gets the high bits from q
+        bicl3   #^X00000003,r2,r2
+41$:
+        rotl    #3,r3,r3        ; r = r << 3
+        bicl3   #^XFFFFFFF8,r3,r6 ; r' gets the high bits from r
+        bicl3   #^X00000007,r3,r3
+        addl    r5,r3           ; r = r + l'
+        tstl    r7
+        bgeq    5$
+        bitl    #1,r7
+        beql    5$              ; if d' < 0 && d' & 1
+        subl    r2,r3           ;   [r',r] = [r',r] - [q',q]
+        sbwc    r8,r6
+45$:
+        bgeq    5$              ;   while r < 0
+        decl    r2              ;     [q',q] = [q',q] - 1
+        sbwc    #0,r8
+        addl    r7,r3           ;     [r',r] = [r',r] + d'
+        adwc    #0,r6
+        brb     45$
+; The return points are placed in the middle to keep a short distance from
+; all the branch points
+42$:
+;       movl    r3,r1
+        movl    r2,r0
+        ret
+666$:
+        movl    #^XFFFFFFFF,r0
+        ret
+5$:
+        tstl    r6
+        bneq    6$
+        cmpl    r3,r7
+        blssu   42$             ; while [r',r] >= d'
+6$:
+        subl    r7,r3           ;   [r',r] = [r',r] - d'
+        sbwc    #0,r6
+        incl    r2              ;   [q',q] = [q',q] + 1
+        adwc    #0,r8
+        brb     5$      
+        .title  vax_bn_add_words  unsigned add of two arrays
+;
+; Richard Levitte 20-Nov-2000
+;
+; ULONG bn_add_words(ULONG r[], ULONG a[], ULONG b[], int n) {
+;       ULONG c = 0;
+;       int i;
+;       for (i = 0; i < n; i++) <c,r[i]> = a[i] + b[i] + c;
+;       return(c);
+; }
+r=4 ;(AP)       r       by reference (output)
+a=8 ;(AP)       a       by reference (input)
+b=12 ;(AP)      b       by reference (input)
+n=16 ;(AP)      n       by value (input)
+        .psect  code,nowrt
+.entry  bn_add_words,^m<r2,r3,r4,r5,r6>
+        moval   @r(ap),r2
+        moval   @a(ap),r3
+        moval   @b(ap),r4
+        movl    n(ap),r5        ; assumed >0 by C code
+        clrl    r0              ; c
+        tstl    r5              ; carry = 0
+        bleq    666$
+0$:
+        movl    (r3)+,r6        ; carry untouched
+        adwc    (r4)+,r6        ; carry used and touched
+        movl    r6,(r2)+        ; carry untouched
+        sobgtr  r5,0$           ; carry untouched
+        adwc    #0,r0
+666$:
+        ret
+        .title  vax_bn_sub_words  unsigned add of two arrays
+;
+; Richard Levitte 20-Nov-2000
+;
+; ULONG bn_sub_words(ULONG r[], ULONG a[], ULONG b[], int n) {
+;       ULONG c = 0;
+;       int i;
+;       for (i = 0; i < n; i++) <c,r[i]> = a[i] - b[i] - c;
+;       return(c);
+; }
+r=4 ;(AP)       r       by reference (output)
+a=8 ;(AP)       a       by reference (input)
+b=12 ;(AP)      b       by reference (input)
+n=16 ;(AP)      n       by value (input)
+        .psect  code,nowrt
+.entry  bn_sub_words,^m<r2,r3,r4,r5,r6>
+        moval   @r(ap),r2
+        moval   @a(ap),r3
+        moval   @b(ap),r4
+        movl    n(ap),r5        ; assumed >0 by C code
+        clrl    r0              ; c
+        tstl    r5              ; carry = 0
+        bleq    666$
+0$:
+        movl    (r3)+,r6        ; carry untouched
+        sbwc    (r4)+,r6        ; carry used and touched
+        movl    r6,(r2)+        ; carry untouched
+        sobgtr  r5,0$           ; carry untouched
+        adwc    #0,r0
+666$:
+        ret
+;r=4 ;(AP)
+;a=8 ;(AP)
+;b=12 ;(AP)
+;n=16 ;(AP)     n       by value (input)
+        .psect  code,nowrt
+.entry  BN_MUL_COMBA8,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10,r11>
+        movab   -924(sp),sp
+        clrq    r8
+        clrl    r10
+        movl    8(ap),r6
+        movzwl  2(r6),r3
+        movl    12(ap),r7
+        bicl3   #-65536,(r7),r2
+        movzwl  2(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,(r6),-12(fp)
+        bicl3   #-65536,r3,-16(fp)
+        mull3   r0,-12(fp),-4(fp)
+        mull2   r2,-12(fp)
+        mull3   r2,-16(fp),-8(fp)
+        mull2   r0,-16(fp)
+        addl3   -4(fp),-8(fp),r0
+        bicl3   #0,r0,-4(fp)
+        cmpl    -4(fp),-8(fp)
+        bgequ   noname.45
+        addl2   #65536,-16(fp)
+noname.45:
+        movzwl  -2(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-16(fp)
+        bicl3   #-65536,-4(fp),r0
+        ashl    #16,r0,-8(fp)
+        addl3   -8(fp),-12(fp),r0
+        bicl3   #0,r0,-12(fp)
+        cmpl    -12(fp),-8(fp)
+        bgequ   noname.46
+        incl    -16(fp)
+noname.46:
+        movl    -12(fp),r1
+        movl    -16(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.47
+        incl    r2
+noname.47:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.48
+        incl    r10
+noname.48:
+        movl    4(ap),r11
+        movl    r9,(r11)
+        clrl    r9
+        movzwl  2(r6),r2
+        bicl3   #-65536,4(r7),r3
+        movzwl  6(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,(r6),-28(fp)
+        bicl3   #-65536,r2,-32(fp)
+        mull3   r0,-28(fp),-20(fp)
+        mull2   r3,-28(fp)
+        mull3   r3,-32(fp),-24(fp)
+        mull2   r0,-32(fp)
+        addl3   -20(fp),-24(fp),r0
+        bicl3   #0,r0,-20(fp)
+        cmpl    -20(fp),-24(fp)
+        bgequ   noname.49
+        addl2   #65536,-32(fp)
+noname.49:
+        movzwl  -18(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-32(fp)
+        bicl3   #-65536,-20(fp),r0
+        ashl    #16,r0,-24(fp)
+        addl3   -24(fp),-28(fp),r0
+        bicl3   #0,r0,-28(fp)
+        cmpl    -28(fp),-24(fp)
+        bgequ   noname.50
+        incl    -32(fp)
+noname.50:
+        movl    -28(fp),r1
+        movl    -32(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.51
+        incl    r2
+noname.51:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.52
+        incl    r9
+noname.52:
+        movzwl  6(r6),r2
+        bicl3   #-65536,(r7),r3
+        movzwl  2(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,4(r6),-44(fp)
+        bicl3   #-65536,r2,-48(fp)
+        mull3   r0,-44(fp),-36(fp)
+        mull2   r3,-44(fp)
+        mull3   r3,-48(fp),-40(fp)
+        mull2   r0,-48(fp)
+        addl3   -36(fp),-40(fp),r0
+        bicl3   #0,r0,-36(fp)
+        cmpl    -36(fp),-40(fp)
+        bgequ   noname.53
+        addl2   #65536,-48(fp)
+noname.53:
+        movzwl  -34(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-48(fp)
+        bicl3   #-65536,-36(fp),r0
+        ashl    #16,r0,-40(fp)
+        addl3   -40(fp),-44(fp),r0
+        bicl3   #0,r0,-44(fp)
+        cmpl    -44(fp),-40(fp)
+        bgequ   noname.54
+        incl    -48(fp)
+noname.54:
+        movl    -44(fp),r1
+        movl    -48(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.55
+        incl    r2
+noname.55:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.56
+        incl    r9
+noname.56:
+        movl    r8,4(r11)
+        clrl    r8
+        movzwl  10(r6),r2
+        bicl3   #-65536,(r7),r3
+        movzwl  2(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,8(r6),-60(fp)
+        bicl3   #-65536,r2,-64(fp)
+        mull3   r0,-60(fp),-52(fp)
+        mull2   r3,-60(fp)
+        mull3   r3,-64(fp),-56(fp)
+        mull2   r0,-64(fp)
+        addl3   -52(fp),-56(fp),r0
+        bicl3   #0,r0,-52(fp)
+        cmpl    -52(fp),-56(fp)
+        bgequ   noname.57
+        addl2   #65536,-64(fp)
+noname.57:
+        movzwl  -50(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-64(fp)
+        bicl3   #-65536,-52(fp),r0
+        ashl    #16,r0,-56(fp)
+        addl3   -56(fp),-60(fp),r0
+        bicl3   #0,r0,-60(fp)
+        cmpl    -60(fp),-56(fp)
+        bgequ   noname.58
+        incl    -64(fp)
+noname.58:
+        movl    -60(fp),r1
+        movl    -64(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.59
+        incl    r2
+noname.59:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.60
+        incl    r8
+noname.60:
+        movzwl  6(r6),r2
+        bicl3   #-65536,4(r7),r3
+        movzwl  6(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,4(r6),-76(fp)
+        bicl3   #-65536,r2,-80(fp)
+        mull3   r0,-76(fp),-68(fp)
+        mull2   r3,-76(fp)
+        mull3   r3,-80(fp),-72(fp)
+        mull2   r0,-80(fp)
+        addl3   -68(fp),-72(fp),r0
+        bicl3   #0,r0,-68(fp)
+        cmpl    -68(fp),-72(fp)
+        bgequ   noname.61
+        addl2   #65536,-80(fp)
+noname.61:
+        movzwl  -66(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-80(fp)
+        bicl3   #-65536,-68(fp),r0
+        ashl    #16,r0,-72(fp)
+        addl3   -72(fp),-76(fp),r0
+        bicl3   #0,r0,-76(fp)
+        cmpl    -76(fp),-72(fp)
+        bgequ   noname.62
+        incl    -80(fp)
+noname.62:
+        movl    -76(fp),r1
+        movl    -80(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.63
+        incl    r2
+noname.63:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.64
+        incl    r8
+noname.64:
+        movzwl  2(r6),r2
+        bicl3   #-65536,8(r7),r3
+        movzwl  10(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,(r6),-92(fp)
+        bicl3   #-65536,r2,-96(fp)
+        mull3   r0,-92(fp),-84(fp)
+        mull2   r3,-92(fp)
+        mull3   r3,-96(fp),-88(fp)
+        mull2   r0,-96(fp)
+        addl3   -84(fp),-88(fp),r0
+        bicl3   #0,r0,-84(fp)
+        cmpl    -84(fp),-88(fp)
+        bgequ   noname.65
+        addl2   #65536,-96(fp)
+noname.65:
+        movzwl  -82(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-96(fp)
+        bicl3   #-65536,-84(fp),r0
+        ashl    #16,r0,-88(fp)
+        addl3   -88(fp),-92(fp),r0
+        bicl3   #0,r0,-92(fp)
+        cmpl    -92(fp),-88(fp)
+        bgequ   noname.66
+        incl    -96(fp)
+noname.66:
+        movl    -92(fp),r1
+        movl    -96(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.67
+        incl    r2
+noname.67:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.68
+        incl    r8
+noname.68:
+        movl    r10,8(r11)
+        clrl    r10
+        movzwl  2(r6),r2
+        bicl3   #-65536,12(r7),r3
+        movzwl  14(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,(r6),-108(fp)
+        bicl3   #-65536,r2,-112(fp)
+        mull3   r0,-108(fp),-100(fp)
+        mull2   r3,-108(fp)
+        mull3   r3,-112(fp),-104(fp)
+        mull2   r0,-112(fp)
+        addl3   -100(fp),-104(fp),r0
+        bicl3   #0,r0,-100(fp)
+        cmpl    -100(fp),-104(fp)
+        bgequ   noname.69
+        addl2   #65536,-112(fp)
+noname.69:
+        movzwl  -98(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-112(fp)
+        bicl3   #-65536,-100(fp),r0
+        ashl    #16,r0,-104(fp)
+        addl3   -104(fp),-108(fp),r0
+        bicl3   #0,r0,-108(fp)
+        cmpl    -108(fp),-104(fp)
+        bgequ   noname.70
+        incl    -112(fp)
+noname.70:
+        movl    -108(fp),r1
+        movl    -112(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.71
+        incl    r2
+noname.71:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.72
+        incl    r10
+noname.72:
+        movzwl  6(r6),r2
+        bicl3   #-65536,8(r7),r3
+        movzwl  10(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,4(r6),-124(fp)
+        bicl3   #-65536,r2,-128(fp)
+        mull3   r0,-124(fp),-116(fp)
+        mull2   r3,-124(fp)
+        mull3   r3,-128(fp),-120(fp)
+        mull2   r0,-128(fp)
+        addl3   -116(fp),-120(fp),r0
+        bicl3   #0,r0,-116(fp)
+        cmpl    -116(fp),-120(fp)
+        bgequ   noname.73
+        addl2   #65536,-128(fp)
+noname.73:
+        movzwl  -114(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-128(fp)
+        bicl3   #-65536,-116(fp),r0
+        ashl    #16,r0,-120(fp)
+        addl3   -120(fp),-124(fp),r0
+        bicl3   #0,r0,-124(fp)
+        cmpl    -124(fp),-120(fp)
+        bgequ   noname.74
+        incl    -128(fp)
+noname.74:
+        movl    -124(fp),r1
+        movl    -128(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.75
+        incl    r2
+noname.75:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.76
+        incl    r10
+noname.76:
+        movzwl  10(r6),r2
+        bicl3   #-65536,4(r7),r3
+        movzwl  6(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,8(r6),-140(fp)
+        bicl3   #-65536,r2,-144(fp)
+        mull3   r0,-140(fp),-132(fp)
+        mull2   r3,-140(fp)
+        mull3   r3,-144(fp),-136(fp)
+        mull2   r0,-144(fp)
+        addl3   -132(fp),-136(fp),r0
+        bicl3   #0,r0,-132(fp)
+        cmpl    -132(fp),-136(fp)
+        bgequ   noname.77
+        addl2   #65536,-144(fp)
+noname.77:
+        movzwl  -130(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-144(fp)
+        bicl3   #-65536,-132(fp),r0
+        ashl    #16,r0,-136(fp)
+        addl3   -136(fp),-140(fp),r0
+        bicl3   #0,r0,-140(fp)
+        cmpl    -140(fp),-136(fp)
+        bgequ   noname.78
+        incl    -144(fp)
+noname.78:
+        movl    -140(fp),r1
+        movl    -144(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.79
+        incl    r2
+noname.79:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.80
+        incl    r10
+noname.80:
+        movzwl  14(r6),r2
+        bicl3   #-65536,(r7),r3
+        movzwl  2(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,12(r6),-156(fp)
+        bicl3   #-65536,r2,-160(fp)
+        mull3   r0,-156(fp),-148(fp)
+        mull2   r3,-156(fp)
+        mull3   r3,-160(fp),-152(fp)
+        mull2   r0,-160(fp)
+        addl3   -148(fp),-152(fp),r0
+        bicl3   #0,r0,-148(fp)
+        cmpl    -148(fp),-152(fp)
+        bgequ   noname.81
+        addl2   #65536,-160(fp)
+noname.81:
+        movzwl  -146(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-160(fp)
+        bicl3   #-65536,-148(fp),r0
+        ashl    #16,r0,-152(fp)
+        addl3   -152(fp),-156(fp),r0
+        bicl3   #0,r0,-156(fp)
+        cmpl    -156(fp),-152(fp)
+        bgequ   noname.82
+        incl    -160(fp)
+noname.82:
+        movl    -156(fp),r1
+        movl    -160(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.83
+        incl    r2
+noname.83:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.84
+        incl    r10
+noname.84:
+        movl    r9,12(r11)
+        clrl    r9
+        movzwl  18(r6),r2
+        bicl3   #-65536,(r7),r3
+        movzwl  2(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,16(r6),-172(fp)
+        bicl3   #-65536,r2,-176(fp)
+        mull3   r0,-172(fp),-164(fp)
+        mull2   r3,-172(fp)
+        mull3   r3,-176(fp),-168(fp)
+        mull2   r0,-176(fp)
+        addl3   -164(fp),-168(fp),r0
+        bicl3   #0,r0,-164(fp)
+        cmpl    -164(fp),-168(fp)
+        bgequ   noname.85
+        addl2   #65536,-176(fp)
+noname.85:
+        movzwl  -162(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-176(fp)
+        bicl3   #-65536,-164(fp),r0
+        ashl    #16,r0,-168(fp)
+        addl3   -168(fp),-172(fp),r0
+        bicl3   #0,r0,-172(fp)
+        cmpl    -172(fp),-168(fp)
+        bgequ   noname.86
+        incl    -176(fp)
+noname.86:
+        movl    -172(fp),r1
+        movl    -176(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.87
+        incl    r2
+noname.87:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.88
+        incl    r9
+noname.88:
+        movzwl  14(r6),r2
+        bicl3   #-65536,4(r7),r3
+        movzwl  6(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,12(r6),-188(fp)
+        bicl3   #-65536,r2,-192(fp)
+        mull3   r0,-188(fp),-180(fp)
+        mull2   r3,-188(fp)
+        mull3   r3,-192(fp),-184(fp)
+        mull2   r0,-192(fp)
+        addl3   -180(fp),-184(fp),r0
+        bicl3   #0,r0,-180(fp)
+        cmpl    -180(fp),-184(fp)
+        bgequ   noname.89
+        addl2   #65536,-192(fp)
+noname.89:
+        movzwl  -178(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-192(fp)
+        bicl3   #-65536,-180(fp),r0
+        ashl    #16,r0,-184(fp)
+        addl3   -184(fp),-188(fp),r0
+        bicl3   #0,r0,-188(fp)
+        cmpl    -188(fp),-184(fp)
+        bgequ   noname.90
+        incl    -192(fp)
+noname.90:
+        movl    -188(fp),r1
+        movl    -192(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.91
+        incl    r2
+noname.91:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.92
+        incl    r9
+noname.92:
+        movzwl  10(r6),r2
+        bicl3   #-65536,8(r7),r3
+        movzwl  10(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,8(r6),-204(fp)
+        bicl3   #-65536,r2,-208(fp)
+        mull3   r0,-204(fp),-196(fp)
+        mull2   r3,-204(fp)
+        mull3   r3,-208(fp),-200(fp)
+        mull2   r0,-208(fp)
+        addl3   -196(fp),-200(fp),r0
+        bicl3   #0,r0,-196(fp)
+        cmpl    -196(fp),-200(fp)
+        bgequ   noname.93
+        addl2   #65536,-208(fp)
+noname.93:
+        movzwl  -194(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-208(fp)
+        bicl3   #-65536,-196(fp),r0
+        ashl    #16,r0,-200(fp)
+        addl3   -200(fp),-204(fp),r0
+        bicl3   #0,r0,-204(fp)
+        cmpl    -204(fp),-200(fp)
+        bgequ   noname.94
+        incl    -208(fp)
+noname.94:
+        movl    -204(fp),r1
+        movl    -208(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.95
+        incl    r2
+noname.95:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.96
+        incl    r9
+noname.96:
+        movzwl  6(r6),r2
+        bicl3   #-65536,12(r7),r3
+        movzwl  14(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,4(r6),-220(fp)
+        bicl3   #-65536,r2,-224(fp)
+        mull3   r0,-220(fp),-212(fp)
+        mull2   r3,-220(fp)
+        mull3   r3,-224(fp),-216(fp)
+        mull2   r0,-224(fp)
+        addl3   -212(fp),-216(fp),r0
+        bicl3   #0,r0,-212(fp)
+        cmpl    -212(fp),-216(fp)
+        bgequ   noname.97
+        addl2   #65536,-224(fp)
+noname.97:
+        movzwl  -210(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-224(fp)
+        bicl3   #-65536,-212(fp),r0
+        ashl    #16,r0,-216(fp)
+        addl3   -216(fp),-220(fp),r0
+        bicl3   #0,r0,-220(fp)
+        cmpl    -220(fp),-216(fp)
+        bgequ   noname.98
+        incl    -224(fp)
+noname.98:
+        movl    -220(fp),r1
+        movl    -224(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.99
+        incl    r2
+noname.99:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.100
+        incl    r9
+noname.100:
+        movzwl  2(r6),r2
+        bicl3   #-65536,16(r7),r3
+        movzwl  18(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,(r6),-236(fp)
+        bicl3   #-65536,r2,-240(fp)
+        mull3   r0,-236(fp),-228(fp)
+        mull2   r3,-236(fp)
+        mull3   r3,-240(fp),-232(fp)
+        mull2   r0,-240(fp)
+        addl3   -228(fp),-232(fp),r0
+        bicl3   #0,r0,-228(fp)
+        cmpl    -228(fp),-232(fp)
+        bgequ   noname.101
+        addl2   #65536,-240(fp)
+noname.101:
+        movzwl  -226(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-240(fp)
+        bicl3   #-65536,-228(fp),r0
+        ashl    #16,r0,-232(fp)
+        addl3   -232(fp),-236(fp),r0
+        bicl3   #0,r0,-236(fp)
+        cmpl    -236(fp),-232(fp)
+        bgequ   noname.102
+        incl    -240(fp)
+noname.102:
+        movl    -236(fp),r1
+        movl    -240(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.103
+        incl    r2
+noname.103:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.104
+        incl    r9
+noname.104:
+        movl    r8,16(r11)
+        clrl    r8
+        movzwl  2(r6),r2
+        bicl3   #-65536,20(r7),r3
+        movzwl  22(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,(r6),-252(fp)
+        bicl3   #-65536,r2,-256(fp)
+        mull3   r0,-252(fp),-244(fp)
+        mull2   r3,-252(fp)
+        mull3   r3,-256(fp),-248(fp)
+        mull2   r0,-256(fp)
+        addl3   -244(fp),-248(fp),r0
+        bicl3   #0,r0,-244(fp)
+        cmpl    -244(fp),-248(fp)
+        bgequ   noname.105
+        addl2   #65536,-256(fp)
+noname.105:
+        movzwl  -242(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-256(fp)
+        bicl3   #-65536,-244(fp),r0
+        ashl    #16,r0,-248(fp)
+        addl3   -248(fp),-252(fp),r0
+        bicl3   #0,r0,-252(fp)
+        cmpl    -252(fp),-248(fp)
+        bgequ   noname.106
+        incl    -256(fp)
+noname.106:
+        movl    -252(fp),r1
+        movl    -256(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.107
+        incl    r2
+noname.107:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.108
+        incl    r8
+noname.108:
+        movzwl  6(r6),r2
+        bicl3   #-65536,16(r7),r3
+        movzwl  18(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,4(r6),-268(fp)
+        bicl3   #-65536,r2,-272(fp)
+        mull3   r0,-268(fp),-260(fp)
+        mull2   r3,-268(fp)
+        mull3   r3,-272(fp),-264(fp)
+        mull2   r0,-272(fp)
+        addl3   -260(fp),-264(fp),r0
+        bicl3   #0,r0,-260(fp)
+        cmpl    -260(fp),-264(fp)
+        bgequ   noname.109
+        addl2   #65536,-272(fp)
+noname.109:
+        movzwl  -258(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-272(fp)
+        bicl3   #-65536,-260(fp),r0
+        ashl    #16,r0,-264(fp)
+        addl3   -264(fp),-268(fp),r0
+        bicl3   #0,r0,-268(fp)
+        cmpl    -268(fp),-264(fp)
+        bgequ   noname.110
+        incl    -272(fp)
+noname.110:
+        movl    -268(fp),r1
+        movl    -272(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.111
+        incl    r2
+noname.111:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.112
+        incl    r8
+noname.112:
+        movzwl  10(r6),r2
+        bicl3   #-65536,12(r7),r3
+        movzwl  14(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,8(r6),-284(fp)
+        bicl3   #-65536,r2,-288(fp)
+        mull3   r0,-284(fp),-276(fp)
+        mull2   r3,-284(fp)
+        mull3   r3,-288(fp),-280(fp)
+        mull2   r0,-288(fp)
+        addl3   -276(fp),-280(fp),r0
+        bicl3   #0,r0,-276(fp)
+        cmpl    -276(fp),-280(fp)
+        bgequ   noname.113
+        addl2   #65536,-288(fp)
+noname.113:
+        movzwl  -274(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-288(fp)
+        bicl3   #-65536,-276(fp),r0
+        ashl    #16,r0,-280(fp)
+        addl3   -280(fp),-284(fp),r0
+        bicl3   #0,r0,-284(fp)
+        cmpl    -284(fp),-280(fp)
+        bgequ   noname.114
+        incl    -288(fp)
+noname.114:
+        movl    -284(fp),r1
+        movl    -288(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.115
+        incl    r2
+noname.115:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.116
+        incl    r8
+noname.116:
+        movzwl  14(r6),r2
+        bicl3   #-65536,8(r7),r3
+        movzwl  10(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,12(r6),-300(fp)
+        bicl3   #-65536,r2,-304(fp)
+        mull3   r0,-300(fp),-292(fp)
+        mull2   r3,-300(fp)
+        mull3   r3,-304(fp),-296(fp)
+        mull2   r0,-304(fp)
+        addl3   -292(fp),-296(fp),r0
+        bicl3   #0,r0,-292(fp)
+        cmpl    -292(fp),-296(fp)
+        bgequ   noname.117
+        addl2   #65536,-304(fp)
+noname.117:
+        movzwl  -290(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-304(fp)
+        bicl3   #-65536,-292(fp),r0
+        ashl    #16,r0,-296(fp)
+        addl3   -296(fp),-300(fp),r0
+        bicl3   #0,r0,-300(fp)
+        cmpl    -300(fp),-296(fp)
+        bgequ   noname.118
+        incl    -304(fp)
+noname.118:
+        movl    -300(fp),r1
+        movl    -304(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.119
+        incl    r2
+noname.119:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.120
+        incl    r8
+noname.120:
+        movzwl  18(r6),r2
+        bicl3   #-65536,4(r7),r3
+        movzwl  6(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,16(r6),-316(fp)
+        bicl3   #-65536,r2,-320(fp)
+        mull3   r0,-316(fp),-308(fp)
+        mull2   r3,-316(fp)
+        mull3   r3,-320(fp),-312(fp)
+        mull2   r0,-320(fp)
+        addl3   -308(fp),-312(fp),r0
+        bicl3   #0,r0,-308(fp)
+        cmpl    -308(fp),-312(fp)
+        bgequ   noname.121
+        addl2   #65536,-320(fp)
+noname.121:
+        movzwl  -306(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-320(fp)
+        bicl3   #-65536,-308(fp),r0
+        ashl    #16,r0,-312(fp)
+        addl3   -312(fp),-316(fp),r0
+        bicl3   #0,r0,-316(fp)
+        cmpl    -316(fp),-312(fp)
+        bgequ   noname.122
+        incl    -320(fp)
+noname.122:
+        movl    -316(fp),r1
+        movl    -320(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.123
+        incl    r2
+noname.123:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.124
+        incl    r8
+noname.124:
+        movzwl  22(r6),r2
+        bicl3   #-65536,(r7),r3
+        movzwl  2(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,20(r6),-332(fp)
+        bicl3   #-65536,r2,-336(fp)
+        mull3   r0,-332(fp),-324(fp)
+        mull2   r3,-332(fp)
+        mull3   r3,-336(fp),-328(fp)
+        mull2   r0,-336(fp)
+        addl3   -324(fp),-328(fp),r0
+        bicl3   #0,r0,-324(fp)
+        cmpl    -324(fp),-328(fp)
+        bgequ   noname.125
+        addl2   #65536,-336(fp)
+noname.125:
+        movzwl  -322(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-336(fp)
+        bicl3   #-65536,-324(fp),r0
+        ashl    #16,r0,-328(fp)
+        addl3   -328(fp),-332(fp),r0
+        bicl3   #0,r0,-332(fp)
+        cmpl    -332(fp),-328(fp)
+        bgequ   noname.126
+        incl    -336(fp)
+noname.126:
+        movl    -332(fp),r1
+        movl    -336(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.127
+        incl    r2
+noname.127:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.128
+        incl    r8
+noname.128:
+        movl    r10,20(r11)
+        clrl    r10
+        movzwl  26(r6),r2
+        bicl3   #-65536,(r7),r3
+        movzwl  2(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,24(r6),-348(fp)
+        bicl3   #-65536,r2,-352(fp)
+        mull3   r0,-348(fp),-340(fp)
+        mull2   r3,-348(fp)
+        mull3   r3,-352(fp),-344(fp)
+        mull2   r0,-352(fp)
+        addl3   -340(fp),-344(fp),r0
+        bicl3   #0,r0,-340(fp)
+        cmpl    -340(fp),-344(fp)
+        bgequ   noname.129
+        addl2   #65536,-352(fp)
+noname.129:
+        movzwl  -338(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-352(fp)
+        bicl3   #-65536,-340(fp),r0
+        ashl    #16,r0,-344(fp)
+        addl3   -344(fp),-348(fp),r0
+        bicl3   #0,r0,-348(fp)
+        cmpl    -348(fp),-344(fp)
+        bgequ   noname.130
+        incl    -352(fp)
+noname.130:
+        movl    -348(fp),r1
+        movl    -352(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.131
+        incl    r2
+noname.131:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.132
+        incl    r10
+noname.132:
+        movzwl  22(r6),r2
+        bicl3   #-65536,4(r7),r3
+        movzwl  6(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,20(r6),-364(fp)
+        bicl3   #-65536,r2,-368(fp)
+        mull3   r0,-364(fp),-356(fp)
+        mull2   r3,-364(fp)
+        mull3   r3,-368(fp),-360(fp)
+        mull2   r0,-368(fp)
+        addl3   -356(fp),-360(fp),r0
+        bicl3   #0,r0,-356(fp)
+        cmpl    -356(fp),-360(fp)
+        bgequ   noname.133
+        addl2   #65536,-368(fp)
+noname.133:
+        movzwl  -354(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-368(fp)
+        bicl3   #-65536,-356(fp),r0
+        ashl    #16,r0,-360(fp)
+        addl3   -360(fp),-364(fp),r0
+        bicl3   #0,r0,-364(fp)
+        cmpl    -364(fp),-360(fp)
+        bgequ   noname.134
+        incl    -368(fp)
+noname.134:
+        movl    -364(fp),r1
+        movl    -368(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.135
+        incl    r2
+noname.135:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.136
+        incl    r10
+noname.136:
+        movzwl  18(r6),r2
+        bicl3   #-65536,8(r7),r3
+        movzwl  10(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,16(r6),-380(fp)
+        bicl3   #-65536,r2,-384(fp)
+        mull3   r0,-380(fp),-372(fp)
+        mull2   r3,-380(fp)
+        mull3   r3,-384(fp),-376(fp)
+        mull2   r0,-384(fp)
+        addl3   -372(fp),-376(fp),r0
+        bicl3   #0,r0,-372(fp)
+        cmpl    -372(fp),-376(fp)
+        bgequ   noname.137
+        addl2   #65536,-384(fp)
+noname.137:
+        movzwl  -370(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-384(fp)
+        bicl3   #-65536,-372(fp),r0
+        ashl    #16,r0,-376(fp)
+        addl3   -376(fp),-380(fp),r0
+        bicl3   #0,r0,-380(fp)
+        cmpl    -380(fp),-376(fp)
+        bgequ   noname.138
+        incl    -384(fp)
+noname.138:
+        movl    -380(fp),r1
+        movl    -384(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.139
+        incl    r2
+noname.139:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.140
+        incl    r10
+noname.140:
+        movzwl  14(r6),r2
+        bicl3   #-65536,12(r7),r3
+        movzwl  14(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,12(r6),-396(fp)
+        bicl3   #-65536,r2,-400(fp)
+        mull3   r0,-396(fp),-388(fp)
+        mull2   r3,-396(fp)
+        mull3   r3,-400(fp),-392(fp)
+        mull2   r0,-400(fp)
+        addl3   -388(fp),-392(fp),r0
+        bicl3   #0,r0,-388(fp)
+        cmpl    -388(fp),-392(fp)
+        bgequ   noname.141
+        addl2   #65536,-400(fp)
+noname.141:
+        movzwl  -386(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-400(fp)
+        bicl3   #-65536,-388(fp),r0
+        ashl    #16,r0,-392(fp)
+        addl3   -392(fp),-396(fp),r0
+        bicl3   #0,r0,-396(fp)
+        cmpl    -396(fp),-392(fp)
+        bgequ   noname.142
+        incl    -400(fp)
+noname.142:
+        movl    -396(fp),r1
+        movl    -400(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.143
+        incl    r2
+noname.143:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.144
+        incl    r10
+noname.144:
+        movzwl  10(r6),r2
+        bicl3   #-65536,16(r7),r3
+        movzwl  18(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,8(r6),-412(fp)
+        bicl3   #-65536,r2,-416(fp)
+        mull3   r0,-412(fp),-404(fp)
+        mull2   r3,-412(fp)
+        mull3   r3,-416(fp),-408(fp)
+        mull2   r0,-416(fp)
+        addl3   -404(fp),-408(fp),r0
+        bicl3   #0,r0,-404(fp)
+        cmpl    -404(fp),-408(fp)
+        bgequ   noname.145
+        addl2   #65536,-416(fp)
+noname.145:
+        movzwl  -402(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-416(fp)
+        bicl3   #-65536,-404(fp),r0
+        ashl    #16,r0,-408(fp)
+        addl3   -408(fp),-412(fp),r0
+        bicl3   #0,r0,-412(fp)
+        cmpl    -412(fp),-408(fp)
+        bgequ   noname.146
+        incl    -416(fp)
+noname.146:
+        movl    -412(fp),r1
+        movl    -416(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.147
+        incl    r2
+noname.147:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.148
+        incl    r10
+noname.148:
+        movzwl  6(r6),r2
+        bicl3   #-65536,20(r7),r3
+        movzwl  22(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,4(r6),-428(fp)
+        bicl3   #-65536,r2,-432(fp)
+        mull3   r0,-428(fp),-420(fp)
+        mull2   r3,-428(fp)
+        mull3   r3,-432(fp),-424(fp)
+        mull2   r0,-432(fp)
+        addl3   -420(fp),-424(fp),r0
+        bicl3   #0,r0,-420(fp)
+        cmpl    -420(fp),-424(fp)
+        bgequ   noname.149
+        addl2   #65536,-432(fp)
+noname.149:
+        movzwl  -418(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-432(fp)
+        bicl3   #-65536,-420(fp),r0
+        ashl    #16,r0,-424(fp)
+        addl3   -424(fp),-428(fp),r0
+        bicl3   #0,r0,-428(fp)
+        cmpl    -428(fp),-424(fp)
+        bgequ   noname.150
+        incl    -432(fp)
+noname.150:
+        movl    -428(fp),r1
+        movl    -432(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.151
+        incl    r2
+noname.151:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.152
+        incl    r10
+noname.152:
+        movzwl  2(r6),r2
+        bicl3   #-65536,24(r7),r3
+        movzwl  26(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,(r6),-444(fp)
+        bicl3   #-65536,r2,-448(fp)
+        mull3   r0,-444(fp),-436(fp)
+        mull2   r3,-444(fp)
+        mull3   r3,-448(fp),-440(fp)
+        mull2   r0,-448(fp)
+        addl3   -436(fp),-440(fp),r0
+        bicl3   #0,r0,-436(fp)
+        cmpl    -436(fp),-440(fp)
+        bgequ   noname.153
+        addl2   #65536,-448(fp)
+noname.153:
+        movzwl  -434(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-448(fp)
+        bicl3   #-65536,-436(fp),r0
+        ashl    #16,r0,-440(fp)
+        addl3   -440(fp),-444(fp),r0
+        bicl3   #0,r0,-444(fp)
+        cmpl    -444(fp),-440(fp)
+        bgequ   noname.154
+        incl    -448(fp)
+noname.154:
+        movl    -444(fp),r1
+        movl    -448(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.155
+        incl    r2
+noname.155:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.156
+        incl    r10
+noname.156:
+        movl    r9,24(r11)
+        clrl    r9
+        movzwl  2(r6),r2
+        bicl3   #-65536,28(r7),r3
+        movzwl  30(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,(r6),-460(fp)
+        bicl3   #-65536,r2,-464(fp)
+        mull3   r0,-460(fp),-452(fp)
+        mull2   r3,-460(fp)
+        mull3   r3,-464(fp),-456(fp)
+        mull2   r0,-464(fp)
+        addl3   -452(fp),-456(fp),r0
+        bicl3   #0,r0,-452(fp)
+        cmpl    -452(fp),-456(fp)
+        bgequ   noname.157
+        addl2   #65536,-464(fp)
+noname.157:
+        movzwl  -450(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-464(fp)
+        bicl3   #-65536,-452(fp),r0
+        ashl    #16,r0,-456(fp)
+        addl3   -456(fp),-460(fp),r0
+        bicl3   #0,r0,-460(fp)
+        cmpl    -460(fp),-456(fp)
+        bgequ   noname.158
+        incl    -464(fp)
+noname.158:
+        movl    -460(fp),r1
+        movl    -464(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.159
+        incl    r2
+noname.159:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.160
+        incl    r9
+noname.160:
+        movzwl  6(r6),r2
+        bicl3   #-65536,24(r7),r3
+        movzwl  26(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,4(r6),-476(fp)
+        bicl3   #-65536,r2,-480(fp)
+        mull3   r0,-476(fp),-468(fp)
+        mull2   r3,-476(fp)
+        mull3   r3,-480(fp),-472(fp)
+        mull2   r0,-480(fp)
+        addl3   -468(fp),-472(fp),r0
+        bicl3   #0,r0,-468(fp)
+        cmpl    -468(fp),-472(fp)
+        bgequ   noname.161
+        addl2   #65536,-480(fp)
+noname.161:
+        movzwl  -466(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-480(fp)
+        bicl3   #-65536,-468(fp),r0
+        ashl    #16,r0,-472(fp)
+        addl3   -472(fp),-476(fp),r0
+        bicl3   #0,r0,-476(fp)
+        cmpl    -476(fp),-472(fp)
+        bgequ   noname.162
+        incl    -480(fp)
+noname.162:
+        movl    -476(fp),r1
+        movl    -480(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.163
+        incl    r2
+noname.163:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.164
+        incl    r9
+noname.164:
+        movzwl  10(r6),r2
+        bicl3   #-65536,20(r7),r3
+        movzwl  22(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,8(r6),-492(fp)
+        bicl3   #-65536,r2,-496(fp)
+        mull3   r0,-492(fp),-484(fp)
+        mull2   r3,-492(fp)
+        mull3   r3,-496(fp),-488(fp)
+        mull2   r0,-496(fp)
+        addl3   -484(fp),-488(fp),r0
+        bicl3   #0,r0,-484(fp)
+        cmpl    -484(fp),-488(fp)
+        bgequ   noname.165
+        addl2   #65536,-496(fp)
+noname.165:
+        movzwl  -482(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-496(fp)
+        bicl3   #-65536,-484(fp),r0
+        ashl    #16,r0,-488(fp)
+        addl3   -488(fp),-492(fp),r0
+        bicl3   #0,r0,-492(fp)
+        cmpl    -492(fp),-488(fp)
+        bgequ   noname.166
+        incl    -496(fp)
+noname.166:
+        movl    -492(fp),r1
+        movl    -496(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.167
+        incl    r2
+noname.167:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.168
+        incl    r9
+noname.168:
+        movzwl  14(r6),r2
+        bicl3   #-65536,16(r7),r3
+        movzwl  18(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,12(r6),-508(fp)
+        bicl3   #-65536,r2,-512(fp)
+        mull3   r0,-508(fp),-500(fp)
+        mull2   r3,-508(fp)
+        mull3   r3,-512(fp),-504(fp)
+        mull2   r0,-512(fp)
+        addl3   -500(fp),-504(fp),r0
+        bicl3   #0,r0,-500(fp)
+        cmpl    -500(fp),-504(fp)
+        bgequ   noname.169
+        addl2   #65536,-512(fp)
+noname.169:
+        movzwl  -498(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-512(fp)
+        bicl3   #-65536,-500(fp),r0
+        ashl    #16,r0,-504(fp)
+        addl3   -504(fp),-508(fp),r0
+        bicl3   #0,r0,-508(fp)
+        cmpl    -508(fp),-504(fp)
+        bgequ   noname.170
+        incl    -512(fp)
+noname.170:
+        movl    -508(fp),r1
+        movl    -512(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.171
+        incl    r2
+noname.171:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.172
+        incl    r9
+noname.172:
+        movzwl  18(r6),r2
+        bicl3   #-65536,12(r7),r3
+        movzwl  14(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,16(r6),-524(fp)
+        bicl3   #-65536,r2,-528(fp)
+        mull3   r0,-524(fp),-516(fp)
+        mull2   r3,-524(fp)
+        mull3   r3,-528(fp),-520(fp)
+        mull2   r0,-528(fp)
+        addl3   -516(fp),-520(fp),r0
+        bicl3   #0,r0,-516(fp)
+        cmpl    -516(fp),-520(fp)
+        bgequ   noname.173
+        addl2   #65536,-528(fp)
+noname.173:
+        movzwl  -514(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-528(fp)
+        bicl3   #-65536,-516(fp),r0
+        ashl    #16,r0,-520(fp)
+        addl3   -520(fp),-524(fp),r0
+        bicl3   #0,r0,-524(fp)
+        cmpl    -524(fp),-520(fp)
+        bgequ   noname.174
+        incl    -528(fp)
+noname.174:
+        movl    -524(fp),r1
+        movl    -528(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.175
+        incl    r2
+noname.175:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.176
+        incl    r9
+noname.176:
+        movzwl  22(r6),r2
+        bicl3   #-65536,8(r7),r3
+        movzwl  10(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,20(r6),-540(fp)
+        bicl3   #-65536,r2,-544(fp)
+        mull3   r0,-540(fp),-532(fp)
+        mull2   r3,-540(fp)
+        mull3   r3,-544(fp),-536(fp)
+        mull2   r0,-544(fp)
+        addl3   -532(fp),-536(fp),r0
+        bicl3   #0,r0,-532(fp)
+        cmpl    -532(fp),-536(fp)
+        bgequ   noname.177
+        addl2   #65536,-544(fp)
+noname.177:
+        movzwl  -530(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-544(fp)
+        bicl3   #-65536,-532(fp),r0
+        ashl    #16,r0,-536(fp)
+        addl3   -536(fp),-540(fp),r0
+        bicl3   #0,r0,-540(fp)
+        cmpl    -540(fp),-536(fp)
+        bgequ   noname.178
+        incl    -544(fp)
+noname.178:
+        movl    -540(fp),r1
+        movl    -544(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.179
+        incl    r2
+noname.179:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.180
+        incl    r9
+noname.180:
+        movzwl  26(r6),r2
+        bicl3   #-65536,4(r7),r3
+        movzwl  6(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,24(r6),-556(fp)
+        bicl3   #-65536,r2,-560(fp)
+        mull3   r0,-556(fp),-548(fp)
+        mull2   r3,-556(fp)
+        mull3   r3,-560(fp),-552(fp)
+        mull2   r0,-560(fp)
+        addl3   -548(fp),-552(fp),r0
+        bicl3   #0,r0,-548(fp)
+        cmpl    -548(fp),-552(fp)
+        bgequ   noname.181
+        addl2   #65536,-560(fp)
+noname.181:
+        movzwl  -546(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-560(fp)
+        bicl3   #-65536,-548(fp),r0
+        ashl    #16,r0,-552(fp)
+        addl3   -552(fp),-556(fp),r0
+        bicl3   #0,r0,-556(fp)
+        cmpl    -556(fp),-552(fp)
+        bgequ   noname.182
+        incl    -560(fp)
+noname.182:
+        movl    -556(fp),r1
+        movl    -560(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.183
+        incl    r2
+noname.183:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.184
+        incl    r9
+noname.184:
+        movzwl  30(r6),r2
+        bicl3   #-65536,(r7),r3
+        movzwl  2(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,28(r6),-572(fp)
+        bicl3   #-65536,r2,-576(fp)
+        mull3   r0,-572(fp),-564(fp)
+        mull2   r3,-572(fp)
+        mull3   r3,-576(fp),-568(fp)
+        mull2   r0,-576(fp)
+        addl3   -564(fp),-568(fp),r0
+        bicl3   #0,r0,-564(fp)
+        cmpl    -564(fp),-568(fp)
+        bgequ   noname.185
+        addl2   #65536,-576(fp)
+noname.185:
+        movzwl  -562(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-576(fp)
+        bicl3   #-65536,-564(fp),r0
+        ashl    #16,r0,-568(fp)
+        addl3   -568(fp),-572(fp),r0
+        bicl3   #0,r0,-572(fp)
+        cmpl    -572(fp),-568(fp)
+        bgequ   noname.186
+        incl    -576(fp)
+noname.186:
+        movl    -572(fp),r1
+        movl    -576(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.187
+        incl    r2
+noname.187:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.188
+        incl    r9
+noname.188:
+        movl    r8,28(r11)
+        clrl    r8
+        movzwl  30(r6),r2
+        bicl3   #-65536,4(r7),r3
+        movzwl  6(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,28(r6),-588(fp)
+        bicl3   #-65536,r2,-592(fp)
+        mull3   r0,-588(fp),-580(fp)
+        mull2   r3,-588(fp)
+        mull3   r3,-592(fp),-584(fp)
+        mull2   r0,-592(fp)
+        addl3   -580(fp),-584(fp),r0
+        bicl3   #0,r0,-580(fp)
+        cmpl    -580(fp),-584(fp)
+        bgequ   noname.189
+        addl2   #65536,-592(fp)
+noname.189:
+        movzwl  -578(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-592(fp)
+        bicl3   #-65536,-580(fp),r0
+        ashl    #16,r0,-584(fp)
+        addl3   -584(fp),-588(fp),r0
+        bicl3   #0,r0,-588(fp)
+        cmpl    -588(fp),-584(fp)
+        bgequ   noname.190
+        incl    -592(fp)
+noname.190:
+        movl    -588(fp),r1
+        movl    -592(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.191
+        incl    r2
+noname.191:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.192
+        incl    r8
+noname.192:
+        movzwl  26(r6),r2
+        bicl3   #-65536,8(r7),r3
+        movzwl  10(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,24(r6),-604(fp)
+        bicl3   #-65536,r2,-608(fp)
+        mull3   r0,-604(fp),-596(fp)
+        mull2   r3,-604(fp)
+        mull3   r3,-608(fp),-600(fp)
+        mull2   r0,-608(fp)
+        addl3   -596(fp),-600(fp),r0
+        bicl3   #0,r0,-596(fp)
+        cmpl    -596(fp),-600(fp)
+        bgequ   noname.193
+        addl2   #65536,-608(fp)
+noname.193:
+        movzwl  -594(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-608(fp)
+        bicl3   #-65536,-596(fp),r0
+        ashl    #16,r0,-600(fp)
+        addl3   -600(fp),-604(fp),r0
+        bicl3   #0,r0,-604(fp)
+        cmpl    -604(fp),-600(fp)
+        bgequ   noname.194
+        incl    -608(fp)
+noname.194:
+        movl    -604(fp),r1
+        movl    -608(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.195
+        incl    r2
+noname.195:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.196
+        incl    r8
+noname.196:
+        movzwl  22(r6),r2
+        bicl3   #-65536,12(r7),r3
+        movzwl  14(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,20(r6),-620(fp)
+        bicl3   #-65536,r2,-624(fp)
+        mull3   r0,-620(fp),-612(fp)
+        mull2   r3,-620(fp)
+        mull3   r3,-624(fp),-616(fp)
+        mull2   r0,-624(fp)
+        addl3   -612(fp),-616(fp),r0
+        bicl3   #0,r0,-612(fp)
+        cmpl    -612(fp),-616(fp)
+        bgequ   noname.197
+        addl2   #65536,-624(fp)
+noname.197:
+        movzwl  -610(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-624(fp)
+        bicl3   #-65536,-612(fp),r0
+        ashl    #16,r0,-616(fp)
+        addl3   -616(fp),-620(fp),r0
+        bicl3   #0,r0,-620(fp)
+        cmpl    -620(fp),-616(fp)
+        bgequ   noname.198
+        incl    -624(fp)
+noname.198:
+        movl    -620(fp),r1
+        movl    -624(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.199
+        incl    r2
+noname.199:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.200
+        incl    r8
+noname.200:
+        movzwl  18(r6),r2
+        bicl3   #-65536,16(r7),r3
+        movzwl  18(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,16(r6),-636(fp)
+        bicl3   #-65536,r2,-640(fp)
+        mull3   r0,-636(fp),-628(fp)
+        mull2   r3,-636(fp)
+        mull3   r3,-640(fp),-632(fp)
+        mull2   r0,-640(fp)
+        addl3   -628(fp),-632(fp),r0
+        bicl3   #0,r0,-628(fp)
+        cmpl    -628(fp),-632(fp)
+        bgequ   noname.201
+        addl2   #65536,-640(fp)
+noname.201:
+        movzwl  -626(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-640(fp)
+        bicl3   #-65536,-628(fp),r0
+        ashl    #16,r0,-632(fp)
+        addl3   -632(fp),-636(fp),r0
+        bicl3   #0,r0,-636(fp)
+        cmpl    -636(fp),-632(fp)
+        bgequ   noname.202
+        incl    -640(fp)
+noname.202:
+        movl    -636(fp),r1
+        movl    -640(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.203
+        incl    r2
+noname.203:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.204
+        incl    r8
+noname.204:
+        movzwl  14(r6),r2
+        bicl3   #-65536,20(r7),r3
+        movzwl  22(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,12(r6),-652(fp)
+        bicl3   #-65536,r2,-656(fp)
+        mull3   r0,-652(fp),-644(fp)
+        mull2   r3,-652(fp)
+        mull3   r3,-656(fp),-648(fp)
+        mull2   r0,-656(fp)
+        addl3   -644(fp),-648(fp),r0
+        bicl3   #0,r0,-644(fp)
+        cmpl    -644(fp),-648(fp)
+        bgequ   noname.205
+        addl2   #65536,-656(fp)
+noname.205:
+        movzwl  -642(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-656(fp)
+        bicl3   #-65536,-644(fp),r0
+        ashl    #16,r0,-648(fp)
+        addl3   -648(fp),-652(fp),r0
+        bicl3   #0,r0,-652(fp)
+        cmpl    -652(fp),-648(fp)
+        bgequ   noname.206
+        incl    -656(fp)
+noname.206:
+        movl    -652(fp),r1
+        movl    -656(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.207
+        incl    r2
+noname.207:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.208
+        incl    r8
+noname.208:
+        movzwl  10(r6),r2
+        bicl3   #-65536,24(r7),r3
+        movzwl  26(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,8(r6),-668(fp)
+        bicl3   #-65536,r2,-672(fp)
+        mull3   r0,-668(fp),-660(fp)
+        mull2   r3,-668(fp)
+        mull3   r3,-672(fp),-664(fp)
+        mull2   r0,-672(fp)
+        addl3   -660(fp),-664(fp),r0
+        bicl3   #0,r0,-660(fp)
+        cmpl    -660(fp),-664(fp)
+        bgequ   noname.209
+        addl2   #65536,-672(fp)
+noname.209:
+        movzwl  -658(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-672(fp)
+        bicl3   #-65536,-660(fp),r0
+        ashl    #16,r0,-664(fp)
+        addl3   -664(fp),-668(fp),r0
+        bicl3   #0,r0,-668(fp)
+        cmpl    -668(fp),-664(fp)
+        bgequ   noname.210
+        incl    -672(fp)
+noname.210:
+        movl    -668(fp),r1
+        movl    -672(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.211
+        incl    r2
+noname.211:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.212
+        incl    r8
+noname.212:
+        movzwl  6(r6),r2
+        bicl3   #-65536,28(r7),r3
+        movzwl  30(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,4(r6),-684(fp)
+        bicl3   #-65536,r2,-688(fp)
+        mull3   r0,-684(fp),-676(fp)
+        mull2   r3,-684(fp)
+        mull3   r3,-688(fp),-680(fp)
+        mull2   r0,-688(fp)
+        addl3   -676(fp),-680(fp),r0
+        bicl3   #0,r0,-676(fp)
+        cmpl    -676(fp),-680(fp)
+        bgequ   noname.213
+        addl2   #65536,-688(fp)
+noname.213:
+        movzwl  -674(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-688(fp)
+        bicl3   #-65536,-676(fp),r0
+        ashl    #16,r0,-680(fp)
+        addl3   -680(fp),-684(fp),r0
+        bicl3   #0,r0,-684(fp)
+        cmpl    -684(fp),-680(fp)
+        bgequ   noname.214
+        incl    -688(fp)
+noname.214:
+        movl    -684(fp),r1
+        movl    -688(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.215
+        incl    r2
+noname.215:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.216
+        incl    r8
+noname.216:
+        movl    r10,32(r11)
+        clrl    r10
+        movzwl  10(r6),r2
+        bicl3   #-65536,28(r7),r3
+        movzwl  30(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,8(r6),-700(fp)
+        bicl3   #-65536,r2,-704(fp)
+        mull3   r0,-700(fp),-692(fp)
+        mull2   r3,-700(fp)
+        mull3   r3,-704(fp),-696(fp)
+        mull2   r0,-704(fp)
+        addl3   -692(fp),-696(fp),r0
+        bicl3   #0,r0,-692(fp)
+        cmpl    -692(fp),-696(fp)
+        bgequ   noname.217
+        addl2   #65536,-704(fp)
+noname.217:
+        movzwl  -690(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-704(fp)
+        bicl3   #-65536,-692(fp),r0
+        ashl    #16,r0,-696(fp)
+        addl3   -696(fp),-700(fp),r0
+        bicl3   #0,r0,-700(fp)
+        cmpl    -700(fp),-696(fp)
+        bgequ   noname.218
+        incl    -704(fp)
+noname.218:
+        movl    -700(fp),r1
+        movl    -704(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.219
+        incl    r2
+noname.219:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.220
+        incl    r10
+noname.220:
+        movzwl  14(r6),r2
+        bicl3   #-65536,24(r7),r3
+        movzwl  26(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,12(r6),-716(fp)
+        bicl3   #-65536,r2,-720(fp)
+        mull3   r0,-716(fp),-708(fp)
+        mull2   r3,-716(fp)
+        mull3   r3,-720(fp),-712(fp)
+        mull2   r0,-720(fp)
+        addl3   -708(fp),-712(fp),r0
+        bicl3   #0,r0,-708(fp)
+        cmpl    -708(fp),-712(fp)
+        bgequ   noname.221
+        addl2   #65536,-720(fp)
+noname.221:
+        movzwl  -706(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-720(fp)
+        bicl3   #-65536,-708(fp),r0
+        ashl    #16,r0,-712(fp)
+        addl3   -712(fp),-716(fp),r0
+        bicl3   #0,r0,-716(fp)
+        cmpl    -716(fp),-712(fp)
+        bgequ   noname.222
+        incl    -720(fp)
+noname.222:
+        movl    -716(fp),r1
+        movl    -720(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.223
+        incl    r2
+noname.223:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.224
+        incl    r10
+noname.224:
+        movzwl  18(r6),r2
+        bicl3   #-65536,20(r7),r3
+        movzwl  22(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,16(r6),-732(fp)
+        bicl3   #-65536,r2,-736(fp)
+        mull3   r0,-732(fp),-724(fp)
+        mull2   r3,-732(fp)
+        mull3   r3,-736(fp),-728(fp)
+        mull2   r0,-736(fp)
+        addl3   -724(fp),-728(fp),r0
+        bicl3   #0,r0,-724(fp)
+        cmpl    -724(fp),-728(fp)
+        bgequ   noname.225
+        addl2   #65536,-736(fp)
+noname.225:
+        movzwl  -722(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-736(fp)
+        bicl3   #-65536,-724(fp),r0
+        ashl    #16,r0,-728(fp)
+        addl3   -728(fp),-732(fp),r0
+        bicl3   #0,r0,-732(fp)
+        cmpl    -732(fp),-728(fp)
+        bgequ   noname.226
+        incl    -736(fp)
+noname.226:
+        movl    -732(fp),r1
+        movl    -736(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.227
+        incl    r2
+noname.227:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.228
+        incl    r10
+noname.228:
+        movzwl  22(r6),r2
+        bicl3   #-65536,16(r7),r3
+        movzwl  18(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,20(r6),-748(fp)
+        bicl3   #-65536,r2,-752(fp)
+        mull3   r0,-748(fp),-740(fp)
+        mull2   r3,-748(fp)
+        mull3   r3,-752(fp),-744(fp)
+        mull2   r0,-752(fp)
+        addl3   -740(fp),-744(fp),r0
+        bicl3   #0,r0,-740(fp)
+        cmpl    -740(fp),-744(fp)
+        bgequ   noname.229
+        addl2   #65536,-752(fp)
+noname.229:
+        movzwl  -738(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-752(fp)
+        bicl3   #-65536,-740(fp),r0
+        ashl    #16,r0,-744(fp)
+        addl3   -744(fp),-748(fp),r0
+        bicl3   #0,r0,-748(fp)
+        cmpl    -748(fp),-744(fp)
+        bgequ   noname.230
+        incl    -752(fp)
+noname.230:
+        movl    -748(fp),r1
+        movl    -752(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.231
+        incl    r2
+noname.231:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.232
+        incl    r10
+noname.232:
+        movzwl  26(r6),r2
+        bicl3   #-65536,12(r7),r3
+        movzwl  14(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,24(r6),-764(fp)
+        bicl3   #-65536,r2,-768(fp)
+        mull3   r0,-764(fp),-756(fp)
+        mull2   r3,-764(fp)
+        mull3   r3,-768(fp),-760(fp)
+        mull2   r0,-768(fp)
+        addl3   -756(fp),-760(fp),r0
+        bicl3   #0,r0,-756(fp)
+        cmpl    -756(fp),-760(fp)
+        bgequ   noname.233
+        addl2   #65536,-768(fp)
+noname.233:
+        movzwl  -754(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-768(fp)
+        bicl3   #-65536,-756(fp),r0
+        ashl    #16,r0,-760(fp)
+        addl3   -760(fp),-764(fp),r0
+        bicl3   #0,r0,-764(fp)
+        cmpl    -764(fp),-760(fp)
+        bgequ   noname.234
+        incl    -768(fp)
+noname.234:
+        movl    -764(fp),r1
+        movl    -768(fp),r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.235
+        incl    r2
+noname.235:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.236
+        incl    r10
+noname.236:
+        bicl3   #-65536,28(r6),r3
+        movzwl  30(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,8(r7),r2
+        movzwl  10(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-772(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-776(fp)
+        mull2   r0,r4
+        addl3   -772(fp),-776(fp),r0
+        bicl3   #0,r0,-772(fp)
+        cmpl    -772(fp),-776(fp)
+        bgequ   noname.237
+        addl2   #65536,r4
+noname.237:
+        movzwl  -770(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-772(fp),r0
+        ashl    #16,r0,-776(fp)
+        addl2   -776(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-776(fp)
+        bgequ   noname.238
+        incl    r4
+noname.238:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.239
+        incl    r2
+noname.239:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.240
+        incl    r10
+noname.240:
+        movl    r9,36(r11)
+        clrl    r9
+        bicl3   #-65536,28(r6),r3
+        movzwl  30(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,12(r7),r2
+        movzwl  14(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-780(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-784(fp)
+        mull2   r0,r4
+        addl3   -780(fp),-784(fp),r0
+        bicl3   #0,r0,-780(fp)
+        cmpl    -780(fp),-784(fp)
+        bgequ   noname.241
+        addl2   #65536,r4
+noname.241:
+        movzwl  -778(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-780(fp),r0
+        ashl    #16,r0,-784(fp)
+        addl2   -784(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-784(fp)
+        bgequ   noname.242
+        incl    r4
+noname.242:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.243
+        incl    r2
+noname.243:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.244
+        incl    r9
+noname.244:
+        bicl3   #-65536,24(r6),r3
+        movzwl  26(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,16(r7),r2
+        movzwl  18(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-788(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-792(fp)
+        mull2   r0,r4
+        addl3   -788(fp),-792(fp),r0
+        bicl3   #0,r0,-788(fp)
+        cmpl    -788(fp),-792(fp)
+        bgequ   noname.245
+        addl2   #65536,r4
+noname.245:
+        movzwl  -786(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-788(fp),r0
+        ashl    #16,r0,-792(fp)
+        addl2   -792(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-792(fp)
+        bgequ   noname.246
+        incl    r4
+noname.246:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.247
+        incl    r2
+noname.247:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.248
+        incl    r9
+noname.248:
+        bicl3   #-65536,20(r6),r3
+        movzwl  22(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,20(r7),r2
+        movzwl  22(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-796(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-800(fp)
+        mull2   r0,r4
+        addl3   -796(fp),-800(fp),r0
+        bicl3   #0,r0,-796(fp)
+        cmpl    -796(fp),-800(fp)
+        bgequ   noname.249
+        addl2   #65536,r4
+noname.249:
+        movzwl  -794(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-796(fp),r0
+        ashl    #16,r0,-800(fp)
+        addl2   -800(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-800(fp)
+        bgequ   noname.250
+        incl    r4
+noname.250:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.251
+        incl    r2
+noname.251:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.252
+        incl    r9
+noname.252:
+        bicl3   #-65536,16(r6),r3
+        movzwl  18(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,24(r7),r2
+        movzwl  26(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-804(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-808(fp)
+        mull2   r0,r4
+        addl3   -804(fp),-808(fp),r0
+        bicl3   #0,r0,-804(fp)
+        cmpl    -804(fp),-808(fp)
+        bgequ   noname.253
+        addl2   #65536,r4
+noname.253:
+        movzwl  -802(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-804(fp),r0
+        ashl    #16,r0,-808(fp)
+        addl2   -808(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-808(fp)
+        bgequ   noname.254
+        incl    r4
+noname.254:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.255
+        incl    r2
+noname.255:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.256
+        incl    r9
+noname.256:
+        bicl3   #-65536,12(r6),r3
+        movzwl  14(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,28(r7),r2
+        movzwl  30(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-812(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-816(fp)
+        mull2   r0,r4
+        addl3   -812(fp),-816(fp),r0
+        bicl3   #0,r0,-812(fp)
+        cmpl    -812(fp),-816(fp)
+        bgequ   noname.257
+        addl2   #65536,r4
+noname.257:
+        movzwl  -810(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-812(fp),r0
+        ashl    #16,r0,-816(fp)
+        addl2   -816(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-816(fp)
+        bgequ   noname.258
+        incl    r4
+noname.258:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.259
+        incl    r2
+noname.259:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.260
+        incl    r9
+noname.260:
+        movl    r8,40(r11)
+        clrl    r8
+        bicl3   #-65536,16(r6),r3
+        movzwl  18(r6),r2
+        bicl3   #-65536,28(r7),r1
+        movzwl  30(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r4
+        bicl3   #-65536,r2,-828(fp)
+        mull3   r0,r4,-820(fp)
+        mull2   r1,r4
+        mull3   r1,-828(fp),-824(fp)
+        mull2   r0,-828(fp)
+        addl3   -820(fp),-824(fp),r0
+        bicl3   #0,r0,-820(fp)
+        cmpl    -820(fp),-824(fp)
+        bgequ   noname.261
+        addl2   #65536,-828(fp)
+noname.261:
+        movzwl  -818(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-828(fp)
+        bicl3   #-65536,-820(fp),r0
+        ashl    #16,r0,-824(fp)
+        addl2   -824(fp),r4
+        bicl2   #0,r4
+        cmpl    r4,-824(fp)
+        bgequ   noname.262
+        incl    -828(fp)
+noname.262:
+        movl    r4,r1
+        movl    -828(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.263
+        incl    r2
+noname.263:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.264
+        incl    r8
+noname.264:
+        movzwl  22(r6),r2
+        bicl3   #-65536,24(r7),r3
+        movzwl  26(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,20(r6),-840(fp)
+        bicl3   #-65536,r2,-844(fp)
+        mull3   r0,-840(fp),-832(fp)
+        mull2   r3,-840(fp)
+        mull3   r3,-844(fp),-836(fp)
+        mull2   r0,-844(fp)
+        addl3   -832(fp),-836(fp),r0
+        bicl3   #0,r0,-832(fp)
+        cmpl    -832(fp),-836(fp)
+        bgequ   noname.265
+        addl2   #65536,-844(fp)
+noname.265:
+        movzwl  -830(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-844(fp)
+        bicl3   #-65536,-832(fp),r0
+        ashl    #16,r0,-836(fp)
+        addl3   -836(fp),-840(fp),r0
+        bicl3   #0,r0,-840(fp)
+        cmpl    -840(fp),-836(fp)
+        bgequ   noname.266
+        incl    -844(fp)
+noname.266:
+        movl    -840(fp),r1
+        movl    -844(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.267
+        incl    r2
+noname.267:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.268
+        incl    r8
+noname.268:
+        bicl3   #-65536,24(r6),r3
+        movzwl  26(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,20(r7),r2
+        movzwl  22(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-848(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-852(fp)
+        mull2   r0,r4
+        addl3   -848(fp),-852(fp),r0
+        bicl3   #0,r0,-848(fp)
+        cmpl    -848(fp),-852(fp)
+        bgequ   noname.269
+        addl2   #65536,r4
+noname.269:
+        movzwl  -846(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-848(fp),r0
+        ashl    #16,r0,-852(fp)
+        addl2   -852(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-852(fp)
+        bgequ   noname.270
+        incl    r4
+noname.270:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.271
+        incl    r2
+noname.271:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.272
+        incl    r8
+noname.272:
+        bicl3   #-65536,28(r6),r3
+        movzwl  30(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,16(r7),r2
+        movzwl  18(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-856(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-860(fp)
+        mull2   r0,r4
+        addl3   -856(fp),-860(fp),r0
+        bicl3   #0,r0,-856(fp)
+        cmpl    -856(fp),-860(fp)
+        bgequ   noname.273
+        addl2   #65536,r4
+noname.273:
+        movzwl  -854(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-856(fp),r0
+        ashl    #16,r0,-860(fp)
+        addl2   -860(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-860(fp)
+        bgequ   noname.274
+        incl    r4
+noname.274:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.275
+        incl    r2
+noname.275:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.276
+        incl    r8
+noname.276:
+        movl    r10,44(r11)
+        clrl    r10
+        bicl3   #-65536,28(r6),r3
+        movzwl  30(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,20(r7),r2
+        movzwl  22(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-864(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-868(fp)
+        mull2   r0,r4
+        addl3   -864(fp),-868(fp),r0
+        bicl3   #0,r0,-864(fp)
+        cmpl    -864(fp),-868(fp)
+        bgequ   noname.277
+        addl2   #65536,r4
+noname.277:
+        movzwl  -862(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-864(fp),r0
+        ashl    #16,r0,-868(fp)
+        addl2   -868(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-868(fp)
+        bgequ   noname.278
+        incl    r4
+noname.278:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.279
+        incl    r2
+noname.279:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.280
+        incl    r10
+noname.280:
+        bicl3   #-65536,24(r6),r3
+        movzwl  26(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,24(r7),r2
+        movzwl  26(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-872(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-876(fp)
+        mull2   r0,r4
+        addl3   -872(fp),-876(fp),r0
+        bicl3   #0,r0,-872(fp)
+        cmpl    -872(fp),-876(fp)
+        bgequ   noname.281
+        addl2   #65536,r4
+noname.281:
+        movzwl  -870(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-872(fp),r0
+        ashl    #16,r0,-876(fp)
+        addl2   -876(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-876(fp)
+        bgequ   noname.282
+        incl    r4
+noname.282:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.283
+        incl    r2
+noname.283:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.284
+        incl    r10
+noname.284:
+        bicl3   #-65536,20(r6),r3
+        movzwl  22(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,28(r7),r2
+        movzwl  30(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-880(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-884(fp)
+        mull2   r0,r4
+        addl3   -880(fp),-884(fp),r0
+        bicl3   #0,r0,-880(fp)
+        cmpl    -880(fp),-884(fp)
+        bgequ   noname.285
+        addl2   #65536,r4
+noname.285:
+        movzwl  -878(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-880(fp),r0
+        ashl    #16,r0,-884(fp)
+        addl2   -884(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-884(fp)
+        bgequ   noname.286
+        incl    r4
+noname.286:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.287
+        incl    r2
+noname.287:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.288
+        incl    r10
+noname.288:
+        movl    r9,48(r11)
+        clrl    r9
+        bicl3   #-65536,24(r6),r3
+        movzwl  26(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,28(r7),r2
+        movzwl  30(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-888(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-892(fp)
+        mull2   r0,r4
+        addl3   -888(fp),-892(fp),r0
+        bicl3   #0,r0,-888(fp)
+        cmpl    -888(fp),-892(fp)
+        bgequ   noname.289
+        addl2   #65536,r4
+noname.289:
+        movzwl  -886(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-888(fp),r0
+        ashl    #16,r0,-892(fp)
+        addl2   -892(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-892(fp)
+        bgequ   noname.290
+        incl    r4
+noname.290:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.291
+        incl    r2
+noname.291:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.292
+        incl    r9
+noname.292:
+        movzwl  30(r6),r2
+        bicl3   #-65536,24(r7),r3
+        movzwl  26(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,28(r6),-904(fp)
+        bicl3   #-65536,r2,-908(fp)
+        mull3   r0,-904(fp),-896(fp)
+        mull2   r3,-904(fp)
+        mull3   r3,-908(fp),-900(fp)
+        mull2   r0,-908(fp)
+        addl3   -896(fp),-900(fp),r0
+        bicl3   #0,r0,-896(fp)
+        cmpl    -896(fp),-900(fp)
+        bgequ   noname.293
+        addl2   #65536,-908(fp)
+noname.293:
+        movzwl  -894(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-908(fp)
+        bicl3   #-65536,-896(fp),r0
+        ashl    #16,r0,-900(fp)
+        addl3   -900(fp),-904(fp),r0
+        bicl3   #0,r0,-904(fp)
+        cmpl    -904(fp),-900(fp)
+        bgequ   noname.294
+        incl    -908(fp)
+noname.294:
+        movl    -904(fp),r1
+        movl    -908(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.295
+        incl    r2
+noname.295:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.296
+        incl    r9
+noname.296:
+        movl    r8,52(r11)
+        clrl    r8
+        movzwl  30(r6),r2
+        bicl3   #-65536,28(r7),r3
+        movzwl  30(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,28(r6),-920(fp)
+        bicl3   #-65536,r2,-924(fp)
+        mull3   r0,-920(fp),-912(fp)
+        mull2   r3,-920(fp)
+        mull3   r3,-924(fp),-916(fp)
+        mull2   r0,-924(fp)
+        addl3   -912(fp),-916(fp),r0
+        bicl3   #0,r0,-912(fp)
+        cmpl    -912(fp),-916(fp)
+        bgequ   noname.297
+        addl2   #65536,-924(fp)
+noname.297:
+        movzwl  -910(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-924(fp)
+        bicl3   #-65536,-912(fp),r0
+        ashl    #16,r0,-916(fp)
+        addl3   -916(fp),-920(fp),r0
+        bicl3   #0,r0,-920(fp)
+        cmpl    -920(fp),-916(fp)
+        bgequ   noname.298
+        incl    -924(fp)
+noname.298:
+        movl    -920(fp),r1
+        movl    -924(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.299
+        incl    r2
+noname.299:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.300
+        incl    r8
+noname.300:
+        movl    r10,56(r11)
+        movl    r9,60(r11)
+        ret     
+;r=4 ;(AP)
+;a=8 ;(AP)
+;b=12 ;(AP)
+;n=16 ;(AP)     n       by value (input)
+        .psect  code,nowrt
+.entry  BN_MUL_COMBA4,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10,r11>
+        movab   -156(sp),sp
+        clrq    r9
+        clrl    r8
+        movl    8(ap),r6
+        bicl3   #-65536,(r6),r3
+        movzwl  2(r6),r2
+        bicl2   #-65536,r2
+        movl    12(ap),r7
+        bicl3   #-65536,(r7),r1
+        movzwl  2(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r2,r4
+        mull3   r0,r5,-4(fp)
+        mull2   r1,r5
+        mull3   r1,r4,-8(fp)
+        mull2   r0,r4
+        addl3   -4(fp),-8(fp),r0
+        bicl3   #0,r0,-4(fp)
+        cmpl    -4(fp),-8(fp)
+        bgequ   noname.303
+        addl2   #65536,r4
+noname.303:
+        movzwl  -2(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-4(fp),r0
+        ashl    #16,r0,-8(fp)
+        addl2   -8(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-8(fp)
+        bgequ   noname.304
+        incl    r4
+noname.304:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.305
+        incl    r2
+noname.305:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.306
+        incl    r8
+noname.306:
+        movl    4(ap),r11
+        movl    r10,(r11)
+        clrl    r10
+        bicl3   #-65536,(r6),r3
+        movzwl  2(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,4(r7),r2
+        movzwl  6(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-12(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-16(fp)
+        mull2   r0,r4
+        addl3   -12(fp),-16(fp),r0
+        bicl3   #0,r0,-12(fp)
+        cmpl    -12(fp),-16(fp)
+        bgequ   noname.307
+        addl2   #65536,r4
+noname.307:
+        movzwl  -10(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-12(fp),r0
+        ashl    #16,r0,-16(fp)
+        addl2   -16(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-16(fp)
+        bgequ   noname.308
+        incl    r4
+noname.308:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.309
+        incl    r2
+noname.309:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.310
+        incl    r10
+noname.310:
+        bicl3   #-65536,4(r6),r3
+        movzwl  6(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,(r7),r2
+        movzwl  2(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-20(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-24(fp)
+        mull2   r0,r4
+        addl3   -20(fp),-24(fp),r0
+        bicl3   #0,r0,-20(fp)
+        cmpl    -20(fp),-24(fp)
+        bgequ   noname.311
+        addl2   #65536,r4
+noname.311:
+        movzwl  -18(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-20(fp),r0
+        ashl    #16,r0,-24(fp)
+        addl2   -24(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-24(fp)
+        bgequ   noname.312
+        incl    r4
+noname.312:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.313
+        incl    r2
+noname.313:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.314
+        incl    r10
+noname.314:
+        movl    r9,4(r11)
+        clrl    r9
+        bicl3   #-65536,8(r6),r3
+        movzwl  10(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,(r7),r2
+        movzwl  2(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-28(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-32(fp)
+        mull2   r0,r4
+        addl3   -28(fp),-32(fp),r0
+        bicl3   #0,r0,-28(fp)
+        cmpl    -28(fp),-32(fp)
+        bgequ   noname.315
+        addl2   #65536,r4
+noname.315:
+        movzwl  -26(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-28(fp),r0
+        ashl    #16,r0,-32(fp)
+        addl2   -32(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-32(fp)
+        bgequ   noname.316
+        incl    r4
+noname.316:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.317
+        incl    r2
+noname.317:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.318
+        incl    r9
+noname.318:
+        bicl3   #-65536,4(r6),r3
+        movzwl  6(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,4(r7),r2
+        movzwl  6(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-36(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-40(fp)
+        mull2   r0,r4
+        addl3   -36(fp),-40(fp),r0
+        bicl3   #0,r0,-36(fp)
+        cmpl    -36(fp),-40(fp)
+        bgequ   noname.319
+        addl2   #65536,r4
+noname.319:
+        movzwl  -34(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-36(fp),r0
+        ashl    #16,r0,-40(fp)
+        addl2   -40(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-40(fp)
+        bgequ   noname.320
+        incl    r4
+noname.320:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.321
+        incl    r2
+noname.321:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.322
+        incl    r9
+noname.322:
+        bicl3   #-65536,(r6),r3
+        movzwl  2(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,8(r7),r2
+        movzwl  10(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-44(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-48(fp)
+        mull2   r0,r4
+        addl3   -44(fp),-48(fp),r0
+        bicl3   #0,r0,-44(fp)
+        cmpl    -44(fp),-48(fp)
+        bgequ   noname.323
+        addl2   #65536,r4
+noname.323:
+        movzwl  -42(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-44(fp),r0
+        ashl    #16,r0,-48(fp)
+        addl2   -48(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-48(fp)
+        bgequ   noname.324
+        incl    r4
+noname.324:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.325
+        incl    r2
+noname.325:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.326
+        incl    r9
+noname.326:
+        movl    r8,8(r11)
+        clrl    r8
+        bicl3   #-65536,(r6),r3
+        movzwl  2(r6),r2
+        bicl3   #-65536,12(r7),r1
+        movzwl  14(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r4
+        bicl3   #-65536,r2,-60(fp)
+        mull3   r0,r4,-52(fp)
+        mull2   r1,r4
+        mull3   r1,-60(fp),-56(fp)
+        mull2   r0,-60(fp)
+        addl3   -52(fp),-56(fp),r0
+        bicl3   #0,r0,-52(fp)
+        cmpl    -52(fp),-56(fp)
+        bgequ   noname.327
+        addl2   #65536,-60(fp)
+noname.327:
+        movzwl  -50(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-60(fp)
+        bicl3   #-65536,-52(fp),r0
+        ashl    #16,r0,-56(fp)
+        addl2   -56(fp),r4
+        bicl2   #0,r4
+        cmpl    r4,-56(fp)
+        bgequ   noname.328
+        incl    -60(fp)
+noname.328:
+        movl    r4,r1
+        movl    -60(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.329
+        incl    r2
+noname.329:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.330
+        incl    r8
+noname.330:
+        movzwl  6(r6),r2
+        bicl3   #-65536,8(r7),r3
+        movzwl  10(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,4(r6),-72(fp)
+        bicl3   #-65536,r2,-76(fp)
+        mull3   r0,-72(fp),-64(fp)
+        mull2   r3,-72(fp)
+        mull3   r3,-76(fp),-68(fp)
+        mull2   r0,-76(fp)
+        addl3   -64(fp),-68(fp),r0
+        bicl3   #0,r0,-64(fp)
+        cmpl    -64(fp),-68(fp)
+        bgequ   noname.331
+        addl2   #65536,-76(fp)
+noname.331:
+        movzwl  -62(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-76(fp)
+        bicl3   #-65536,-64(fp),r0
+        ashl    #16,r0,-68(fp)
+        addl3   -68(fp),-72(fp),r0
+        bicl3   #0,r0,-72(fp)
+        cmpl    -72(fp),-68(fp)
+        bgequ   noname.332
+        incl    -76(fp)
+noname.332:
+        movl    -72(fp),r1
+        movl    -76(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.333
+        incl    r2
+noname.333:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.334
+        incl    r8
+noname.334:
+        bicl3   #-65536,8(r6),r3
+        movzwl  10(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,4(r7),r2
+        movzwl  6(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-80(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-84(fp)
+        mull2   r0,r4
+        addl3   -80(fp),-84(fp),r0
+        bicl3   #0,r0,-80(fp)
+        cmpl    -80(fp),-84(fp)
+        bgequ   noname.335
+        addl2   #65536,r4
+noname.335:
+        movzwl  -78(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-80(fp),r0
+        ashl    #16,r0,-84(fp)
+        addl2   -84(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-84(fp)
+        bgequ   noname.336
+        incl    r4
+noname.336:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.337
+        incl    r2
+noname.337:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.338
+        incl    r8
+noname.338:
+        bicl3   #-65536,12(r6),r3
+        movzwl  14(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,(r7),r2
+        movzwl  2(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-88(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-92(fp)
+        mull2   r0,r4
+        addl3   -88(fp),-92(fp),r0
+        bicl3   #0,r0,-88(fp)
+        cmpl    -88(fp),-92(fp)
+        bgequ   noname.339
+        addl2   #65536,r4
+noname.339:
+        movzwl  -86(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-88(fp),r0
+        ashl    #16,r0,-92(fp)
+        addl2   -92(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-92(fp)
+        bgequ   noname.340
+        incl    r4
+noname.340:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.341
+        incl    r2
+noname.341:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.342
+        incl    r8
+noname.342:
+        movl    r10,12(r11)
+        clrl    r10
+        bicl3   #-65536,12(r6),r3
+        movzwl  14(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,4(r7),r2
+        movzwl  6(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-96(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-100(fp)
+        mull2   r0,r4
+        addl3   -96(fp),-100(fp),r0
+        bicl3   #0,r0,-96(fp)
+        cmpl    -96(fp),-100(fp)
+        bgequ   noname.343
+        addl2   #65536,r4
+noname.343:
+        movzwl  -94(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-96(fp),r0
+        ashl    #16,r0,-100(fp)
+        addl2   -100(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-100(fp)
+        bgequ   noname.344
+        incl    r4
+noname.344:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.345
+        incl    r2
+noname.345:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.346
+        incl    r10
+noname.346:
+        bicl3   #-65536,8(r6),r3
+        movzwl  10(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,8(r7),r2
+        movzwl  10(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-104(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-108(fp)
+        mull2   r0,r4
+        addl3   -104(fp),-108(fp),r0
+        bicl3   #0,r0,-104(fp)
+        cmpl    -104(fp),-108(fp)
+        bgequ   noname.347
+        addl2   #65536,r4
+noname.347:
+        movzwl  -102(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-104(fp),r0
+        ashl    #16,r0,-108(fp)
+        addl2   -108(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-108(fp)
+        bgequ   noname.348
+        incl    r4
+noname.348:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.349
+        incl    r2
+noname.349:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.350
+        incl    r10
+noname.350:
+        bicl3   #-65536,4(r6),r3
+        movzwl  6(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,12(r7),r2
+        movzwl  14(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-112(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-116(fp)
+        mull2   r0,r4
+        addl3   -112(fp),-116(fp),r0
+        bicl3   #0,r0,-112(fp)
+        cmpl    -112(fp),-116(fp)
+        bgequ   noname.351
+        addl2   #65536,r4
+noname.351:
+        movzwl  -110(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-112(fp),r0
+        ashl    #16,r0,-116(fp)
+        addl2   -116(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-116(fp)
+        bgequ   noname.352
+        incl    r4
+noname.352:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.353
+        incl    r2
+noname.353:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.354
+        incl    r10
+noname.354:
+        movl    r9,16(r11)
+        clrl    r9
+        bicl3   #-65536,8(r6),r3
+        movzwl  10(r6),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,12(r7),r2
+        movzwl  14(r7),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-120(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-124(fp)
+        mull2   r0,r4
+        addl3   -120(fp),-124(fp),r0
+        bicl3   #0,r0,-120(fp)
+        cmpl    -120(fp),-124(fp)
+        bgequ   noname.355
+        addl2   #65536,r4
+noname.355:
+        movzwl  -118(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-120(fp),r0
+        ashl    #16,r0,-124(fp)
+        addl2   -124(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-124(fp)
+        bgequ   noname.356
+        incl    r4
+noname.356:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.357
+        incl    r2
+noname.357:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.358
+        incl    r9
+noname.358:
+        movzwl  14(r6),r2
+        bicl3   #-65536,8(r7),r3
+        movzwl  10(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,12(r6),-136(fp)
+        bicl3   #-65536,r2,-140(fp)
+        mull3   r0,-136(fp),-128(fp)
+        mull2   r3,-136(fp)
+        mull3   r3,-140(fp),-132(fp)
+        mull2   r0,-140(fp)
+        addl3   -128(fp),-132(fp),r0
+        bicl3   #0,r0,-128(fp)
+        cmpl    -128(fp),-132(fp)
+        bgequ   noname.359
+        addl2   #65536,-140(fp)
+noname.359:
+        movzwl  -126(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-140(fp)
+        bicl3   #-65536,-128(fp),r0
+        ashl    #16,r0,-132(fp)
+        addl3   -132(fp),-136(fp),r0
+        bicl3   #0,r0,-136(fp)
+        cmpl    -136(fp),-132(fp)
+        bgequ   noname.360
+        incl    -140(fp)
+noname.360:
+        movl    -136(fp),r1
+        movl    -140(fp),r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.361
+        incl    r2
+noname.361:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.362
+        incl    r9
+noname.362:
+        movl    r8,20(r11)
+        clrl    r8
+        movzwl  14(r6),r2
+        bicl3   #-65536,12(r7),r3
+        movzwl  14(r7),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,12(r6),-152(fp)
+        bicl3   #-65536,r2,-156(fp)
+        mull3   r0,-152(fp),-144(fp)
+        mull2   r3,-152(fp)
+        mull3   r3,-156(fp),-148(fp)
+        mull2   r0,-156(fp)
+        addl3   -144(fp),-148(fp),r0
+        bicl3   #0,r0,-144(fp)
+        cmpl    -144(fp),-148(fp)
+        bgequ   noname.363
+        addl2   #65536,-156(fp)
+noname.363:
+        movzwl  -142(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-156(fp)
+        bicl3   #-65536,-144(fp),r0
+        ashl    #16,r0,-148(fp)
+        addl3   -148(fp),-152(fp),r0
+        bicl3   #0,r0,-152(fp)
+        cmpl    -152(fp),-148(fp)
+        bgequ   noname.364
+        incl    -156(fp)
+noname.364:
+        movl    -152(fp),r1
+        movl    -156(fp),r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.365
+        incl    r2
+noname.365:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.366
+        incl    r8
+noname.366:
+        movl    r10,24(r11)
+        movl    r9,28(r11)
+        ret     
+;r=4 ;(AP)
+;a=8 ;(AP)
+;b=12 ;(AP)
+;n=16 ;(AP)     n       by value (input)
+        .psect  code,nowrt
+.entry  BN_SQR_COMBA8,^m<r2,r3,r4,r5,r6,r7,r8,r9>
+        movab   -444(sp),sp
+        clrq    r8
+        clrl    r7
+        movl    8(ap),r4
+        movl    (r4),r3
+        bicl3   #-65536,r3,-4(fp)
+        extzv   #16,#16,r3,r0
+        bicl3   #-65536,r0,r3
+        movl    -4(fp),r0
+        mull3   r0,r3,-8(fp)
+        mull3   r0,r0,-4(fp)
+        mull2   r3,r3
+        bicl3   #32767,-8(fp),r0
+        extzv   #15,#17,r0,r0
+        addl2   r0,r3
+        bicl3   #-65536,-8(fp),r0
+        ashl    #17,r0,-8(fp)
+        addl3   -4(fp),-8(fp),r0
+        bicl3   #0,r0,-4(fp)
+        cmpl    -4(fp),-8(fp)
+        bgequ   noname.369
+        incl    r3
+noname.369:
+        movl    -4(fp),r1
+        movl    r3,r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.370
+        incl    r2
+noname.370:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.371
+        incl    r7
+noname.371:
+        movl    r9,@4(ap)
+        clrl    r9
+        movzwl  6(r4),r2
+        bicl3   #-65536,(r4),r3
+        movzwl  2(r4),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,4(r4),-20(fp)
+        bicl3   #-65536,r2,-24(fp)
+        mull3   r0,-20(fp),-12(fp)
+        mull2   r3,-20(fp)
+        mull3   r3,-24(fp),-16(fp)
+        mull2   r0,-24(fp)
+        addl3   -12(fp),-16(fp),r0
+        bicl3   #0,r0,-12(fp)
+        cmpl    -12(fp),-16(fp)
+        bgequ   noname.372
+        addl2   #65536,-24(fp)
+noname.372:
+        movzwl  -10(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-24(fp)
+        bicl3   #-65536,-12(fp),r0
+        ashl    #16,r0,-16(fp)
+        addl3   -16(fp),-20(fp),r0
+        bicl3   #0,r0,-20(fp)
+        cmpl    -20(fp),-16(fp)
+        bgequ   noname.373
+        incl    -24(fp)
+noname.373:
+        movl    -20(fp),r3
+        movl    -24(fp),r2
+        bbc     #31,r2,noname.374
+        incl    r9
+noname.374:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.375
+        incl    r2
+noname.375:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r8
+        bicl2   #0,r8
+        cmpl    r8,r3
+        bgequ   noname.376
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.376
+        incl    r9
+noname.376:
+        addl2   r2,r7
+        bicl2   #0,r7
+        cmpl    r7,r2
+        bgequ   noname.377
+        incl    r9
+noname.377:
+        movl    4(ap),r0
+        movl    r8,4(r0)
+        clrl    r8
+        movl    8(ap),r4
+        movl    4(r4),r3
+        bicl3   #-65536,r3,-28(fp)
+        extzv   #16,#16,r3,r0
+        bicl3   #-65536,r0,r3
+        movl    -28(fp),r0
+        mull3   r0,r3,-32(fp)
+        mull3   r0,r0,-28(fp)
+        mull2   r3,r3
+        bicl3   #32767,-32(fp),r0
+        extzv   #15,#17,r0,r0
+        addl2   r0,r3
+        bicl3   #-65536,-32(fp),r0
+        ashl    #17,r0,-32(fp)
+        addl3   -28(fp),-32(fp),r0
+        bicl3   #0,r0,-28(fp)
+        cmpl    -28(fp),-32(fp)
+        bgequ   noname.378
+        incl    r3
+noname.378:
+        movl    -28(fp),r1
+        movl    r3,r2
+        addl2   r1,r7
+        bicl2   #0,r7
+        cmpl    r7,r1
+        bgequ   noname.379
+        incl    r2
+noname.379:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.380
+        incl    r8
+noname.380:
+        movzwl  10(r4),r2
+        bicl3   #-65536,(r4),r3
+        movzwl  2(r4),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,8(r4),-44(fp)
+        bicl3   #-65536,r2,-48(fp)
+        mull3   r0,-44(fp),-36(fp)
+        mull2   r3,-44(fp)
+        mull3   r3,-48(fp),-40(fp)
+        mull2   r0,-48(fp)
+        addl3   -36(fp),-40(fp),r0
+        bicl3   #0,r0,-36(fp)
+        cmpl    -36(fp),-40(fp)
+        bgequ   noname.381
+        addl2   #65536,-48(fp)
+noname.381:
+        movzwl  -34(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-48(fp)
+        bicl3   #-65536,-36(fp),r0
+        ashl    #16,r0,-40(fp)
+        addl3   -40(fp),-44(fp),r0
+        bicl3   #0,r0,-44(fp)
+        cmpl    -44(fp),-40(fp)
+        bgequ   noname.382
+        incl    -48(fp)
+noname.382:
+        movl    -44(fp),r3
+        movl    -48(fp),r2
+        bbc     #31,r2,noname.383
+        incl    r8
+noname.383:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.384
+        incl    r2
+noname.384:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r7
+        bicl2   #0,r7
+        cmpl    r7,r3
+        bgequ   noname.385
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.385
+        incl    r8
+noname.385:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.386
+        incl    r8
+noname.386:
+        movl    4(ap),r0
+        movl    r7,8(r0)
+        clrl    r7
+        movl    8(ap),r0
+        movzwl  14(r0),r2
+        bicl3   #-65536,(r0),r3
+        movzwl  2(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,12(r0),-60(fp)
+        bicl3   #-65536,r2,-64(fp)
+        mull3   r1,-60(fp),-52(fp)
+        mull2   r3,-60(fp)
+        mull3   r3,-64(fp),-56(fp)
+        mull2   r1,-64(fp)
+        addl3   -52(fp),-56(fp),r0
+        bicl3   #0,r0,-52(fp)
+        cmpl    -52(fp),-56(fp)
+        bgequ   noname.387
+        addl2   #65536,-64(fp)
+noname.387:
+        movzwl  -50(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-64(fp)
+        bicl3   #-65536,-52(fp),r0
+        ashl    #16,r0,-56(fp)
+        addl3   -56(fp),-60(fp),r0
+        bicl3   #0,r0,-60(fp)
+        cmpl    -60(fp),-56(fp)
+        bgequ   noname.388
+        incl    -64(fp)
+noname.388:
+        movl    -60(fp),r3
+        movl    -64(fp),r2
+        bbc     #31,r2,noname.389
+        incl    r7
+noname.389:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.390
+        incl    r2
+noname.390:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r9
+        bicl2   #0,r9
+        cmpl    r9,r3
+        bgequ   noname.391
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.391
+        incl    r7
+noname.391:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.392
+        incl    r7
+noname.392:
+        movl    8(ap),r0
+        movzwl  10(r0),r2
+        bicl3   #-65536,4(r0),r3
+        movzwl  6(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,8(r0),-76(fp)
+        bicl3   #-65536,r2,-80(fp)
+        mull3   r1,-76(fp),-68(fp)
+        mull2   r3,-76(fp)
+        mull3   r3,-80(fp),-72(fp)
+        mull2   r1,-80(fp)
+        addl3   -68(fp),-72(fp),r0
+        bicl3   #0,r0,-68(fp)
+        cmpl    -68(fp),-72(fp)
+        bgequ   noname.393
+        addl2   #65536,-80(fp)
+noname.393:
+        movzwl  -66(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-80(fp)
+        bicl3   #-65536,-68(fp),r0
+        ashl    #16,r0,-72(fp)
+        addl3   -72(fp),-76(fp),r0
+        bicl3   #0,r0,-76(fp)
+        cmpl    -76(fp),-72(fp)
+        bgequ   noname.394
+        incl    -80(fp)
+noname.394:
+        movl    -76(fp),r3
+        movl    -80(fp),r2
+        bbc     #31,r2,noname.395
+        incl    r7
+noname.395:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.396
+        incl    r2
+noname.396:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r9
+        bicl2   #0,r9
+        cmpl    r9,r3
+        bgequ   noname.397
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.397
+        incl    r7
+noname.397:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.398
+        incl    r7
+noname.398:
+        movl    4(ap),r0
+        movl    r9,12(r0)
+        clrl    r9
+        movl    8(ap),r2
+        movl    8(r2),r4
+        bicl3   #-65536,r4,-84(fp)
+        extzv   #16,#16,r4,r0
+        bicl3   #-65536,r0,r4
+        movl    -84(fp),r0
+        mull3   r0,r4,-88(fp)
+        mull3   r0,r0,-84(fp)
+        mull2   r4,r4
+        bicl3   #32767,-88(fp),r0
+        extzv   #15,#17,r0,r0
+        addl2   r0,r4
+        bicl3   #-65536,-88(fp),r0
+        ashl    #17,r0,-88(fp)
+        addl3   -84(fp),-88(fp),r0
+        bicl3   #0,r0,-84(fp)
+        cmpl    -84(fp),-88(fp)
+        bgequ   noname.399
+        incl    r4
+noname.399:
+        movl    -84(fp),r1
+        movl    r4,r3
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.400
+        incl    r3
+noname.400:
+        addl2   r3,r7
+        bicl2   #0,r7
+        cmpl    r7,r3
+        bgequ   noname.401
+        incl    r9
+noname.401:
+        movzwl  14(r2),r3
+        bicl3   #-65536,4(r2),r1
+        movzwl  6(r2),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,12(r2),-100(fp)
+        bicl3   #-65536,r3,-104(fp)
+        mull3   r0,-100(fp),-92(fp)
+        mull2   r1,-100(fp)
+        mull3   r1,-104(fp),-96(fp)
+        mull2   r0,-104(fp)
+        addl3   -92(fp),-96(fp),r0
+        bicl3   #0,r0,-92(fp)
+        cmpl    -92(fp),-96(fp)
+        bgequ   noname.402
+        addl2   #65536,-104(fp)
+noname.402:
+        movzwl  -90(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-104(fp)
+        bicl3   #-65536,-92(fp),r0
+        ashl    #16,r0,-96(fp)
+        addl3   -96(fp),-100(fp),r0
+        bicl3   #0,r0,-100(fp)
+        cmpl    -100(fp),-96(fp)
+        bgequ   noname.403
+        incl    -104(fp)
+noname.403:
+        movl    -100(fp),r3
+        movl    -104(fp),r2
+        bbc     #31,r2,noname.404
+        incl    r9
+noname.404:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.405
+        incl    r2
+noname.405:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r8
+        bicl2   #0,r8
+        cmpl    r8,r3
+        bgequ   noname.406
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.406
+        incl    r9
+noname.406:
+        addl2   r2,r7
+        bicl2   #0,r7
+        cmpl    r7,r2
+        bgequ   noname.407
+        incl    r9
+noname.407:
+        movl    8(ap),r0
+        movzwl  18(r0),r2
+        bicl3   #-65536,(r0),r3
+        movzwl  2(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,16(r0),-116(fp)
+        bicl3   #-65536,r2,-120(fp)
+        mull3   r1,-116(fp),-108(fp)
+        mull2   r3,-116(fp)
+        mull3   r3,-120(fp),-112(fp)
+        mull2   r1,-120(fp)
+        addl3   -108(fp),-112(fp),r0
+        bicl3   #0,r0,-108(fp)
+        cmpl    -108(fp),-112(fp)
+        bgequ   noname.408
+        addl2   #65536,-120(fp)
+noname.408:
+        movzwl  -106(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-120(fp)
+        bicl3   #-65536,-108(fp),r0
+        ashl    #16,r0,-112(fp)
+        addl3   -112(fp),-116(fp),r0
+        bicl3   #0,r0,-116(fp)
+        cmpl    -116(fp),-112(fp)
+        bgequ   noname.409
+        incl    -120(fp)
+noname.409:
+        movl    -116(fp),r3
+        movl    -120(fp),r2
+        bbc     #31,r2,noname.410
+        incl    r9
+noname.410:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.411
+        incl    r2
+noname.411:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r8
+        bicl2   #0,r8
+        cmpl    r8,r3
+        bgequ   noname.412
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.412
+        incl    r9
+noname.412:
+        addl2   r2,r7
+        bicl2   #0,r7
+        cmpl    r7,r2
+        bgequ   noname.413
+        incl    r9
+noname.413:
+        movl    4(ap),r0
+        movl    r8,16(r0)
+        clrl    r8
+        movl    8(ap),r0
+        movzwl  22(r0),r2
+        bicl3   #-65536,(r0),r3
+        movzwl  2(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,20(r0),-132(fp)
+        bicl3   #-65536,r2,-136(fp)
+        mull3   r1,-132(fp),-124(fp)
+        mull2   r3,-132(fp)
+        mull3   r3,-136(fp),-128(fp)
+        mull2   r1,-136(fp)
+        addl3   -124(fp),-128(fp),r0
+        bicl3   #0,r0,-124(fp)
+        cmpl    -124(fp),-128(fp)
+        bgequ   noname.414
+        addl2   #65536,-136(fp)
+noname.414:
+        movzwl  -122(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-136(fp)
+        bicl3   #-65536,-124(fp),r0
+        ashl    #16,r0,-128(fp)
+        addl3   -128(fp),-132(fp),r0
+        bicl3   #0,r0,-132(fp)
+        cmpl    -132(fp),-128(fp)
+        bgequ   noname.415
+        incl    -136(fp)
+noname.415:
+        movl    -132(fp),r3
+        movl    -136(fp),r2
+        bbc     #31,r2,noname.416
+        incl    r8
+noname.416:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.417
+        incl    r2
+noname.417:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r7
+        bicl2   #0,r7
+        cmpl    r7,r3
+        bgequ   noname.418
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.418
+        incl    r8
+noname.418:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.419
+        incl    r8
+noname.419:
+        movl    8(ap),r0
+        movzwl  18(r0),r2
+        bicl3   #-65536,4(r0),r3
+        movzwl  6(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,16(r0),-148(fp)
+        bicl3   #-65536,r2,-152(fp)
+        mull3   r1,-148(fp),-140(fp)
+        mull2   r3,-148(fp)
+        mull3   r3,-152(fp),-144(fp)
+        mull2   r1,-152(fp)
+        addl3   -140(fp),-144(fp),r0
+        bicl3   #0,r0,-140(fp)
+        cmpl    -140(fp),-144(fp)
+        bgequ   noname.420
+        addl2   #65536,-152(fp)
+noname.420:
+        movzwl  -138(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-152(fp)
+        bicl3   #-65536,-140(fp),r0
+        ashl    #16,r0,-144(fp)
+        addl3   -144(fp),-148(fp),r0
+        bicl3   #0,r0,-148(fp)
+        cmpl    -148(fp),-144(fp)
+        bgequ   noname.421
+        incl    -152(fp)
+noname.421:
+        movl    -148(fp),r3
+        movl    -152(fp),r2
+        bbc     #31,r2,noname.422
+        incl    r8
+noname.422:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.423
+        incl    r2
+noname.423:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r7
+        bicl2   #0,r7
+        cmpl    r7,r3
+        bgequ   noname.424
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.424
+        incl    r8
+noname.424:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.425
+        incl    r8
+noname.425:
+        movl    8(ap),r0
+        movzwl  14(r0),r2
+        bicl3   #-65536,8(r0),r3
+        movzwl  10(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,12(r0),-164(fp)
+        bicl3   #-65536,r2,-168(fp)
+        mull3   r1,-164(fp),-156(fp)
+        mull2   r3,-164(fp)
+        mull3   r3,-168(fp),-160(fp)
+        mull2   r1,-168(fp)
+        addl3   -156(fp),-160(fp),r0
+        bicl3   #0,r0,-156(fp)
+        cmpl    -156(fp),-160(fp)
+        bgequ   noname.426
+        addl2   #65536,-168(fp)
+noname.426:
+        movzwl  -154(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-168(fp)
+        bicl3   #-65536,-156(fp),r0
+        ashl    #16,r0,-160(fp)
+        addl3   -160(fp),-164(fp),r0
+        bicl3   #0,r0,-164(fp)
+        cmpl    -164(fp),-160(fp)
+        bgequ   noname.427
+        incl    -168(fp)
+noname.427:
+        movl    -164(fp),r3
+        movl    -168(fp),r2
+        bbc     #31,r2,noname.428
+        incl    r8
+noname.428:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.429
+        incl    r2
+noname.429:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r7
+        bicl2   #0,r7
+        cmpl    r7,r3
+        bgequ   noname.430
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.430
+        incl    r8
+noname.430:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.431
+        incl    r8
+noname.431:
+        movl    4(ap),r0
+        movl    r7,20(r0)
+        clrl    r7
+        movl    8(ap),r2
+        movl    12(r2),r4
+        bicl3   #-65536,r4,-172(fp)
+        extzv   #16,#16,r4,r0
+        bicl3   #-65536,r0,r4
+        movl    -172(fp),r0
+        mull3   r0,r4,-176(fp)
+        mull3   r0,r0,-172(fp)
+        mull2   r4,r4
+        bicl3   #32767,-176(fp),r0
+        extzv   #15,#17,r0,r0
+        addl2   r0,r4
+        bicl3   #-65536,-176(fp),r0
+        ashl    #17,r0,-176(fp)
+        addl3   -172(fp),-176(fp),r0
+        bicl3   #0,r0,-172(fp)
+        cmpl    -172(fp),-176(fp)
+        bgequ   noname.432
+        incl    r4
+noname.432:
+        movl    -172(fp),r1
+        movl    r4,r3
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.433
+        incl    r3
+noname.433:
+        addl2   r3,r8
+        bicl2   #0,r8
+        cmpl    r8,r3
+        bgequ   noname.434
+        incl    r7
+noname.434:
+        movzwl  18(r2),r3
+        bicl3   #-65536,8(r2),r1
+        movzwl  10(r2),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,16(r2),-188(fp)
+        bicl3   #-65536,r3,-192(fp)
+        mull3   r0,-188(fp),-180(fp)
+        mull2   r1,-188(fp)
+        mull3   r1,-192(fp),-184(fp)
+        mull2   r0,-192(fp)
+        addl3   -180(fp),-184(fp),r0
+        bicl3   #0,r0,-180(fp)
+        cmpl    -180(fp),-184(fp)
+        bgequ   noname.435
+        addl2   #65536,-192(fp)
+noname.435:
+        movzwl  -178(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-192(fp)
+        bicl3   #-65536,-180(fp),r0
+        ashl    #16,r0,-184(fp)
+        addl3   -184(fp),-188(fp),r0
+        bicl3   #0,r0,-188(fp)
+        cmpl    -188(fp),-184(fp)
+        bgequ   noname.436
+        incl    -192(fp)
+noname.436:
+        movl    -188(fp),r3
+        movl    -192(fp),r2
+        bbc     #31,r2,noname.437
+        incl    r7
+noname.437:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.438
+        incl    r2
+noname.438:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r9
+        bicl2   #0,r9
+        cmpl    r9,r3
+        bgequ   noname.439
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.439
+        incl    r7
+noname.439:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.440
+        incl    r7
+noname.440:
+        movl    8(ap),r0
+        movzwl  22(r0),r2
+        bicl3   #-65536,4(r0),r3
+        movzwl  6(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,20(r0),-204(fp)
+        bicl3   #-65536,r2,-208(fp)
+        mull3   r1,-204(fp),-196(fp)
+        mull2   r3,-204(fp)
+        mull3   r3,-208(fp),-200(fp)
+        mull2   r1,-208(fp)
+        addl3   -196(fp),-200(fp),r0
+        bicl3   #0,r0,-196(fp)
+        cmpl    -196(fp),-200(fp)
+        bgequ   noname.441
+        addl2   #65536,-208(fp)
+noname.441:
+        movzwl  -194(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-208(fp)
+        bicl3   #-65536,-196(fp),r0
+        ashl    #16,r0,-200(fp)
+        addl3   -200(fp),-204(fp),r0
+        bicl3   #0,r0,-204(fp)
+        cmpl    -204(fp),-200(fp)
+        bgequ   noname.442
+        incl    -208(fp)
+noname.442:
+        movl    -204(fp),r3
+        movl    -208(fp),r2
+        bbc     #31,r2,noname.443
+        incl    r7
+noname.443:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.444
+        incl    r2
+noname.444:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r9
+        bicl2   #0,r9
+        cmpl    r9,r3
+        bgequ   noname.445
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.445
+        incl    r7
+noname.445:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.446
+        incl    r7
+noname.446:
+        movl    8(ap),r0
+        movzwl  26(r0),r2
+        bicl3   #-65536,(r0),r3
+        movzwl  2(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,24(r0),-220(fp)
+        bicl3   #-65536,r2,-224(fp)
+        mull3   r1,-220(fp),-212(fp)
+        mull2   r3,-220(fp)
+        mull3   r3,-224(fp),-216(fp)
+        mull2   r1,-224(fp)
+        addl3   -212(fp),-216(fp),r0
+        bicl3   #0,r0,-212(fp)
+        cmpl    -212(fp),-216(fp)
+        bgequ   noname.447
+        addl2   #65536,-224(fp)
+noname.447:
+        movzwl  -210(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-224(fp)
+        bicl3   #-65536,-212(fp),r0
+        ashl    #16,r0,-216(fp)
+        addl3   -216(fp),-220(fp),r0
+        bicl3   #0,r0,-220(fp)
+        cmpl    -220(fp),-216(fp)
+        bgequ   noname.448
+        incl    -224(fp)
+noname.448:
+        movl    -220(fp),r3
+        movl    -224(fp),r2
+        bbc     #31,r2,noname.449
+        incl    r7
+noname.449:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.450
+        incl    r2
+noname.450:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r9
+        bicl2   #0,r9
+        cmpl    r9,r3
+        bgequ   noname.451
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.451
+        incl    r7
+noname.451:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.452
+        incl    r7
+noname.452:
+        movl    4(ap),r0
+        movl    r9,24(r0)
+        clrl    r9
+        movl    8(ap),r0
+        movzwl  30(r0),r2
+        bicl3   #-65536,(r0),r3
+        movzwl  2(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,28(r0),-236(fp)
+        bicl3   #-65536,r2,-240(fp)
+        mull3   r1,-236(fp),-228(fp)
+        mull2   r3,-236(fp)
+        mull3   r3,-240(fp),-232(fp)
+        mull2   r1,-240(fp)
+        addl3   -228(fp),-232(fp),r0
+        bicl3   #0,r0,-228(fp)
+        cmpl    -228(fp),-232(fp)
+        bgequ   noname.453
+        addl2   #65536,-240(fp)
+noname.453:
+        movzwl  -226(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-240(fp)
+        bicl3   #-65536,-228(fp),r0
+        ashl    #16,r0,-232(fp)
+        addl3   -232(fp),-236(fp),r0
+        bicl3   #0,r0,-236(fp)
+        cmpl    -236(fp),-232(fp)
+        bgequ   noname.454
+        incl    -240(fp)
+noname.454:
+        movl    -236(fp),r3
+        movl    -240(fp),r2
+        bbc     #31,r2,noname.455
+        incl    r9
+noname.455:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.456
+        incl    r2
+noname.456:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r8
+        bicl2   #0,r8
+        cmpl    r8,r3
+        bgequ   noname.457
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.457
+        incl    r9
+noname.457:
+        addl2   r2,r7
+        bicl2   #0,r7
+        cmpl    r7,r2
+        bgequ   noname.458
+        incl    r9
+noname.458:
+        movl    8(ap),r0
+        movzwl  26(r0),r2
+        bicl3   #-65536,4(r0),r3
+        movzwl  6(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,24(r0),-252(fp)
+        bicl3   #-65536,r2,-256(fp)
+        mull3   r1,-252(fp),-244(fp)
+        mull2   r3,-252(fp)
+        mull3   r3,-256(fp),-248(fp)
+        mull2   r1,-256(fp)
+        addl3   -244(fp),-248(fp),r0
+        bicl3   #0,r0,-244(fp)
+        cmpl    -244(fp),-248(fp)
+        bgequ   noname.459
+        addl2   #65536,-256(fp)
+noname.459:
+        movzwl  -242(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-256(fp)
+        bicl3   #-65536,-244(fp),r0
+        ashl    #16,r0,-248(fp)
+        addl3   -248(fp),-252(fp),r0
+        bicl3   #0,r0,-252(fp)
+        cmpl    -252(fp),-248(fp)
+        bgequ   noname.460
+        incl    -256(fp)
+noname.460:
+        movl    -252(fp),r3
+        movl    -256(fp),r2
+        bbc     #31,r2,noname.461
+        incl    r9
+noname.461:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.462
+        incl    r2
+noname.462:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r8
+        bicl2   #0,r8
+        cmpl    r8,r3
+        bgequ   noname.463
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.463
+        incl    r9
+noname.463:
+        addl2   r2,r7
+        bicl2   #0,r7
+        cmpl    r7,r2
+        bgequ   noname.464
+        incl    r9
+noname.464:
+        movl    8(ap),r0
+        movzwl  22(r0),r2
+        bicl3   #-65536,8(r0),r3
+        movzwl  10(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,20(r0),-268(fp)
+        bicl3   #-65536,r2,-272(fp)
+        mull3   r1,-268(fp),-260(fp)
+        mull2   r3,-268(fp)
+        mull3   r3,-272(fp),-264(fp)
+        mull2   r1,-272(fp)
+        addl3   -260(fp),-264(fp),r0
+        bicl3   #0,r0,-260(fp)
+        cmpl    -260(fp),-264(fp)
+        bgequ   noname.465
+        addl2   #65536,-272(fp)
+noname.465:
+        movzwl  -258(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-272(fp)
+        bicl3   #-65536,-260(fp),r0
+        ashl    #16,r0,-264(fp)
+        addl3   -264(fp),-268(fp),r0
+        bicl3   #0,r0,-268(fp)
+        cmpl    -268(fp),-264(fp)
+        bgequ   noname.466
+        incl    -272(fp)
+noname.466:
+        movl    -268(fp),r3
+        movl    -272(fp),r2
+        bbc     #31,r2,noname.467
+        incl    r9
+noname.467:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.468
+        incl    r2
+noname.468:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r8
+        bicl2   #0,r8
+        cmpl    r8,r3
+        bgequ   noname.469
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.469
+        incl    r9
+noname.469:
+        addl2   r2,r7
+        bicl2   #0,r7
+        cmpl    r7,r2
+        bgequ   noname.470
+        incl    r9
+noname.470:
+        movl    8(ap),r0
+        movzwl  18(r0),r2
+        bicl3   #-65536,12(r0),r3
+        movzwl  14(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,16(r0),-284(fp)
+        bicl3   #-65536,r2,-288(fp)
+        mull3   r1,-284(fp),-276(fp)
+        mull2   r3,-284(fp)
+        mull3   r3,-288(fp),-280(fp)
+        mull2   r1,-288(fp)
+        addl3   -276(fp),-280(fp),r0
+        bicl3   #0,r0,-276(fp)
+        cmpl    -276(fp),-280(fp)
+        bgequ   noname.471
+        addl2   #65536,-288(fp)
+noname.471:
+        movzwl  -274(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-288(fp)
+        bicl3   #-65536,-276(fp),r0
+        ashl    #16,r0,-280(fp)
+        addl3   -280(fp),-284(fp),r0
+        bicl3   #0,r0,-284(fp)
+        cmpl    -284(fp),-280(fp)
+        bgequ   noname.472
+        incl    -288(fp)
+noname.472:
+        movl    -284(fp),r3
+        movl    -288(fp),r2
+        bbc     #31,r2,noname.473
+        incl    r9
+noname.473:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.474
+        incl    r2
+noname.474:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r8
+        bicl2   #0,r8
+        cmpl    r8,r3
+        bgequ   noname.475
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.475
+        incl    r9
+noname.475:
+        addl2   r2,r7
+        bicl2   #0,r7
+        cmpl    r7,r2
+        bgequ   noname.476
+        incl    r9
+noname.476:
+        movl    4(ap),r0
+        movl    r8,28(r0)
+        clrl    r8
+        movl    8(ap),r3
+        movl    16(r3),r4
+        bicl3   #-65536,r4,r5
+        extzv   #16,#16,r4,r0
+        bicl3   #-65536,r0,r4
+        mull3   r5,r4,-292(fp)
+        mull2   r5,r5
+        mull2   r4,r4
+        bicl3   #32767,-292(fp),r0
+        extzv   #15,#17,r0,r0
+        addl2   r0,r4
+        bicl3   #-65536,-292(fp),r0
+        ashl    #17,r0,-292(fp)
+        addl2   -292(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-292(fp)
+        bgequ   noname.477
+        incl    r4
+noname.477:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r7
+        bicl2   #0,r7
+        cmpl    r7,r1
+        bgequ   noname.478
+        incl    r2
+noname.478:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.479
+        incl    r8
+noname.479:
+        bicl3   #-65536,20(r3),r4
+        movzwl  22(r3),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,12(r3),r2
+        movzwl  14(r3),r0
+        bicl2   #-65536,r0
+        movl    r4,r6
+        movl    r1,r5
+        mull3   r0,r6,-296(fp)
+        mull2   r2,r6
+        mull3   r2,r5,-300(fp)
+        mull2   r0,r5
+        addl3   -296(fp),-300(fp),r0
+        bicl3   #0,r0,-296(fp)
+        cmpl    -296(fp),-300(fp)
+        bgequ   noname.480
+        addl2   #65536,r5
+noname.480:
+        movzwl  -294(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r5
+        bicl3   #-65536,-296(fp),r0
+        ashl    #16,r0,-300(fp)
+        addl2   -300(fp),r6
+        bicl2   #0,r6
+        cmpl    r6,-300(fp)
+        bgequ   noname.481
+        incl    r5
+noname.481:
+        movl    r6,r3
+        movl    r5,r2
+        bbc     #31,r2,noname.482
+        incl    r8
+noname.482:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.483
+        incl    r2
+noname.483:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r7
+        bicl2   #0,r7
+        cmpl    r7,r3
+        bgequ   noname.484
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.484
+        incl    r8
+noname.484:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.485
+        incl    r8
+noname.485:
+        movl    8(ap),r0
+        bicl3   #-65536,24(r0),r3
+        movzwl  26(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,8(r0),r2
+        movzwl  10(r0),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-304(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-308(fp)
+        mull2   r0,r4
+        addl3   -304(fp),-308(fp),r0
+        bicl3   #0,r0,-304(fp)
+        cmpl    -304(fp),-308(fp)
+        bgequ   noname.486
+        addl2   #65536,r4
+noname.486:
+        movzwl  -302(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-304(fp),r0
+        ashl    #16,r0,-308(fp)
+        addl2   -308(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-308(fp)
+        bgequ   noname.487
+        incl    r4
+noname.487:
+        movl    r5,r3
+        movl    r4,r2
+        bbc     #31,r2,noname.488
+        incl    r8
+noname.488:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.489
+        incl    r2
+noname.489:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r7
+        bicl2   #0,r7
+        cmpl    r7,r3
+        bgequ   noname.490
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.490
+        incl    r8
+noname.490:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.491
+        incl    r8
+noname.491:
+        movl    8(ap),r0
+        bicl3   #-65536,28(r0),r3
+        movzwl  30(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,4(r0),r2
+        movzwl  6(r0),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-312(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-316(fp)
+        mull2   r0,r4
+        addl3   -312(fp),-316(fp),r0
+        bicl3   #0,r0,-312(fp)
+        cmpl    -312(fp),-316(fp)
+        bgequ   noname.492
+        addl2   #65536,r4
+noname.492:
+        movzwl  -310(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-312(fp),r0
+        ashl    #16,r0,-316(fp)
+        addl2   -316(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-316(fp)
+        bgequ   noname.493
+        incl    r4
+noname.493:
+        movl    r5,r3
+        movl    r4,r2
+        bbc     #31,r2,noname.494
+        incl    r8
+noname.494:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.495
+        incl    r2
+noname.495:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r7
+        bicl2   #0,r7
+        cmpl    r7,r3
+        bgequ   noname.496
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.496
+        incl    r8
+noname.496:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.497
+        incl    r8
+noname.497:
+        movl    4(ap),r0
+        movl    r7,32(r0)
+        clrl    r7
+        movl    8(ap),r0
+        bicl3   #-65536,28(r0),r3
+        movzwl  30(r0),r2
+        bicl3   #-65536,8(r0),r1
+        movzwl  10(r0),r0
+        bicl2   #-65536,r0
+        movl    r3,r4
+        bicl3   #-65536,r2,-328(fp)
+        mull3   r0,r4,-320(fp)
+        mull2   r1,r4
+        mull3   r1,-328(fp),-324(fp)
+        mull2   r0,-328(fp)
+        addl3   -320(fp),-324(fp),r0
+        bicl3   #0,r0,-320(fp)
+        cmpl    -320(fp),-324(fp)
+        bgequ   noname.498
+        addl2   #65536,-328(fp)
+noname.498:
+        movzwl  -318(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-328(fp)
+        bicl3   #-65536,-320(fp),r0
+        ashl    #16,r0,-324(fp)
+        addl2   -324(fp),r4
+        bicl2   #0,r4
+        cmpl    r4,-324(fp)
+        bgequ   noname.499
+        incl    -328(fp)
+noname.499:
+        movl    r4,r3
+        movl    -328(fp),r2
+        bbc     #31,r2,noname.500
+        incl    r7
+noname.500:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.501
+        incl    r2
+noname.501:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r9
+        bicl2   #0,r9
+        cmpl    r9,r3
+        bgequ   noname.502
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.502
+        incl    r7
+noname.502:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.503
+        incl    r7
+noname.503:
+        movl    8(ap),r0
+        movzwl  26(r0),r2
+        bicl3   #-65536,12(r0),r3
+        movzwl  14(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,24(r0),-340(fp)
+        bicl3   #-65536,r2,-344(fp)
+        mull3   r1,-340(fp),-332(fp)
+        mull2   r3,-340(fp)
+        mull3   r3,-344(fp),-336(fp)
+        mull2   r1,-344(fp)
+        addl3   -332(fp),-336(fp),r0
+        bicl3   #0,r0,-332(fp)
+        cmpl    -332(fp),-336(fp)
+        bgequ   noname.504
+        addl2   #65536,-344(fp)
+noname.504:
+        movzwl  -330(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-344(fp)
+        bicl3   #-65536,-332(fp),r0
+        ashl    #16,r0,-336(fp)
+        addl3   -336(fp),-340(fp),r0
+        bicl3   #0,r0,-340(fp)
+        cmpl    -340(fp),-336(fp)
+        bgequ   noname.505
+        incl    -344(fp)
+noname.505:
+        movl    -340(fp),r3
+        movl    -344(fp),r2
+        bbc     #31,r2,noname.506
+        incl    r7
+noname.506:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.507
+        incl    r2
+noname.507:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r9
+        bicl2   #0,r9
+        cmpl    r9,r3
+        bgequ   noname.508
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.508
+        incl    r7
+noname.508:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.509
+        incl    r7
+noname.509:
+        movl    8(ap),r0
+        movzwl  22(r0),r2
+        bicl3   #-65536,16(r0),r3
+        movzwl  18(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,20(r0),-356(fp)
+        bicl3   #-65536,r2,-360(fp)
+        mull3   r1,-356(fp),-348(fp)
+        mull2   r3,-356(fp)
+        mull3   r3,-360(fp),-352(fp)
+        mull2   r1,-360(fp)
+        addl3   -348(fp),-352(fp),r0
+        bicl3   #0,r0,-348(fp)
+        cmpl    -348(fp),-352(fp)
+        bgequ   noname.510
+        addl2   #65536,-360(fp)
+noname.510:
+        movzwl  -346(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-360(fp)
+        bicl3   #-65536,-348(fp),r0
+        ashl    #16,r0,-352(fp)
+        addl3   -352(fp),-356(fp),r0
+        bicl3   #0,r0,-356(fp)
+        cmpl    -356(fp),-352(fp)
+        bgequ   noname.511
+        incl    -360(fp)
+noname.511:
+        movl    -356(fp),r3
+        movl    -360(fp),r2
+        bbc     #31,r2,noname.512
+        incl    r7
+noname.512:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.513
+        incl    r2
+noname.513:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r9
+        bicl2   #0,r9
+        cmpl    r9,r3
+        bgequ   noname.514
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.514
+        incl    r7
+noname.514:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.515
+        incl    r7
+noname.515:
+        movl    4(ap),r0
+        movl    r9,36(r0)
+        clrl    r9
+        movl    8(ap),r3
+        movl    20(r3),r4
+        bicl3   #-65536,r4,-364(fp)
+        extzv   #16,#16,r4,r0
+        bicl3   #-65536,r0,r4
+        movl    -364(fp),r0
+        mull3   r0,r4,-368(fp)
+        mull3   r0,r0,-364(fp)
+        mull2   r4,r4
+        bicl3   #32767,-368(fp),r0
+        extzv   #15,#17,r0,r0
+        addl2   r0,r4
+        bicl3   #-65536,-368(fp),r0
+        ashl    #17,r0,-368(fp)
+        addl3   -364(fp),-368(fp),r0
+        bicl3   #0,r0,-364(fp)
+        cmpl    -364(fp),-368(fp)
+        bgequ   noname.516
+        incl    r4
+noname.516:
+        movl    -364(fp),r1
+        movl    r4,r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.517
+        incl    r2
+noname.517:
+        addl2   r2,r7
+        bicl2   #0,r7
+        cmpl    r7,r2
+        bgequ   noname.518
+        incl    r9
+noname.518:
+        bicl3   #-65536,24(r3),r4
+        movzwl  26(r3),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,16(r3),r2
+        movzwl  18(r3),r0
+        bicl2   #-65536,r0
+        movl    r4,r6
+        movl    r1,r5
+        mull3   r0,r6,-372(fp)
+        mull2   r2,r6
+        mull3   r2,r5,-376(fp)
+        mull2   r0,r5
+        addl3   -372(fp),-376(fp),r0
+        bicl3   #0,r0,-372(fp)
+        cmpl    -372(fp),-376(fp)
+        bgequ   noname.519
+        addl2   #65536,r5
+noname.519:
+        movzwl  -370(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r5
+        bicl3   #-65536,-372(fp),r0
+        ashl    #16,r0,-376(fp)
+        addl2   -376(fp),r6
+        bicl2   #0,r6
+        cmpl    r6,-376(fp)
+        bgequ   noname.520
+        incl    r5
+noname.520:
+        movl    r6,r3
+        movl    r5,r2
+        bbc     #31,r2,noname.521
+        incl    r9
+noname.521:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.522
+        incl    r2
+noname.522:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r8
+        bicl2   #0,r8
+        cmpl    r8,r3
+        bgequ   noname.523
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.523
+        incl    r9
+noname.523:
+        addl2   r2,r7
+        bicl2   #0,r7
+        cmpl    r7,r2
+        bgequ   noname.524
+        incl    r9
+noname.524:
+        movl    8(ap),r0
+        bicl3   #-65536,28(r0),r3
+        movzwl  30(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,12(r0),r2
+        movzwl  14(r0),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-380(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-384(fp)
+        mull2   r0,r4
+        addl3   -380(fp),-384(fp),r0
+        bicl3   #0,r0,-380(fp)
+        cmpl    -380(fp),-384(fp)
+        bgequ   noname.525
+        addl2   #65536,r4
+noname.525:
+        movzwl  -378(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-380(fp),r0
+        ashl    #16,r0,-384(fp)
+        addl2   -384(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-384(fp)
+        bgequ   noname.526
+        incl    r4
+noname.526:
+        movl    r5,r3
+        movl    r4,r2
+        bbc     #31,r2,noname.527
+        incl    r9
+noname.527:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.528
+        incl    r2
+noname.528:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r8
+        bicl2   #0,r8
+        cmpl    r8,r3
+        bgequ   noname.529
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.529
+        incl    r9
+noname.529:
+        addl2   r2,r7
+        bicl2   #0,r7
+        cmpl    r7,r2
+        bgequ   noname.530
+        incl    r9
+noname.530:
+        movl    4(ap),r0
+        movl    r8,40(r0)
+        clrl    r8
+        movl    8(ap),r0
+        bicl3   #-65536,28(r0),r3
+        movzwl  30(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,16(r0),r2
+        movzwl  18(r0),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-388(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-392(fp)
+        mull2   r0,r4
+        addl3   -388(fp),-392(fp),r0
+        bicl3   #0,r0,-388(fp)
+        cmpl    -388(fp),-392(fp)
+        bgequ   noname.531
+        addl2   #65536,r4
+noname.531:
+        movzwl  -386(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-388(fp),r0
+        ashl    #16,r0,-392(fp)
+        addl2   -392(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-392(fp)
+        bgequ   noname.532
+        incl    r4
+noname.532:
+        movl    r5,r3
+        movl    r4,r2
+        bbc     #31,r2,noname.533
+        incl    r8
+noname.533:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.534
+        incl    r2
+noname.534:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r7
+        bicl2   #0,r7
+        cmpl    r7,r3
+        bgequ   noname.535
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.535
+        incl    r8
+noname.535:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.536
+        incl    r8
+noname.536:
+        movl    8(ap),r0
+        bicl3   #-65536,24(r0),r3
+        movzwl  26(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,20(r0),r2
+        movzwl  22(r0),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-396(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-400(fp)
+        mull2   r0,r4
+        addl3   -396(fp),-400(fp),r0
+        bicl3   #0,r0,-396(fp)
+        cmpl    -396(fp),-400(fp)
+        bgequ   noname.537
+        addl2   #65536,r4
+noname.537:
+        movzwl  -394(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-396(fp),r0
+        ashl    #16,r0,-400(fp)
+        addl2   -400(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-400(fp)
+        bgequ   noname.538
+        incl    r4
+noname.538:
+        movl    r5,r3
+        movl    r4,r2
+        bbc     #31,r2,noname.539
+        incl    r8
+noname.539:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.540
+        incl    r2
+noname.540:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r7
+        bicl2   #0,r7
+        cmpl    r7,r3
+        bgequ   noname.541
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.541
+        incl    r8
+noname.541:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.542
+        incl    r8
+noname.542:
+        movl    4(ap),r0
+        movl    r7,44(r0)
+        clrl    r7
+        movl    8(ap),r3
+        movl    24(r3),r4
+        bicl3   #-65536,r4,r5
+        extzv   #16,#16,r4,r0
+        bicl3   #-65536,r0,r4
+        mull3   r5,r4,-404(fp)
+        mull2   r5,r5
+        mull2   r4,r4
+        bicl3   #32767,-404(fp),r0
+        extzv   #15,#17,r0,r0
+        addl2   r0,r4
+        bicl3   #-65536,-404(fp),r0
+        ashl    #17,r0,-404(fp)
+        addl2   -404(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-404(fp)
+        bgequ   noname.543
+        incl    r4
+noname.543:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.544
+        incl    r2
+noname.544:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.545
+        incl    r7
+noname.545:
+        movzwl  30(r3),r2
+        bicl3   #-65536,20(r3),r1
+        movzwl  22(r3),r0
+        bicl2   #-65536,r0
+        bicl3   #-65536,28(r3),-416(fp)
+        bicl3   #-65536,r2,-420(fp)
+        mull3   r0,-416(fp),-408(fp)
+        mull2   r1,-416(fp)
+        mull3   r1,-420(fp),-412(fp)
+        mull2   r0,-420(fp)
+        addl3   -408(fp),-412(fp),r0
+        bicl3   #0,r0,-408(fp)
+        cmpl    -408(fp),-412(fp)
+        bgequ   noname.546
+        addl2   #65536,-420(fp)
+noname.546:
+        movzwl  -406(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-420(fp)
+        bicl3   #-65536,-408(fp),r0
+        ashl    #16,r0,-412(fp)
+        addl3   -412(fp),-416(fp),r0
+        bicl3   #0,r0,-416(fp)
+        cmpl    -416(fp),-412(fp)
+        bgequ   noname.547
+        incl    -420(fp)
+noname.547:
+        movl    -416(fp),r3
+        movl    -420(fp),r2
+        bbc     #31,r2,noname.548
+        incl    r7
+noname.548:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.549
+        incl    r2
+noname.549:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r9
+        bicl2   #0,r9
+        cmpl    r9,r3
+        bgequ   noname.550
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.550
+        incl    r7
+noname.550:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.551
+        incl    r7
+noname.551:
+        movl    4(ap),r0
+        movl    r9,48(r0)
+        clrl    r9
+        movl    8(ap),r0
+        movzwl  30(r0),r2
+        bicl3   #-65536,24(r0),r3
+        movzwl  26(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,28(r0),-432(fp)
+        bicl3   #-65536,r2,-436(fp)
+        mull3   r1,-432(fp),-424(fp)
+        mull2   r3,-432(fp)
+        mull3   r3,-436(fp),-428(fp)
+        mull2   r1,-436(fp)
+        addl3   -424(fp),-428(fp),r0
+        bicl3   #0,r0,-424(fp)
+        cmpl    -424(fp),-428(fp)
+        bgequ   noname.552
+        addl2   #65536,-436(fp)
+noname.552:
+        movzwl  -422(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,-436(fp)
+        bicl3   #-65536,-424(fp),r0
+        ashl    #16,r0,-428(fp)
+        addl3   -428(fp),-432(fp),r0
+        bicl3   #0,r0,-432(fp)
+        cmpl    -432(fp),-428(fp)
+        bgequ   noname.553
+        incl    -436(fp)
+noname.553:
+        movl    -432(fp),r3
+        movl    -436(fp),r2
+        bbc     #31,r2,noname.554
+        incl    r9
+noname.554:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.555
+        incl    r2
+noname.555:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r8
+        bicl2   #0,r8
+        cmpl    r8,r3
+        bgequ   noname.556
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.556
+        incl    r9
+noname.556:
+        addl2   r2,r7
+        bicl2   #0,r7
+        cmpl    r7,r2
+        bgequ   noname.557
+        incl    r9
+noname.557:
+        movl    4(ap),r4
+        movl    r8,52(r4)
+        clrl    r8
+        movl    8(ap),r0
+        movl    28(r0),r3
+        bicl3   #-65536,r3,-440(fp)
+        extzv   #16,#16,r3,r0
+        bicl3   #-65536,r0,r3
+        movl    -440(fp),r0
+        mull3   r0,r3,-444(fp)
+        mull3   r0,r0,-440(fp)
+        mull2   r3,r3
+        bicl3   #32767,-444(fp),r0
+        extzv   #15,#17,r0,r0
+        addl2   r0,r3
+        bicl3   #-65536,-444(fp),r0
+        ashl    #17,r0,-444(fp)
+        addl3   -440(fp),-444(fp),r0
+        bicl3   #0,r0,-440(fp)
+        cmpl    -440(fp),-444(fp)
+        bgequ   noname.558
+        incl    r3
+noname.558:
+        movl    -440(fp),r1
+        movl    r3,r2
+        addl2   r1,r7
+        bicl2   #0,r7
+        cmpl    r7,r1
+        bgequ   noname.559
+        incl    r2
+noname.559:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.560
+        incl    r8
+noname.560:
+        movl    r7,56(r4)
+        movl    r9,60(r4)
+        ret     
+;r=4 ;(AP)
+;a=8 ;(AP)
+;b=12 ;(AP)
+;n=16 ;(AP)     n       by value (input)
+        .psect  code,nowrt
+.entry  BN_SQR_COMBA4,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10>
+        subl2   #44,sp
+        clrq    r8
+        clrl    r10
+        movl    8(ap),r5
+        movl    (r5),r3
+        bicl3   #-65536,r3,r4
+        extzv   #16,#16,r3,r0
+        bicl3   #-65536,r0,r3
+        mull3   r4,r3,-4(fp)
+        mull2   r4,r4
+        mull2   r3,r3
+        bicl3   #32767,-4(fp),r0
+        extzv   #15,#17,r0,r0
+        addl2   r0,r3
+        bicl3   #-65536,-4(fp),r0
+        ashl    #17,r0,-4(fp)
+        addl2   -4(fp),r4
+        bicl2   #0,r4
+        cmpl    r4,-4(fp)
+        bgequ   noname.563
+        incl    r3
+noname.563:
+        movl    r4,r1
+        movl    r3,r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.564
+        incl    r2
+noname.564:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.565
+        incl    r10
+noname.565:
+        movl    r9,@4(ap)
+        clrl    r9
+        bicl3   #-65536,4(r5),r3
+        movzwl  6(r5),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,(r5),r2
+        movzwl  2(r5),r0
+        bicl2   #-65536,r0
+        movl    r3,r6
+        movl    r1,r4
+        mull3   r0,r6,-8(fp)
+        mull2   r2,r6
+        mull2   r4,r2
+        mull2   r0,r4
+        addl3   -8(fp),r2,r0
+        bicl3   #0,r0,-8(fp)
+        cmpl    -8(fp),r2
+        bgequ   noname.566
+        addl2   #65536,r4
+noname.566:
+        movzwl  -6(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-8(fp),r0
+        ashl    #16,r0,r1
+        addl2   r1,r6
+        bicl2   #0,r6
+        cmpl    r6,r1
+        bgequ   noname.567
+        incl    r4
+noname.567:
+        movl    r6,r3
+        movl    r4,r2
+        bbc     #31,r2,noname.568
+        incl    r9
+noname.568:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.569
+        incl    r2
+noname.569:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r8
+        bicl2   #0,r8
+        cmpl    r8,r3
+        bgequ   noname.570
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.570
+        incl    r9
+noname.570:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.571
+        incl    r9
+noname.571:
+        movl    4(ap),r0
+        movl    r8,4(r0)
+        clrl    r8
+        movl    8(ap),r4
+        movl    4(r4),r3
+        bicl3   #-65536,r3,r5
+        extzv   #16,#16,r3,r0
+        bicl3   #-65536,r0,r3
+        mull3   r5,r3,r1
+        mull2   r5,r5
+        mull2   r3,r3
+        bicl3   #32767,r1,r0
+        extzv   #15,#17,r0,r0
+        addl2   r0,r3
+        bicl2   #-65536,r1
+        ashl    #17,r1,r1
+        addl2   r1,r5
+        bicl2   #0,r5
+        cmpl    r5,r1
+        bgequ   noname.572
+        incl    r3
+noname.572:
+        movl    r5,r1
+        movl    r3,r2
+        addl2   r1,r10
+        bicl2   #0,r10
+        cmpl    r10,r1
+        bgequ   noname.573
+        incl    r2
+noname.573:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.574
+        incl    r8
+noname.574:
+        bicl3   #-65536,8(r4),r3
+        movzwl  10(r4),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,(r4),r2
+        movzwl  2(r4),r0
+        bicl2   #-65536,r0
+        movl    r3,r6
+        movl    r1,r5
+        mull3   r0,r6,r7
+        mull2   r2,r6
+        mull2   r5,r2
+        mull2   r0,r5
+        addl2   r2,r7
+        bicl2   #0,r7
+        cmpl    r7,r2
+        bgequ   noname.575
+        addl2   #65536,r5
+noname.575:
+        extzv   #16,#16,r7,r0
+        bicl2   #-65536,r0
+        addl2   r0,r5
+        bicl3   #-65536,r7,r0
+        ashl    #16,r0,r1
+        addl2   r1,r6
+        bicl2   #0,r6
+        cmpl    r6,r1
+        bgequ   noname.576
+        incl    r5
+noname.576:
+        movl    r6,r3
+        movl    r5,r2
+        bbc     #31,r2,noname.577
+        incl    r8
+noname.577:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.578
+        incl    r2
+noname.578:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r10
+        bicl2   #0,r10
+        cmpl    r10,r3
+        bgequ   noname.579
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.579
+        incl    r8
+noname.579:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.580
+        incl    r8
+noname.580:
+        movl    4(ap),r0
+        movl    r10,8(r0)
+        clrl    r10
+        movl    8(ap),r0
+        bicl3   #-65536,12(r0),r3
+        movzwl  14(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,(r0),r2
+        movzwl  2(r0),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,r6
+        mull2   r2,r5
+        mull3   r2,r4,-12(fp)
+        mull2   r0,r4
+        addl2   -12(fp),r6
+        bicl2   #0,r6
+        cmpl    r6,-12(fp)
+        bgequ   noname.581
+        addl2   #65536,r4
+noname.581:
+        extzv   #16,#16,r6,r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,r6,r0
+        ashl    #16,r0,-12(fp)
+        addl2   -12(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-12(fp)
+        bgequ   noname.582
+        incl    r4
+noname.582:
+        movl    r5,r3
+        movl    r4,r2
+        bbc     #31,r2,noname.583
+        incl    r10
+noname.583:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.584
+        incl    r2
+noname.584:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r9
+        bicl2   #0,r9
+        cmpl    r9,r3
+        bgequ   noname.585
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.585
+        incl    r10
+noname.585:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.586
+        incl    r10
+noname.586:
+        movl    8(ap),r0
+        bicl3   #-65536,8(r0),r3
+        movzwl  10(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,4(r0),r2
+        movzwl  6(r0),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-16(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-20(fp)
+        mull2   r0,r4
+        addl3   -16(fp),-20(fp),r0
+        bicl3   #0,r0,-16(fp)
+        cmpl    -16(fp),-20(fp)
+        bgequ   noname.587
+        addl2   #65536,r4
+noname.587:
+        movzwl  -14(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-16(fp),r0
+        ashl    #16,r0,-20(fp)
+        addl2   -20(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-20(fp)
+        bgequ   noname.588
+        incl    r4
+noname.588:
+        movl    r5,r3
+        movl    r4,r2
+        bbc     #31,r2,noname.589
+        incl    r10
+noname.589:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.590
+        incl    r2
+noname.590:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r9
+        bicl2   #0,r9
+        cmpl    r9,r3
+        bgequ   noname.591
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.591
+        incl    r10
+noname.591:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.592
+        incl    r10
+noname.592:
+        movl    4(ap),r0
+        movl    r9,12(r0)
+        clrl    r9
+        movl    8(ap),r3
+        movl    8(r3),r4
+        bicl3   #-65536,r4,r5
+        extzv   #16,#16,r4,r0
+        bicl3   #-65536,r0,r4
+        mull3   r5,r4,-24(fp)
+        mull2   r5,r5
+        mull2   r4,r4
+        bicl3   #32767,-24(fp),r0
+        extzv   #15,#17,r0,r0
+        addl2   r0,r4
+        bicl3   #-65536,-24(fp),r0
+        ashl    #17,r0,-24(fp)
+        addl2   -24(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-24(fp)
+        bgequ   noname.593
+        incl    r4
+noname.593:
+        movl    r5,r1
+        movl    r4,r2
+        addl2   r1,r8
+        bicl2   #0,r8
+        cmpl    r8,r1
+        bgequ   noname.594
+        incl    r2
+noname.594:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.595
+        incl    r9
+noname.595:
+        bicl3   #-65536,12(r3),r4
+        movzwl  14(r3),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,4(r3),r2
+        movzwl  6(r3),r0
+        bicl2   #-65536,r0
+        movl    r4,r6
+        movl    r1,r5
+        mull3   r0,r6,-28(fp)
+        mull2   r2,r6
+        mull3   r2,r5,-32(fp)
+        mull2   r0,r5
+        addl3   -28(fp),-32(fp),r0
+        bicl3   #0,r0,-28(fp)
+        cmpl    -28(fp),-32(fp)
+        bgequ   noname.596
+        addl2   #65536,r5
+noname.596:
+        movzwl  -26(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r5
+        bicl3   #-65536,-28(fp),r0
+        ashl    #16,r0,-32(fp)
+        addl2   -32(fp),r6
+        bicl2   #0,r6
+        cmpl    r6,-32(fp)
+        bgequ   noname.597
+        incl    r5
+noname.597:
+        movl    r6,r3
+        movl    r5,r2
+        bbc     #31,r2,noname.598
+        incl    r9
+noname.598:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.599
+        incl    r2
+noname.599:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r8
+        bicl2   #0,r8
+        cmpl    r8,r3
+        bgequ   noname.600
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.600
+        incl    r9
+noname.600:
+        addl2   r2,r10
+        bicl2   #0,r10
+        cmpl    r10,r2
+        bgequ   noname.601
+        incl    r9
+noname.601:
+        movl    4(ap),r0
+        movl    r8,16(r0)
+        clrl    r8
+        movl    8(ap),r0
+        bicl3   #-65536,12(r0),r3
+        movzwl  14(r0),r1
+        bicl2   #-65536,r1
+        bicl3   #-65536,8(r0),r2
+        movzwl  10(r0),r0
+        bicl2   #-65536,r0
+        movl    r3,r5
+        movl    r1,r4
+        mull3   r0,r5,-36(fp)
+        mull2   r2,r5
+        mull3   r2,r4,-40(fp)
+        mull2   r0,r4
+        addl3   -36(fp),-40(fp),r0
+        bicl3   #0,r0,-36(fp)
+        cmpl    -36(fp),-40(fp)
+        bgequ   noname.602
+        addl2   #65536,r4
+noname.602:
+        movzwl  -34(fp),r0
+        bicl2   #-65536,r0
+        addl2   r0,r4
+        bicl3   #-65536,-36(fp),r0
+        ashl    #16,r0,-40(fp)
+        addl2   -40(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-40(fp)
+        bgequ   noname.603
+        incl    r4
+noname.603:
+        movl    r5,r3
+        movl    r4,r2
+        bbc     #31,r2,noname.604
+        incl    r8
+noname.604:
+        addl2   r2,r2
+        bicl2   #0,r2
+        bbc     #31,r3,noname.605
+        incl    r2
+noname.605:
+        addl2   r3,r3
+        bicl2   #0,r3
+        addl2   r3,r10
+        bicl2   #0,r10
+        cmpl    r10,r3
+        bgequ   noname.606
+        incl    r2
+        bicl3   #0,r2,r0
+        bneq    noname.606
+        incl    r8
+noname.606:
+        addl2   r2,r9
+        bicl2   #0,r9
+        cmpl    r9,r2
+        bgequ   noname.607
+        incl    r8
+noname.607:
+        movl    4(ap),r4
+        movl    r10,20(r4)
+        clrl    r10
+        movl    8(ap),r0
+        movl    12(r0),r3
+        bicl3   #-65536,r3,r5
+        extzv   #16,#16,r3,r0
+        bicl3   #-65536,r0,r3
+        mull3   r5,r3,-44(fp)
+        mull2   r5,r5
+        mull2   r3,r3
+        bicl3   #32767,-44(fp),r0
+        extzv   #15,#17,r0,r0
+        addl2   r0,r3
+        bicl3   #-65536,-44(fp),r0
+        ashl    #17,r0,-44(fp)
+        addl2   -44(fp),r5
+        bicl2   #0,r5
+        cmpl    r5,-44(fp)
+        bgequ   noname.608
+        incl    r3
+noname.608:
+        movl    r5,r1
+        movl    r3,r2
+        addl2   r1,r9
+        bicl2   #0,r9
+        cmpl    r9,r1
+        bgequ   noname.609
+        incl    r2
+noname.609:
+        addl2   r2,r8
+        bicl2   #0,r8
+        cmpl    r8,r2
+        bgequ   noname.610
+        incl    r10
+noname.610:
+        movl    r9,24(r4)
+        movl    r8,28(r4)
+        ret     
+; For now, the code below doesn't work, so I end this prematurely.
+.end
diff --git a/src/lib/libcrypto/bn/asm/x86/f b/src/lib/libcrypto/bn/asm/x86/f
new file mode 100644
index 0000000000..22e4112224
--- /dev/null
+++ b/src/lib/libcrypto/bn/asm/x86/f
@@ -0,0 +1,3 @@
+#!/usr/local/bin/perl
+# x86 assember
diff --git a/src/lib/libcrypto/bn/bn.h b/src/lib/libcrypto/bn/bn.h
index 6d754d5547..1251521c54 100644
--- a/src/lib/libcrypto/bn/bn.h
+++ b/src/lib/libcrypto/bn/bn.h
@@ -55,19 +55,6 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by 
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the Eric Young open source
- * license provided above.
- *
- * The binary polynomial arithmetic software is originally written by 
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
 #ifndef HEADER_BN_H
 #define HEADER_BN_H
@@ -76,23 +63,14 @@
 #ifndef OPENSSL_NO_FP_API
 #include <stdio.h> /* FILE */
 #endif
-#include <openssl/ossl_typ.h>
 #ifdef  __cplusplus
 extern "C" {
 #endif
-/* These preprocessor symbols control various aspects of the bignum headers and
+#ifdef OPENSSL_SYS_VMS
- * library code. They're not defined by any "normal" configuration, as they are
+#undef BN_LLONG /* experimental, so far... */
- * intended for development and testing purposes. NB: defining all three can be
+#endif
- * useful for debugging application code as well as openssl itself.
- *
- * BN_DEBUG - turn on various debugging alterations to the bignum code
- * BN_DEBUG_RAND - uses random poisoning of unused words to trip up
- * mismanagement of bignum internals. You must also define BN_DEBUG.
- */
-/* #define BN_DEBUG */
-/* #define BN_DEBUG_RAND */
 #define BN_MUL_COMBA
 #define BN_SQR_COMBA
@@ -165,12 +143,10 @@ extern "C" {
 #endif
 #ifdef THIRTY_TWO_BIT
-#ifdef BN_LLONG
+#if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__)
-# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__)
+#define BN_ULLONG       unsigned _int64
-#  define BN_ULLONG     unsigned __int64
+#else
-# else
+#define BN_ULLONG       unsigned long long
-#  define BN_ULLONG     unsigned long long
-# endif
 #endif
 #define BN_ULONG        unsigned long
 #define BN_LONG         long
@@ -243,23 +219,15 @@ extern "C" {
 #define BN_DEFAULT_BITS 1280
-#define BN_FLG_MALLOCED         0x01
+#ifdef BIGNUM
-#define BN_FLG_STATIC_DATA      0x02
+#undef BIGNUM
-#define BN_FLG_CONSTTIME        0x04 /* avoid leaking exponent information through timing,
-                                      * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime,
-                                      * BN_div() will call BN_div_no_branch,
-                                      * BN_mod_inverse() will call BN_mod_inverse_no_branch.
-                                      */
-#ifndef OPENSSL_NO_DEPRECATED
-#define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME /* deprecated name for the flag */
-                                      /* avoid leaking exponent information through timings
-                                      * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */
 #endif
-#ifndef OPENSSL_NO_DEPRECATED
+#define BN_FLG_MALLOCED         0x01
+#define BN_FLG_STATIC_DATA      0x02
+#define BN_FLG_EXP_CONSTTIME    0x04 /* avoid leaking exponent information through timings
+                                      * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */
 #define BN_FLG_FREE             0x8000  /* used for debuging */
-#endif
 #define BN_set_flags(b,n)       ((b)->flags|=(n))
 #define BN_get_flags(b,n)       ((b)->flags&(n))
@@ -274,18 +242,7 @@ extern "C" {
                                                 |  BN_FLG_STATIC_DATA \
                                                 |  (n)))
-/* Already declared in ossl_typ.h */
+typedef struct bignum_st
-#if 0
-typedef struct bignum_st BIGNUM;
-/* Used for temp variables (declaration hidden in bn_lcl.h) */
-typedef struct bignum_ctx BN_CTX;
-typedef struct bn_blinding_st BN_BLINDING;
-typedef struct bn_mont_ctx_st BN_MONT_CTX;
-typedef struct bn_recp_ctx_st BN_RECP_CTX;
-typedef struct bn_gencb_st BN_GENCB;
-#endif
-struct bignum_st
        {
        BN_ULONG *d;    /* Pointer to an array of 'BN_BITS2' bit chunks. */
        int top;        /* Index of last used d +1. */
@@ -293,64 +250,44 @@ struct bignum_st
        int dmax;       /* Size of the d array. */
        int neg;        /* one if the number is negative */
        int flags;
-        };
+        } BIGNUM;
+/* Used for temp variables (declaration hidden in bn_lcl.h) */
+typedef struct bignum_ctx BN_CTX;
+typedef struct bn_blinding_st
+        {
+        int init;
+        BIGNUM *A;
+        BIGNUM *Ai;
+        BIGNUM *mod; /* just a reference */
+        unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b;
+                                  * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */
+        } BN_BLINDING;
 /* Used for montgomery multiplication */
-struct bn_mont_ctx_st
+typedef struct bn_mont_ctx_st
        {
        int ri;        /* number of bits in R */
        BIGNUM RR;     /* used to convert to montgomery form */
        BIGNUM N;      /* The modulus */
        BIGNUM Ni;     /* R*(1/R mod N) - N*Ni = 1
                        * (Ni is only stored for bignum algorithm) */
-#if 0
-        /* OpenSSL 0.9.9 preview: */
-        BN_ULONG n0[2];/* least significant word(s) of Ni */
-#else
        BN_ULONG n0;   /* least significant word of Ni */
-#endif
        int flags;
-        };
+        } BN_MONT_CTX;
 /* Used for reciprocal division/mod functions
 * It cannot be shared between threads
 */
-struct bn_recp_ctx_st
+typedef struct bn_recp_ctx_st
        {
        BIGNUM N;       /* the divisor */
        BIGNUM Nr;      /* the reciprocal */
        int num_bits;
        int shift;
        int flags;
-        };
+        } BN_RECP_CTX;
-/* Used for slow "generation" functions. */
-struct bn_gencb_st
-        {
-        unsigned int ver;       /* To handle binary (in)compatibility */
-        void *arg;              /* callback-specific data */
-        union
-                {
-                /* if(ver==1) - handles old style callbacks */
-                void (*cb_1)(int, int, void *);
-                /* if(ver==2) - new callback style */
-                int (*cb_2)(int, int, BN_GENCB *);
-                } cb;
-        };
-/* Wrapper function to make using BN_GENCB easier,  */
-int BN_GENCB_call(BN_GENCB *cb, int a, int b);
-/* Macro to populate a BN_GENCB structure with an "old"-style callback */
-#define BN_GENCB_set_old(gencb, callback, cb_arg) { \
-                BN_GENCB *tmp_gencb = (gencb); \
-                tmp_gencb->ver = 1; \
-                tmp_gencb->arg = (cb_arg); \
-                tmp_gencb->cb.cb_1 = (callback); }
-/* Macro to populate a BN_GENCB structure with a "new"-style callback */
-#define BN_GENCB_set(gencb, callback, cb_arg) { \
-                BN_GENCB *tmp_gencb = (gencb); \
-                tmp_gencb->ver = 2; \
-                tmp_gencb->arg = (cb_arg); \
-                tmp_gencb->cb.cb_2 = (callback); }
 #define BN_prime_checks 0 /* default: select number of iterations
                             based on the size of the number */
@@ -375,33 +312,24 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b);
 #define BN_num_bytes(a) ((BN_num_bits(a)+7)/8)
-/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */
+/* Note that BN_abs_is_word does not work reliably for w == 0 */
-#define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \
+#define BN_abs_is_word(a,w) (((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w)))
-                                (((w) == 0) && ((a)->top == 0)))
+#define BN_is_zero(a)       (((a)->top == 0) || BN_abs_is_word(a,0))
-#define BN_is_zero(a)       ((a)->top == 0)
 #define BN_is_one(a)        (BN_abs_is_word((a),1) && !(a)->neg)
-#define BN_is_word(a,w)     (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg))
+#define BN_is_word(a,w)     ((w) ? BN_abs_is_word((a),(w)) && !(a)->neg : \
+                                   BN_is_zero((a)))
 #define BN_is_odd(a)        (((a)->top > 0) && ((a)->d[0] & 1))
 #define BN_one(a)       (BN_set_word((a),1))
-#define BN_zero_ex(a) \
-        do { \
-                BIGNUM *_tmp_bn = (a); \
-                _tmp_bn->top = 0; \
-                _tmp_bn->neg = 0; \
-        } while(0)
-#ifdef OPENSSL_NO_DEPRECATED
-#define BN_zero(a)      BN_zero_ex(a)
-#else
 #define BN_zero(a)      (BN_set_word((a),0))
-#endif
+/*#define BN_ascii2bn(a)        BN_hex2bn(a) */
+/*#define BN_bn2ascii(a)        BN_bn2hex(a) */
 const BIGNUM *BN_value_one(void);
 char *  BN_options(void);
 BN_CTX *BN_CTX_new(void);
-#ifndef OPENSSL_NO_DEPRECATED
 void    BN_CTX_init(BN_CTX *c);
-#endif
 void    BN_CTX_free(BN_CTX *c);
 void    BN_CTX_start(BN_CTX *ctx);
 BIGNUM *BN_CTX_get(BN_CTX *ctx);
@@ -427,16 +355,6 @@ int	BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
 int     BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
 int     BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
 int     BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx);
-/** BN_set_negative sets sign of a BIGNUM
- * \param  b  pointer to the BIGNUM object
- * \param  n  0 if the BIGNUM b should be positive and a value != 0 otherwise 
- */
-void    BN_set_negative(BIGNUM *b, int n);
-/** BN_is_negative returns 1 if the BIGNUM is negative
- * \param  a  pointer to the BIGNUM object
- * \return 1 if a < 0 and 0 otherwise
- */
-#define BN_is_negative(a) ((a)->neg != 0)
 int     BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
        BN_CTX *ctx);
@@ -510,9 +428,6 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret,
        const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
 BIGNUM *BN_mod_sqrt(BIGNUM *ret,
        const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
-/* Deprecated versions */
-#ifndef OPENSSL_NO_DEPRECATED
 BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
        const BIGNUM *add, const BIGNUM *rem,
        void (*callback)(int,int,void *),void *cb_arg);
@@ -522,14 +437,19 @@ int	BN_is_prime(const BIGNUM *p,int nchecks,
 int     BN_is_prime_fasttest(const BIGNUM *p,int nchecks,
        void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,
        int do_trial_division);
-#endif /* !defined(OPENSSL_NO_DEPRECATED) */
-/* Newer versions */
+#ifdef OPENSSL_FIPS
-int     BN_generate_prime_ex(BIGNUM *ret,int bits,int safe, const BIGNUM *add,
+int BN_X931_derive_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
-                const BIGNUM *rem, BN_GENCB *cb);
+                        void (*cb)(int, int, void *), void *cb_arg,
-int     BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb);
+                        const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
-int     BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx,
+                        const BIGNUM *e, BN_CTX *ctx);
-                int do_trial_division, BN_GENCB *cb);
+int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
+int BN_X931_generate_prime(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+                        BIGNUM *Xp1, BIGNUM *Xp2,
+                        const BIGNUM *Xp,
+                        const BIGNUM *e, BN_CTX *ctx,
+                        void (*cb)(int, int, void *), void *cb_arg);
+#endif
 BN_MONT_CTX *BN_MONT_CTX_new(void );
 void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
@@ -545,31 +465,14 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
 BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
                                        const BIGNUM *mod, BN_CTX *ctx);
-/* BN_BLINDING flags */
+BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
-#define BN_BLINDING_NO_UPDATE   0x00000001
-#define BN_BLINDING_NO_RECREATE 0x00000002
-BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGNUM *mod);
 void BN_BLINDING_free(BN_BLINDING *b);
 int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
-int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *r, BN_CTX *ctx);
 int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
-int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
-int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *);
-unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
-void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
-unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
-void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
-BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
-        const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx,
-        int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
-        BN_MONT_CTX *m_ctx);
-#ifndef OPENSSL_NO_DEPRECATED
 void BN_set_params(int mul,int high,int low,int mont);
 int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */
-#endif
 void    BN_RECP_CTX_init(BN_RECP_CTX *recp);
 BN_RECP_CTX *BN_RECP_CTX_new(void);
@@ -582,162 +485,15 @@ int	BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 int     BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
        BN_RECP_CTX *recp, BN_CTX *ctx);
-/* Functions for arithmetic over binary polynomials represented by BIGNUMs. 
- *
- * The BIGNUM::neg property of BIGNUMs representing binary polynomials is
- * ignored.
- *
- * Note that input arguments are not const so that their bit arrays can
- * be expanded to the appropriate size if needed.
- */
-int     BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); /*r = a + b*/
-#define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b)
-int     BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); /*r=a mod p*/
-int     BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-        const BIGNUM *p, BN_CTX *ctx); /* r = (a * b) mod p */
-int     BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-        BN_CTX *ctx); /* r = (a * a) mod p */
-int     BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p,
-        BN_CTX *ctx); /* r = (1 / b) mod p */
-int     BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-        const BIGNUM *p, BN_CTX *ctx); /* r = (a / b) mod p */
-int     BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-        const BIGNUM *p, BN_CTX *ctx); /* r = (a ^ b) mod p */
-int     BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-        BN_CTX *ctx); /* r = sqrt(a) mod p */
-int     BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-        BN_CTX *ctx); /* r^2 + r = a mod p */
-#define BN_GF2m_cmp(a, b) BN_ucmp((a), (b))
-/* Some functions allow for representation of the irreducible polynomials
- * as an unsigned int[], say p.  The irreducible f(t) is then of the form:
- *     t^p[0] + t^p[1] + ... + t^p[k]
- * where m = p[0] > p[1] > ... > p[k] = 0.
- */
-int     BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]);
-        /* r = a mod p */
-int     BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-        const unsigned int p[], BN_CTX *ctx); /* r = (a * b) mod p */
-int     BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[],
-        BN_CTX *ctx); /* r = (a * a) mod p */
-int     BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const unsigned int p[],
-        BN_CTX *ctx); /* r = (1 / b) mod p */
-int     BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-        const unsigned int p[], BN_CTX *ctx); /* r = (a / b) mod p */
-int     BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-        const unsigned int p[], BN_CTX *ctx); /* r = (a ^ b) mod p */
-int     BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a,
-        const unsigned int p[], BN_CTX *ctx); /* r = sqrt(a) mod p */
-int     BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a,
-        const unsigned int p[], BN_CTX *ctx); /* r^2 + r = a mod p */
-int     BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max);
-int     BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a);
-/* faster mod functions for the 'NIST primes' 
- * 0 <= a < p^2 */
-int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
-const BIGNUM *BN_get0_nist_prime_192(void);
-const BIGNUM *BN_get0_nist_prime_224(void);
-const BIGNUM *BN_get0_nist_prime_256(void);
-const BIGNUM *BN_get0_nist_prime_384(void);
-const BIGNUM *BN_get0_nist_prime_521(void);
 /* library internal functions */
 #define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
-        (a):bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2))
+        (a):bn_expand2((a),(bits)/BN_BITS2+1))
 #define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
 BIGNUM *bn_expand2(BIGNUM *a, int words);
-#ifndef OPENSSL_NO_DEPRECATED
+BIGNUM *bn_dup_expand(const BIGNUM *a, int words);
-BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */
-#endif
-/* Bignum consistency macros
- * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from
- * bignum data after direct manipulations on the data. There is also an
- * "internal" macro, bn_check_top(), for verifying that there are no leading
- * zeroes. Unfortunately, some auditing is required due to the fact that
- * bn_fix_top() has become an overabused duct-tape because bignum data is
- * occasionally passed around in an inconsistent state. So the following
- * changes have been made to sort this out;
- * - bn_fix_top()s implementation has been moved to bn_correct_top()
- * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and
- *   bn_check_top() is as before.
- * - if BN_DEBUG *is* defined;
- *   - bn_check_top() tries to pollute unused words even if the bignum 'top' is
- *     consistent. (ed: only if BN_DEBUG_RAND is defined)
- *   - bn_fix_top() maps to bn_check_top() rather than "fixing" anything.
- * The idea is to have debug builds flag up inconsistent bignums when they
- * occur. If that occurs in a bn_fix_top(), we examine the code in question; if
- * the use of bn_fix_top() was appropriate (ie. it follows directly after code
- * that manipulates the bignum) it is converted to bn_correct_top(), and if it
- * was not appropriate, we convert it permanently to bn_check_top() and track
- * down the cause of the bug. Eventually, no internal code should be using the
- * bn_fix_top() macro. External applications and libraries should try this with
- * their own code too, both in terms of building against the openssl headers
- * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it
- * defined. This not only improves external code, it provides more test
- * coverage for openssl's own code.
- */
-#ifdef BN_DEBUG
-/* We only need assert() when debugging */
+#define bn_fix_top(a) \
-#include <assert.h>
-#ifdef BN_DEBUG_RAND
-/* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */
-#ifndef RAND_pseudo_bytes
-int RAND_pseudo_bytes(unsigned char *buf,int num);
-#define BN_DEBUG_TRIX
-#endif
-#define bn_pollute(a) \
-        do { \
-                const BIGNUM *_bnum1 = (a); \
-                if(_bnum1->top < _bnum1->dmax) { \
-                        unsigned char _tmp_char; \
-                        /* We cast away const without the compiler knowing, any \
-                         * *genuinely* constant variables that aren't mutable \
-                         * wouldn't be constructed with top!=dmax. */ \
-                        BN_ULONG *_not_const; \
-                        memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \
-                        RAND_pseudo_bytes(&_tmp_char, 1); \
-                        memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \
-                                (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \
-                } \
-        } while(0)
-#ifdef BN_DEBUG_TRIX
-#undef RAND_pseudo_bytes
-#endif
-#else
-#define bn_pollute(a)
-#endif
-#define bn_check_top(a) \
-        do { \
-                const BIGNUM *_bnum2 = (a); \
-                if (_bnum2 != NULL) { \
-                        assert((_bnum2->top == 0) || \
-                                (_bnum2->d[_bnum2->top - 1] != 0)); \
-                        bn_pollute(_bnum2); \
-                } \
-        } while(0)
-#define bn_fix_top(a)           bn_check_top(a)
-#else /* !BN_DEBUG */
-#define bn_pollute(a)
-#define bn_check_top(a)
-#define bn_fix_top(a)           bn_correct_top(a)
-#endif
-#define bn_correct_top(a) \
        { \
        BN_ULONG *ftl; \
        if ((a)->top > 0) \
@@ -745,7 +501,6 @@ int RAND_pseudo_bytes(unsigned char *buf,int num);
                for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \
                if (*(ftl--)) break; \
                } \
-        bn_pollute(a); \
        }
 BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
@@ -755,17 +510,15 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
 BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
 BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
-/* Primes from RFC 2409 */
+#ifdef BN_DEBUG
-BIGNUM *get_rfc2409_prime_768(BIGNUM *bn);
+void bn_dump1(FILE *o, const char *a, const BN_ULONG *b,int n);
-BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn);
+# define bn_print(a) {fprintf(stderr, #a "="); BN_print_fp(stderr,a); \
+   fprintf(stderr,"\n");}
-/* Primes from RFC 3526 */
+# define bn_dump(a,n) bn_dump1(stderr,#a,a,n);
-BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn);
+#else
-BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn);
+# define bn_print(a)
-BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn);
+# define bn_dump(a,b)
-BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn);
+#endif
-BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn);
-BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn);
 int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom);
@@ -778,30 +531,18 @@ void ERR_load_BN_strings(void);
 /* Error codes for the BN functions. */
 /* Function codes. */
-#define BN_F_BNRAND                                      127
+#define BN_F_BN_BLINDING_CONVERT                         100
-#define BN_F_BN_BLINDING_CONVERT_EX                      100
+#define BN_F_BN_BLINDING_INVERT                          101
-#define BN_F_BN_BLINDING_CREATE_PARAM                    128
-#define BN_F_BN_BLINDING_INVERT_EX                       101
 #define BN_F_BN_BLINDING_NEW                             102
 #define BN_F_BN_BLINDING_UPDATE                          103
 #define BN_F_BN_BN2DEC                                   104
 #define BN_F_BN_BN2HEX                                   105
 #define BN_F_BN_CTX_GET                                  116
 #define BN_F_BN_CTX_NEW                                  106
-#define BN_F_BN_CTX_START                                129
 #define BN_F_BN_DIV                                      107
-#define BN_F_BN_DIV_NO_BRANCH                            138
-#define BN_F_BN_DIV_RECP                                 130
 #define BN_F_BN_EXP                                      123
 #define BN_F_BN_EXPAND2                                  108
 #define BN_F_BN_EXPAND_INTERNAL                          120
-#define BN_F_BN_GF2M_MOD                                 131
-#define BN_F_BN_GF2M_MOD_EXP                             132
-#define BN_F_BN_GF2M_MOD_MUL                             133
-#define BN_F_BN_GF2M_MOD_SOLVE_QUAD                      134
-#define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR                  135
-#define BN_F_BN_GF2M_MOD_SQR                             136
-#define BN_F_BN_GF2M_MOD_SQRT                            137
 #define BN_F_BN_MOD_EXP2_MONT                            118
 #define BN_F_BN_MOD_EXP_MONT                             109
 #define BN_F_BN_MOD_EXP_MONT_CONSTTIME                   124
@@ -809,7 +550,6 @@ void ERR_load_BN_strings(void);
 #define BN_F_BN_MOD_EXP_RECP                             125
 #define BN_F_BN_MOD_EXP_SIMPLE                           126
 #define BN_F_BN_MOD_INVERSE                              110
-#define BN_F_BN_MOD_INVERSE_NO_BRANCH                    139
 #define BN_F_BN_MOD_LSHIFT_QUICK                         119
 #define BN_F_BN_MOD_MUL_RECIPROCAL                       111
 #define BN_F_BN_MOD_SQRT                                 121
@@ -833,7 +573,6 @@ void ERR_load_BN_strings(void);
 #define BN_R_NOT_A_SQUARE                                111
 #define BN_R_NOT_INITIALIZED                             107
 #define BN_R_NO_INVERSE                                  108
-#define BN_R_NO_SOLUTION                                 116
 #define BN_R_P_IS_NOT_PRIME                              112
 #define BN_R_TOO_MANY_ITERATIONS                         113
 #define BN_R_TOO_MANY_TEMPORARY_VARIABLES                109
diff --git a/src/lib/libcrypto/bn/bn.mul b/src/lib/libcrypto/bn/bn.mul
new file mode 100644
index 0000000000..9728870d38
--- /dev/null
+++ b/src/lib/libcrypto/bn/bn.mul
@@ -0,0 +1,19 @@
+We need
+* bn_mul_comba8
+* bn_mul_comba4
+* bn_mul_normal
+* bn_mul_recursive
+* bn_sqr_comba8
+* bn_sqr_comba4
+bn_sqr_normal -> BN_sqr
+* bn_sqr_recursive
+* bn_mul_low_recursive
+* bn_mul_low_normal
+* bn_mul_high
+* bn_mul_part_recursive # symetric but not power of 2
+bn_mul_asymetric_recursive # uneven, but do the chop up.
diff --git a/src/lib/libcrypto/bn/bn_add.c b/src/lib/libcrypto/bn/bn_add.c
index 9405163706..6cba07e9f6 100644
--- a/src/lib/libcrypto/bn/bn_add.c
+++ b/src/lib/libcrypto/bn/bn_add.c
@@ -64,7 +64,7 @@
 int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
        {
        const BIGNUM *tmp;
-        int a_neg = a->neg, ret;
+        int a_neg = a->neg;
        bn_check_top(a);
        bn_check_top(b);
@@ -95,17 +95,20 @@ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
                return(1);
                }
-        ret = BN_uadd(r,a,b);
+        if (!BN_uadd(r,a,b)) return(0);
-        r->neg = a_neg;
+        if (a_neg) /* both are neg */
-        bn_check_top(r);
+                r->neg=1;
-        return ret;
+        else
+                r->neg=0;
+        return(1);
        }
-/* unsigned add of b to a */
+/* unsigned add of b to a, r must be large enough */
 int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
        {
-        int max,min,dif;
+        register int i;
-        BN_ULONG *ap,*bp,*rp,carry,t1,t2;
+        int max,min;
+        BN_ULONG *ap,*bp,*rp,carry,t1;
        const BIGNUM *tmp;
        bn_check_top(a);
@@ -113,12 +116,11 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
        if (a->top < b->top)
                { tmp=a; a=b; b=tmp; }
-        max = a->top;
+        max=a->top;
-        min = b->top;
+        min=b->top;
-        dif = max - min;
        if (bn_wexpand(r,max+1) == NULL)
-                return 0;
+                return(0);
        r->top=max;
@@ -126,46 +128,46 @@ int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
        ap=a->d;
        bp=b->d;
        rp=r->d;
+        carry=0;
        carry=bn_add_words(rp,ap,bp,min);
        rp+=min;
        ap+=min;
        bp+=min;
+        i=min;
        if (carry)
                {
-                while (dif)
+                while (i < max)
                        {
-                        dif--;
+                        i++;
-                        t1 = *(ap++);
+                        t1= *(ap++);
-                        t2 = (t1+1) & BN_MASK2;
+                        if ((*(rp++)=(t1+1)&BN_MASK2) >= t1)
-                        *(rp++) = t2;
-                        if (t2)
                                {
                                carry=0;
                                break;
                                }
                        }
-                if (carry)
+                if ((i >= max) && carry)
                        {
-                        /* carry != 0 => dif == 0 */
+                        *(rp++)=1;
-                        *rp = 1;
                        r->top++;
                        }
                }
-        if (dif && rp != ap)
+        if (rp != ap)
-                while (dif--)
+                {
-                        /* copy remaining words if ap != rp */
+                for (; i<max; i++)
-                        *(rp++) = *(ap++);
+                        *(rp++)= *(ap++);
+                }
+        /* memcpy(rp,ap,sizeof(*ap)*(max-i));*/
        r->neg = 0;
-        bn_check_top(r);
+        return(1);
-        return 1;
        }
 /* unsigned subtraction of b from a, a must be larger than b. */
 int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
        {
-        int max,min,dif;
+        int max,min;
        register BN_ULONG t1,t2,*ap,*bp,*rp;
        int i,carry;
 #if defined(IRIX_CC_BUG) && !defined(LINT)
@@ -175,16 +177,14 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
        bn_check_top(a);
        bn_check_top(b);
-        max = a->top;
+        if (a->top < b->top) /* hmm... should not be happening */
-        min = b->top;
-        dif = max - min;
-        if (dif < 0)    /* hmm... should not be happening */
                {
                BNerr(BN_F_BN_USUB,BN_R_ARG2_LT_ARG3);
                return(0);
                }
+        max=a->top;
+        min=b->top;
        if (bn_wexpand(r,max) == NULL) return(0);
        ap=a->d;
@@ -193,7 +193,7 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 #if 1
        carry=0;
-        for (i = min; i != 0; i--)
+        for (i=0; i<min; i++)
                {
                t1= *(ap++);
                t2= *(bp++);
@@ -217,20 +217,17 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
        ap+=min;
        bp+=min;
        rp+=min;
+        i=min;
 #endif
        if (carry) /* subtracted */
                {
-                if (!dif)
+                while (i < max)
-                        /* error: a < b */
-                        return 0;
-                while (dif)
                        {
-                        dif--;
+                        i++;
-                        t1 = *(ap++);
+                        t1= *(ap++);
-                        t2 = (t1-1)&BN_MASK2;
+                        t2=(t1-1)&BN_MASK2;
-                        *(rp++) = t2;
+                        *(rp++)=t2;
-                        if (t1)
+                        if (t1 > t2) break;
-                                break;
                        }
                }
 #if 0
@@ -240,13 +237,13 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
                {
                for (;;)
                        {
-                        if (!dif--) break;
+                        if (i++ >= max) break;
                        rp[0]=ap[0];
-                        if (!dif--) break;
+                        if (i++ >= max) break;
                        rp[1]=ap[1];
-                        if (!dif--) break;
+                        if (i++ >= max) break;
                        rp[2]=ap[2];
-                        if (!dif--) break;
+                        if (i++ >= max) break;
                        rp[3]=ap[3];
                        rp+=4;
                        ap+=4;
@@ -256,7 +253,7 @@ int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
        r->top=max;
        r->neg=0;
-        bn_correct_top(r);
+        bn_fix_top(r);
        return(1);
        }
@@ -307,7 +304,6 @@ int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
                if (!BN_usub(r,a,b)) return(0);
                r->neg=0;
                }
-        bn_check_top(r);
        return(1);
        }
diff --git a/src/lib/libcrypto/bn/bn_asm.c b/src/lib/libcrypto/bn/bn_asm.c
index 99bc2de491..19978085b2 100644
--- a/src/lib/libcrypto/bn/bn_asm.c
+++ b/src/lib/libcrypto/bn/bn_asm.c
@@ -459,34 +459,6 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
 #define sqr_add_c2(a,i,j,c0,c1,c2) \
        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-#elif defined(BN_UMULT_LOHI)
-#define mul_add_c(a,b,c0,c1,c2) {       \
-        BN_ULONG ta=(a),tb=(b);         \
-        BN_UMULT_LOHI(t1,t2,ta,tb);     \
-        c0 += t1; t2 += (c0<t1)?1:0;    \
-        c1 += t2; c2 += (c1<t2)?1:0;    \
-        }
-#define mul_add_c2(a,b,c0,c1,c2) {      \
-        BN_ULONG ta=(a),tb=(b),t0;      \
-        BN_UMULT_LOHI(t0,t1,ta,tb);     \
-        t2 = t1+t1; c2 += (t2<t1)?1:0;  \
-        t1 = t0+t0; t2 += (t1<t0)?1:0;  \
-        c0 += t1; t2 += (c0<t1)?1:0;    \
-        c1 += t2; c2 += (c1<t2)?1:0;    \
-        }
-#define sqr_add_c(a,i,c0,c1,c2) {       \
-        BN_ULONG ta=(a)[i];             \
-        BN_UMULT_LOHI(t1,t2,ta,ta);     \
-        c0 += t1; t2 += (c0<t1)?1:0;    \
-        c1 += t2; c2 += (c1<t2)?1:0;    \
-        }
-#define sqr_add_c2(a,i,j,c0,c1,c2)      \
-        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
 #elif defined(BN_UMULT_HIGH)
 #define mul_add_c(a,b,c0,c1,c2) {       \
diff --git a/src/lib/libcrypto/bn/bn_blind.c b/src/lib/libcrypto/bn/bn_blind.c
index c11fb4ccc2..2d287e6d1b 100644
--- a/src/lib/libcrypto/bn/bn_blind.c
+++ b/src/lib/libcrypto/bn/bn_blind.c
@@ -1,57 +1,4 @@
 /* crypto/bn/bn_blind.c */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -113,28 +60,11 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
-#define BN_BLINDING_COUNTER     32
+BN_BLINDING *BN_BLINDING_new(BIGNUM *A, BIGNUM *Ai, BIGNUM *mod)
-struct bn_blinding_st
-        {
-        BIGNUM *A;
-        BIGNUM *Ai;
-        BIGNUM *e;
-        BIGNUM *mod; /* just a reference */
-        unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b;
-                                  * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */
-        unsigned int  counter;
-        unsigned long flags;
-        BN_MONT_CTX *m_ctx;
-        int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                          const BIGNUM *m, BN_CTX *ctx,
-                          BN_MONT_CTX *m_ctx);
-        };
-BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGNUM *mod)
        {
        BN_BLINDING *ret=NULL;
+        bn_check_top(Ai);
        bn_check_top(mod);
        if ((ret=(BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL)
@@ -143,21 +73,11 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGN
                return(NULL);
                }
        memset(ret,0,sizeof(BN_BLINDING));
-        if (A != NULL)
+        if ((ret->A=BN_new()) == NULL) goto err;
-                {
+        if ((ret->Ai=BN_new()) == NULL) goto err;
-                if ((ret->A  = BN_dup(A))  == NULL) goto err;
+        if (!BN_copy(ret->A,A)) goto err;
-                }
+        if (!BN_copy(ret->Ai,Ai)) goto err;
-        if (Ai != NULL)
+        ret->mod=mod;
-                {
-                if ((ret->Ai = BN_dup(Ai)) == NULL) goto err;
-                }
-        /* save a copy of mod in the BN_BLINDING structure */
-        if ((ret->mod = BN_dup(mod)) == NULL) goto err;
-        if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
-                BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
-        ret->counter = BN_BLINDING_COUNTER;
        return(ret);
 err:
        if (ret != NULL) BN_BLINDING_free(ret);
@@ -171,8 +91,6 @@ void BN_BLINDING_free(BN_BLINDING *r)
        if (r->A  != NULL) BN_free(r->A );
        if (r->Ai != NULL) BN_free(r->Ai);
-        if (r->e  != NULL) BN_free(r->e );
-        if (r->mod != NULL) BN_free(r->mod); 
        OPENSSL_free(r);
        }
@@ -185,181 +103,42 @@ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
                BNerr(BN_F_BN_BLINDING_UPDATE,BN_R_NOT_INITIALIZED);
                goto err;
                }
+                
-        if (--(b->counter) == 0 && b->e != NULL &&
+        if (!BN_mod_mul(b->A,b->A,b->A,b->mod,ctx)) goto err;
-                !(b->flags & BN_BLINDING_NO_RECREATE))
+        if (!BN_mod_mul(b->Ai,b->Ai,b->Ai,b->mod,ctx)) goto err;
-                {
-                /* re-create blinding parameters */
-                if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL))
-                        goto err;
-                }
-        else if (!(b->flags & BN_BLINDING_NO_UPDATE))
-                {
-                if (!BN_mod_mul(b->A,b->A,b->A,b->mod,ctx)) goto err;
-                if (!BN_mod_mul(b->Ai,b->Ai,b->Ai,b->mod,ctx)) goto err;
-                }
        ret=1;
 err:
-        if (b->counter == 0)
-                b->counter = BN_BLINDING_COUNTER;
        return(ret);
        }
 int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
        {
-        return BN_BLINDING_convert_ex(n, NULL, b, ctx);
-        }
-int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
-        {
-        int ret = 1;
        bn_check_top(n);
        if ((b->A == NULL) || (b->Ai == NULL))
                {
-                BNerr(BN_F_BN_BLINDING_CONVERT_EX,BN_R_NOT_INITIALIZED);
+                BNerr(BN_F_BN_BLINDING_CONVERT,BN_R_NOT_INITIALIZED);
                return(0);
                }
+        return(BN_mod_mul(n,n,b->A,b->mod,ctx));
-        if (r != NULL)
-                {
-                if (!BN_copy(r, b->Ai)) ret=0;
-                }
-        if (!BN_mod_mul(n,n,b->A,b->mod,ctx)) ret=0;
-        
-        return ret;
        }
 int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
        {
-        return BN_BLINDING_invert_ex(n, NULL, b, ctx);
-        }
-int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
-        {
        int ret;
        bn_check_top(n);
        if ((b->A == NULL) || (b->Ai == NULL))
                {
-                BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED);
+                BNerr(BN_F_BN_BLINDING_INVERT,BN_R_NOT_INITIALIZED);
                return(0);
                }
+        if ((ret=BN_mod_mul(n,n,b->Ai,b->mod,ctx)) >= 0)
-        if (r != NULL)
-                ret = BN_mod_mul(n, n, r, b->mod, ctx);
-        else
-                ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
-        if (ret >= 0)
                {
                if (!BN_BLINDING_update(b,ctx))
                        return(0);
                }
-        bn_check_top(n);
        return(ret);
        }
-unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *b)
-        {
-        return b->thread_id;
-        }
-void BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n)
-        {
-        b->thread_id = n;
-        }
-unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b)
-        {
-        return b->flags;
-        }
-void BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags)
-        {
-        b->flags = flags;
-        }
-BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
-        const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx,
-        int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
-        BN_MONT_CTX *m_ctx)
-{
-        int    retry_counter = 32;
-        BN_BLINDING *ret = NULL;
-        if (b == NULL)
-                ret = BN_BLINDING_new(NULL, NULL, m);
-        else
-                ret = b;
-        if (ret == NULL)
-                goto err;
-        if (ret->A  == NULL && (ret->A  = BN_new()) == NULL)
-                goto err;
-        if (ret->Ai == NULL && (ret->Ai = BN_new()) == NULL)
-                goto err;
-        if (e != NULL)
-                {
-                if (ret->e != NULL)
-                        BN_free(ret->e);
-                ret->e = BN_dup(e);
-                }
-        if (ret->e == NULL)
-                goto err;
-        if (bn_mod_exp != NULL)
-                ret->bn_mod_exp = bn_mod_exp;
-        if (m_ctx != NULL)
-                ret->m_ctx = m_ctx;
-        do {
-                if (!BN_rand_range(ret->A, ret->mod)) goto err;
-                if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL)
-                        {
-                        /* this should almost never happen for good RSA keys */
-                        unsigned long error = ERR_peek_last_error();
-                        if (ERR_GET_REASON(error) == BN_R_NO_INVERSE)
-                                {
-                                if (retry_counter-- == 0)
-                                {
-                                        BNerr(BN_F_BN_BLINDING_CREATE_PARAM,
-                                                BN_R_TOO_MANY_ITERATIONS);
-                                        goto err;
-                                }
-                                ERR_clear_error();
-                                }
-                        else
-                                goto err;
-                        }
-                else
-                        break;
-        } while (1);
-        if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL)
-                {
-                if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx))
-                        goto err;
-                }
-        else
-                {
-                if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx))
-                        goto err;
-                }
-        return ret;
-err:
-        if (b == NULL && ret != NULL)
-                {
-                BN_BLINDING_free(ret);
-                ret = NULL;
-                }
-        return ret;
-}
diff --git a/src/lib/libcrypto/bn/bn_ctx.c b/src/lib/libcrypto/bn/bn_ctx.c
index b3452f1a91..7daf19eb84 100644
--- a/src/lib/libcrypto/bn/bn_ctx.c
+++ b/src/lib/libcrypto/bn/bn_ctx.c
@@ -1,7 +1,7 @@
 /* crypto/bn/bn_ctx.c */
 /* Written by Ulf Moeller for the OpenSSL project. */
 /* ====================================================================
- * Copyright (c) 1998-2004 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -54,10 +54,9 @@
 *
 */
-#if !defined(BN_CTX_DEBUG) && !defined(BN_DEBUG)
+#ifndef BN_CTX_DEBUG
-#ifndef NDEBUG
+# undef NDEBUG /* avoid conflicting definitions */
-#define NDEBUG
+# define NDEBUG
-#endif
 #endif
 #include <stdio.h>
@@ -66,389 +65,91 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
-/* TODO list
- *
- * 1. Check a bunch of "(words+1)" type hacks in various bignum functions and
- * check they can be safely removed.
- *  - Check +1 and other ugliness in BN_from_montgomery()
- *
- * 2. Consider allowing a BN_new_ex() that, at least, lets you specify an
- * appropriate 'block' size that will be honoured by bn_expand_internal() to
- * prevent piddly little reallocations. OTOH, profiling bignum expansions in
- * BN_CTX doesn't show this to be a big issue.
- */
-/* How many bignums are in each "pool item"; */
-#define BN_CTX_POOL_SIZE        16
-/* The stack frame info is resizing, set a first-time expansion size; */
-#define BN_CTX_START_FRAMES     32
-/***********/
-/* BN_POOL */
-/***********/
-/* A bundle of bignums that can be linked with other bundles */
-typedef struct bignum_pool_item
-        {
-        /* The bignum values */
-        BIGNUM vals[BN_CTX_POOL_SIZE];
-        /* Linked-list admin */
-        struct bignum_pool_item *prev, *next;
-        } BN_POOL_ITEM;
-/* A linked-list of bignums grouped in bundles */
-typedef struct bignum_pool
-        {
-        /* Linked-list admin */
-        BN_POOL_ITEM *head, *current, *tail;
-        /* Stack depth and allocation size */
-        unsigned used, size;
-        } BN_POOL;
-static void             BN_POOL_init(BN_POOL *);
-static void             BN_POOL_finish(BN_POOL *);
-#ifndef OPENSSL_NO_DEPRECATED
-static void             BN_POOL_reset(BN_POOL *);
-#endif
-static BIGNUM *         BN_POOL_get(BN_POOL *);
-static void             BN_POOL_release(BN_POOL *, unsigned int);
-/************/
-/* BN_STACK */
-/************/
-/* A wrapper to manage the "stack frames" */
-typedef struct bignum_ctx_stack
-        {
-        /* Array of indexes into the bignum stack */
-        unsigned int *indexes;
-        /* Number of stack frames, and the size of the allocated array */
-        unsigned int depth, size;
-        } BN_STACK;
-static void             BN_STACK_init(BN_STACK *);
-static void             BN_STACK_finish(BN_STACK *);
-#ifndef OPENSSL_NO_DEPRECATED
-static void             BN_STACK_reset(BN_STACK *);
-#endif
-static int              BN_STACK_push(BN_STACK *, unsigned int);
-static unsigned int     BN_STACK_pop(BN_STACK *);
-/**********/
-/* BN_CTX */
-/**********/
-/* The opaque BN_CTX type */
+BN_CTX *BN_CTX_new(void)
-struct bignum_ctx
        {
-        /* The bignum bundles */
+        BN_CTX *ret;
-        BN_POOL pool;
-        /* The "stack frames", if you will */
-        BN_STACK stack;
-        /* The number of bignums currently assigned */
-        unsigned int used;
-        /* Depth of stack overflow */
-        int err_stack;
-        /* Block "gets" until an "end" (compatibility behaviour) */
-        int too_many;
-        };
-/* Enable this to find BN_CTX bugs */
+        ret=(BN_CTX *)OPENSSL_malloc(sizeof(BN_CTX));
-#ifdef BN_CTX_DEBUG
+        if (ret == NULL)
-static const char *ctxdbg_cur = NULL;
-static void ctxdbg(BN_CTX *ctx)
-        {
-        unsigned int bnidx = 0, fpidx = 0;
-        BN_POOL_ITEM *item = ctx->pool.head;
-        BN_STACK *stack = &ctx->stack;
-        fprintf(stderr,"(%08x): ", (unsigned int)ctx);
-        while(bnidx < ctx->used)
-                {
-                fprintf(stderr,"%02x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax);
-                if(!(bnidx % BN_CTX_POOL_SIZE))
-                        item = item->next;
-                }
-        fprintf(stderr,"\n");
-        bnidx = 0;
-        fprintf(stderr,"          : ");
-        while(fpidx < stack->depth)
                {
-                while(bnidx++ < stack->indexes[fpidx])
+                BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE);
-                        fprintf(stderr,"   ");
+                return(NULL);
-                fprintf(stderr,"^^ ");
-                bnidx++;
-                fpidx++;
                }
-        fprintf(stderr,"\n");
+        BN_CTX_init(ret);
+        ret->flags=BN_FLG_MALLOCED;
+        return(ret);
        }
-#define CTXDBG_ENTRY(str, ctx)  do { \
-                                ctxdbg_cur = (str); \
-                                fprintf(stderr,"Starting %s\n", ctxdbg_cur); \
-                                ctxdbg(ctx); \
-                                } while(0)
-#define CTXDBG_EXIT(ctx)        do { \
-                                fprintf(stderr,"Ending %s\n", ctxdbg_cur); \
-                                ctxdbg(ctx); \
-                                } while(0)
-#define CTXDBG_RET(ctx,ret)
-#else
-#define CTXDBG_ENTRY(str, ctx)
-#define CTXDBG_EXIT(ctx)
-#define CTXDBG_RET(ctx,ret)
-#endif
-/* This function is an evil legacy and should not be used. This implementation
- * is WYSIWYG, though I've done my best. */
-#ifndef OPENSSL_NO_DEPRECATED
 void BN_CTX_init(BN_CTX *ctx)
        {
-        /* Assume the caller obtained the context via BN_CTX_new() and so is
+#if 0 /* explicit version */
-         * trying to reset it for use. Nothing else makes sense, least of all
+        int i;
-         * binary compatibility from a time when they could declare a static
+        ctx->tos = 0;
-         * variable. */
+        ctx->flags = 0;
-        BN_POOL_reset(&ctx->pool);
+        ctx->depth = 0;
-        BN_STACK_reset(&ctx->stack);
-        ctx->used = 0;
-        ctx->err_stack = 0;
        ctx->too_many = 0;
-        }
+        for (i = 0; i < BN_CTX_NUM; i++)
+                BN_init(&(ctx->bn[i]));
+#else
+        memset(ctx, 0, sizeof *ctx);
 #endif
-BN_CTX *BN_CTX_new(void)
-        {
-        BN_CTX *ret = OPENSSL_malloc(sizeof(BN_CTX));
-        if(!ret)
-                {
-                BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE);
-                return NULL;
-                }
-        /* Initialise the structure */
-        BN_POOL_init(&ret->pool);
-        BN_STACK_init(&ret->stack);
-        ret->used = 0;
-        ret->err_stack = 0;
-        ret->too_many = 0;
-        return ret;
        }
 void BN_CTX_free(BN_CTX *ctx)
        {
-        if (ctx == NULL)
+        int i;
-                return;
-#ifdef BN_CTX_DEBUG
-        {
-        BN_POOL_ITEM *pool = ctx->pool.head;
-        fprintf(stderr,"BN_CTX_free, stack-size=%d, pool-bignums=%d\n",
-                ctx->stack.size, ctx->pool.size);
-        fprintf(stderr,"dmaxs: ");
-        while(pool) {
-                unsigned loop = 0;
-                while(loop < BN_CTX_POOL_SIZE)
-                        fprintf(stderr,"%02x ", pool->vals[loop++].dmax);
-                pool = pool->next;
-        }
-        fprintf(stderr,"\n");
-        }
-#endif
-        BN_STACK_finish(&ctx->stack);
-        BN_POOL_finish(&ctx->pool);
-        OPENSSL_free(ctx);
-        }
-void BN_CTX_start(BN_CTX *ctx)
-        {
-        CTXDBG_ENTRY("BN_CTX_start", ctx);
-        /* If we're already overflowing ... */
-        if(ctx->err_stack || ctx->too_many)
-                ctx->err_stack++;
-        /* (Try to) get a new frame pointer */
-        else if(!BN_STACK_push(&ctx->stack, ctx->used))
-                {
-                BNerr(BN_F_BN_CTX_START,BN_R_TOO_MANY_TEMPORARY_VARIABLES);
-                ctx->err_stack++;
-                }
-        CTXDBG_EXIT(ctx);
-        }
-void BN_CTX_end(BN_CTX *ctx)
-        {
-        CTXDBG_ENTRY("BN_CTX_end", ctx);
-        if(ctx->err_stack)
-                ctx->err_stack--;
-        else
-                {
-                unsigned int fp = BN_STACK_pop(&ctx->stack);
-                /* Does this stack frame have anything to release? */
-                if(fp < ctx->used)
-                        BN_POOL_release(&ctx->pool, ctx->used - fp);
-                ctx->used = fp;
-                /* Unjam "too_many" in case "get" had failed */
-                ctx->too_many = 0;
-                }
-        CTXDBG_EXIT(ctx);
-        }
-BIGNUM *BN_CTX_get(BN_CTX *ctx)
-        {
-        BIGNUM *ret;
-        CTXDBG_ENTRY("BN_CTX_get", ctx);
-        if(ctx->err_stack || ctx->too_many) return NULL;
-        if((ret = BN_POOL_get(&ctx->pool)) == NULL)
-                {
-                /* Setting too_many prevents repeated "get" attempts from
-                 * cluttering the error stack. */
-                ctx->too_many = 1;
-                BNerr(BN_F_BN_CTX_GET,BN_R_TOO_MANY_TEMPORARY_VARIABLES);
-                return NULL;
-                }
-        /* OK, make sure the returned bignum is "zero" */
-        BN_zero(ret);
-        ctx->used++;
-        CTXDBG_RET(ctx, ret);
-        return ret;
-        }
-/************/
-/* BN_STACK */
-/************/
-static void BN_STACK_init(BN_STACK *st)
-        {
-        st->indexes = NULL;
-        st->depth = st->size = 0;
-        }
-static void BN_STACK_finish(BN_STACK *st)
-        {
-        if(st->size) OPENSSL_free(st->indexes);
-        }
-#ifndef OPENSSL_NO_DEPRECATED
-static void BN_STACK_reset(BN_STACK *st)
-        {
-        st->depth = 0;
-        }
-#endif
-static int BN_STACK_push(BN_STACK *st, unsigned int idx)
+        if (ctx == NULL) return;
-        {
+        assert(ctx->depth == 0);
-        if(st->depth == st->size)
-                /* Need to expand */
-                {
-                unsigned int newsize = (st->size ?
-                                (st->size * 3 / 2) : BN_CTX_START_FRAMES);
-                unsigned int *newitems = OPENSSL_malloc(newsize *
-                                                sizeof(unsigned int));
-                if(!newitems) return 0;
-                if(st->depth)
-                        memcpy(newitems, st->indexes, st->depth *
-                                                sizeof(unsigned int));
-                if(st->size) OPENSSL_free(st->indexes);
-                st->indexes = newitems;
-                st->size = newsize;
-                }
-        st->indexes[(st->depth)++] = idx;
-        return 1;
-        }
-static unsigned int BN_STACK_pop(BN_STACK *st)
+        for (i=0; i < BN_CTX_NUM; i++)
-        {
+                BN_clear_free(&(ctx->bn[i]));
-        return st->indexes[--(st->depth)];
+        if (ctx->flags & BN_FLG_MALLOCED)
+                OPENSSL_free(ctx);
        }
-/***********/
+void BN_CTX_start(BN_CTX *ctx)
-/* BN_POOL */
-/***********/
-static void BN_POOL_init(BN_POOL *p)
        {
-        p->head = p->current = p->tail = NULL;
+        if (ctx->depth < BN_CTX_NUM_POS)
-        p->used = p->size = 0;
+                ctx->pos[ctx->depth] = ctx->tos;
+        ctx->depth++;
        }
-static void BN_POOL_finish(BN_POOL *p)
-        {
-        while(p->head)
-                {
-                unsigned int loop = 0;
-                BIGNUM *bn = p->head->vals;
-                while(loop++ < BN_CTX_POOL_SIZE)
-                        {
-                        if(bn->d) BN_clear_free(bn);
-                        bn++;
-                        }
-                p->current = p->head->next;
-                OPENSSL_free(p->head);
-                p->head = p->current;
-                }
-        }
-#ifndef OPENSSL_NO_DEPRECATED
+BIGNUM *BN_CTX_get(BN_CTX *ctx)
-static void BN_POOL_reset(BN_POOL *p)
        {
-        BN_POOL_ITEM *item = p->head;
+        /* Note: If BN_CTX_get is ever changed to allocate BIGNUMs dynamically,
-        while(item)
+         * make sure that if BN_CTX_get fails once it will return NULL again
+         * until BN_CTX_end is called.  (This is so that callers have to check
+         * only the last return value.)
+         */
+        if (ctx->depth > BN_CTX_NUM_POS || ctx->tos >= BN_CTX_NUM)
                {
-                unsigned int loop = 0;
+                if (!ctx->too_many)
-                BIGNUM *bn = item->vals;
-                while(loop++ < BN_CTX_POOL_SIZE)
                        {
-                        if(bn->d) BN_clear(bn);
+                        BNerr(BN_F_BN_CTX_GET,BN_R_TOO_MANY_TEMPORARY_VARIABLES);
-                        bn++;
+                        /* disable error code until BN_CTX_end is called: */
+                        ctx->too_many = 1;
                        }
-                item = item->next;
+                return NULL;
                }
-        p->current = p->head;
+        return (&(ctx->bn[ctx->tos++]));
-        p->used = 0;
        }
-#endif
-static BIGNUM *BN_POOL_get(BN_POOL *p)
+void BN_CTX_end(BN_CTX *ctx)
        {
-        if(p->used == p->size)
+        if (ctx == NULL) return;
-                {
+        assert(ctx->depth > 0);
-                BIGNUM *bn;
+        if (ctx->depth == 0)
-                unsigned int loop = 0;
+                /* should never happen, but we can tolerate it if not in
-                BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(BN_POOL_ITEM));
+                 * debug mode (could be a 'goto err' in the calling function
-                if(!item) return NULL;
+                 * before BN_CTX_start was reached) */
-                /* Initialise the structure */
+                BN_CTX_start(ctx);
-                bn = item->vals;
-                while(loop++ < BN_CTX_POOL_SIZE)
-                        BN_init(bn++);
-                item->prev = p->tail;
-                item->next = NULL;
-                /* Link it in */
-                if(!p->head)
-                        p->head = p->current = p->tail = item;
-                else
-                        {
-                        p->tail->next = item;
-                        p->tail = item;
-                        p->current = item;
-                        }
-                p->size += BN_CTX_POOL_SIZE;
-                p->used++;
-                /* Return the first bignum from the new pool */
-                return item->vals;
-                }
-        if(!p->used)
-                p->current = p->head;
-        else if((p->used % BN_CTX_POOL_SIZE) == 0)
-                p->current = p->current->next;
-        return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE);
-        }
-static void BN_POOL_release(BN_POOL *p, unsigned int num)
+        ctx->too_many = 0;
-        {
+        ctx->depth--;
-        unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE;
+        if (ctx->depth < BN_CTX_NUM_POS)
-        p->used -= num;
+                ctx->tos = ctx->pos[ctx->depth];
-        while(num--)
-                {
-                bn_check_top(p->current->vals + offset);
-                if(!offset)
-                        {
-                        offset = BN_CTX_POOL_SIZE - 1;
-                        p->current = p->current->prev;
-                        }
-                else
-                        offset--;
-                }
        }
diff --git a/src/lib/libcrypto/bn/bn_div.c b/src/lib/libcrypto/bn/bn_div.c
index 8655eb118e..580d1201bc 100644
--- a/src/lib/libcrypto/bn/bn_div.c
+++ b/src/lib/libcrypto/bn/bn_div.c
@@ -169,31 +169,22 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
 #endif /* OPENSSL_NO_ASM */
-/* BN_div[_no_branch] computes  dv := num / divisor,  rounding towards
+/* BN_div computes  dv := num / divisor,  rounding towards zero, and sets up
- * zero, and sets up rm  such that  dv*divisor + rm = num  holds.
+ * rm  such that  dv*divisor + rm = num  holds.
 * Thus:
 *     dv->neg == num->neg ^ divisor->neg  (unless the result is zero)
 *     rm->neg == num->neg                 (unless the remainder is zero)
 * If 'dv' or 'rm' is NULL, the respective value is not returned.
 */
-static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
-        const BIGNUM *divisor, BN_CTX *ctx);
 int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
           BN_CTX *ctx)
        {
-        int norm_shift,i,loop;
+        int norm_shift,i,j,loop;
        BIGNUM *tmp,wnum,*snum,*sdiv,*res;
        BN_ULONG *resp,*wnump;
        BN_ULONG d0,d1;
        int num_n,div_n;
-        if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0))
-                {
-                return BN_div_no_branch(dv, rm, num, divisor, ctx);
-                }
-        bn_check_top(dv);
-        bn_check_top(rm);
        bn_check_top(num);
        bn_check_top(divisor);
@@ -219,6 +210,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
                res=BN_CTX_get(ctx);
        else    res=dv;
        if (sdiv == NULL || res == NULL) goto err;
+        tmp->neg=0;
        /* First we normalise the numbers */
        norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
@@ -230,17 +222,17 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
        div_n=sdiv->top;
        num_n=snum->top;
        loop=num_n-div_n;
        /* Lets setup a 'window' into snum
         * This is the part that corresponds to the current
         * 'area' being divided */
-        wnum.neg   = 0;
+        BN_init(&wnum);
-        wnum.d     = &(snum->d[loop]);
+        wnum.d=  &(snum->d[loop]);
-        wnum.top   = div_n;
+        wnum.top= div_n;
-        /* only needed when BN_ucmp messes up the values between top and max */
+        wnum.dmax= snum->dmax+1; /* a bit of a lie */
-        wnum.dmax  = snum->dmax - loop; /* so we don't step out of bounds */
        /* Get the top 2 words of sdiv */
-        /* div_n=sdiv->top; */
+        /* i=sdiv->top; */
        d0=sdiv->d[div_n-1];
        d1=(div_n == 1)?0:sdiv->d[div_n-2];
@@ -258,28 +250,19 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
        if (BN_ucmp(&wnum,sdiv) >= 0)
                {
-                /* If BN_DEBUG_RAND is defined BN_ucmp changes (via
+                if (!BN_usub(&wnum,&wnum,sdiv)) goto err;
-                 * bn_pollute) the const bignum arguments =>
-                 * clean the values between top and max again */
-                bn_clear_top2max(&wnum);
-                bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n);
                *resp=1;
+                res->d[res->top-1]=1;
                }
        else
                res->top--;
-        /* if res->top == 0 then clear the neg value otherwise decrease
-         * the resp pointer */
        if (res->top == 0)
                res->neg = 0;
-        else
+        resp--;
-                resp--;
-        for (i=0; i<loop-1; i++, wnump--, resp--)
+        for (i=0; i<loop-1; i++)
                {
                BN_ULONG q,l0;
-                /* the first part of the loop uses the top two words of
-                 * snum and sdiv to calculate a BN_ULONG q such that
-                 * | wnum - sdiv * q | < sdiv */
 #if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM)
                BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG);
                q=bn_div_3_words(wnump,d1,d0);
@@ -363,252 +346,27 @@ X) -> 0x%08X\n",
 #endif /* !BN_DIV3W */
                l0=bn_mul_words(tmp->d,sdiv->d,div_n,q);
+                wnum.d--; wnum.top++;
                tmp->d[div_n]=l0;
-                wnum.d--;
+                for (j=div_n+1; j>0; j--)
-                /* ingore top values of the bignums just sub the two 
+                        if (tmp->d[j-1]) break;
-                 * BN_ULONG arrays with bn_sub_words */
+                tmp->top=j;
-                if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1))
-                        {
-                        /* Note: As we have considered only the leading
-                         * two BN_ULONGs in the calculation of q, sdiv * q
-                         * might be greater than wnum (but then (q-1) * sdiv
-                         * is less or equal than wnum)
-                         */
-                        q--;
-                        if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n))
-                                /* we can't have an overflow here (assuming
-                                 * that q != 0, but if q == 0 then tmp is
-                                 * zero anyway) */
-                                (*wnump)++;
-                        }
-                /* store part of the result */
-                *resp = q;
-                }
-        bn_correct_top(snum);
-        if (rm != NULL)
-                {
-                /* Keep a copy of the neg flag in num because if rm==num
-                 * BN_rshift() will overwrite it.
-                 */
-                int neg = num->neg;
-                BN_rshift(rm,snum,norm_shift);
-                if (!BN_is_zero(rm))
-                        rm->neg = neg;
-                bn_check_top(rm);
-                }
-        BN_CTX_end(ctx);
-        return(1);
-err:
-        bn_check_top(rm);
-        BN_CTX_end(ctx);
-        return(0);
-        }
-/* BN_div_no_branch is a special version of BN_div. It does not contain
- * branches that may leak sensitive information.
- */
-static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, 
-        const BIGNUM *divisor, BN_CTX *ctx)
-        {
-        int norm_shift,i,loop;
-        BIGNUM *tmp,wnum,*snum,*sdiv,*res;
-        BN_ULONG *resp,*wnump;
-        BN_ULONG d0,d1;
-        int num_n,div_n;
-        bn_check_top(dv);
-        bn_check_top(rm);
-        bn_check_top(num);
-        bn_check_top(divisor);
-        if (BN_is_zero(divisor))
-                {
-                BNerr(BN_F_BN_DIV_NO_BRANCH,BN_R_DIV_BY_ZERO);
-                return(0);
-                }
-        BN_CTX_start(ctx);
-        tmp=BN_CTX_get(ctx);
-        snum=BN_CTX_get(ctx);
-        sdiv=BN_CTX_get(ctx);
-        if (dv == NULL)
-                res=BN_CTX_get(ctx);
-        else    res=dv;
-        if (sdiv == NULL || res == NULL) goto err;
-        /* First we normalise the numbers */
-        norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
-        if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err;
-        sdiv->neg=0;
-        norm_shift+=BN_BITS2;
-        if (!(BN_lshift(snum,num,norm_shift))) goto err;
-        snum->neg=0;
-        /* Since we don't know whether snum is larger than sdiv,
-         * we pad snum with enough zeroes without changing its
-         * value. 
-         */
-        if (snum->top <= sdiv->top+1) 
-                {
-                if (bn_wexpand(snum, sdiv->top + 2) == NULL) goto err;
-                for (i = snum->top; i < sdiv->top + 2; i++) snum->d[i] = 0;
-                snum->top = sdiv->top + 2;
-                }
-        else
-                {
-                if (bn_wexpand(snum, snum->top + 1) == NULL) goto err;
-                snum->d[snum->top] = 0;
-                snum->top ++;
-                }
-        div_n=sdiv->top;
-        num_n=snum->top;
-        loop=num_n-div_n;
-        /* Lets setup a 'window' into snum
-         * This is the part that corresponds to the current
-         * 'area' being divided */
-        wnum.neg   = 0;
-        wnum.d     = &(snum->d[loop]);
-        wnum.top   = div_n;
-        /* only needed when BN_ucmp messes up the values between top and max */
-        wnum.dmax  = snum->dmax - loop; /* so we don't step out of bounds */
-        /* Get the top 2 words of sdiv */
-        /* div_n=sdiv->top; */
-        d0=sdiv->d[div_n-1];
-        d1=(div_n == 1)?0:sdiv->d[div_n-2];
-        /* pointer to the 'top' of snum */
-        wnump= &(snum->d[num_n-1]);
-        /* Setup to 'res' */
-        res->neg= (num->neg^divisor->neg);
-        if (!bn_wexpand(res,(loop+1))) goto err;
-        res->top=loop-1;
-        resp= &(res->d[loop-1]);
-        /* space for temp */
-        if (!bn_wexpand(tmp,(div_n+1))) goto err;
-        /* if res->top == 0 then clear the neg value otherwise decrease
-         * the resp pointer */
-        if (res->top == 0)
-                res->neg = 0;
-        else
-                resp--;
-        for (i=0; i<loop-1; i++, wnump--, resp--)
-                {
-                BN_ULONG q,l0;
-                /* the first part of the loop uses the top two words of
-                 * snum and sdiv to calculate a BN_ULONG q such that
-                 * | wnum - sdiv * q | < sdiv */
-#if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM)
-                BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG);
-                q=bn_div_3_words(wnump,d1,d0);
-#else
-                BN_ULONG n0,n1,rem=0;
-                n0=wnump[0];
-                n1=wnump[-1];
-                if (n0 == d0)
-                        q=BN_MASK2;
-                else                    /* n0 < d0 */
-                        {
-#ifdef BN_LLONG
-                        BN_ULLONG t2;
-#if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)
-                        q=(BN_ULONG)(((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0);
-#else
-                        q=bn_div_words(n0,n1,d0);
-#ifdef BN_DEBUG_LEVITTE
-                        fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
-X) -> 0x%08X\n",
-                                n0, n1, d0, q);
-#endif
-#endif
-#ifndef REMAINDER_IS_ALREADY_CALCULATED
-                        /*
-                         * rem doesn't have to be BN_ULLONG. The least we
-                         * know it's less that d0, isn't it?
-                         */
-                        rem=(n1-q*d0)&BN_MASK2;
-#endif
-                        t2=(BN_ULLONG)d1*q;
-                        for (;;)
-                                {
-                                if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2]))
-                                        break;
-                                q--;
-                                rem += d0;
-                                if (rem < d0) break; /* don't let rem overflow */
-                                t2 -= d1;
-                                }
-#else /* !BN_LLONG */
-                        BN_ULONG t2l,t2h,ql,qh;
-                        q=bn_div_words(n0,n1,d0);
-#ifdef BN_DEBUG_LEVITTE
-                        fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
-X) -> 0x%08X\n",
-                                n0, n1, d0, q);
-#endif
-#ifndef REMAINDER_IS_ALREADY_CALCULATED
-                        rem=(n1-q*d0)&BN_MASK2;
-#endif
-#if defined(BN_UMULT_LOHI)
+                j=wnum.top;
-                        BN_UMULT_LOHI(t2l,t2h,d1,q);
+                if (!BN_sub(&wnum,&wnum,tmp)) goto err;
-#elif defined(BN_UMULT_HIGH)
-                        t2l = d1 * q;
-                        t2h = BN_UMULT_HIGH(d1,q);
-#else
-                        t2l=LBITS(d1); t2h=HBITS(d1);
-                        ql =LBITS(q);  qh =HBITS(q);
-                        mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */
-#endif
-                        for (;;)
+                snum->top=snum->top+wnum.top-j;
-                                {
-                                if ((t2h < rem) ||
-                                        ((t2h == rem) && (t2l <= wnump[-2])))
-                                        break;
-                                q--;
-                                rem += d0;
-                                if (rem < d0) break; /* don't let rem overflow */
-                                if (t2l < d1) t2h--; t2l -= d1;
-                                }
-#endif /* !BN_LLONG */
-                        }
-#endif /* !BN_DIV3W */
-                l0=bn_mul_words(tmp->d,sdiv->d,div_n,q);
+                if (wnum.neg)
-                tmp->d[div_n]=l0;
-                wnum.d--;
-                /* ingore top values of the bignums just sub the two 
-                 * BN_ULONG arrays with bn_sub_words */
-                if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1))
                        {
-                        /* Note: As we have considered only the leading
-                         * two BN_ULONGs in the calculation of q, sdiv * q
-                         * might be greater than wnum (but then (q-1) * sdiv
-                         * is less or equal than wnum)
-                         */
                        q--;
-                        if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n))
+                        j=wnum.top;
-                                /* we can't have an overflow here (assuming
+                        if (!BN_add(&wnum,&wnum,sdiv)) goto err;
-                                 * that q != 0, but if q == 0 then tmp is
+                        snum->top+=wnum.top-j;
-                                 * zero anyway) */
-                                (*wnump)++;
                        }
-                /* store part of the result */
+                *(resp--)=q;
-                *resp = q;
+                wnump--;
                }
-        bn_correct_top(snum);
        if (rm != NULL)
                {
                /* Keep a copy of the neg flag in num because if rm==num
@@ -618,13 +376,10 @@ X) -> 0x%08X\n",
                BN_rshift(rm,snum,norm_shift);
                if (!BN_is_zero(rm))
                        rm->neg = neg;
-                bn_check_top(rm);
                }
-        bn_correct_top(res);
        BN_CTX_end(ctx);
        return(1);
 err:
-        bn_check_top(rm);
        BN_CTX_end(ctx);
        return(0);
        }
diff --git a/src/lib/libcrypto/bn/bn_err.c b/src/lib/libcrypto/bn/bn_err.c
index cfe2eb94a0..5dfac00c88 100644
--- a/src/lib/libcrypto/bn/bn_err.c
+++ b/src/lib/libcrypto/bn/bn_err.c
@@ -1,6 +1,6 @@
 /* crypto/bn/bn_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -70,30 +70,18 @@
 static ERR_STRING_DATA BN_str_functs[]=
        {
-{ERR_FUNC(BN_F_BNRAND), "BNRAND"},
+{ERR_FUNC(BN_F_BN_BLINDING_CONVERT),    "BN_BLINDING_convert"},
-{ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX), "BN_BLINDING_convert_ex"},
+{ERR_FUNC(BN_F_BN_BLINDING_INVERT),     "BN_BLINDING_invert"},
-{ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM),       "BN_BLINDING_create_param"},
-{ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX),  "BN_BLINDING_invert_ex"},
 {ERR_FUNC(BN_F_BN_BLINDING_NEW),        "BN_BLINDING_new"},
 {ERR_FUNC(BN_F_BN_BLINDING_UPDATE),     "BN_BLINDING_update"},
 {ERR_FUNC(BN_F_BN_BN2DEC),      "BN_bn2dec"},
 {ERR_FUNC(BN_F_BN_BN2HEX),      "BN_bn2hex"},
 {ERR_FUNC(BN_F_BN_CTX_GET),     "BN_CTX_get"},
 {ERR_FUNC(BN_F_BN_CTX_NEW),     "BN_CTX_new"},
-{ERR_FUNC(BN_F_BN_CTX_START),   "BN_CTX_start"},
 {ERR_FUNC(BN_F_BN_DIV), "BN_div"},
-{ERR_FUNC(BN_F_BN_DIV_NO_BRANCH),       "BN_div_no_branch"},
-{ERR_FUNC(BN_F_BN_DIV_RECP),    "BN_div_recp"},
 {ERR_FUNC(BN_F_BN_EXP), "BN_exp"},
 {ERR_FUNC(BN_F_BN_EXPAND2),     "bn_expand2"},
 {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL),     "BN_EXPAND_INTERNAL"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD),    "BN_GF2m_mod"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_EXP),        "BN_GF2m_mod_exp"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_MUL),        "BN_GF2m_mod_mul"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD), "BN_GF2m_mod_solve_quad"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR),     "BN_GF2m_mod_solve_quad_arr"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_SQR),        "BN_GF2m_mod_sqr"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT),       "BN_GF2m_mod_sqrt"},
 {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT),       "BN_mod_exp2_mont"},
 {ERR_FUNC(BN_F_BN_MOD_EXP_MONT),        "BN_mod_exp_mont"},
 {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME),      "BN_mod_exp_mont_consttime"},
@@ -101,7 +89,6 @@ static ERR_STRING_DATA BN_str_functs[]=
 {ERR_FUNC(BN_F_BN_MOD_EXP_RECP),        "BN_mod_exp_recp"},
 {ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE),      "BN_mod_exp_simple"},
 {ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"},
-{ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH),       "BN_mod_inverse_no_branch"},
 {ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK),    "BN_mod_lshift_quick"},
 {ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL),  "BN_mod_mul_reciprocal"},
 {ERR_FUNC(BN_F_BN_MOD_SQRT),    "BN_mod_sqrt"},
@@ -128,7 +115,6 @@ static ERR_STRING_DATA BN_str_reasons[]=
 {ERR_REASON(BN_R_NOT_A_SQUARE)           ,"not a square"},
 {ERR_REASON(BN_R_NOT_INITIALIZED)        ,"not initialized"},
 {ERR_REASON(BN_R_NO_INVERSE)             ,"no inverse"},
-{ERR_REASON(BN_R_NO_SOLUTION)            ,"no solution"},
 {ERR_REASON(BN_R_P_IS_NOT_PRIME)         ,"p is not prime"},
 {ERR_REASON(BN_R_TOO_MANY_ITERATIONS)    ,"too many iterations"},
 {ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES),"too many temporary variables"},
@@ -139,12 +125,15 @@ static ERR_STRING_DATA BN_str_reasons[]=
 void ERR_load_BN_strings(void)
        {
-#ifndef OPENSSL_NO_ERR
+        static int init=1;
-        if (ERR_func_error_string(BN_str_functs[0].error) == NULL)
+        if (init)
                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
                ERR_load_strings(0,BN_str_functs);
                ERR_load_strings(0,BN_str_reasons);
-                }
 #endif
+                }
        }
diff --git a/src/lib/libcrypto/bn/bn_exp.c b/src/lib/libcrypto/bn/bn_exp.c
index 70a33f0d93..9e1e88abe8 100644
--- a/src/lib/libcrypto/bn/bn_exp.c
+++ b/src/lib/libcrypto/bn/bn_exp.c
@@ -122,9 +122,9 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
        int i,bits,ret=0;
        BIGNUM *v,*rr;
-        if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
+        if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0)
                {
-                /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+                /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */
                BNerr(BN_F_BN_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                return -1;
                }
@@ -155,7 +155,6 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
 err:
        if (r != rr) BN_copy(r,rr);
        BN_CTX_end(ctx);
-        bn_check_top(r);
        return(ret);
        }
@@ -213,7 +212,7 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
        if (BN_is_odd(m))
                {
 #  ifdef MONT_EXP_WORD
-                if (a->top == 1 && !a->neg && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0))
+                if (a->top == 1 && !a->neg && (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) == 0))
                        {
                        BN_ULONG A = a->d[0];
                        ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL);
@@ -230,7 +229,6 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
                { ret=BN_mod_exp_simple(r,a,p,m,ctx); }
 #endif
-        bn_check_top(r);
        return(ret);
        }
@@ -239,15 +237,14 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                    const BIGNUM *m, BN_CTX *ctx)
        {
        int i,j,bits,ret=0,wstart,wend,window,wvalue;
-        int start=1;
+        int start=1,ts=0;
        BIGNUM *aa;
-        /* Table of variables obtained from 'ctx' */
+        BIGNUM val[TABLE_SIZE];
-        BIGNUM *val[TABLE_SIZE];
        BN_RECP_CTX recp;
-        if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
+        if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0)
                {
-                /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+                /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */
                BNerr(BN_F_BN_MOD_EXP_RECP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                return -1;
                }
@@ -261,9 +258,7 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                }
        BN_CTX_start(ctx);
-        aa = BN_CTX_get(ctx);
+        if ((aa = BN_CTX_get(ctx)) == NULL) goto err;
-        val[0] = BN_CTX_get(ctx);
-        if(!aa || !val[0]) goto err;
        BN_RECP_CTX_init(&recp);
        if (m->neg)
@@ -278,27 +273,29 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                if (BN_RECP_CTX_set(&recp,m,ctx) <= 0) goto err;
                }
-        if (!BN_nnmod(val[0],a,m,ctx)) goto err;                /* 1 */
+        BN_init(&(val[0]));
-        if (BN_is_zero(val[0]))
+        ts=1;
+        if (!BN_nnmod(&(val[0]),a,m,ctx)) goto err;             /* 1 */
+        if (BN_is_zero(&(val[0])))
                {
-                BN_zero(r);
+                ret = BN_zero(r);
-                ret = 1;
                goto err;
                }
        window = BN_window_bits_for_exponent_size(bits);
        if (window > 1)
                {
-                if (!BN_mod_mul_reciprocal(aa,val[0],val[0],&recp,ctx))
+                if (!BN_mod_mul_reciprocal(aa,&(val[0]),&(val[0]),&recp,ctx))
                        goto err;                               /* 2 */
                j=1<<(window-1);
                for (i=1; i<j; i++)
                        {
-                        if(((val[i] = BN_CTX_get(ctx)) == NULL) ||
+                        BN_init(&val[i]);
-                                        !BN_mod_mul_reciprocal(val[i],val[i-1],
+                        if (!BN_mod_mul_reciprocal(&(val[i]),&(val[i-1]),aa,&recp,ctx))
-                                                aa,&recp,ctx))
                                goto err;
                        }
+                ts=i;
                }
                
        start=1;        /* This is used to avoid multiplication etc
@@ -350,7 +347,7 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                                }
                
                /* wvalue will be an odd number < 2^window */
-                if (!BN_mod_mul_reciprocal(r,r,val[wvalue>>1],&recp,ctx))
+                if (!BN_mod_mul_reciprocal(r,r,&(val[wvalue>>1]),&recp,ctx))
                        goto err;
                /* move the 'window' down further */
@@ -362,8 +359,9 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
        ret=1;
 err:
        BN_CTX_end(ctx);
+        for (i=0; i<ts; i++)
+                BN_clear_free(&(val[i]));
        BN_RECP_CTX_free(&recp);
-        bn_check_top(r);
        return(ret);
        }
@@ -372,14 +370,13 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
                    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
        {
        int i,j,bits,ret=0,wstart,wend,window,wvalue;
-        int start=1;
+        int start=1,ts=0;
        BIGNUM *d,*r;
        const BIGNUM *aa;
-        /* Table of variables obtained from 'ctx' */
+        BIGNUM val[TABLE_SIZE];
-        BIGNUM *val[TABLE_SIZE];
        BN_MONT_CTX *mont=NULL;
-        if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
+        if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0)
                {
                return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
                }
@@ -388,7 +385,7 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
        bn_check_top(p);
        bn_check_top(m);
-        if (!BN_is_odd(m))
+        if (!(m->d[0] & 1))
                {
                BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
                return(0);
@@ -403,8 +400,7 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
        BN_CTX_start(ctx);
        d = BN_CTX_get(ctx);
        r = BN_CTX_get(ctx);
-        val[0] = BN_CTX_get(ctx);
+        if (d == NULL || r == NULL) goto err;
-        if (!d || !r || !val[0]) goto err;
        /* If this is not done, things will break in the montgomery
         * part */
@@ -417,34 +413,35 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
                if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
                }
+        BN_init(&val[0]);
+        ts=1;
        if (a->neg || BN_ucmp(a,m) >= 0)
                {
-                if (!BN_nnmod(val[0],a,m,ctx))
+                if (!BN_nnmod(&(val[0]),a,m,ctx))
                        goto err;
-                aa= val[0];
+                aa= &(val[0]);
                }
        else
                aa=a;
        if (BN_is_zero(aa))
                {
-                BN_zero(rr);
+                ret = BN_zero(rr);
-                ret = 1;
                goto err;
                }
-        if (!BN_to_montgomery(val[0],aa,mont,ctx)) goto err; /* 1 */
+        if (!BN_to_montgomery(&(val[0]),aa,mont,ctx)) goto err; /* 1 */
        window = BN_window_bits_for_exponent_size(bits);
        if (window > 1)
                {
-                if (!BN_mod_mul_montgomery(d,val[0],val[0],mont,ctx)) goto err; /* 2 */
+                if (!BN_mod_mul_montgomery(d,&(val[0]),&(val[0]),mont,ctx)) goto err; /* 2 */
                j=1<<(window-1);
                for (i=1; i<j; i++)
                        {
-                        if(((val[i] = BN_CTX_get(ctx)) == NULL) ||
+                        BN_init(&(val[i]));
-                                        !BN_mod_mul_montgomery(val[i],val[i-1],
+                        if (!BN_mod_mul_montgomery(&(val[i]),&(val[i-1]),d,mont,ctx))
-                                                d,mont,ctx))
                                goto err;
                        }
+                ts=i;
                }
        start=1;        /* This is used to avoid multiplication etc
@@ -497,7 +494,7 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
                                }
                
                /* wvalue will be an odd number < 2^window */
-                if (!BN_mod_mul_montgomery(r,r,val[wvalue>>1],mont,ctx))
+                if (!BN_mod_mul_montgomery(r,r,&(val[wvalue>>1]),mont,ctx))
                        goto err;
                /* move the 'window' down further */
@@ -511,7 +508,8 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
 err:
        if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
        BN_CTX_end(ctx);
-        bn_check_top(rr);
+        for (i=0; i<ts; i++)
+                BN_clear_free(&(val[i]));
        return(ret);
        }
@@ -537,7 +535,7 @@ static int MOD_EXP_CTIME_COPY_TO_PREBUF(BIGNUM *b, int top, unsigned char *buf,
                buf[j] = ((unsigned char*)b->d)[i];
                }
-        bn_correct_top(b);
+        bn_fix_top(b);
        return 1;
        }
@@ -554,7 +552,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, unsigned char *buf
                }
        b->top = top;
-        bn_correct_top(b);
+        bn_fix_top(b);
        return 1;
        }       
@@ -745,9 +743,9 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
 #define BN_TO_MONTGOMERY_WORD(r, w, mont) \
                (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
-        if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
+        if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0)
                {
-                /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+                /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */
                BNerr(BN_F_BN_MOD_EXP_MONT_WORD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                return -1;
                }
@@ -755,7 +753,7 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
        bn_check_top(p);
        bn_check_top(m);
-        if (!BN_is_odd(m))
+        if (m->top == 0 || !(m->d[0] & 1))
                {
                BNerr(BN_F_BN_MOD_EXP_MONT_WORD,BN_R_CALLED_WITH_EVEN_MODULUS);
                return(0);
@@ -771,8 +769,7 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
                }
        if (a == 0)
                {
-                BN_zero(rr);
+                ret = BN_zero(rr);
-                ret = 1;
                return ret;
                }
@@ -866,24 +863,23 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
 err:
        if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
        BN_CTX_end(ctx);
-        bn_check_top(rr);
        return(ret);
        }
 /* The old fallback, simple version :-) */
-int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+int BN_mod_exp_simple(BIGNUM *r,
-                const BIGNUM *m, BN_CTX *ctx)
+        const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
+        BN_CTX *ctx)
        {
-        int i,j,bits,ret=0,wstart,wend,window,wvalue;
+        int i,j,bits,ret=0,wstart,wend,window,wvalue,ts=0;
        int start=1;
        BIGNUM *d;
-        /* Table of variables obtained from 'ctx' */
+        BIGNUM val[TABLE_SIZE];
-        BIGNUM *val[TABLE_SIZE];
-        if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
+        if (BN_get_flags(p, BN_FLG_EXP_CONSTTIME) != 0)
                {
-                /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+                /* BN_FLG_EXP_CONSTTIME only supported by BN_mod_exp_mont() */
                BNerr(BN_F_BN_MOD_EXP_SIMPLE,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                return -1;
                }
@@ -897,30 +893,30 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                }
        BN_CTX_start(ctx);
-        d = BN_CTX_get(ctx);
+        if ((d = BN_CTX_get(ctx)) == NULL) goto err;
-        val[0] = BN_CTX_get(ctx);
-        if(!d || !val[0]) goto err;
-        if (!BN_nnmod(val[0],a,m,ctx)) goto err;                /* 1 */
+        BN_init(&(val[0]));
-        if (BN_is_zero(val[0]))
+        ts=1;
+        if (!BN_nnmod(&(val[0]),a,m,ctx)) goto err;             /* 1 */
+        if (BN_is_zero(&(val[0])))
                {
-                BN_zero(r);
+                ret = BN_zero(r);
-                ret = 1;
                goto err;
                }
        window = BN_window_bits_for_exponent_size(bits);
        if (window > 1)
                {
-                if (!BN_mod_mul(d,val[0],val[0],m,ctx))
+                if (!BN_mod_mul(d,&(val[0]),&(val[0]),m,ctx))
                        goto err;                               /* 2 */
                j=1<<(window-1);
                for (i=1; i<j; i++)
                        {
-                        if(((val[i] = BN_CTX_get(ctx)) == NULL) ||
+                        BN_init(&(val[i]));
-                                        !BN_mod_mul(val[i],val[i-1],d,m,ctx))
+                        if (!BN_mod_mul(&(val[i]),&(val[i-1]),d,m,ctx))
                                goto err;
                        }
+                ts=i;
                }
        start=1;        /* This is used to avoid multiplication etc
@@ -972,7 +968,7 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                                }
                
                /* wvalue will be an odd number < 2^window */
-                if (!BN_mod_mul(r,r,val[wvalue>>1],m,ctx))
+                if (!BN_mod_mul(r,r,&(val[wvalue>>1]),m,ctx))
                        goto err;
                /* move the 'window' down further */
@@ -984,7 +980,8 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
        ret=1;
 err:
        BN_CTX_end(ctx);
-        bn_check_top(r);
+        for (i=0; i<ts; i++)
+                BN_clear_free(&(val[i]));
        return(ret);
        }
diff --git a/src/lib/libcrypto/bn/bn_exp2.c b/src/lib/libcrypto/bn/bn_exp2.c
index b3f43cec8c..73ccd58a83 100644
--- a/src/lib/libcrypto/bn/bn_exp2.c
+++ b/src/lib/libcrypto/bn/bn_exp2.c
@@ -120,11 +120,10 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
        BN_CTX *ctx, BN_MONT_CTX *in_mont)
        {
        int i,j,bits,b,bits1,bits2,ret=0,wpos1,wpos2,window1,window2,wvalue1,wvalue2;
-        int r_is_one=1;
+        int r_is_one=1,ts1=0,ts2=0;
        BIGNUM *d,*r;
        const BIGNUM *a_mod_m;
-        /* Tables of variables obtained from 'ctx' */
+        BIGNUM val1[TABLE_SIZE], val2[TABLE_SIZE];
-        BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE];
        BN_MONT_CTX *mont=NULL;
        bn_check_top(a1);
@@ -151,9 +150,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
        BN_CTX_start(ctx);
        d = BN_CTX_get(ctx);
        r = BN_CTX_get(ctx);
-        val1[0] = BN_CTX_get(ctx);
+        if (d == NULL || r == NULL) goto err;
-        val2[0] = BN_CTX_get(ctx);
-        if(!d || !r || !val1[0] || !val2[0]) goto err;
        if (in_mont != NULL)
                mont=in_mont;
@@ -169,67 +166,69 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
        /*
         * Build table for a1:   val1[i] := a1^(2*i + 1) mod m  for i = 0 .. 2^(window1-1)
         */
+        BN_init(&val1[0]);
+        ts1=1;
        if (a1->neg || BN_ucmp(a1,m) >= 0)
                {
-                if (!BN_mod(val1[0],a1,m,ctx))
+                if (!BN_mod(&(val1[0]),a1,m,ctx))
                        goto err;
-                a_mod_m = val1[0];
+                a_mod_m = &(val1[0]);
                }
        else
                a_mod_m = a1;
        if (BN_is_zero(a_mod_m))
                {
-                BN_zero(rr);
+                ret = BN_zero(rr);
-                ret = 1;
                goto err;
                }
-        if (!BN_to_montgomery(val1[0],a_mod_m,mont,ctx)) goto err;
+        if (!BN_to_montgomery(&(val1[0]),a_mod_m,mont,ctx)) goto err;
        if (window1 > 1)
                {
-                if (!BN_mod_mul_montgomery(d,val1[0],val1[0],mont,ctx)) goto err;
+                if (!BN_mod_mul_montgomery(d,&(val1[0]),&(val1[0]),mont,ctx)) goto err;
                j=1<<(window1-1);
                for (i=1; i<j; i++)
                        {
-                        if(((val1[i] = BN_CTX_get(ctx)) == NULL) ||
+                        BN_init(&(val1[i]));
-                                        !BN_mod_mul_montgomery(val1[i],val1[i-1],
+                        if (!BN_mod_mul_montgomery(&(val1[i]),&(val1[i-1]),d,mont,ctx))
-                                                d,mont,ctx))
                                goto err;
                        }
+                ts1=i;
                }
        /*
         * Build table for a2:   val2[i] := a2^(2*i + 1) mod m  for i = 0 .. 2^(window2-1)
         */
+        BN_init(&val2[0]);
+        ts2=1;
        if (a2->neg || BN_ucmp(a2,m) >= 0)
                {
-                if (!BN_mod(val2[0],a2,m,ctx))
+                if (!BN_mod(&(val2[0]),a2,m,ctx))
                        goto err;
-                a_mod_m = val2[0];
+                a_mod_m = &(val2[0]);
                }
        else
                a_mod_m = a2;
        if (BN_is_zero(a_mod_m))
                {
-                BN_zero(rr);
+                ret = BN_zero(rr);
-                ret = 1;
                goto err;
                }
-        if (!BN_to_montgomery(val2[0],a_mod_m,mont,ctx)) goto err;
+        if (!BN_to_montgomery(&(val2[0]),a_mod_m,mont,ctx)) goto err;
        if (window2 > 1)
                {
-                if (!BN_mod_mul_montgomery(d,val2[0],val2[0],mont,ctx)) goto err;
+                if (!BN_mod_mul_montgomery(d,&(val2[0]),&(val2[0]),mont,ctx)) goto err;
                j=1<<(window2-1);
                for (i=1; i<j; i++)
                        {
-                        if(((val2[i] = BN_CTX_get(ctx)) == NULL) ||
+                        BN_init(&(val2[i]));
-                                        !BN_mod_mul_montgomery(val2[i],val2[i-1],
+                        if (!BN_mod_mul_montgomery(&(val2[i]),&(val2[i-1]),d,mont,ctx))
-                                                d,mont,ctx))
                                goto err;
                        }
+                ts2=i;
                }
@@ -286,7 +285,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
                if (wvalue1 && b == wpos1)
                        {
                        /* wvalue1 is odd and < 2^window1 */
-                        if (!BN_mod_mul_montgomery(r,r,val1[wvalue1>>1],mont,ctx))
+                        if (!BN_mod_mul_montgomery(r,r,&(val1[wvalue1>>1]),mont,ctx))
                                goto err;
                        wvalue1 = 0;
                        r_is_one = 0;
@@ -295,7 +294,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
                if (wvalue2 && b == wpos2)
                        {
                        /* wvalue2 is odd and < 2^window2 */
-                        if (!BN_mod_mul_montgomery(r,r,val2[wvalue2>>1],mont,ctx))
+                        if (!BN_mod_mul_montgomery(r,r,&(val2[wvalue2>>1]),mont,ctx))
                                goto err;
                        wvalue2 = 0;
                        r_is_one = 0;
@@ -306,6 +305,9 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
 err:
        if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
        BN_CTX_end(ctx);
-        bn_check_top(rr);
+        for (i=0; i<ts1; i++)
+                BN_clear_free(&(val1[i]));
+        for (i=0; i<ts2; i++)
+                BN_clear_free(&(val2[i]));
        return(ret);
        }
diff --git a/src/lib/libcrypto/bn/bn_gcd.c b/src/lib/libcrypto/bn/bn_gcd.c
index 4a352119ba..7649f63fd2 100644
--- a/src/lib/libcrypto/bn/bn_gcd.c
+++ b/src/lib/libcrypto/bn/bn_gcd.c
@@ -140,7 +140,6 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
        ret=1;
 err:
        BN_CTX_end(ctx);
-        bn_check_top(r);
        return(ret);
        }
@@ -195,7 +194,6 @@ static BIGNUM *euclid(BIGNUM *a, BIGNUM *b)
                {
                if (!BN_lshift(a,a,shifts)) goto err;
                }
-        bn_check_top(a);
        return(a);
 err:
        return(NULL);
@@ -203,8 +201,6 @@ err:
 /* solves ax == 1 (mod n) */
-static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
-        const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
 BIGNUM *BN_mod_inverse(BIGNUM *in,
        const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
        {
@@ -212,11 +208,6 @@ BIGNUM *BN_mod_inverse(BIGNUM *in,
        BIGNUM *ret=NULL;
        int sign;
-        if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0))
-                {
-                return BN_mod_inverse_no_branch(in, a, n, ctx);
-                }
        bn_check_top(a);
        bn_check_top(n);
@@ -495,160 +486,5 @@ BIGNUM *BN_mod_inverse(BIGNUM *in,
 err:
        if ((ret == NULL) && (in == NULL)) BN_free(R);
        BN_CTX_end(ctx);
-        bn_check_top(ret);
-        return(ret);
-        }
-/* BN_mod_inverse_no_branch is a special version of BN_mod_inverse. 
- * It does not contain branches that may leak sensitive information.
- */
-static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
-        const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
-        {
-        BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL;
-        BIGNUM local_A, local_B;
-        BIGNUM *pA, *pB;
-        BIGNUM *ret=NULL;
-        int sign;
-        bn_check_top(a);
-        bn_check_top(n);
-        BN_CTX_start(ctx);
-        A = BN_CTX_get(ctx);
-        B = BN_CTX_get(ctx);
-        X = BN_CTX_get(ctx);
-        D = BN_CTX_get(ctx);
-        M = BN_CTX_get(ctx);
-        Y = BN_CTX_get(ctx);
-        T = BN_CTX_get(ctx);
-        if (T == NULL) goto err;
-        if (in == NULL)
-                R=BN_new();
-        else
-                R=in;
-        if (R == NULL) goto err;
-        BN_one(X);
-        BN_zero(Y);
-        if (BN_copy(B,a) == NULL) goto err;
-        if (BN_copy(A,n) == NULL) goto err;
-        A->neg = 0;
-        if (B->neg || (BN_ucmp(B, A) >= 0))
-                {
-                /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
-                 * BN_div_no_branch will be called eventually.
-                 */
-                pB = &local_B;
-                BN_with_flags(pB, B, BN_FLG_CONSTTIME); 
-                if (!BN_nnmod(B, pB, A, ctx)) goto err;
-                }
-        sign = -1;
-        /* From  B = a mod |n|,  A = |n|  it follows that
-         *
-         *      0 <= B < A,
-         *     -sign*X*a  ==  B   (mod |n|),
-         *      sign*Y*a  ==  A   (mod |n|).
-         */
-        while (!BN_is_zero(B))
-                {
-                BIGNUM *tmp;
-                
-                /*
-                 *      0 < B < A,
-                 * (*) -sign*X*a  ==  B   (mod |n|),
-                 *      sign*Y*a  ==  A   (mod |n|)
-                 */
-                /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
-                 * BN_div_no_branch will be called eventually.
-                 */
-                pA = &local_A;
-                BN_with_flags(pA, A, BN_FLG_CONSTTIME); 
-                
-                /* (D, M) := (A/B, A%B) ... */          
-                if (!BN_div(D,M,pA,B,ctx)) goto err;
-                
-                /* Now
-                 *      A = D*B + M;
-                 * thus we have
-                 * (**)  sign*Y*a  ==  D*B + M   (mod |n|).
-                 */
-                
-                tmp=A; /* keep the BIGNUM object, the value does not matter */
-                
-                /* (A, B) := (B, A mod B) ... */
-                A=B;
-                B=M;
-                /* ... so we have  0 <= B < A  again */
-                
-                /* Since the former  M  is now  B  and the former  B  is now  A,
-                 * (**) translates into
-                 *       sign*Y*a  ==  D*A + B    (mod |n|),
-                 * i.e.
-                 *       sign*Y*a - D*A  ==  B    (mod |n|).
-                 * Similarly, (*) translates into
-                 *      -sign*X*a  ==  A          (mod |n|).
-                 *
-                 * Thus,
-                 *   sign*Y*a + D*sign*X*a  ==  B  (mod |n|),
-                 * i.e.
-                 *        sign*(Y + D*X)*a  ==  B  (mod |n|).
-                 *
-                 * So if we set  (X, Y, sign) := (Y + D*X, X, -sign),  we arrive back at
-                 *      -sign*X*a  ==  B   (mod |n|),
-                 *       sign*Y*a  ==  A   (mod |n|).
-                 * Note that  X  and  Y  stay non-negative all the time.
-                 */
-                        
-                if (!BN_mul(tmp,D,X,ctx)) goto err;
-                if (!BN_add(tmp,tmp,Y)) goto err;
-                M=Y; /* keep the BIGNUM object, the value does not matter */
-                Y=X;
-                X=tmp;
-                sign = -sign;
-                }
-                
-        /*
-         * The while loop (Euclid's algorithm) ends when
-         *      A == gcd(a,n);
-         * we have
-         *       sign*Y*a  ==  A  (mod |n|),
-         * where  Y  is non-negative.
-         */
-        if (sign < 0)
-                {
-                if (!BN_sub(Y,n,Y)) goto err;
-                }
-        /* Now  Y*a  ==  A  (mod |n|).  */
-        if (BN_is_one(A))
-                {
-                /* Y*a == 1  (mod |n|) */
-                if (!Y->neg && BN_ucmp(Y,n) < 0)
-                        {
-                        if (!BN_copy(R,Y)) goto err;
-                        }
-                else
-                        {
-                        if (!BN_nnmod(R,Y,n,ctx)) goto err;
-                        }
-                }
-        else
-                {
-                BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH,BN_R_NO_INVERSE);
-                goto err;
-                }
-        ret=R;
-err:
-        if ((ret == NULL) && (in == NULL)) BN_free(R);
-        BN_CTX_end(ctx);
-        bn_check_top(ret);
        return(ret);
        }
diff --git a/src/lib/libcrypto/bn/bn_kron.c b/src/lib/libcrypto/bn/bn_kron.c
index 740359b752..49f75594ae 100644
--- a/src/lib/libcrypto/bn/bn_kron.c
+++ b/src/lib/libcrypto/bn/bn_kron.c
@@ -53,9 +53,9 @@
 *
 */
-#include "cryptlib.h"
 #include "bn_lcl.h"
 /* least significant word */
 #define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0])
@@ -74,9 +74,6 @@ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
         */
        static const int tab[8] = {0, 1, 0, -1, 0, -1, 0, 1};
-        bn_check_top(a);
-        bn_check_top(b);
        BN_CTX_start(ctx);
        A = BN_CTX_get(ctx);
        B = BN_CTX_get(ctx);
@@ -175,7 +172,8 @@ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
                tmp = A; A = B; B = tmp;
                tmp->neg = 0;
                }
-end:
+        
+ end:
        BN_CTX_end(ctx);
        if (err)
                return -2;
diff --git a/src/lib/libcrypto/bn/bn_lcl.h b/src/lib/libcrypto/bn/bn_lcl.h
index 27ac4397a1..a84998f2bd 100644
--- a/src/lib/libcrypto/bn/bn_lcl.h
+++ b/src/lib/libcrypto/bn/bn_lcl.h
@@ -119,6 +119,20 @@ extern "C" {
 #endif
+/* Used for temp variables */
+#define BN_CTX_NUM      32
+#define BN_CTX_NUM_POS  12
+struct bignum_ctx
+        {
+        int tos;
+        BIGNUM bn[BN_CTX_NUM];
+        int flags;
+        int depth;
+        int pos[BN_CTX_NUM_POS];
+        int too_many;
+        } /* BN_CTX */;
 /*
 * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
 *
@@ -270,15 +284,6 @@ extern "C" {
                : "a"(a),"g"(b)         \
                : "cc");
 #  endif
-# elif (defined(_M_AMD64) || defined(_M_X64)) && defined(SIXTY_FOUR_BIT)
-#  if defined(_MSC_VER) && _MSC_VER>=1400
-    unsigned __int64 __umulh    (unsigned __int64 a,unsigned __int64 b);
-    unsigned __int64 _umul128   (unsigned __int64 a,unsigned __int64 b,
-                                 unsigned __int64 *h);
-#   pragma intrinsic(__umulh,_umul128)
-#   define BN_UMULT_HIGH(a,b)           __umulh((a),(b))
-#   define BN_UMULT_LOHI(low,high,a,b)  ((low)=_umul128((a),(b),&(high)))
-#  endif
 # endif         /* cpu */
 #endif          /* OPENSSL_NO_ASM */
@@ -288,18 +293,45 @@ extern "C" {
 #define Lw(t)    (((BN_ULONG)(t))&BN_MASK2)
 #define Hw(t)    (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2)
-#ifdef BN_DEBUG_RAND
+/* This is used for internal error checking and is not normally used */
-#define bn_clear_top2max(a) \
+#ifdef BN_DEBUG
-        { \
+# include <assert.h>
-        int      ind = (a)->dmax - (a)->top; \
+# define bn_check_top(a) assert ((a)->top >= 0 && (a)->top <= (a)->dmax);
-        BN_ULONG *ftl = &(a)->d[(a)->top-1]; \
+#else
-        for (; ind != 0; ind--) \
+# define bn_check_top(a)
-                *(++ftl) = 0x0; \
+#endif
-        }
+/* This macro is to add extra stuff for development checking */
+#ifdef BN_DEBUG
+#define bn_set_max(r) ((r)->max=(r)->top,BN_set_flags((r),BN_FLG_STATIC_DATA))
 #else
-#define bn_clear_top2max(a)
+#define bn_set_max(r)
 #endif
+/* These macros are used to 'take' a section of a bignum for read only use */
+#define bn_set_low(r,a,n) \
+        { \
+        (r)->top=((a)->top > (n))?(n):(a)->top; \
+        (r)->d=(a)->d; \
+        (r)->neg=(a)->neg; \
+        (r)->flags|=BN_FLG_STATIC_DATA; \
+        bn_set_max(r); \
+        }
+#define bn_set_high(r,a,n) \
+        { \
+        if ((a)->top > (n)) \
+                { \
+                (r)->top=(a)->top-n; \
+                (r)->d= &((a)->d[n]); \
+                } \
+        else \
+                (r)->top=0; \
+        (r)->neg=(a)->neg; \
+        (r)->flags|=BN_FLG_STATIC_DATA; \
+        bn_set_max(r); \
+        }
 #ifdef BN_LLONG
 #define mul_add(r,a,w,c) { \
        BN_ULLONG t; \
@@ -322,33 +354,6 @@ extern "C" {
        (r1)=Hw(t); \
        }
-#elif defined(BN_UMULT_LOHI)
-#define mul_add(r,a,w,c) {              \
-        BN_ULONG high,low,ret,tmp=(a);  \
-        ret =  (r);                     \
-        BN_UMULT_LOHI(low,high,w,tmp);  \
-        ret += (c);                     \
-        (c) =  (ret<(c))?1:0;           \
-        (c) += high;                    \
-        ret += low;                     \
-        (c) += (ret<low)?1:0;           \
-        (r) =  ret;                     \
-        }
-#define mul(r,a,w,c)    {               \
-        BN_ULONG high,low,ret,ta=(a);   \
-        BN_UMULT_LOHI(low,high,w,ta);   \
-        ret =  low + (c);               \
-        (c) =  high;                    \
-        (c) += (ret<low)?1:0;           \
-        (r) =  ret;                     \
-        }
-#define sqr(r0,r1,a)    {               \
-        BN_ULONG tmp=(a);               \
-        BN_UMULT_LOHI(r0,r1,tmp,tmp);   \
-        }
 #elif defined(BN_UMULT_HIGH)
 #define mul_add(r,a,w,c) {              \
        BN_ULONG high,low,ret,tmp=(a);  \
@@ -467,21 +472,18 @@ void bn_sqr_comba4(BN_ULONG *r,const BN_ULONG *a);
 int bn_cmp_words(const BN_ULONG *a,const BN_ULONG *b,int n);
 int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
        int cl, int dl);
-void bn_mul_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,
+#ifdef BN_RECURSION
-        int dna,int dnb,BN_ULONG *t);
+void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
-void bn_mul_part_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,
+        BN_ULONG *t);
-        int n,int tna,int tnb,BN_ULONG *t);
+void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
-void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t);
+        int n, BN_ULONG *t);
-void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n);
 void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,
        BN_ULONG *t);
 void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2,
        BN_ULONG *t);
-BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t);
-        int cl, int dl);
+#endif
-BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n);
-        int cl, int dl);
-int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num);
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libcrypto/bn/bn_lib.c b/src/lib/libcrypto/bn/bn_lib.c
index 2649b8c538..e1660450bc 100644
--- a/src/lib/libcrypto/bn/bn_lib.c
+++ b/src/lib/libcrypto/bn/bn_lib.c
@@ -67,10 +67,8 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
-const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT;
+const char *BN_version="Big Number" OPENSSL_VERSION_PTEXT;
-/* This stuff appears to be completely unused, so is deprecated */
-#ifndef OPENSSL_NO_DEPRECATED
 /* For a 32 bit machine
 * 2 -   4 ==  128
 * 3 -   8 ==  256
@@ -93,28 +91,28 @@ void BN_set_params(int mult, int high, int low, int mont)
        {
        if (mult >= 0)
                {
-                if (mult > (int)(sizeof(int)*8)-1)
+                if (mult > (sizeof(int)*8)-1)
                        mult=sizeof(int)*8-1;
                bn_limit_bits=mult;
                bn_limit_num=1<<mult;
                }
        if (high >= 0)
                {
-                if (high > (int)(sizeof(int)*8)-1)
+                if (high > (sizeof(int)*8)-1)
                        high=sizeof(int)*8-1;
                bn_limit_bits_high=high;
                bn_limit_num_high=1<<high;
                }
        if (low >= 0)
                {
-                if (low > (int)(sizeof(int)*8)-1)
+                if (low > (sizeof(int)*8)-1)
                        low=sizeof(int)*8-1;
                bn_limit_bits_low=low;
                bn_limit_num_low=1<<low;
                }
        if (mont >= 0)
                {
-                if (mont > (int)(sizeof(int)*8)-1)
+                if (mont > (sizeof(int)*8)-1)
                        mont=sizeof(int)*8-1;
                bn_limit_bits_mont=mont;
                bn_limit_num_mont=1<<mont;
@@ -129,12 +127,11 @@ int BN_get_params(int which)
        else if (which == 3) return(bn_limit_bits_mont);
        else return(0);
        }
-#endif
 const BIGNUM *BN_value_one(void)
        {
        static BN_ULONG data_one=1L;
-        static BIGNUM const_one={&data_one,1,1,0,BN_FLG_STATIC_DATA};
+        static BIGNUM const_one={&data_one,1,1,0};
        return(&const_one);
        }
@@ -247,11 +244,16 @@ int BN_num_bits_word(BN_ULONG l)
 int BN_num_bits(const BIGNUM *a)
        {
-        int i = a->top - 1;
+        BN_ULONG l;
+        int i;
        bn_check_top(a);
-        if (BN_is_zero(a)) return 0;
+        if (a->top == 0) return(0);
-        return ((i*BN_BITS2) + BN_num_bits_word(a->d[i]));
+        l=a->d[a->top-1];
+        assert(l != 0);
+        i=(a->top-1)*BN_BITS2;
+        return(i+BN_num_bits_word(l));
        }
 void BN_clear_free(BIGNUM *a)
@@ -259,7 +261,6 @@ void BN_clear_free(BIGNUM *a)
        int i;
        if (a == NULL) return;
-        bn_check_top(a);
        if (a->d != NULL)
                {
                OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
@@ -275,24 +276,16 @@ void BN_clear_free(BIGNUM *a)
 void BN_free(BIGNUM *a)
        {
        if (a == NULL) return;
-        bn_check_top(a);
        if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA)))
                OPENSSL_free(a->d);
+        a->flags|=BN_FLG_FREE; /* REMOVE? */
        if (a->flags & BN_FLG_MALLOCED)
                OPENSSL_free(a);
-        else
-                {
-#ifndef OPENSSL_NO_DEPRECATED
-                a->flags|=BN_FLG_FREE;
-#endif
-                a->d = NULL;
-                }
        }
 void BN_init(BIGNUM *a)
        {
        memset(a,0,sizeof(BIGNUM));
-        bn_check_top(a);
        }
 BIGNUM *BN_new(void)
@@ -309,7 +302,6 @@ BIGNUM *BN_new(void)
        ret->neg=0;
        ret->dmax=0;
        ret->d=NULL;
-        bn_check_top(ret);
        return(ret);
        }
@@ -321,19 +313,19 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
        const BN_ULONG *B;
        int i;
-        bn_check_top(b);
        if (words > (INT_MAX/(4*BN_BITS2)))
                {
                BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG);
                return NULL;
                }
+        bn_check_top(b);        
        if (BN_get_flags(b,BN_FLG_STATIC_DATA))
                {
                BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
                return(NULL);
                }
-        a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*words);
+        a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*(words+1));
        if (A == NULL)
                {
                BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
@@ -371,8 +363,19 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
                        }
                }
+        /* Now need to zero any data between b->top and b->max */
+        /* XXX Why? */
+        A= &(a[b->top]);
+        for (i=(words - b->top)>>3; i>0; i--,A+=8)
+                {
+                A[0]=0; A[1]=0; A[2]=0; A[3]=0;
+                A[4]=0; A[5]=0; A[6]=0; A[7]=0;
+                }
+        for (i=(words - b->top)&7; i>0; i--,A++)
+                A[0]=0;
 #else
-        memset(A,0,sizeof(BN_ULONG)*words);
+        memset(A,0,sizeof(BN_ULONG)*(words+1));
        memcpy(A,b->d,sizeof(b->d[0])*b->top);
 #endif
                
@@ -390,19 +393,16 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
 * while bn_dup_expand() makes sure allocation is made only once.
 */
-#ifndef OPENSSL_NO_DEPRECATED
 BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
        {
        BIGNUM *r = NULL;
-        bn_check_top(b);
        /* This function does not work if
         *      words <= b->dmax && top < words
         * because BN_dup() does not preserve 'dmax'!
         * (But bn_dup_expand() is not used anywhere yet.)
         */
+        
        if (words > b->dmax)
                {
                BN_ULONG *a = bn_expand_internal(b, words);
@@ -431,67 +431,48 @@ BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
                r = BN_dup(b);
                }
-        bn_check_top(r);
        return r;
        }
-#endif
 /* This is an internal function that should not be used in applications.
- * It ensures that 'b' has enough room for a 'words' word number
+ * It ensures that 'b' has enough room for a 'words' word number number.
- * and initialises any unused part of b->d with leading zeros.
 * It is mostly used by the various BIGNUM routines. If there is an error,
 * NULL is returned. If not, 'b' is returned. */
 BIGNUM *bn_expand2(BIGNUM *b, int words)
        {
-        bn_check_top(b);
        if (words > b->dmax)
                {
                BN_ULONG *a = bn_expand_internal(b, words);
-                if(!a) return NULL;
-                if(b->d) OPENSSL_free(b->d);
-                b->d=a;
-                b->dmax=words;
-                }
-/* None of this should be necessary because of what b->top means! */
+                if (a)
-#if 0
-        /* NB: bn_wexpand() calls this only if the BIGNUM really has to grow */
-        if (b->top < b->dmax)
-                {
-                int i;
-                BN_ULONG *A = &(b->d[b->top]);
-                for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8)
                        {
-                        A[0]=0; A[1]=0; A[2]=0; A[3]=0;
+                        if (b->d)
-                        A[4]=0; A[5]=0; A[6]=0; A[7]=0;
+                                OPENSSL_free(b->d);
+                        b->d=a;
+                        b->dmax=words;
                        }
-                for (i=(b->dmax - b->top)&7; i>0; i--,A++)
+                else
-                        A[0]=0;
+                        b = NULL;
-                assert(A == &(b->d[b->dmax]));
                }
-#endif
-        bn_check_top(b);
        return b;
        }
 BIGNUM *BN_dup(const BIGNUM *a)
        {
-        BIGNUM *t;
+        BIGNUM *r, *t;
        if (a == NULL) return NULL;
        bn_check_top(a);
        t = BN_new();
-        if (t == NULL) return NULL;
+        if (t == NULL) return(NULL);
-        if(!BN_copy(t, a))
+        r = BN_copy(t, a);
-                {
+        /* now  r == t || r == NULL */
+        if (r == NULL)
                BN_free(t);
-                return NULL;
+        return r;
-                }
-        bn_check_top(t);
-        return t;
        }
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
@@ -525,9 +506,11 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
        memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
 #endif
+/*      memset(&(a->d[b->top]),0,sizeof(a->d[0])*(a->max-b->top));*/
        a->top=b->top;
+        if ((a->top == 0) && (a->d != NULL))
+                a->d[0]=0;
        a->neg=b->neg;
-        bn_check_top(a);
        return(a);
        }
@@ -537,9 +520,6 @@ void BN_swap(BIGNUM *a, BIGNUM *b)
        BN_ULONG *tmp_d;
        int tmp_top, tmp_dmax, tmp_neg;
        
-        bn_check_top(a);
-        bn_check_top(b);
        flags_old_a = a->flags;
        flags_old_b = b->flags;
@@ -560,13 +540,11 @@ void BN_swap(BIGNUM *a, BIGNUM *b)
        
        a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA);
        b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA);
-        bn_check_top(a);
-        bn_check_top(b);
        }
 void BN_clear(BIGNUM *a)
        {
-        bn_check_top(a);
        if (a->d != NULL)
                memset(a->d,0,a->dmax*sizeof(a->d[0]));
        a->top=0;
@@ -575,22 +553,49 @@ void BN_clear(BIGNUM *a)
 BN_ULONG BN_get_word(const BIGNUM *a)
        {
-        if (a->top > 1)
+        int i,n;
-                return BN_MASK2;
+        BN_ULONG ret=0;
-        else if (a->top == 1)
-                return a->d[0];
+        n=BN_num_bytes(a);
-        /* a->top == 0 */
+        if (n > sizeof(BN_ULONG))
-        return 0;
+                return(BN_MASK2);
+        for (i=a->top-1; i>=0; i--)
+                {
+#ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */
+                ret<<=BN_BITS4; /* stops the compiler complaining */
+                ret<<=BN_BITS4;
+#else
+                ret=0;
+#endif
+                ret|=a->d[i];
+                }
+        return(ret);
        }
 int BN_set_word(BIGNUM *a, BN_ULONG w)
        {
-        bn_check_top(a);
+        int i,n;
-        if (bn_expand(a,(int)sizeof(BN_ULONG)*8) == NULL) return(0);
+        if (bn_expand(a,sizeof(BN_ULONG)*8) == NULL) return(0);
-        a->neg = 0;
-        a->d[0] = w;
+        n=sizeof(BN_ULONG)/BN_BYTES;
-        a->top = (w ? 1 : 0);
+        a->neg=0;
-        bn_check_top(a);
+        a->top=0;
+        a->d[0]=(BN_ULONG)w&BN_MASK2;
+        if (a->d[0] != 0) a->top=1;
+        for (i=1; i<n; i++)
+                {
+                /* the following is done instead of
+                 * w>>=BN_BITS2 so compilers don't complain
+                 * on builds where sizeof(long) == BN_TYPES */
+#ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */
+                w>>=BN_BITS4;
+                w>>=BN_BITS4;
+#else
+                w=0;
+#endif
+                a->d[i]=(BN_ULONG)w&BN_MASK2;
+                if (a->d[i] != 0) a->top=i+1;
+                }
        return(1);
        }
@@ -599,12 +604,9 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
        unsigned int i,m;
        unsigned int n;
        BN_ULONG l;
-        BIGNUM  *bn = NULL;
-        if (ret == NULL)
+        if (ret == NULL) ret=BN_new();
-                ret = bn = BN_new();
        if (ret == NULL) return(NULL);
-        bn_check_top(ret);
        l=0;
        n=len;
        if (n == 0)
@@ -612,16 +614,13 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
                ret->top=0;
                return(ret);
                }
+        if (bn_expand(ret,(int)(n+2)*8) == NULL)
+                return(NULL);
        i=((n-1)/BN_BYTES)+1;
        m=((n-1)%(BN_BYTES));
-        if (bn_wexpand(ret, (int)i) == NULL)
-                {
-                if (bn) BN_free(bn);
-                return NULL;
-                }
        ret->top=i;
        ret->neg=0;
-        while (n--)
+        while (n-- > 0)
                {
                l=(l<<8L)| *(s++);
                if (m-- == 0)
@@ -633,7 +632,7 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
                }
        /* need to call this due to clear byte at top if avoiding
         * having the top bit set (-ve number) */
-        bn_correct_top(ret);
+        bn_fix_top(ret);
        return(ret);
        }
@@ -643,9 +642,8 @@ int BN_bn2bin(const BIGNUM *a, unsigned char *to)
        int n,i;
        BN_ULONG l;
-        bn_check_top(a);
        n=i=BN_num_bytes(a);
-        while (i--)
+        while (i-- > 0)
                {
                l=a->d[i/BN_BYTES];
                *(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff;
@@ -670,7 +668,7 @@ int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
                t1= ap[i];
                t2= bp[i];
                if (t1 != t2)
-                        return((t1 > t2) ? 1 : -1);
+                        return(t1 > t2?1:-1);
                }
        return(0);
        }
@@ -720,9 +718,6 @@ int BN_set_bit(BIGNUM *a, int n)
        {
        int i,j,k;
-        if (n < 0)
-                return 0;
        i=n/BN_BITS2;
        j=n%BN_BITS2;
        if (a->top <= i)
@@ -734,7 +729,6 @@ int BN_set_bit(BIGNUM *a, int n)
                }
        a->d[i]|=(((BN_ULONG)1)<<j);
-        bn_check_top(a);
        return(1);
        }
@@ -742,15 +736,12 @@ int BN_clear_bit(BIGNUM *a, int n)
        {
        int i,j;
-        bn_check_top(a);
-        if (n < 0) return 0;
        i=n/BN_BITS2;
        j=n%BN_BITS2;
        if (a->top <= i) return(0);
        a->d[i]&=(~(((BN_ULONG)1)<<j));
-        bn_correct_top(a);
+        bn_fix_top(a);
        return(1);
        }
@@ -758,24 +749,20 @@ int BN_is_bit_set(const BIGNUM *a, int n)
        {
        int i,j;
-        bn_check_top(a);
+        if (n < 0) return(0);
-        if (n < 0) return 0;
        i=n/BN_BITS2;
        j=n%BN_BITS2;
-        if (a->top <= i) return 0;
+        if (a->top <= i) return(0);
-        return(((a->d[i])>>j)&((BN_ULONG)1));
+        return((a->d[i]&(((BN_ULONG)1)<<j))?1:0);
        }
 int BN_mask_bits(BIGNUM *a, int n)
        {
        int b,w;
-        bn_check_top(a);
-        if (n < 0) return 0;
        w=n/BN_BITS2;
        b=n%BN_BITS2;
-        if (w >= a->top) return 0;
+        if (w >= a->top) return(0);
        if (b == 0)
                a->top=w;
        else
@@ -783,18 +770,10 @@ int BN_mask_bits(BIGNUM *a, int n)
                a->top=w+1;
                a->d[w]&= ~(BN_MASK2<<b);
                }
-        bn_correct_top(a);
+        bn_fix_top(a);
        return(1);
        }
-void BN_set_negative(BIGNUM *a, int b)
-        {
-        if (b && !BN_is_zero(a))
-                a->neg = 1;
-        else
-                a->neg = 0;
-        }
 int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
        {
        int i;
diff --git a/src/lib/libcrypto/bn/bn_mod.c b/src/lib/libcrypto/bn/bn_mod.c
index 77d6ddb91a..5cf82480d7 100644
--- a/src/lib/libcrypto/bn/bn_mod.c
+++ b/src/lib/libcrypto/bn/bn_mod.c
@@ -149,7 +149,7 @@ int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_
 * and less than  m */
 int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
        {
-        if (!BN_uadd(r, a, b)) return 0;
+        if (!BN_add(r, a, b)) return 0;
        if (BN_ucmp(r, m) >= 0)
                return BN_usub(r, r, m);
        return 1;
@@ -192,7 +192,6 @@ int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
        else
                { if (!BN_mul(t,a,b,ctx)) goto err; }
        if (!BN_nnmod(r,t,m,ctx)) goto err;
-        bn_check_top(r);
        ret=1;
 err:
        BN_CTX_end(ctx);
@@ -211,7 +210,6 @@ int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
 int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
        {
        if (!BN_lshift1(r, a)) return 0;
-        bn_check_top(r);
        return BN_nnmod(r, r, m, ctx);
        }
@@ -221,7 +219,6 @@ int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
 int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m)
        {
        if (!BN_lshift1(r, a)) return 0;
-        bn_check_top(r);
        if (BN_cmp(r, m) >= 0)
                return BN_sub(r, r, m);
        return 1;
@@ -243,7 +240,6 @@ int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ct
                }
        
        ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m));
-        bn_check_top(r);
        if (abs_m)
                BN_free(abs_m);
@@ -295,7 +291,6 @@ int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m)
                        if (!BN_sub(r, r, m)) return 0;
                        }
                }
-        bn_check_top(r);
        
        return 1;
        }
diff --git a/src/lib/libcrypto/bn/bn_mont.c b/src/lib/libcrypto/bn/bn_mont.c
index 4799b152dd..726d5f2b1b 100644
--- a/src/lib/libcrypto/bn/bn_mont.c
+++ b/src/lib/libcrypto/bn/bn_mont.c
@@ -55,59 +55,6 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
 /*
 * Details about Montgomery multiplication algorithms can be found at
@@ -122,50 +69,11 @@
 #define MONT_WORD /* use the faster word-based algorithm */
-#if defined(MONT_WORD) && defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)
-/* This condition means we have a specific non-default build:
- * In the 0.9.8 branch, OPENSSL_BN_ASM_MONT is normally not set for any
- * BN_BITS2<=32 platform; an explicit "enable-montasm" is required.
- * I.e., if we are here, the user intentionally deviates from the
- * normal stable build to get better Montgomery performance from
- * the 0.9.9-dev backport.
- *
- * In this case only, we also enable BN_from_montgomery_word()
- * (another non-stable feature from 0.9.9-dev).
- */
-#define MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
-#endif
-#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
-static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont);
-#endif
 int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
                          BN_MONT_CTX *mont, BN_CTX *ctx)
        {
        BIGNUM *tmp;
        int ret=0;
-#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
-        int num = mont->N.top;
-        if (num>1 && a->top==num && b->top==num)
-                {
-                if (bn_wexpand(r,num) == NULL) return(0);
-#if 0 /* for OpenSSL 0.9.9 mont->n0 */
-                if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,mont->n0,num))
-#else
-                if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,&mont->n0,num))
-#endif
-                        {
-                        r->neg = a->neg^b->neg;
-                        r->top = num;
-                        bn_correct_top(r);
-                        return(1);
-                        }
-                }
-#endif
        BN_CTX_start(ctx);
        tmp = BN_CTX_get(ctx);
@@ -181,162 +89,13 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
                if (!BN_mul(tmp,a,b,ctx)) goto err;
                }
        /* reduce from aRR to aR */
-#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
-        if (!BN_from_montgomery_word(r,tmp,mont)) goto err;
-#else
        if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err;
-#endif
-        bn_check_top(r);
        ret=1;
 err:
        BN_CTX_end(ctx);
        return(ret);
        }
-#ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
-static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
-        {
-        BIGNUM *n;
-        BN_ULONG *ap,*np,*rp,n0,v,*nrp;
-        int al,nl,max,i,x,ri;
-        n= &(mont->N);
-        /* mont->ri is the size of mont->N in bits (rounded up
-           to the word size) */
-        al=ri=mont->ri/BN_BITS2;
-        nl=n->top;
-        if ((al == 0) || (nl == 0)) { ret->top=0; return(1); }
-        max=(nl+al+1); /* allow for overflow (no?) XXX */
-        if (bn_wexpand(r,max) == NULL) return(0);
-        r->neg^=n->neg;
-        np=n->d;
-        rp=r->d;
-        nrp= &(r->d[nl]);
-        /* clear the top words of T */
-        for (i=r->top; i<max; i++) /* memset? XXX */
-                r->d[i]=0;
-        r->top=max;
-#if 0 /* for OpenSSL 0.9.9 mont->n0 */
-        n0=mont->n0[0];
-#else
-        n0=mont->n0;
-#endif
-#ifdef BN_COUNT
-        fprintf(stderr,"word BN_from_montgomery_word %d * %d\n",nl,nl);
-#endif
-        for (i=0; i<nl; i++)
-                {
-#ifdef __TANDEM
-                {
-                   long long t1;
-                   long long t2;
-                   long long t3;
-                   t1 = rp[0] * (n0 & 0177777);
-                   t2 = 037777600000l;
-                   t2 = n0 & t2;
-                   t3 = rp[0] & 0177777;
-                   t2 = (t3 * t2) & BN_MASK2;
-                   t1 = t1 + t2;
-                   v=bn_mul_add_words(rp,np,nl,(BN_ULONG) t1);
-                }
-#else
-                v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
-#endif
-                nrp++;
-                rp++;
-                if (((nrp[-1]+=v)&BN_MASK2) >= v)
-                        continue;
-                else
-                        {
-                        if (((++nrp[0])&BN_MASK2) != 0) continue;
-                        if (((++nrp[1])&BN_MASK2) != 0) continue;
-                        for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ;
-                        }
-                }
-        bn_correct_top(r);
-        /* mont->ri will be a multiple of the word size and below code
-         * is kind of BN_rshift(ret,r,mont->ri) equivalent */
-        if (r->top <= ri)
-                {
-                ret->top=0;
-                return(1);
-                }
-        al=r->top-ri;
-        if (bn_wexpand(ret,ri) == NULL) return(0);
-        x=0-(((al-ri)>>(sizeof(al)*8-1))&1);
-        ret->top=x=(ri&~x)|(al&x);      /* min(ri,al) */
-        ret->neg=r->neg;
-        rp=ret->d;
-        ap=&(r->d[ri]);
-        {
-        size_t m1,m2;
-        v=bn_sub_words(rp,ap,np,ri);
-        /* this ----------------^^ works even in al<ri case
-         * thanks to zealous zeroing of top of the vector in the
-         * beginning. */
-        /* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */
-        /* in other words if subtraction result is real, then
-         * trick unconditional memcpy below to perform in-place
-         * "refresh" instead of actual copy. */
-        m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1);   /* al<ri */
-        m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1);   /* al>ri */
-        m1|=m2;                 /* (al!=ri) */
-        m1|=(0-(size_t)v);      /* (al!=ri || v) */
-        m1&=~m2;                /* (al!=ri || v) && !al>ri */
-        nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1));
-        }
-        /* 'i<ri' is chosen to eliminate dependency on input data, even
-         * though it results in redundant copy in al<ri case. */
-        for (i=0,ri-=4; i<ri; i+=4)
-                {
-                BN_ULONG t1,t2,t3,t4;
-                
-                t1=nrp[i+0];
-                t2=nrp[i+1];
-                t3=nrp[i+2];    ap[i+0]=0;
-                t4=nrp[i+3];    ap[i+1]=0;
-                rp[i+0]=t1;     ap[i+2]=0;
-                rp[i+1]=t2;     ap[i+3]=0;
-                rp[i+2]=t3;
-                rp[i+3]=t4;
-                }
-        for (ri+=4; i<ri; i++)
-                rp[i]=nrp[i], ap[i]=0;
-        bn_correct_top(r);
-        bn_correct_top(ret);
-        bn_check_top(ret);
-        return(1);
-        }
-int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
-             BN_CTX *ctx)
-        {
-        int retn=0;
-        BIGNUM *t;
-        BN_CTX_start(ctx);
-        if ((t = BN_CTX_get(ctx)) && BN_copy(t,a))
-                retn = BN_from_montgomery_word(ret,t,mont);
-        BN_CTX_end(ctx);
-        return retn;
-        }
-#else /* !MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */
 int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
             BN_CTX *ctx)
        {
@@ -412,7 +171,7 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
                        for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ;
                        }
                }
-        bn_correct_top(r);
+        bn_fix_top(r);
        
        /* mont->ri will be a multiple of the word size and below code
         * is kind of BN_rshift(ret,r,mont->ri) equivalent */
@@ -471,8 +230,6 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
                }
        for (ri+=4; i<ri; i++)
                rp[i]=nrp[i], ap[i]=0;
-        bn_correct_top(r);
-        bn_correct_top(ret);
 # else
        if (bn_wexpand(ret,al) == NULL) goto err;
        ret->top=al;
@@ -524,12 +281,10 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
                }
 #endif
        retn=1;
-        bn_check_top(ret);
 err:
        BN_CTX_end(ctx);
        return(retn);
        }
-#endif /* MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */
 BN_MONT_CTX *BN_MONT_CTX_new(void)
        {
@@ -549,11 +304,6 @@ void BN_MONT_CTX_init(BN_MONT_CTX *ctx)
        BN_init(&(ctx->RR));
        BN_init(&(ctx->N));
        BN_init(&(ctx->Ni));
-#if 0 /* for OpenSSL 0.9.9 mont->n0 */
-        ctx->n0[0] = ctx->n0[1] = 0;
-#else
-        ctx->n0 = 0;
-#endif
        ctx->flags=0;
        }
@@ -571,11 +321,9 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont)
 int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
        {
-        int ret = 0;
+        BIGNUM Ri,*R;
-        BIGNUM *Ri,*R;
-        BN_CTX_start(ctx);
+        BN_init(&Ri);
-        if((Ri = BN_CTX_get(ctx)) == NULL) goto err;
        R= &(mont->RR);                                 /* grab RR as a temp */
        if (!BN_copy(&(mont->N),mod)) goto err;         /* Set N */
        mont->N.neg = 0;
@@ -586,99 +334,57 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
                BN_ULONG buf[2];
                mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
-                BN_zero(R);
+                if (!(BN_zero(R))) goto err;
-#if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)",
-         only certain BN_BITS2<=32 platforms actually need this */
-                if (!(BN_set_bit(R,2*BN_BITS2))) goto err;      /* R */
-#else
                if (!(BN_set_bit(R,BN_BITS2))) goto err;        /* R */
-#endif
                buf[0]=mod->d[0]; /* tmod = N mod word size */
                buf[1]=0;
-                BN_init(&tmod);
                tmod.d=buf;
-                tmod.top = buf[0] != 0 ? 1 : 0;
+                tmod.top=1;
                tmod.dmax=2;
                tmod.neg=0;
-#if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)";
-         only certain BN_BITS2<=32 platforms actually need this */
-                                                                tmod.top=0;
-                if ((buf[0] = mod->d[0]))                       tmod.top=1;
-                if ((buf[1] = mod->top>1 ? mod->d[1] : 0))      tmod.top=2;
-                if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL)
-                        goto err;
-                if (!BN_lshift(Ri,Ri,2*BN_BITS2)) goto err; /* R*Ri */
-                if (!BN_is_zero(Ri))
-                        {
-                        if (!BN_sub_word(Ri,1)) goto err;
-                        }
-                else /* if N mod word size == 1 */
-                        {
-                        if (bn_expand(Ri,(int)sizeof(BN_ULONG)*2) == NULL)
-                                goto err;
-                        /* Ri-- (mod double word size) */
-                        Ri->neg=0;
-                        Ri->d[0]=BN_MASK2;
-                        Ri->d[1]=BN_MASK2;
-                        Ri->top=2;
-                        }
-                if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err;
-                /* Ni = (R*Ri-1)/N,
-                 * keep only couple of least significant words: */
-                mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
-                mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0;
-#else
                                                        /* Ri = R^-1 mod N*/
-                if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL)
+                if ((BN_mod_inverse(&Ri,R,&tmod,ctx)) == NULL)
                        goto err;
-                if (!BN_lshift(Ri,Ri,BN_BITS2)) goto err; /* R*Ri */
+                if (!BN_lshift(&Ri,&Ri,BN_BITS2)) goto err; /* R*Ri */
-                if (!BN_is_zero(Ri))
+                if (!BN_is_zero(&Ri))
                        {
-                        if (!BN_sub_word(Ri,1)) goto err;
+                        if (!BN_sub_word(&Ri,1)) goto err;
                        }
                else /* if N mod word size == 1 */
                        {
-                        if (!BN_set_word(Ri,BN_MASK2)) goto err;  /* Ri-- (mod word size) */
+                        if (!BN_set_word(&Ri,BN_MASK2)) goto err;  /* Ri-- (mod word size) */
                        }
-                if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err;
+                if (!BN_div(&Ri,NULL,&Ri,&tmod,ctx)) goto err;
                /* Ni = (R*Ri-1)/N,
                 * keep only least significant word: */
-# if 0 /* for OpenSSL 0.9.9 mont->n0 */
+                mont->n0 = (Ri.top > 0) ? Ri.d[0] : 0;
-                mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
+                BN_free(&Ri);
-                mont->n0[1] = 0;
-# else
-                mont->n0 = (Ri->top > 0) ? Ri->d[0] : 0;
-# endif
-#endif
                }
 #else /* !MONT_WORD */
                { /* bignum version */
                mont->ri=BN_num_bits(&mont->N);
-                BN_zero(R);
+                if (!BN_zero(R)) goto err;
                if (!BN_set_bit(R,mont->ri)) goto err;  /* R = 2^ri */
                                                        /* Ri = R^-1 mod N*/
-                if ((BN_mod_inverse(Ri,R,&mont->N,ctx)) == NULL)
+                if ((BN_mod_inverse(&Ri,R,&mont->N,ctx)) == NULL)
                        goto err;
-                if (!BN_lshift(Ri,Ri,mont->ri)) goto err; /* R*Ri */
+                if (!BN_lshift(&Ri,&Ri,mont->ri)) goto err; /* R*Ri */
-                if (!BN_sub_word(Ri,1)) goto err;
+                if (!BN_sub_word(&Ri,1)) goto err;
                                                        /* Ni = (R*Ri-1) / N */
-                if (!BN_div(&(mont->Ni),NULL,Ri,&mont->N,ctx)) goto err;
+                if (!BN_div(&(mont->Ni),NULL,&Ri,&mont->N,ctx)) goto err;
+                BN_free(&Ri);
                }
 #endif
        /* setup RR for conversions */
-        BN_zero(&(mont->RR));
+        if (!BN_zero(&(mont->RR))) goto err;
        if (!BN_set_bit(&(mont->RR),mont->ri*2)) goto err;
        if (!BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx)) goto err;
-        ret = 1;
+        return(1);
 err:
-        BN_CTX_end(ctx);
+        return(0);
-        return ret;
        }
 BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
@@ -689,44 +395,27 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
        if (!BN_copy(&(to->N),&(from->N))) return NULL;
        if (!BN_copy(&(to->Ni),&(from->Ni))) return NULL;
        to->ri=from->ri;
-#if 0 /* for OpenSSL 0.9.9 mont->n0 */
-        to->n0[0]=from->n0[0];
-        to->n0[1]=from->n0[1];
-#else
        to->n0=from->n0;
-#endif
        return(to);
        }
 BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
                                        const BIGNUM *mod, BN_CTX *ctx)
        {
-        int got_write_lock = 0;
+        if (*pmont)
-        BN_MONT_CTX *ret;
+                return *pmont;
+        CRYPTO_w_lock(lock);
-        CRYPTO_r_lock(lock);
        if (!*pmont)
                {
-                CRYPTO_r_unlock(lock);
+                *pmont = BN_MONT_CTX_new();
-                CRYPTO_w_lock(lock);
+                if (*pmont && !BN_MONT_CTX_set(*pmont, mod, ctx))
-                got_write_lock = 1;
-                if (!*pmont)
                        {
-                        ret = BN_MONT_CTX_new();
+                        BN_MONT_CTX_free(*pmont);
-                        if (ret && !BN_MONT_CTX_set(ret, mod, ctx))
+                        *pmont = NULL;
-                                BN_MONT_CTX_free(ret);
-                        else
-                                *pmont = ret;
                        }
                }
-        
+        CRYPTO_w_unlock(lock);
-        ret = *pmont;
+        return *pmont;
-        
-        if (got_write_lock)
-                CRYPTO_w_unlock(lock);
-        else
-                CRYPTO_r_unlock(lock);
-                
-        return ret;
        }
+                
diff --git a/src/lib/libcrypto/bn/bn_mpi.c b/src/lib/libcrypto/bn/bn_mpi.c
index a054d21aed..05fa9d1e9a 100644
--- a/src/lib/libcrypto/bn/bn_mpi.c
+++ b/src/lib/libcrypto/bn/bn_mpi.c
@@ -124,7 +124,6 @@ BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)
                {
                BN_clear_bit(a,BN_num_bits(a)-1);
                }
-        bn_check_top(a);
        return(a);
        }
diff --git a/src/lib/libcrypto/bn/bn_mul.c b/src/lib/libcrypto/bn/bn_mul.c
index b848c8cc60..3ae3822bc2 100644
--- a/src/lib/libcrypto/bn/bn_mul.c
+++ b/src/lib/libcrypto/bn/bn_mul.c
@@ -56,325 +56,10 @@
 * [including the GNU Public Licence.]
 */
-#ifndef BN_DEBUG
-# undef NDEBUG /* avoid conflicting definitions */
-# define NDEBUG
-#endif
 #include <stdio.h>
-#include <assert.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
-#if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS)
-/* Here follows specialised variants of bn_add_words() and
-   bn_sub_words().  They have the property performing operations on
-   arrays of different sizes.  The sizes of those arrays is expressed through
-   cl, which is the common length ( basicall, min(len(a),len(b)) ), and dl,
-   which is the delta between the two lengths, calculated as len(a)-len(b).
-   All lengths are the number of BN_ULONGs...  For the operations that require
-   a result array as parameter, it must have the length cl+abs(dl).
-   These functions should probably end up in bn_asm.c as soon as there are
-   assembler counterparts for the systems that use assembler files.  */
-BN_ULONG bn_sub_part_words(BN_ULONG *r,
-        const BN_ULONG *a, const BN_ULONG *b,
-        int cl, int dl)
-        {
-        BN_ULONG c, t;
-        assert(cl >= 0);
-        c = bn_sub_words(r, a, b, cl);
-        if (dl == 0)
-                return c;
-        r += cl;
-        a += cl;
-        b += cl;
-        if (dl < 0)
-                {
-#ifdef BN_COUNT
-                fprintf(stderr, "  bn_sub_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c);
-#endif
-                for (;;)
-                        {
-                        t = b[0];
-                        r[0] = (0-t-c)&BN_MASK2;
-                        if (t != 0) c=1;
-                        if (++dl >= 0) break;
-                        t = b[1];
-                        r[1] = (0-t-c)&BN_MASK2;
-                        if (t != 0) c=1;
-                        if (++dl >= 0) break;
-                        t = b[2];
-                        r[2] = (0-t-c)&BN_MASK2;
-                        if (t != 0) c=1;
-                        if (++dl >= 0) break;
-                        t = b[3];
-                        r[3] = (0-t-c)&BN_MASK2;
-                        if (t != 0) c=1;
-                        if (++dl >= 0) break;
-                        b += 4;
-                        r += 4;
-                        }
-                }
-        else
-                {
-                int save_dl = dl;
-#ifdef BN_COUNT
-                fprintf(stderr, "  bn_sub_part_words %d + %d (dl > 0, c = %d)\n", cl, dl, c);
-#endif
-                while(c)
-                        {
-                        t = a[0];
-                        r[0] = (t-c)&BN_MASK2;
-                        if (t != 0) c=0;
-                        if (--dl <= 0) break;
-                        t = a[1];
-                        r[1] = (t-c)&BN_MASK2;
-                        if (t != 0) c=0;
-                        if (--dl <= 0) break;
-                        t = a[2];
-                        r[2] = (t-c)&BN_MASK2;
-                        if (t != 0) c=0;
-                        if (--dl <= 0) break;
-                        t = a[3];
-                        r[3] = (t-c)&BN_MASK2;
-                        if (t != 0) c=0;
-                        if (--dl <= 0) break;
-                        save_dl = dl;
-                        a += 4;
-                        r += 4;
-                        }
-                if (dl > 0)
-                        {
-#ifdef BN_COUNT
-                        fprintf(stderr, "  bn_sub_part_words %d + %d (dl > 0, c == 0)\n", cl, dl);
-#endif
-                        if (save_dl > dl)
-                                {
-                                switch (save_dl - dl)
-                                        {
-                                case 1:
-                                        r[1] = a[1];
-                                        if (--dl <= 0) break;
-                                case 2:
-                                        r[2] = a[2];
-                                        if (--dl <= 0) break;
-                                case 3:
-                                        r[3] = a[3];
-                                        if (--dl <= 0) break;
-                                        }
-                                a += 4;
-                                r += 4;
-                                }
-                        }
-                if (dl > 0)
-                        {
-#ifdef BN_COUNT
-                        fprintf(stderr, "  bn_sub_part_words %d + %d (dl > 0, copy)\n", cl, dl);
-#endif
-                        for(;;)
-                                {
-                                r[0] = a[0];
-                                if (--dl <= 0) break;
-                                r[1] = a[1];
-                                if (--dl <= 0) break;
-                                r[2] = a[2];
-                                if (--dl <= 0) break;
-                                r[3] = a[3];
-                                if (--dl <= 0) break;
-                                a += 4;
-                                r += 4;
-                                }
-                        }
-                }
-        return c;
-        }
-#endif
-BN_ULONG bn_add_part_words(BN_ULONG *r,
-        const BN_ULONG *a, const BN_ULONG *b,
-        int cl, int dl)
-        {
-        BN_ULONG c, l, t;
-        assert(cl >= 0);
-        c = bn_add_words(r, a, b, cl);
-        if (dl == 0)
-                return c;
-        r += cl;
-        a += cl;
-        b += cl;
-        if (dl < 0)
-                {
-                int save_dl = dl;
-#ifdef BN_COUNT
-                fprintf(stderr, "  bn_add_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c);
-#endif
-                while (c)
-                        {
-                        l=(c+b[0])&BN_MASK2;
-                        c=(l < c);
-                        r[0]=l;
-                        if (++dl >= 0) break;
-                        l=(c+b[1])&BN_MASK2;
-                        c=(l < c);
-                        r[1]=l;
-                        if (++dl >= 0) break;
-                        l=(c+b[2])&BN_MASK2;
-                        c=(l < c);
-                        r[2]=l;
-                        if (++dl >= 0) break;
-                        l=(c+b[3])&BN_MASK2;
-                        c=(l < c);
-                        r[3]=l;
-                        if (++dl >= 0) break;
-                        save_dl = dl;
-                        b+=4;
-                        r+=4;
-                        }
-                if (dl < 0)
-                        {
-#ifdef BN_COUNT
-                        fprintf(stderr, "  bn_add_part_words %d + %d (dl < 0, c == 0)\n", cl, dl);
-#endif
-                        if (save_dl < dl)
-                                {
-                                switch (dl - save_dl)
-                                        {
-                                case 1:
-                                        r[1] = b[1];
-                                        if (++dl >= 0) break;
-                                case 2:
-                                        r[2] = b[2];
-                                        if (++dl >= 0) break;
-                                case 3:
-                                        r[3] = b[3];
-                                        if (++dl >= 0) break;
-                                        }
-                                b += 4;
-                                r += 4;
-                                }
-                        }
-                if (dl < 0)
-                        {
-#ifdef BN_COUNT
-                        fprintf(stderr, "  bn_add_part_words %d + %d (dl < 0, copy)\n", cl, dl);
-#endif
-                        for(;;)
-                                {
-                                r[0] = b[0];
-                                if (++dl >= 0) break;
-                                r[1] = b[1];
-                                if (++dl >= 0) break;
-                                r[2] = b[2];
-                                if (++dl >= 0) break;
-                                r[3] = b[3];
-                                if (++dl >= 0) break;
-                                b += 4;
-                                r += 4;
-                                }
-                        }
-                }
-        else
-                {
-                int save_dl = dl;
-#ifdef BN_COUNT
-                fprintf(stderr, "  bn_add_part_words %d + %d (dl > 0)\n", cl, dl);
-#endif
-                while (c)
-                        {
-                        t=(a[0]+c)&BN_MASK2;
-                        c=(t < c);
-                        r[0]=t;
-                        if (--dl <= 0) break;
-                        t=(a[1]+c)&BN_MASK2;
-                        c=(t < c);
-                        r[1]=t;
-                        if (--dl <= 0) break;
-                        t=(a[2]+c)&BN_MASK2;
-                        c=(t < c);
-                        r[2]=t;
-                        if (--dl <= 0) break;
-                        t=(a[3]+c)&BN_MASK2;
-                        c=(t < c);
-                        r[3]=t;
-                        if (--dl <= 0) break;
-                        save_dl = dl;
-                        a+=4;
-                        r+=4;
-                        }
-#ifdef BN_COUNT
-                fprintf(stderr, "  bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl, dl);
-#endif
-                if (dl > 0)
-                        {
-                        if (save_dl > dl)
-                                {
-                                switch (save_dl - dl)
-                                        {
-                                case 1:
-                                        r[1] = a[1];
-                                        if (--dl <= 0) break;
-                                case 2:
-                                        r[2] = a[2];
-                                        if (--dl <= 0) break;
-                                case 3:
-                                        r[3] = a[3];
-                                        if (--dl <= 0) break;
-                                        }
-                                a += 4;
-                                r += 4;
-                                }
-                        }
-                if (dl > 0)
-                        {
-#ifdef BN_COUNT
-                        fprintf(stderr, "  bn_add_part_words %d + %d (dl > 0, copy)\n", cl, dl);
-#endif
-                        for(;;)
-                                {
-                                r[0] = a[0];
-                                if (--dl <= 0) break;
-                                r[1] = a[1];
-                                if (--dl <= 0) break;
-                                r[2] = a[2];
-                                if (--dl <= 0) break;
-                                r[3] = a[3];
-                                if (--dl <= 0) break;
-                                a += 4;
-                                r += 4;
-                                }
-                        }
-                }
-        return c;
-        }
 #ifdef BN_RECURSION
 /* Karatsuba recursive multiplication algorithm
 * (cf. Knuth, The Art of Computer Programming, Vol. 2) */
@@ -389,17 +74,15 @@ BN_ULONG bn_add_part_words(BN_ULONG *r,
 * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
 * a[1]*b[1]
 */
-/* dnX may not be positive, but n2/2+dnX has to be */
 void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
-        int dna, int dnb, BN_ULONG *t)
+             BN_ULONG *t)
        {
        int n=n2/2,c1,c2;
-        int tna=n+dna, tnb=n+dnb;
        unsigned int neg,zero;
        BN_ULONG ln,lo,*p;
 # ifdef BN_COUNT
-        fprintf(stderr," bn_mul_recursive %d%+d * %d%+d\n",n2,dna,n2,dnb);
+        printf(" bn_mul_recursive %d * %d\n",n2,n2);
 # endif
 # ifdef BN_MUL_COMBA
 #  if 0
@@ -409,40 +92,34 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
                return;
                }
 #  endif
-        /* Only call bn_mul_comba 8 if n2 == 8 and the
+        if (n2 == 8)
-         * two arrays are complete [steve]
-         */
-        if (n2 == 8 && dna == 0 && dnb == 0)
                {
                bn_mul_comba8(r,a,b);
                return; 
                }
 # endif /* BN_MUL_COMBA */
-        /* Else do normal multiply */
        if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL)
                {
-                bn_mul_normal(r,a,n2+dna,b,n2+dnb);
+                /* This should not happen */
-                if ((dna + dnb) < 0)
+                bn_mul_normal(r,a,n2,b,n2);
-                        memset(&r[2*n2 + dna + dnb], 0,
-                                sizeof(BN_ULONG) * -(dna + dnb));
                return;
                }
        /* r=(a[0]-a[1])*(b[1]-b[0]) */
-        c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna);
+        c1=bn_cmp_words(a,&(a[n]),n);
-        c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n);
+        c2=bn_cmp_words(&(b[n]),b,n);
        zero=neg=0;
        switch (c1*3+c2)
                {
        case -4:
-                bn_sub_part_words(t,      &(a[n]),a,      tna,tna-n); /* - */
+                bn_sub_words(t,      &(a[n]),a,      n); /* - */
-                bn_sub_part_words(&(t[n]),b,      &(b[n]),tnb,n-tnb); /* - */
+                bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
                break;
        case -3:
                zero=1;
                break;
        case -2:
-                bn_sub_part_words(t,      &(a[n]),a,      tna,tna-n); /* - */
+                bn_sub_words(t,      &(a[n]),a,      n); /* - */
-                bn_sub_part_words(&(t[n]),&(b[n]),b,      tnb,tnb-n); /* + */
+                bn_sub_words(&(t[n]),&(b[n]),b,      n); /* + */
                neg=1;
                break;
        case -1:
@@ -451,22 +128,21 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
                zero=1;
                break;
        case 2:
-                bn_sub_part_words(t,      a,      &(a[n]),tna,n-tna); /* + */
+                bn_sub_words(t,      a,      &(a[n]),n); /* + */
-                bn_sub_part_words(&(t[n]),b,      &(b[n]),tnb,n-tnb); /* - */
+                bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
                neg=1;
                break;
        case 3:
                zero=1;
                break;
        case 4:
-                bn_sub_part_words(t,      a,      &(a[n]),tna,n-tna);
+                bn_sub_words(t,      a,      &(a[n]),n);
-                bn_sub_part_words(&(t[n]),&(b[n]),b,      tnb,tnb-n);
+                bn_sub_words(&(t[n]),&(b[n]),b,      n);
                break;
                }
 # ifdef BN_MUL_COMBA
-        if (n == 4 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba4 could take
+        if (n == 4)
-                                               extra args to do this well */
                {
                if (!zero)
                        bn_mul_comba4(&(t[n2]),t,&(t[n]));
@@ -476,9 +152,7 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
                bn_mul_comba4(r,a,b);
                bn_mul_comba4(&(r[n2]),&(a[n]),&(b[n]));
                }
-        else if (n == 8 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba8 could
+        else if (n == 8)
-                                                    take extra args to do this
-                                                    well */
                {
                if (!zero)
                        bn_mul_comba8(&(t[n2]),t,&(t[n]));
@@ -493,11 +167,11 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
                {
                p= &(t[n2*2]);
                if (!zero)
-                        bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p);
+                        bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p);
                else
                        memset(&(t[n2]),0,n2*sizeof(BN_ULONG));
-                bn_mul_recursive(r,a,b,n,0,0,p);
+                bn_mul_recursive(r,a,b,n,p);
-                bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,dna,dnb,p);
+                bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,p);
                }
        /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
@@ -546,40 +220,39 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
 /* n+tn is the word length
 * t needs to be n*4 is size, as does r */
-/* tnX may not be negative but less than n */
+void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
-void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
+             int n, BN_ULONG *t)
-             int tna, int tnb, BN_ULONG *t)
        {
        int i,j,n2=n*2;
        int c1,c2,neg,zero;
        BN_ULONG ln,lo,*p;
 # ifdef BN_COUNT
-        fprintf(stderr," bn_mul_part_recursive (%d%+d) * (%d%+d)\n",
+        printf(" bn_mul_part_recursive %d * %d\n",tn+n,tn+n);
-                n, tna, n, tnb);
 # endif
        if (n < 8)
                {
-                bn_mul_normal(r,a,n+tna,b,n+tnb);
+                i=tn+n;
+                bn_mul_normal(r,a,i,b,i);
                return;
                }
        /* r=(a[0]-a[1])*(b[1]-b[0]) */
-        c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna);
+        c1=bn_cmp_words(a,&(a[n]),n);
-        c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n);
+        c2=bn_cmp_words(&(b[n]),b,n);
        zero=neg=0;
        switch (c1*3+c2)
                {
        case -4:
-                bn_sub_part_words(t,      &(a[n]),a,      tna,tna-n); /* - */
+                bn_sub_words(t,      &(a[n]),a,      n); /* - */
-                bn_sub_part_words(&(t[n]),b,      &(b[n]),tnb,n-tnb); /* - */
+                bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
                break;
        case -3:
                zero=1;
                /* break; */
        case -2:
-                bn_sub_part_words(t,      &(a[n]),a,      tna,tna-n); /* - */
+                bn_sub_words(t,      &(a[n]),a,      n); /* - */
-                bn_sub_part_words(&(t[n]),&(b[n]),b,      tnb,tnb-n); /* + */
+                bn_sub_words(&(t[n]),&(b[n]),b,      n); /* + */
                neg=1;
                break;
        case -1:
@@ -588,16 +261,16 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
                zero=1;
                /* break; */
        case 2:
-                bn_sub_part_words(t,      a,      &(a[n]),tna,n-tna); /* + */
+                bn_sub_words(t,      a,      &(a[n]),n); /* + */
-                bn_sub_part_words(&(t[n]),b,      &(b[n]),tnb,n-tnb); /* - */
+                bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
                neg=1;
                break;
        case 3:
                zero=1;
                /* break; */
        case 4:
-                bn_sub_part_words(t,      a,      &(a[n]),tna,n-tna);
+                bn_sub_words(t,      a,      &(a[n]),n);
-                bn_sub_part_words(&(t[n]),&(b[n]),b,      tnb,tnb-n);
+                bn_sub_words(&(t[n]),&(b[n]),b,      n);
                break;
                }
                /* The zero case isn't yet implemented here. The speedup
@@ -616,62 +289,54 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
                {
                bn_mul_comba8(&(t[n2]),t,&(t[n]));
                bn_mul_comba8(r,a,b);
-                bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb);
+                bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
-                memset(&(r[n2+tna+tnb]),0,sizeof(BN_ULONG)*(n2-tna-tnb));
+                memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2));
                }
        else
                {
                p= &(t[n2*2]);
-                bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p);
+                bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p);
-                bn_mul_recursive(r,a,b,n,0,0,p);
+                bn_mul_recursive(r,a,b,n,p);
                i=n/2;
                /* If there is only a bottom half to the number,
                 * just do it */
-                if (tna > tnb)
+                j=tn-i;
-                        j = tna - i;
-                else
-                        j = tnb - i;
                if (j == 0)
                        {
-                        bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),
+                        bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),i,p);
-                                i,tna-i,tnb-i,p);
                        memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2));
                        }
                else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */
                                {
                                bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]),
-                                        i,tna-i,tnb-i,p);
+                                        j,i,p);
-                                memset(&(r[n2+tna+tnb]),0,
+                                memset(&(r[n2+tn*2]),0,
-                                        sizeof(BN_ULONG)*(n2-tna-tnb));
+                                        sizeof(BN_ULONG)*(n2-tn*2));
                                }
                else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */
                        {
                        memset(&(r[n2]),0,sizeof(BN_ULONG)*n2);
-                        if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL
+                        if (tn < BN_MUL_RECURSIVE_SIZE_NORMAL)
-                                && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL)
                                {
-                                bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb);
+                                bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
                                }
                        else
                                {
                                for (;;)
                                        {
                                        i/=2;
-                                        /* these simplified conditions work
+                                        if (i < tn)
-                                         * exclusively because difference
-                                         * between tna and tnb is 1 or 0 */
-                                        if (i < tna || i < tnb)
                                                {
                                                bn_mul_part_recursive(&(r[n2]),
                                                        &(a[n]),&(b[n]),
-                                                        i,tna-i,tnb-i,p);
+                                                        tn-i,i,p);
                                                break;
                                                }
-                                        else if (i == tna || i == tnb)
+                                        else if (i == tn)
                                                {
                                                bn_mul_recursive(&(r[n2]),
                                                        &(a[n]),&(b[n]),
-                                                        i,tna-i,tnb-i,p);
+                                                        i,p);
                                                break;
                                                }
                                        }
@@ -732,10 +397,10 @@ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
        int n=n2/2;
 # ifdef BN_COUNT
-        fprintf(stderr," bn_mul_low_recursive %d * %d\n",n2,n2);
+        printf(" bn_mul_low_recursive %d * %d\n",n2,n2);
 # endif
-        bn_mul_recursive(r,a,b,n,0,0,&(t[0]));
+        bn_mul_recursive(r,a,b,n,&(t[0]));
        if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL)
                {
                bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2]));
@@ -766,7 +431,7 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
        BN_ULONG ll,lc,*lp,*mp;
 # ifdef BN_COUNT
-        fprintf(stderr," bn_mul_high %d * %d\n",n2,n2);
+        printf(" bn_mul_high %d * %d\n",n2,n2);
 # endif
        n=n2/2;
@@ -819,8 +484,8 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
        else
 # endif
                {
-                bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,0,0,&(t[n2]));
+                bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,&(t[n2]));
-                bn_mul_recursive(r,&(a[n]),&(b[n]),n,0,0,&(t[n2]));
+                bn_mul_recursive(r,&(a[n]),&(b[n]),n,&(t[n2]));
                }
        /* s0 == low(al*bl)
@@ -945,19 +610,19 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
 int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
        {
-        int ret=0;
        int top,al,bl;
        BIGNUM *rr;
+        int ret = 0;
 #if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
        int i;
 #endif
 #ifdef BN_RECURSION
-        BIGNUM *t=NULL;
+        BIGNUM *t;
-        int j=0,k;
+        int j,k;
 #endif
 #ifdef BN_COUNT
-        fprintf(stderr,"BN_mul %d * %d\n",a->top,b->top);
+        printf("BN_mul %d * %d\n",a->top,b->top);
 #endif
        bn_check_top(a);
@@ -969,7 +634,7 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
        if ((al == 0) || (bl == 0))
                {
-                BN_zero(r);
+                if (!BN_zero(r)) goto err;
                return(1);
                }
        top=al+bl;
@@ -1010,55 +675,21 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 #ifdef BN_RECURSION
        if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL))
                {
-                if (i >= -1 && i <= 1)
+                if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA) && bl<b->dmax)
                        {
-                        int sav_j =0;
+#if 0   /* tribute to const-ification, bl<b->dmax above covers for this */
-                        /* Find out the power of two lower or equal
+                        if (bn_wexpand(b,al) == NULL) goto err;
-                           to the longest of the two numbers */
+#endif
-                        if (i >= 0)
+                        b->d[bl]=0;
-                                {
-                                j = BN_num_bits_word((BN_ULONG)al);
-                                }
-                        if (i == -1)
-                                {
-                                j = BN_num_bits_word((BN_ULONG)bl);
-                                }
-                        sav_j = j;
-                        j = 1<<(j-1);
-                        assert(j <= al || j <= bl);
-                        k = j+j;
-                        t = BN_CTX_get(ctx);
-                        if (al > j || bl > j)
-                                {
-                                bn_wexpand(t,k*4);
-                                bn_wexpand(rr,k*4);
-                                bn_mul_part_recursive(rr->d,a->d,b->d,
-                                        j,al-j,bl-j,t->d);
-                                }
-                        else    /* al <= j || bl <= j */
-                                {
-                                bn_wexpand(t,k*2);
-                                bn_wexpand(rr,k*2);
-                                bn_mul_recursive(rr->d,a->d,b->d,
-                                        j,al-j,bl-j,t->d);
-                                }
-                        rr->top=top;
-                        goto end;
-                        }
-#if 0
-                if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA))
-                        {
-                        BIGNUM *tmp_bn = (BIGNUM *)b;
-                        if (bn_wexpand(tmp_bn,al) == NULL) goto err;
-                        tmp_bn->d[bl]=0;
                        bl++;
                        i--;
                        }
-                else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA))
+                else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA) && al<a->dmax)
                        {
-                        BIGNUM *tmp_bn = (BIGNUM *)a;
+#if 0   /* tribute to const-ification, al<a->dmax above covers for this */
-                        if (bn_wexpand(tmp_bn,bl) == NULL) goto err;
+                        if (bn_wexpand(a,bl) == NULL) goto err;
-                        tmp_bn->d[al]=0;
+#endif
+                        a->d[al]=0;
                        al++;
                        i++;
                        }
@@ -1075,17 +706,26 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
                                if (bn_wexpand(t,k*2) == NULL) goto err;
                                if (bn_wexpand(rr,k*2) == NULL) goto err;
                                bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
+                                rr->top=top;
+                                goto end;
                                }
+#if 0   /* tribute to const-ification, rsa/dsa performance is not affected */
                        else
                                {
-                                if (bn_wexpand(t,k*4) == NULL) goto err;
+                                if (bn_wexpand(a,k) == NULL ) goto err;
-                                if (bn_wexpand(rr,k*4) == NULL) goto err;
+                                if (bn_wexpand(b,k) == NULL ) goto err;
+                                if (bn_wexpand(t,k*4) == NULL ) goto err;
+                                if (bn_wexpand(rr,k*4) == NULL ) goto err;
+                                for (i=a->top; i<k; i++)
+                                        a->d[i]=0;
+                                for (i=b->top; i<k; i++)
+                                        b->d[i]=0;
                                bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d);
                                }
                        rr->top=top;
                        goto end;
-                        }
 #endif
+                        }
                }
 #endif /* BN_RECURSION */
        if (bn_wexpand(rr,top) == NULL) goto err;
@@ -1095,11 +735,10 @@ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 #if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
 end:
 #endif
-        bn_correct_top(rr);
+        bn_fix_top(rr);
        if (r != rr) BN_copy(r,rr);
        ret=1;
 err:
-        bn_check_top(r);
        BN_CTX_end(ctx);
        return(ret);
        }
@@ -1109,7 +748,7 @@ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
        BN_ULONG *rr;
 #ifdef BN_COUNT
-        fprintf(stderr," bn_mul_normal %d * %d\n",na,nb);
+        printf(" bn_mul_normal %d * %d\n",na,nb);
 #endif
        if (na < nb)
@@ -1122,13 +761,7 @@ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
                }
        rr= &(r[na]);
-        if (nb <= 0)
+        rr[0]=bn_mul_words(r,a,na,b[0]);
-                {
-                (void)bn_mul_words(r,a,na,0);
-                return;
-                }
-        else
-                rr[0]=bn_mul_words(r,a,na,b[0]);
        for (;;)
                {
@@ -1149,7 +782,7 @@ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
 void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
        {
 #ifdef BN_COUNT
-        fprintf(stderr," bn_mul_low_normal %d * %d\n",n,n);
+        printf(" bn_mul_low_normal %d * %d\n",n,n);
 #endif
        bn_mul_words(r,a,n,b[0]);
diff --git a/src/lib/libcrypto/bn/bn_prime.c b/src/lib/libcrypto/bn/bn_prime.c
index 7b25979dd1..f422172f16 100644
--- a/src/lib/libcrypto/bn/bn_prime.c
+++ b/src/lib/libcrypto/bn/bn_prime.c
@@ -115,11 +115,6 @@
 #include "bn_lcl.h"
 #include <openssl/rand.h>
-/* NB: these functions have been "upgraded", the deprecated versions (which are
- * compatibility wrappers using these functions) are in bn_depr.c.
- * - Geoff
- */
 /* The quick sieve algorithm approach to weeding out primes is
 * Philip Zimmermann's, as implemented in PGP.  I have had a read of
 * his comments and implemented my own version.
@@ -134,69 +129,51 @@ static int probable_prime_dh(BIGNUM *rnd, int bits,
 static int probable_prime_dh_safe(BIGNUM *rnd, int bits,
        const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
-int BN_GENCB_call(BN_GENCB *cb, int a, int b)
+BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
-        {
+        const BIGNUM *add, const BIGNUM *rem,
-        /* No callback means continue */
+        void (*callback)(int,int,void *), void *cb_arg)
-        if(!cb) return 1;
-        switch(cb->ver)
-                {
-        case 1:
-                /* Deprecated-style callbacks */
-                if(!cb->cb.cb_1)
-                        return 1;
-                cb->cb.cb_1(a, b, cb->arg);
-                return 1;
-        case 2:
-                /* New-style callbacks */
-                return cb->cb.cb_2(a, b, cb);
-        default:
-                break;
-                }
-        /* Unrecognised callback type */
-        return 0;
-        }
-int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
-        const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb)
        {
-        BIGNUM *t;
+        BIGNUM *rnd=NULL;
+        BIGNUM t;
        int found=0;
        int i,j,c1=0;
        BN_CTX *ctx;
        int checks = BN_prime_checks_for_size(bits);
+        BN_init(&t);
        ctx=BN_CTX_new();
        if (ctx == NULL) goto err;
-        BN_CTX_start(ctx);
+        if (ret == NULL)
-        t = BN_CTX_get(ctx);
+                {
-        if(!t) goto err;
+                if ((rnd=BN_new()) == NULL) goto err;
+                }
+        else
+                rnd=ret;
 loop: 
        /* make a random number and set the top and bottom bits */
        if (add == NULL)
                {
-                if (!probable_prime(ret,bits)) goto err;
+                if (!probable_prime(rnd,bits)) goto err;
                }
        else
                {
                if (safe)
                        {
-                        if (!probable_prime_dh_safe(ret,bits,add,rem,ctx))
+                        if (!probable_prime_dh_safe(rnd,bits,add,rem,ctx))
                                 goto err;
                        }
                else
                        {
-                        if (!probable_prime_dh(ret,bits,add,rem,ctx))
+                        if (!probable_prime_dh(rnd,bits,add,rem,ctx))
                                goto err;
                        }
                }
-        /* if (BN_mod_word(ret,(BN_ULONG)3) == 1) goto loop; */
+        /* if (BN_mod_word(rnd,(BN_ULONG)3) == 1) goto loop; */
-        if(!BN_GENCB_call(cb, 0, c1++))
+        if (callback != NULL) callback(0,c1++,cb_arg);
-                /* aborted */
-                goto err;
        if (!safe)
                {
-                i=BN_is_prime_fasttest_ex(ret,checks,ctx,0,cb);
+                i=BN_is_prime_fasttest(rnd,checks,callback,ctx,cb_arg,0);
                if (i == -1) goto err;
                if (i == 0) goto loop;
                }
@@ -206,42 +183,41 @@ loop:
                 * check that (p-1)/2 is prime.
                 * Since a prime is odd, We just
                 * need to divide by 2 */
-                if (!BN_rshift1(t,ret)) goto err;
+                if (!BN_rshift1(&t,rnd)) goto err;
                for (i=0; i<checks; i++)
                        {
-                        j=BN_is_prime_fasttest_ex(ret,1,ctx,0,cb);
+                        j=BN_is_prime_fasttest(rnd,1,callback,ctx,cb_arg,0);
                        if (j == -1) goto err;
                        if (j == 0) goto loop;
-                        j=BN_is_prime_fasttest_ex(t,1,ctx,0,cb);
+                        j=BN_is_prime_fasttest(&t,1,callback,ctx,cb_arg,0);
                        if (j == -1) goto err;
                        if (j == 0) goto loop;
-                        if(!BN_GENCB_call(cb, 2, c1-1))
+                        if (callback != NULL) callback(2,c1-1,cb_arg);
-                                goto err;
                        /* We have a safe prime test pass */
                        }
                }
        /* we have a prime :-) */
        found = 1;
 err:
-        if (ctx != NULL)
+        if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd);
-                {
+        BN_free(&t);
-                BN_CTX_end(ctx);
+        if (ctx != NULL) BN_CTX_free(ctx);
-                BN_CTX_free(ctx);
+        return(found ? rnd : NULL);
-                }
-        bn_check_top(ret);
-        return found;
        }
-int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, BN_GENCB *cb)
+int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int,int,void *),
+        BN_CTX *ctx_passed, void *cb_arg)
        {
-        return BN_is_prime_fasttest_ex(a, checks, ctx_passed, 0, cb);
+        return BN_is_prime_fasttest(a, checks, callback, ctx_passed, cb_arg, 0);
        }
-int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
+int BN_is_prime_fasttest(const BIGNUM *a, int checks,
-                int do_trial_division, BN_GENCB *cb)
+                void (*callback)(int,int,void *),
+                BN_CTX *ctx_passed, void *cb_arg,
+                int do_trial_division)
        {
        int i, j, ret = -1;
        int k;
@@ -260,13 +236,13 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
        if (!BN_is_odd(a))
                /* a is even => a is prime if and only if a == 2 */
                return BN_is_word(a, 2);
        if (do_trial_division)
                {
                for (i = 1; i < NUMPRIMES; i++)
                        if (BN_mod_word(a, primes[i]) == 0) 
                                return 0;
-                if(!BN_GENCB_call(cb, 1, -1))
+                if (callback != NULL) callback(1, -1, cb_arg);
-                        goto err;
                }
        if (ctx_passed != NULL)
@@ -332,8 +308,7 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
                        ret=0;
                        goto err;
                        }
-                if(!BN_GENCB_call(cb, 1, i))
+                if (callback != NULL) callback(1,i,cb_arg);
-                        goto err;
                }
        ret=1;
 err:
@@ -370,22 +345,20 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
                }
        /* If we get here, 'w' is the (a-1)/2-th power of the original 'w',
         * and it is neither -1 nor +1 -- so 'a' cannot be prime */
-        bn_check_top(w);
        return 1;
        }
 static int probable_prime(BIGNUM *rnd, int bits)
        {
        int i;
-        prime_t mods[NUMPRIMES];
+        BN_ULONG mods[NUMPRIMES];
-        BN_ULONG delta,maxdelta;
+        BN_ULONG delta,d;
 again:
        if (!BN_rand(rnd,bits,1,1)) return(0);
        /* we now have a random number 'rand' to test. */
        for (i=1; i<NUMPRIMES; i++)
-                mods[i]=(prime_t)BN_mod_word(rnd,(BN_ULONG)primes[i]);
+                mods[i]=BN_mod_word(rnd,(BN_ULONG)primes[i]);
-        maxdelta=BN_MASK2 - primes[NUMPRIMES-1];
        delta=0;
        loop: for (i=1; i<NUMPRIMES; i++)
                {
@@ -393,13 +366,16 @@ again:
                 * that gcd(rnd-1,primes) == 1 (except for 2) */
                if (((mods[i]+delta)%primes[i]) <= 1)
                        {
+                        d=delta;
                        delta+=2;
-                        if (delta > maxdelta) goto again;
+                        /* perhaps need to check for overflow of
+                         * delta (but delta can be up to 2^32)
+                         * 21-May-98 eay - added overflow check */
+                        if (delta < d) goto again;
                        goto loop;
                        }
                }
        if (!BN_add_word(rnd,delta)) return(0);
-        bn_check_top(rnd);
        return(1);
        }
@@ -437,7 +413,6 @@ static int probable_prime_dh(BIGNUM *rnd, int bits,
        ret=1;
 err:
        BN_CTX_end(ctx);
-        bn_check_top(rnd);
        return(ret);
        }
@@ -489,6 +464,5 @@ static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
        ret=1;
 err:
        BN_CTX_end(ctx);
-        bn_check_top(p);
        return(ret);
        }
diff --git a/src/lib/libcrypto/bn/bn_prime.h b/src/lib/libcrypto/bn/bn_prime.h
index 51d2194feb..b7cf9a9bfe 100644
--- a/src/lib/libcrypto/bn/bn_prime.h
+++ b/src/lib/libcrypto/bn/bn_prime.h
@@ -58,12 +58,10 @@
 #ifndef EIGHT_BIT
 #define NUMPRIMES 2048
-typedef unsigned short prime_t;
 #else
 #define NUMPRIMES 54
-typedef unsigned char prime_t;
 #endif
-static const prime_t primes[NUMPRIMES]=
+static const unsigned int primes[NUMPRIMES]=
        {
           2,   3,   5,   7,  11,  13,  17,  19,
          23,  29,  31,  37,  41,  43,  47,  53,
diff --git a/src/lib/libcrypto/bn/bn_prime.pl b/src/lib/libcrypto/bn/bn_prime.pl
index 3fafb6f3e9..9fc3765486 100644
--- a/src/lib/libcrypto/bn/bn_prime.pl
+++ b/src/lib/libcrypto/bn/bn_prime.pl
@@ -11,7 +11,7 @@ loop: while ($#primes < $num-1)
        $p+=2;
        $s=int(sqrt($p));
-        for ($i=0; defined($primes[$i]) && $primes[$i]<=$s; $i++)
+        for ($i=0; $primes[$i]<=$s; $i++)
                {
                next loop if (($p%$primes[$i]) == 0);
                }
@@ -101,12 +101,10 @@ for ($i=0; $i <= $#primes; $i++)
 printf "#ifndef EIGHT_BIT\n";
 printf "#define NUMPRIMES %d\n",$num;
-printf "typedef unsigned short prime_t;\n";
 printf "#else\n";
 printf "#define NUMPRIMES %d\n",$eight;
-printf "typedef unsigned char prime_t;\n";
 printf "#endif\n";
-print "static const prime_t primes[NUMPRIMES]=\n\t{\n\t";
+print "static const unsigned int primes[NUMPRIMES]=\n\t{\n\t";
 $init=0;
 for ($i=0; $i <= $#primes; $i++)
        {
diff --git a/src/lib/libcrypto/bn/bn_print.c b/src/lib/libcrypto/bn/bn_print.c
index 810dde34e1..acba7ed7ee 100644
--- a/src/lib/libcrypto/bn/bn_print.c
+++ b/src/lib/libcrypto/bn/bn_print.c
@@ -62,7 +62,7 @@
 #include <openssl/buffer.h>
 #include "bn_lcl.h"
-static const char Hex[]="0123456789ABCDEF";
+static const char *Hex="0123456789ABCDEF";
 /* Must 'OPENSSL_free' the returned data */
 char *BN_bn2hex(const BIGNUM *a)
@@ -102,19 +102,14 @@ err:
 /* Must 'OPENSSL_free' the returned data */
 char *BN_bn2dec(const BIGNUM *a)
        {
-        int i=0,num, ok = 0;
+        int i=0,num;
        char *buf=NULL;
        char *p;
        BIGNUM *t=NULL;
        BN_ULONG *bn_data=NULL,*lp;
-        /* get an upper bound for the length of the decimal integer
-         * num <= (BN_num_bits(a) + 1) * log(2)
-         *     <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1     (rounding error)
-         *     <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1 
-         */
        i=BN_num_bits(a)*3;
-        num=(i/10+i/1000+1)+1;
+        num=(i/10+i/1000+3)+1;
        bn_data=(BN_ULONG *)OPENSSL_malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG));
        buf=(char *)OPENSSL_malloc(num+3);
        if ((buf == NULL) || (bn_data == NULL))
@@ -127,6 +122,7 @@ char *BN_bn2dec(const BIGNUM *a)
 #define BUF_REMAIN (num+3 - (size_t)(p - buf))
        p=buf;
        lp=bn_data;
+        if (t->neg) *(p++)='-';
        if (BN_is_zero(t))
                {
                *(p++)='0';
@@ -134,9 +130,6 @@ char *BN_bn2dec(const BIGNUM *a)
                }
        else
                {
-                if (BN_is_negative(t))
-                        *p++ = '-';
                i=0;
                while (!BN_is_zero(t))
                        {
@@ -156,16 +149,9 @@ char *BN_bn2dec(const BIGNUM *a)
                        while (*p) p++;
                        }
                }
-        ok = 1;
 err:
        if (bn_data != NULL) OPENSSL_free(bn_data);
        if (t != NULL) BN_free(t);
-        if (!ok && buf)
-                {
-                OPENSSL_free(buf);
-                buf = NULL;
-                }
        return(buf);
        }
@@ -225,11 +211,10 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
                j-=(BN_BYTES*2);
                }
        ret->top=h;
-        bn_correct_top(ret);
+        bn_fix_top(ret);
        ret->neg=neg;
        *bn=ret;
-        bn_check_top(ret);
        return(num);
 err:
        if (*bn == NULL) BN_free(ret);
@@ -285,9 +270,8 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
                }
        ret->neg=neg;
-        bn_correct_top(ret);
+        bn_fix_top(ret);
        *bn=ret;
-        bn_check_top(ret);
        return(num);
 err:
        if (*bn == NULL) BN_free(ret);
@@ -316,7 +300,7 @@ int BN_print(BIO *bp, const BIGNUM *a)
        int ret=0;
        if ((a->neg) && (BIO_write(bp,"-",1) != 1)) goto end;
-        if (BN_is_zero(a) && (BIO_write(bp,"0",1) != 1)) goto end;
+        if ((BN_is_zero(a)) && (BIO_write(bp,"0",1) != 1)) goto end;
        for (i=a->top-1; i >=0; i--)
                {
                for (j=BN_BITS2-4; j >= 0; j-=4)
@@ -336,3 +320,14 @@ end:
        return(ret);
        }
 #endif
+#ifdef BN_DEBUG
+void bn_dump1(FILE *o, const char *a, const BN_ULONG *b,int n)
+        {
+        int i;
+        fprintf(o, "%s=", a);
+        for (i=n-1;i>=0;i--)
+                fprintf(o, "%08lX", b[i]); /* assumes 32-bit BN_ULONG */
+        fprintf(o, "\n");
+        }
+#endif
diff --git a/src/lib/libcrypto/bn/bn_rand.c b/src/lib/libcrypto/bn/bn_rand.c
index f51830b12b..893c9d2af9 100644
--- a/src/lib/libcrypto/bn/bn_rand.c
+++ b/src/lib/libcrypto/bn/bn_rand.c
@@ -134,13 +134,13 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
        buf=(unsigned char *)OPENSSL_malloc(bytes);
        if (buf == NULL)
                {
-                BNerr(BN_F_BNRAND,ERR_R_MALLOC_FAILURE);
+                BNerr(BN_F_BN_RAND,ERR_R_MALLOC_FAILURE);
                goto err;
                }
        /* make a random number and set the top and bottom bits */
        time(&tim);
-        RAND_add(&tim,sizeof(tim),0.0);
+        RAND_add(&tim,sizeof(tim),0);
        if (pseudorand)
                {
@@ -204,7 +204,6 @@ err:
                OPENSSL_cleanse(buf,bytes);
                OPENSSL_free(buf);
                }
-        bn_check_top(rnd);
        return(ret);
        }
@@ -231,7 +230,6 @@ static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range)
        {
        int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand;
        int n;
-        int count = 100;
        if (range->neg || BN_is_zero(range))
                {
@@ -244,7 +242,9 @@ static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range)
        /* BN_is_bit_set(range, n - 1) always holds */
        if (n == 1)
-                BN_zero(r);
+                {
+                if (!BN_zero(r)) return 0;
+                }
        else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3))
                {
                /* range = 100..._2,
@@ -263,13 +263,6 @@ static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range)
                                if (BN_cmp(r, range) >= 0)
                                        if (!BN_sub(r, r, range)) return 0;
                                }
-                        if (!--count)
-                                {
-                                BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
-                                return 0;
-                                }
-                        
                        }
                while (BN_cmp(r, range) >= 0);
                }
@@ -279,17 +272,10 @@ static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range)
                        {
                        /* range = 11..._2  or  range = 101..._2 */
                        if (!bn_rand(r, n, -1, 0)) return 0;
-                        if (!--count)
-                                {
-                                BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
-                                return 0;
-                                }
                        }
                while (BN_cmp(r, range) >= 0);
                }
-        bn_check_top(r);
        return 1;
        }
diff --git a/src/lib/libcrypto/bn/bn_recp.c b/src/lib/libcrypto/bn/bn_recp.c
index 2e8efb8dae..ef5fdd4708 100644
--- a/src/lib/libcrypto/bn/bn_recp.c
+++ b/src/lib/libcrypto/bn/bn_recp.c
@@ -94,7 +94,7 @@ void BN_RECP_CTX_free(BN_RECP_CTX *recp)
 int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
        {
        if (!BN_copy(&(recp->N),d)) return 0;
-        BN_zero(&(recp->Nr));
+        if (!BN_zero(&(recp->Nr))) return 0;
        recp->num_bits=BN_num_bits(d);
        recp->shift=0;
        return(1);
@@ -123,7 +123,6 @@ int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
        ret = BN_div_recp(NULL,r,ca,recp,ctx);
 err:
        BN_CTX_end(ctx);
-        bn_check_top(r);
        return(ret);
        }
@@ -148,7 +147,7 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
        if (BN_ucmp(m,&(recp->N)) < 0)
                {
-                BN_zero(d);
+                if (!BN_zero(d)) return 0;
                if (!BN_copy(r,m)) return 0;
                BN_CTX_end(ctx);
                return(1);
@@ -191,7 +190,7 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
                {
                if (j++ > 2)
                        {
-                        BNerr(BN_F_BN_DIV_RECP,BN_R_BAD_RECIPROCAL);
+                        BNerr(BN_F_BN_MOD_MUL_RECIPROCAL,BN_R_BAD_RECIPROCAL);
                        goto err;
                        }
                if (!BN_usub(r,r,&(recp->N))) goto err;
@@ -204,8 +203,6 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
        ret=1;
 err:
        BN_CTX_end(ctx);
-        bn_check_top(dv);
-        bn_check_top(rem);
        return(ret);
        } 
@@ -217,18 +214,17 @@ err:
 int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
        {
        int ret= -1;
-        BIGNUM *t;
+        BIGNUM t;
-        BN_CTX_start(ctx);
+        BN_init(&t);
-        if((t = BN_CTX_get(ctx)) == NULL) goto err;
-        if (!BN_set_bit(t,len)) goto err;
+        if (!BN_zero(&t)) goto err;
+        if (!BN_set_bit(&t,len)) goto err;
-        if (!BN_div(r,NULL,t,m,ctx)) goto err;
+        if (!BN_div(r,NULL,&t,m,ctx)) goto err;
        ret=len;
 err:
-        bn_check_top(r);
+        BN_free(&t);
-        BN_CTX_end(ctx);
        return(ret);
        }
diff --git a/src/lib/libcrypto/bn/bn_shift.c b/src/lib/libcrypto/bn/bn_shift.c
index de9312dce2..70f785ea18 100644
--- a/src/lib/libcrypto/bn/bn_shift.c
+++ b/src/lib/libcrypto/bn/bn_shift.c
@@ -65,9 +65,6 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a)
        register BN_ULONG *ap,*rp,t,c;
        int i;
-        bn_check_top(r);
-        bn_check_top(a);
        if (r != a)
                {
                r->neg=a->neg;
@@ -92,7 +89,6 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a)
                *rp=1;
                r->top++;
                }
-        bn_check_top(r);
        return(1);
        }
@@ -101,9 +97,6 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a)
        BN_ULONG *ap,*rp,t,c;
        int i;
-        bn_check_top(r);
-        bn_check_top(a);
        if (BN_is_zero(a))
                {
                BN_zero(r);
@@ -124,8 +117,7 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a)
                rp[i]=((t>>1)&BN_MASK2)|c;
                c=(t&1)?BN_TBIT:0;
                }
-        bn_correct_top(r);
+        bn_fix_top(r);
-        bn_check_top(r);
        return(1);
        }
@@ -135,9 +127,6 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
        BN_ULONG *t,*f;
        BN_ULONG l;
-        bn_check_top(r);
-        bn_check_top(a);
        r->neg=a->neg;
        nw=n/BN_BITS2;
        if (bn_wexpand(r,a->top+nw+1) == NULL) return(0);
@@ -160,8 +149,7 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
 /*      for (i=0; i<nw; i++)
                t[i]=0;*/
        r->top=a->top+nw+1;
-        bn_correct_top(r);
+        bn_fix_top(r);
-        bn_check_top(r);
        return(1);
        }
@@ -171,9 +159,6 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
        BN_ULONG *t,*f;
        BN_ULONG l,tmp;
-        bn_check_top(r);
-        bn_check_top(a);
        nw=n/BN_BITS2;
        rb=n%BN_BITS2;
        lb=BN_BITS2-rb;
@@ -200,13 +185,13 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
        if (rb == 0)
                {
-                for (i=j; i != 0; i--)
+                for (i=j+1; i > 0; i--)
                        *(t++)= *(f++);
                }
        else
                {
                l= *(f++);
-                for (i=j-1; i != 0; i--)
+                for (i=1; i<j; i++)
                        {
                        tmp =(l>>rb)&BN_MASK2;
                        l= *(f++);
@@ -214,7 +199,7 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
                        }
                *(t++) =(l>>rb)&BN_MASK2;
                }
-        bn_correct_top(r);
+        *t=0;
-        bn_check_top(r);
+        bn_fix_top(r);
        return(1);
        }
diff --git a/src/lib/libcrypto/bn/bn_sqr.c b/src/lib/libcrypto/bn/bn_sqr.c
index 270d0cd348..c1d0cca438 100644
--- a/src/lib/libcrypto/bn/bn_sqr.c
+++ b/src/lib/libcrypto/bn/bn_sqr.c
@@ -77,16 +77,16 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
        if (al <= 0)
                {
                r->top=0;
-                return 1;
+                return(1);
                }
        BN_CTX_start(ctx);
        rr=(a != r) ? r : BN_CTX_get(ctx);
        tmp=BN_CTX_get(ctx);
-        if (!rr || !tmp) goto err;
+        if (tmp == NULL) goto err;
-        max = 2 * al; /* Non-zero (from above) */
+        max=(al+al);
-        if (bn_wexpand(rr,max) == NULL) goto err;
+        if (bn_wexpand(rr,max+1) == NULL) goto err;
        if (al == 4)
                {
@@ -138,18 +138,12 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
 #endif
                }
+        rr->top=max;
        rr->neg=0;
-        /* If the most-significant half of the top word of 'a' is zero, then
+        if ((max > 0) && (rr->d[max-1] == 0)) rr->top--;
-         * the square of 'a' will max-1 words. */
-        if(a->d[al - 1] == (a->d[al - 1] & BN_MASK2l))
-                rr->top = max - 1;
-        else
-                rr->top = max;
        if (rr != r) BN_copy(r,rr);
        ret = 1;
 err:
-        bn_check_top(rr);
-        bn_check_top(tmp);
        BN_CTX_end(ctx);
        return(ret);
        }
diff --git a/src/lib/libcrypto/bn/bn_sqrt.c b/src/lib/libcrypto/bn/bn_sqrt.c
index 6beaf9e5e5..e2a1105dc8 100644
--- a/src/lib/libcrypto/bn/bn_sqrt.c
+++ b/src/lib/libcrypto/bn/bn_sqrt.c
@@ -1,4 +1,4 @@
-/* crypto/bn/bn_sqrt.c */
+/* crypto/bn/bn_mod.c */
 /* Written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
 * and Bodo Moeller for the OpenSSL project. */
 /* ====================================================================
@@ -65,12 +65,14 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
 * using the Tonelli/Shanks algorithm (cf. Henri Cohen, "A Course
 * in Algebraic Computational Number Theory", algorithm 1.5.1).
 * 'p' must be prime!
+ * If 'a' is not a square, this is not necessarily detected by
+ * the algorithms; a bogus result must be expected in this case.
 */
        {
        BIGNUM *ret = in;
        int err = 1;
        int r;
-        BIGNUM *A, *b, *q, *t, *x, *y;
+        BIGNUM *b, *q, *t, *x, *y;
        int e, i, j;
        
        if (!BN_is_odd(p) || BN_abs_is_word(p, 1))
@@ -83,11 +85,9 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                                goto end;
                        if (!BN_set_word(ret, BN_is_bit_set(a, 0)))
                                {
-                                if (ret != in)
+                                BN_free(ret);
-                                        BN_free(ret);
                                return NULL;
                                }
-                        bn_check_top(ret);
                        return ret;
                        }
@@ -103,16 +103,23 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                        goto end;
                if (!BN_set_word(ret, BN_is_one(a)))
                        {
-                        if (ret != in)
+                        BN_free(ret);
-                                BN_free(ret);
                        return NULL;
                        }
-                bn_check_top(ret);
                return ret;
                }
+#if 0 /* if BN_mod_sqrt is used with correct input, this just wastes time */
+        r = BN_kronecker(a, p, ctx);
+        if (r < -1) return NULL;
+        if (r == -1)
+                {
+                BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
+                return(NULL);
+                }
+#endif
        BN_CTX_start(ctx);
-        A = BN_CTX_get(ctx);
        b = BN_CTX_get(ctx);
        q = BN_CTX_get(ctx);
        t = BN_CTX_get(ctx);
@@ -124,9 +131,6 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                ret = BN_new();
        if (ret == NULL) goto end;
-        /* A = a mod p */
-        if (!BN_nnmod(A, a, p, ctx)) goto end;
        /* now write  |p| - 1  as  2^e*q  where  q  is odd */
        e = 1;
        while (!BN_is_bit_set(p, e))
@@ -145,9 +149,9 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                if (!BN_rshift(q, p, 2)) goto end;
                q->neg = 0;
                if (!BN_add_word(q, 1)) goto end;
-                if (!BN_mod_exp(ret, A, q, p, ctx)) goto end;
+                if (!BN_mod_exp(ret, a, q, p, ctx)) goto end;
                err = 0;
-                goto vrfy;
+                goto end;
                }
        
        if (e == 2)
@@ -178,8 +182,15 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                 * November 1992.)
                 */
+                /* make sure that  a  is reduced modulo p */
+                if (a->neg || BN_ucmp(a, p) >= 0)
+                        {
+                        if (!BN_nnmod(x, a, p, ctx)) goto end;
+                        a = x; /* use x as temporary variable */
+                        }
                /* t := 2*a */
-                if (!BN_mod_lshift1_quick(t, A, p)) goto end;
+                if (!BN_mod_lshift1_quick(t, a, p)) goto end;
                /* b := (2*a)^((|p|-5)/8) */
                if (!BN_rshift(q, p, 3)) goto end;
@@ -194,12 +205,12 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                if (!BN_sub_word(t, 1)) goto end;
                /* x = a*b*t */
-                if (!BN_mod_mul(x, A, b, p, ctx)) goto end;
+                if (!BN_mod_mul(x, a, b, p, ctx)) goto end;
                if (!BN_mod_mul(x, x, t, p, ctx)) goto end;
                if (!BN_copy(ret, x)) goto end;
                err = 0;
-                goto vrfy;
+                goto end;
                }
        
        /* e > 2, so we really have to use the Tonelli/Shanks algorithm.
@@ -286,11 +297,11 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
        /* x := a^((q-1)/2) */
        if (BN_is_zero(t)) /* special case: p = 2^e + 1 */
                {
-                if (!BN_nnmod(t, A, p, ctx)) goto end;
+                if (!BN_nnmod(t, a, p, ctx)) goto end;
                if (BN_is_zero(t))
                        {
                        /* special case: a == 0  (mod p) */
-                        BN_zero(ret);
+                        if (!BN_zero(ret)) goto end;
                        err = 0;
                        goto end;
                        }
@@ -299,11 +310,11 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                }
        else
                {
-                if (!BN_mod_exp(x, A, t, p, ctx)) goto end;
+                if (!BN_mod_exp(x, a, t, p, ctx)) goto end;
                if (BN_is_zero(x))
                        {
                        /* special case: a == 0  (mod p) */
-                        BN_zero(ret);
+                        if (!BN_zero(ret)) goto end;
                        err = 0;
                        goto end;
                        }
@@ -311,10 +322,10 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
        /* b := a*x^2  (= a^q) */
        if (!BN_mod_sqr(b, x, p, ctx)) goto end;
-        if (!BN_mod_mul(b, b, A, p, ctx)) goto end;
+        if (!BN_mod_mul(b, b, a, p, ctx)) goto end;
        
        /* x := a*x    (= a^((q+1)/2)) */
-        if (!BN_mod_mul(x, x, A, p, ctx)) goto end;
+        if (!BN_mod_mul(x, x, a, p, ctx)) goto end;
        while (1)
                {
@@ -331,7 +342,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                        {
                        if (!BN_copy(ret, x)) goto end;
                        err = 0;
-                        goto vrfy;
+                        goto end;
                        }
@@ -362,22 +373,6 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                e = i;
                }
- vrfy:
-        if (!err)
-                {
-                /* verify the result -- the input might have been not a square
-                 * (test added in 0.9.8) */
-                
-                if (!BN_mod_sqr(x, ret, p, ctx))
-                        err = 1;
-                
-                if (!err && 0 != BN_cmp(x, A))
-                        {
-                        BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
-                        err = 1;
-                        }
-                }
 end:
        if (err)
                {
@@ -388,6 +383,5 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                ret = NULL;
                }
        BN_CTX_end(ctx);
-        bn_check_top(ret);
        return ret;
        }
diff --git a/src/lib/libcrypto/bn/bn_word.c b/src/lib/libcrypto/bn/bn_word.c
index ee7b87c45c..de610ce54c 100644
--- a/src/lib/libcrypto/bn/bn_word.c
+++ b/src/lib/libcrypto/bn/bn_word.c
@@ -69,10 +69,6 @@ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)
 #endif
        int i;
-        if (w == 0)
-                return (BN_ULONG)-1;
-        bn_check_top(a);
        w&=BN_MASK2;
        for (i=a->top-1; i>=0; i--)
                {
@@ -89,24 +85,12 @@ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)
 BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w)
        {
-        BN_ULONG ret = 0;
+        BN_ULONG ret;
-        int i, j;
+        int i;
-        bn_check_top(a);
-        w &= BN_MASK2;
-        if (!w)
-                /* actually this an error (division by zero) */
-                return (BN_ULONG)-1;
-        if (a->top == 0)
-                return 0;
-        /* normalize input (so bn_div_words doesn't complain) */
-        j = BN_BITS2 - BN_num_bits_word(w);
-        w <<= j;
-        if (!BN_lshift(a, a, j))
-                return (BN_ULONG)-1;
+        if (a->top == 0) return(0);
+        ret=0;
+        w&=BN_MASK2;
        for (i=a->top-1; i>=0; i--)
                {
                BN_ULONG l,d;
@@ -118,8 +102,6 @@ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w)
                }
        if ((a->top > 0) && (a->d[a->top-1] == 0))
                a->top--;
-        ret >>= j;
-        bn_check_top(a);
        return(ret);
        }
@@ -128,14 +110,9 @@ int BN_add_word(BIGNUM *a, BN_ULONG w)
        BN_ULONG l;
        int i;
-        bn_check_top(a);
+        if ((w & BN_MASK2) == 0)
-        w &= BN_MASK2;
+                return(1);
-        /* degenerate case: w is zero */
-        if (!w) return 1;
-        /* degenerate case: a is zero */
-        if(BN_is_zero(a)) return BN_set_word(a, w);
-        /* handle 'a' when negative */
        if (a->neg)
                {
                a->neg=0;
@@ -144,17 +121,15 @@ int BN_add_word(BIGNUM *a, BN_ULONG w)
                        a->neg=!(a->neg);
                return(i);
                }
-        /* Only expand (and risk failing) if it's possibly necessary */
+        w&=BN_MASK2;
-        if (((BN_ULONG)(a->d[a->top - 1] + 1) == 0) &&
+        if (bn_wexpand(a,a->top+1) == NULL) return(0);
-                        (bn_wexpand(a,a->top+1) == NULL))
-                return(0);
        i=0;
        for (;;)
                {
                if (i >= a->top)
                        l=w;
                else
-                        l=(a->d[i]+w)&BN_MASK2;
+                        l=(a->d[i]+(BN_ULONG)w)&BN_MASK2;
                a->d[i]=l;
                if (w > l)
                        w=1;
@@ -164,7 +139,6 @@ int BN_add_word(BIGNUM *a, BN_ULONG w)
                }
        if (i >= a->top)
                a->top++;
-        bn_check_top(a);
        return(1);
        }
@@ -172,21 +146,10 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w)
        {
        int i;
-        bn_check_top(a);
+        if ((w & BN_MASK2) == 0)
-        w &= BN_MASK2;
+                return(1);
-        /* degenerate case: w is zero */
+        if (BN_is_zero(a) || a->neg)
-        if (!w) return 1;
-        /* degenerate case: a is zero */
-        if(BN_is_zero(a))
-                {
-                i = BN_set_word(a,w);
-                if (i != 0)
-                        BN_set_negative(a, 1);
-                return i;
-                }
-        /* handle 'a' when negative */
-        if (a->neg)
                {
                a->neg=0;
                i=BN_add_word(a,w);
@@ -194,6 +157,7 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w)
                return(i);
                }
+        w&=BN_MASK2;
        if ((a->top == 1) && (a->d[0] < w))
                {
                a->d[0]=w-a->d[0];
@@ -217,7 +181,6 @@ int BN_sub_word(BIGNUM *a, BN_ULONG w)
                }
        if ((a->d[i] == 0) && (i == (a->top-1)))
                a->top--;
-        bn_check_top(a);
        return(1);
        }
@@ -225,7 +188,6 @@ int BN_mul_word(BIGNUM *a, BN_ULONG w)
        {
        BN_ULONG ll;
-        bn_check_top(a);
        w&=BN_MASK2;
        if (a->top)
                {
@@ -241,7 +203,6 @@ int BN_mul_word(BIGNUM *a, BN_ULONG w)
                                }
                        }
                }
-        bn_check_top(a);
        return(1);
        }
diff --git a/src/lib/libcrypto/bn/bnspeed.c b/src/lib/libcrypto/bn/bnspeed.c
new file mode 100644
index 0000000000..b554ac8cf8
--- /dev/null
+++ b/src/lib/libcrypto/bn/bnspeed.c
@@ -0,0 +1,233 @@
+/* unused */
+/* crypto/bn/bnspeed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* most of this code has been pilfered from my libdes speed.c program */
+#define BASENUM 1000000
+#undef PROG
+#define PROG bnspeed_main
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+#define TIMES
+#endif
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.                           -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#include <openssl/bn.h>
+#include <openssl/x509.h>
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+#   define HZ   100.0
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+#undef BUFSIZE
+#define BUFSIZE ((long)1024*8)
+int run=0;
+static double Time_F(int s);
+#define START   0
+#define STOP    1
+static double Time_F(int s)
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret < 1e-3)?1e-3:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+                return((ret < 0.001)?0.001:ret);
+                }
+#endif
+        }
+#define NUM_SIZES       5
+static int sizes[NUM_SIZES]={128,256,512,1024,2048};
+/*static int sizes[NUM_SIZES]={59,179,299,419,539}; */
+void do_mul(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_CTX *ctx); 
+int main(int argc, char **argv)
+        {
+        BN_CTX *ctx;
+        BIGNUM a,b,c;
+        ctx=BN_CTX_new();
+        BN_init(&a);
+        BN_init(&b);
+        BN_init(&c);
+        do_mul(&a,&b,&c,ctx);
+        }
+void do_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
+        {
+        int i,j,k;
+        double tm;
+        long num;
+        for (i=0; i<NUM_SIZES; i++)
+                {
+                num=BASENUM;
+                if (i) num/=(i*3);
+                BN_rand(a,sizes[i],1,0);
+                for (j=i; j<NUM_SIZES; j++)
+                        {
+                        BN_rand(b,sizes[j],1,0);
+                        Time_F(START);
+                        for (k=0; k<num; k++)
+                                BN_mul(r,b,a,ctx);
+                        tm=Time_F(STOP);
+                        printf("mul %4d x %4d -> %8.3fms\n",sizes[i],sizes[j],tm*1000.0/num);
+                        }
+                }
+        for (i=0; i<NUM_SIZES; i++)
+                {
+                num=BASENUM;
+                if (i) num/=(i*3);
+                BN_rand(a,sizes[i],1,0);
+                Time_F(START);
+                for (k=0; k<num; k++)
+                        BN_sqr(r,a,ctx);
+                tm=Time_F(STOP);
+                printf("sqr %4d x %4d -> %8.3fms\n",sizes[i],sizes[i],tm*1000.0/num);
+                }
+        for (i=0; i<NUM_SIZES; i++)
+                {
+                num=BASENUM/10;
+                if (i) num/=(i*3);
+                BN_rand(a,sizes[i]-1,1,0);
+                for (j=i; j<NUM_SIZES; j++)
+                        {
+                        BN_rand(b,sizes[j],1,0);
+                        Time_F(START);
+                        for (k=0; k<100000; k++)
+                                BN_div(r, NULL, b, a,ctx);
+                        tm=Time_F(STOP);
+                        printf("div %4d / %4d -> %8.3fms\n",sizes[j],sizes[i]-1,tm*1000.0/num);
+                        }
+                }
+        }
diff --git a/src/lib/libcrypto/bn/bntest.c b/src/lib/libcrypto/bn/bntest.c
new file mode 100644
index 0000000000..792a75ff4f
--- /dev/null
+++ b/src/lib/libcrypto/bn/bntest.c
@@ -0,0 +1,1290 @@
+/* crypto/bn/bntest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "e_os.h"
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+const int num0 = 100; /* number of tests */
+const int num1 = 50;  /* additional tests for some functions */
+const int num2 = 5;   /* number of tests for slow functions */
+int test_add(BIO *bp);
+int test_sub(BIO *bp);
+int test_lshift1(BIO *bp);
+int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_);
+int test_rshift1(BIO *bp);
+int test_rshift(BIO *bp,BN_CTX *ctx);
+int test_div(BIO *bp,BN_CTX *ctx);
+int test_div_recp(BIO *bp,BN_CTX *ctx);
+int test_mul(BIO *bp);
+int test_sqr(BIO *bp,BN_CTX *ctx);
+int test_mont(BIO *bp,BN_CTX *ctx);
+int test_mod(BIO *bp,BN_CTX *ctx);
+int test_mod_mul(BIO *bp,BN_CTX *ctx);
+int test_mod_exp(BIO *bp,BN_CTX *ctx);
+int test_mod_exp_mont_consttime(BIO *bp,BN_CTX *ctx);
+int test_exp(BIO *bp,BN_CTX *ctx);
+int test_kron(BIO *bp,BN_CTX *ctx);
+int test_sqrt(BIO *bp,BN_CTX *ctx);
+int rand_neg(void);
+static int results=0;
+static unsigned char lst[]="\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"
+"\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0";
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+static void message(BIO *out, char *m)
+        {
+        fprintf(stderr, "test %s\n", m);
+        BIO_puts(out, "print \"test ");
+        BIO_puts(out, m);
+        BIO_puts(out, "\\n\"\n");
+        }
+int main(int argc, char *argv[])
+        {
+        BN_CTX *ctx;
+        BIO *out;
+        char *outfile=NULL;
+        results = 0;
+        RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
+        argc--;
+        argv++;
+        while (argc >= 1)
+                {
+                if (strcmp(*argv,"-results") == 0)
+                        results=1;
+                else if (strcmp(*argv,"-out") == 0)
+                        {
+                        if (--argc < 1) break;
+                        outfile= *(++argv);
+                        }
+                argc--;
+                argv++;
+                }
+        ctx=BN_CTX_new();
+        if (ctx == NULL) EXIT(1);
+        out=BIO_new(BIO_s_file());
+        if (out == NULL) EXIT(1);
+        if (outfile == NULL)
+                {
+                BIO_set_fp(out,stdout,BIO_NOCLOSE);
+                }
+        else
+                {
+                if (!BIO_write_filename(out,outfile))
+                        {
+                        perror(outfile);
+                        EXIT(1);
+                        }
+                }
+        if (!results)
+                BIO_puts(out,"obase=16\nibase=16\n");
+        message(out,"BN_add");
+        if (!test_add(out)) goto err;
+        BIO_flush(out);
+        message(out,"BN_sub");
+        if (!test_sub(out)) goto err;
+        BIO_flush(out);
+        message(out,"BN_lshift1");
+        if (!test_lshift1(out)) goto err;
+        BIO_flush(out);
+        message(out,"BN_lshift (fixed)");
+        if (!test_lshift(out,ctx,BN_bin2bn(lst,sizeof(lst)-1,NULL)))
+            goto err;
+        BIO_flush(out);
+        message(out,"BN_lshift");
+        if (!test_lshift(out,ctx,NULL)) goto err;
+        BIO_flush(out);
+        message(out,"BN_rshift1");
+        if (!test_rshift1(out)) goto err;
+        BIO_flush(out);
+        message(out,"BN_rshift");
+        if (!test_rshift(out,ctx)) goto err;
+        BIO_flush(out);
+        message(out,"BN_sqr");
+        if (!test_sqr(out,ctx)) goto err;
+        BIO_flush(out);
+        message(out,"BN_mul");
+        if (!test_mul(out)) goto err;
+        BIO_flush(out);
+        message(out,"BN_div");
+        if (!test_div(out,ctx)) goto err;
+        BIO_flush(out);
+        message(out,"BN_div_recp");
+        if (!test_div_recp(out,ctx)) goto err;
+        BIO_flush(out);
+        message(out,"BN_mod");
+        if (!test_mod(out,ctx)) goto err;
+        BIO_flush(out);
+        message(out,"BN_mod_mul");
+        if (!test_mod_mul(out,ctx)) goto err;
+        BIO_flush(out);
+        message(out,"BN_mont");
+        if (!test_mont(out,ctx)) goto err;
+        BIO_flush(out);
+        message(out,"BN_mod_exp");
+        if (!test_mod_exp(out,ctx)) goto err;
+        BIO_flush(out);
+        message(out,"BN_mod_exp_mont_consttime");
+        if (!test_mod_exp_mont_consttime(out,ctx)) goto err;
+        BIO_flush(out);
+        message(out,"BN_exp");
+        if (!test_exp(out,ctx)) goto err;
+        BIO_flush(out);
+        message(out,"BN_kronecker");
+        if (!test_kron(out,ctx)) goto err;
+        BIO_flush(out);
+        message(out,"BN_mod_sqrt");
+        if (!test_sqrt(out,ctx)) goto err;
+        BIO_flush(out);
+        BN_CTX_free(ctx);
+        BIO_free(out);
+/**/
+        EXIT(0);
+err:
+        BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
+                              * the failure, see test_bn in test/Makefile */
+        BIO_flush(out);
+        ERR_load_crypto_strings();
+        ERR_print_errors_fp(stderr);
+        EXIT(1);
+        return(1);
+        }
+int test_add(BIO *bp)
+        {
+        BIGNUM a,b,c;
+        int i;
+        BN_init(&a);
+        BN_init(&b);
+        BN_init(&c);
+        BN_bntest_rand(&a,512,0,0);
+        for (i=0; i<num0; i++)
+                {
+                BN_bntest_rand(&b,450+i,0,0);
+                a.neg=rand_neg();
+                b.neg=rand_neg();
+                BN_add(&c,&a,&b);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,&a);
+                                BIO_puts(bp," + ");
+                                BN_print(bp,&b);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,&c);
+                        BIO_puts(bp,"\n");
+                        }
+                a.neg=!a.neg;
+                b.neg=!b.neg;
+                BN_add(&c,&c,&b);
+                BN_add(&c,&c,&a);
+                if(!BN_is_zero(&c))
+                    {
+                    fprintf(stderr,"Add test failed!\n");
+                    return 0;
+                    }
+                }
+        BN_free(&a);
+        BN_free(&b);
+        BN_free(&c);
+        return(1);
+        }
+int test_sub(BIO *bp)
+        {
+        BIGNUM a,b,c;
+        int i;
+        BN_init(&a);
+        BN_init(&b);
+        BN_init(&c);
+        for (i=0; i<num0+num1; i++)
+                {
+                if (i < num1)
+                        {
+                        BN_bntest_rand(&a,512,0,0);
+                        BN_copy(&b,&a);
+                        if (BN_set_bit(&a,i)==0) return(0);
+                        BN_add_word(&b,i);
+                        }
+                else
+                        {
+                        BN_bntest_rand(&b,400+i-num1,0,0);
+                        a.neg=rand_neg();
+                        b.neg=rand_neg();
+                        }
+                BN_sub(&c,&a,&b);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,&a);
+                                BIO_puts(bp," - ");
+                                BN_print(bp,&b);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,&c);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_add(&c,&c,&b);
+                BN_sub(&c,&c,&a);
+                if(!BN_is_zero(&c))
+                    {
+                    fprintf(stderr,"Subtract test failed!\n");
+                    return 0;
+                    }
+                }
+        BN_free(&a);
+        BN_free(&b);
+        BN_free(&c);
+        return(1);
+        }
+int test_div(BIO *bp, BN_CTX *ctx)
+        {
+        BIGNUM a,b,c,d,e;
+        int i;
+        BN_init(&a);
+        BN_init(&b);
+        BN_init(&c);
+        BN_init(&d);
+        BN_init(&e);
+        for (i=0; i<num0+num1; i++)
+                {
+                if (i < num1)
+                        {
+                        BN_bntest_rand(&a,400,0,0);
+                        BN_copy(&b,&a);
+                        BN_lshift(&a,&a,i);
+                        BN_add_word(&a,i);
+                        }
+                else
+                        BN_bntest_rand(&b,50+3*(i-num1),0,0);
+                a.neg=rand_neg();
+                b.neg=rand_neg();
+                BN_div(&d,&c,&a,&b,ctx);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,&a);
+                                BIO_puts(bp," / ");
+                                BN_print(bp,&b);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,&d);
+                        BIO_puts(bp,"\n");
+                        if (!results)
+                                {
+                                BN_print(bp,&a);
+                                BIO_puts(bp," % ");
+                                BN_print(bp,&b);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,&c);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_mul(&e,&d,&b,ctx);
+                BN_add(&d,&e,&c);
+                BN_sub(&d,&d,&a);
+                if(!BN_is_zero(&d))
+                    {
+                    fprintf(stderr,"Division test failed!\n");
+                    return 0;
+                    }
+                }
+        BN_free(&a);
+        BN_free(&b);
+        BN_free(&c);
+        BN_free(&d);
+        BN_free(&e);
+        return(1);
+        }
+int test_div_recp(BIO *bp, BN_CTX *ctx)
+        {
+        BIGNUM a,b,c,d,e;
+        BN_RECP_CTX recp;
+        int i;
+        BN_RECP_CTX_init(&recp);
+        BN_init(&a);
+        BN_init(&b);
+        BN_init(&c);
+        BN_init(&d);
+        BN_init(&e);
+        for (i=0; i<num0+num1; i++)
+                {
+                if (i < num1)
+                        {
+                        BN_bntest_rand(&a,400,0,0);
+                        BN_copy(&b,&a);
+                        BN_lshift(&a,&a,i);
+                        BN_add_word(&a,i);
+                        }
+                else
+                        BN_bntest_rand(&b,50+3*(i-num1),0,0);
+                a.neg=rand_neg();
+                b.neg=rand_neg();
+                BN_RECP_CTX_set(&recp,&b,ctx);
+                BN_div_recp(&d,&c,&a,&recp,ctx);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,&a);
+                                BIO_puts(bp," / ");
+                                BN_print(bp,&b);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,&d);
+                        BIO_puts(bp,"\n");
+                        if (!results)
+                                {
+                                BN_print(bp,&a);
+                                BIO_puts(bp," % ");
+                                BN_print(bp,&b);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,&c);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_mul(&e,&d,&b,ctx);
+                BN_add(&d,&e,&c);
+                BN_sub(&d,&d,&a);
+                if(!BN_is_zero(&d))
+                    {
+                    fprintf(stderr,"Reciprocal division test failed!\n");
+                    fprintf(stderr,"a=");
+                    BN_print_fp(stderr,&a);
+                    fprintf(stderr,"\nb=");
+                    BN_print_fp(stderr,&b);
+                    fprintf(stderr,"\n");
+                    return 0;
+                    }
+                }
+        BN_free(&a);
+        BN_free(&b);
+        BN_free(&c);
+        BN_free(&d);
+        BN_free(&e);
+        BN_RECP_CTX_free(&recp);
+        return(1);
+        }
+int test_mul(BIO *bp)
+        {
+        BIGNUM a,b,c,d,e;
+        int i;
+        BN_CTX *ctx;
+        ctx = BN_CTX_new();
+        if (ctx == NULL) EXIT(1);
+        
+        BN_init(&a);
+        BN_init(&b);
+        BN_init(&c);
+        BN_init(&d);
+        BN_init(&e);
+        for (i=0; i<num0+num1; i++)
+                {
+                if (i <= num1)
+                        {
+                        BN_bntest_rand(&a,100,0,0);
+                        BN_bntest_rand(&b,100,0,0);
+                        }
+                else
+                        BN_bntest_rand(&b,i-num1,0,0);
+                a.neg=rand_neg();
+                b.neg=rand_neg();
+                BN_mul(&c,&a,&b,ctx);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,&a);
+                                BIO_puts(bp," * ");
+                                BN_print(bp,&b);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,&c);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_div(&d,&e,&c,&a,ctx);
+                BN_sub(&d,&d,&b);
+                if(!BN_is_zero(&d) || !BN_is_zero(&e))
+                    {
+                    fprintf(stderr,"Multiplication test failed!\n");
+                    return 0;
+                    }
+                }
+        BN_free(&a);
+        BN_free(&b);
+        BN_free(&c);
+        BN_free(&d);
+        BN_free(&e);
+        BN_CTX_free(ctx);
+        return(1);
+        }
+int test_sqr(BIO *bp, BN_CTX *ctx)
+        {
+        BIGNUM a,c,d,e;
+        int i;
+        BN_init(&a);
+        BN_init(&c);
+        BN_init(&d);
+        BN_init(&e);
+        for (i=0; i<num0; i++)
+                {
+                BN_bntest_rand(&a,40+i*10,0,0);
+                a.neg=rand_neg();
+                BN_sqr(&c,&a,ctx);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,&a);
+                                BIO_puts(bp," * ");
+                                BN_print(bp,&a);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,&c);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_div(&d,&e,&c,&a,ctx);
+                BN_sub(&d,&d,&a);
+                if(!BN_is_zero(&d) || !BN_is_zero(&e))
+                    {
+                    fprintf(stderr,"Square test failed!\n");
+                    return 0;
+                    }
+                }
+        BN_free(&a);
+        BN_free(&c);
+        BN_free(&d);
+        BN_free(&e);
+        return(1);
+        }
+int test_mont(BIO *bp, BN_CTX *ctx)
+        {
+        BIGNUM a,b,c,d,A,B;
+        BIGNUM n;
+        int i;
+        BN_MONT_CTX *mont;
+        BN_init(&a);
+        BN_init(&b);
+        BN_init(&c);
+        BN_init(&d);
+        BN_init(&A);
+        BN_init(&B);
+        BN_init(&n);
+        mont=BN_MONT_CTX_new();
+        BN_bntest_rand(&a,100,0,0); /**/
+        BN_bntest_rand(&b,100,0,0); /**/
+        for (i=0; i<num2; i++)
+                {
+                int bits = (200*(i+1))/num2;
+                if (bits == 0)
+                        continue;
+                BN_bntest_rand(&n,bits,0,1);
+                BN_MONT_CTX_set(mont,&n,ctx);
+                BN_nnmod(&a,&a,&n,ctx);
+                BN_nnmod(&b,&b,&n,ctx);
+                BN_to_montgomery(&A,&a,mont,ctx);
+                BN_to_montgomery(&B,&b,mont,ctx);
+                BN_mod_mul_montgomery(&c,&A,&B,mont,ctx);/**/
+                BN_from_montgomery(&A,&c,mont,ctx);/**/
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+#ifdef undef
+fprintf(stderr,"%d * %d %% %d\n",
+BN_num_bits(&a),
+BN_num_bits(&b),
+BN_num_bits(mont->N));
+#endif
+                                BN_print(bp,&a);
+                                BIO_puts(bp," * ");
+                                BN_print(bp,&b);
+                                BIO_puts(bp," % ");
+                                BN_print(bp,&(mont->N));
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,&A);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_mod_mul(&d,&a,&b,&n,ctx);
+                BN_sub(&d,&d,&A);
+                if(!BN_is_zero(&d))
+                    {
+                    fprintf(stderr,"Montgomery multiplication test failed!\n");
+                    return 0;
+                    }
+                }
+        BN_MONT_CTX_free(mont);
+        BN_free(&a);
+        BN_free(&b);
+        BN_free(&c);
+        BN_free(&d);
+        BN_free(&A);
+        BN_free(&B);
+        BN_free(&n);
+        return(1);
+        }
+int test_mod(BIO *bp, BN_CTX *ctx)
+        {
+        BIGNUM *a,*b,*c,*d,*e;
+        int i;
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        d=BN_new();
+        e=BN_new();
+        BN_bntest_rand(a,1024,0,0); /**/
+        for (i=0; i<num0; i++)
+                {
+                BN_bntest_rand(b,450+i*10,0,0); /**/
+                a->neg=rand_neg();
+                b->neg=rand_neg();
+                BN_mod(c,a,b,ctx);/**/
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," % ");
+                                BN_print(bp,b);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,c);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_div(d,e,a,b,ctx);
+                BN_sub(e,e,c);
+                if(!BN_is_zero(e))
+                    {
+                    fprintf(stderr,"Modulo test failed!\n");
+                    return 0;
+                    }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        BN_free(d);
+        BN_free(e);
+        return(1);
+        }
+int test_mod_mul(BIO *bp, BN_CTX *ctx)
+        {
+        BIGNUM *a,*b,*c,*d,*e;
+        int i,j;
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        d=BN_new();
+        e=BN_new();
+        for (j=0; j<3; j++) {
+        BN_bntest_rand(c,1024,0,0); /**/
+        for (i=0; i<num0; i++)
+                {
+                BN_bntest_rand(a,475+i*10,0,0); /**/
+                BN_bntest_rand(b,425+i*11,0,0); /**/
+                a->neg=rand_neg();
+                b->neg=rand_neg();
+                if (!BN_mod_mul(e,a,b,c,ctx))
+                        {
+                        unsigned long l;
+                        while ((l=ERR_get_error()))
+                                fprintf(stderr,"ERROR:%s\n",
+                                        ERR_error_string(l,NULL));
+                        EXIT(1);
+                        }
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," * ");
+                                BN_print(bp,b);
+                                BIO_puts(bp," % ");
+                                BN_print(bp,c);
+                                if ((a->neg ^ b->neg) && !BN_is_zero(e))
+                                        {
+                                        /* If  (a*b) % c  is negative,  c  must be added
+                                         * in order to obtain the normalized remainder
+                                         * (new with OpenSSL 0.9.7, previous versions of
+                                         * BN_mod_mul could generate negative results)
+                                         */
+                                        BIO_puts(bp," + ");
+                                        BN_print(bp,c);
+                                        }
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,e);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_mul(d,a,b,ctx);
+                BN_sub(d,d,e);
+                BN_div(a,b,d,c,ctx);
+                if(!BN_is_zero(b))
+                    {
+                    fprintf(stderr,"Modulo multiply test failed!\n");
+                    ERR_print_errors_fp(stderr);
+                    return 0;
+                    }
+                }
+        }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        BN_free(d);
+        BN_free(e);
+        return(1);
+        }
+int test_mod_exp(BIO *bp, BN_CTX *ctx)
+        {
+        BIGNUM *a,*b,*c,*d,*e;
+        int i;
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        d=BN_new();
+        e=BN_new();
+        BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
+        for (i=0; i<num2; i++)
+                {
+                BN_bntest_rand(a,20+i*5,0,0); /**/
+                BN_bntest_rand(b,2+i,0,0); /**/
+                if (!BN_mod_exp(d,a,b,c,ctx))
+                        return(0);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," ^ ");
+                                BN_print(bp,b);
+                                BIO_puts(bp," % ");
+                                BN_print(bp,c);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,d);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_exp(e,a,b,ctx);
+                BN_sub(e,e,d);
+                BN_div(a,b,e,c,ctx);
+                if(!BN_is_zero(b))
+                    {
+                    fprintf(stderr,"Modulo exponentiation test failed!\n");
+                    return 0;
+                    }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        BN_free(d);
+        BN_free(e);
+        return(1);
+        }
+int test_mod_exp_mont_consttime(BIO *bp, BN_CTX *ctx)
+        {
+        BIGNUM *a,*b,*c,*d,*e;
+        int i;
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        d=BN_new();
+        e=BN_new();
+        BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
+        for (i=0; i<num2; i++)
+                {
+                BN_bntest_rand(a,20+i*5,0,0); /**/
+                BN_bntest_rand(b,2+i,0,0); /**/
+                if (!BN_mod_exp_mont_consttime(d,a,b,c,ctx,NULL))
+                        return(00);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," ^ ");
+                                BN_print(bp,b);
+                                BIO_puts(bp," % ");
+                                BN_print(bp,c);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,d);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_exp(e,a,b,ctx);
+                BN_sub(e,e,d);
+                BN_div(a,b,e,c,ctx);
+                if(!BN_is_zero(b))
+                    {
+                    fprintf(stderr,"Modulo exponentiation test failed!\n");
+                    return 0;
+                    }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        BN_free(d);
+        BN_free(e);
+        return(1);
+        }
+int test_exp(BIO *bp, BN_CTX *ctx)
+        {
+        BIGNUM *a,*b,*d,*e,*one;
+        int i;
+        a=BN_new();
+        b=BN_new();
+        d=BN_new();
+        e=BN_new();
+        one=BN_new();
+        BN_one(one);
+        for (i=0; i<num2; i++)
+                {
+                BN_bntest_rand(a,20+i*5,0,0); /**/
+                BN_bntest_rand(b,2+i,0,0); /**/
+                if (!BN_exp(d,a,b,ctx))
+                        return(0);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," ^ ");
+                                BN_print(bp,b);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,d);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_one(e);
+                for( ; !BN_is_zero(b) ; BN_sub(b,b,one))
+                    BN_mul(e,e,a,ctx);
+                BN_sub(e,e,d);
+                if(!BN_is_zero(e))
+                    {
+                    fprintf(stderr,"Exponentiation test failed!\n");
+                    return 0;
+                    }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(d);
+        BN_free(e);
+        BN_free(one);
+        return(1);
+        }
+static void genprime_cb(int p, int n, void *arg)
+        {
+        char c='*';
+        if (p == 0) c='.';
+        if (p == 1) c='+';
+        if (p == 2) c='*';
+        if (p == 3) c='\n';
+        putc(c, stderr);
+        fflush(stderr);
+        (void)n;
+        (void)arg;
+        }
+int test_kron(BIO *bp, BN_CTX *ctx)
+        {
+        BIGNUM *a,*b,*r,*t;
+        int i;
+        int legendre, kronecker;
+        int ret = 0;
+        a = BN_new();
+        b = BN_new();
+        r = BN_new();
+        t = BN_new();
+        if (a == NULL || b == NULL || r == NULL || t == NULL) goto err;
+        
+        /* We test BN_kronecker(a, b, ctx) just for  b  odd (Jacobi symbol).
+         * In this case we know that if  b  is prime, then BN_kronecker(a, b, ctx)
+         * is congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol).
+         * So we generate a random prime  b  and compare these values
+         * for a number of random  a's.  (That is, we run the Solovay-Strassen
+         * primality test to confirm that  b  is prime, except that we
+         * don't want to test whether  b  is prime but whether BN_kronecker
+         * works.) */
+        if (!BN_generate_prime(b, 512, 0, NULL, NULL, genprime_cb, NULL)) goto err;
+        b->neg = rand_neg();
+        putc('\n', stderr);
+        for (i = 0; i < num0; i++)
+                {
+                if (!BN_bntest_rand(a, 512, 0, 0)) goto err;
+                a->neg = rand_neg();
+                /* t := (|b|-1)/2  (note that b is odd) */
+                if (!BN_copy(t, b)) goto err;
+                t->neg = 0;
+                if (!BN_sub_word(t, 1)) goto err;
+                if (!BN_rshift1(t, t)) goto err;
+                /* r := a^t mod b */
+                b->neg=0;
+                
+                if (!BN_mod_exp_recp(r, a, t, b, ctx)) goto err;
+                b->neg=1;
+                if (BN_is_word(r, 1))
+                        legendre = 1;
+                else if (BN_is_zero(r))
+                        legendre = 0;
+                else
+                        {
+                        if (!BN_add_word(r, 1)) goto err;
+                        if (0 != BN_ucmp(r, b))
+                                {
+                                fprintf(stderr, "Legendre symbol computation failed\n");
+                                goto err;
+                                }
+                        legendre = -1;
+                        }
+                
+                kronecker = BN_kronecker(a, b, ctx);
+                if (kronecker < -1) goto err;
+                /* we actually need BN_kronecker(a, |b|) */
+                if (a->neg && b->neg)
+                        kronecker = -kronecker;
+                
+                if (legendre != kronecker)
+                        {
+                        fprintf(stderr, "legendre != kronecker; a = ");
+                        BN_print_fp(stderr, a);
+                        fprintf(stderr, ", b = ");
+                        BN_print_fp(stderr, b);
+                        fprintf(stderr, "\n");
+                        goto err;
+                        }
+                putc('.', stderr);
+                fflush(stderr);
+                }
+        putc('\n', stderr);
+        fflush(stderr);
+        ret = 1;
+ err:
+        if (a != NULL) BN_free(a);
+        if (b != NULL) BN_free(b);
+        if (r != NULL) BN_free(r);
+        if (t != NULL) BN_free(t);
+        return ret;
+        }
+int test_sqrt(BIO *bp, BN_CTX *ctx)
+        {
+        BIGNUM *a,*p,*r;
+        int i, j;
+        int ret = 0;
+        a = BN_new();
+        p = BN_new();
+        r = BN_new();
+        if (a == NULL || p == NULL || r == NULL) goto err;
+        
+        for (i = 0; i < 16; i++)
+                {
+                if (i < 8)
+                        {
+                        unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 };
+                        
+                        if (!BN_set_word(p, primes[i])) goto err;
+                        }
+                else
+                        {
+                        if (!BN_set_word(a, 32)) goto err;
+                        if (!BN_set_word(r, 2*i + 1)) goto err;
+                
+                        if (!BN_generate_prime(p, 256, 0, a, r, genprime_cb, NULL)) goto err;
+                        putc('\n', stderr);
+                        }
+                p->neg = rand_neg();
+                for (j = 0; j < num2; j++)
+                        {
+                        /* construct 'a' such that it is a square modulo p,
+                         * but in general not a proper square and not reduced modulo p */
+                        if (!BN_bntest_rand(r, 256, 0, 3)) goto err;
+                        if (!BN_nnmod(r, r, p, ctx)) goto err;
+                        if (!BN_mod_sqr(r, r, p, ctx)) goto err;
+                        if (!BN_bntest_rand(a, 256, 0, 3)) goto err;
+                        if (!BN_nnmod(a, a, p, ctx)) goto err;
+                        if (!BN_mod_sqr(a, a, p, ctx)) goto err;
+                        if (!BN_mul(a, a, r, ctx)) goto err;
+                        if (rand_neg())
+                                if (!BN_sub(a, a, p)) goto err;
+                        if (!BN_mod_sqrt(r, a, p, ctx)) goto err;
+                        if (!BN_mod_sqr(r, r, p, ctx)) goto err;
+                        if (!BN_nnmod(a, a, p, ctx)) goto err;
+                        if (BN_cmp(a, r) != 0)
+                                {
+                                fprintf(stderr, "BN_mod_sqrt failed: a = ");
+                                BN_print_fp(stderr, a);
+                                fprintf(stderr, ", r = ");
+                                BN_print_fp(stderr, r);
+                                fprintf(stderr, ", p = ");
+                                BN_print_fp(stderr, p);
+                                fprintf(stderr, "\n");
+                                goto err;
+                                }
+                        putc('.', stderr);
+                        fflush(stderr);
+                        }
+                
+                putc('\n', stderr);
+                fflush(stderr);
+                }
+        ret = 1;
+ err:
+        if (a != NULL) BN_free(a);
+        if (p != NULL) BN_free(p);
+        if (r != NULL) BN_free(r);
+        return ret;
+        }
+int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_)
+        {
+        BIGNUM *a,*b,*c,*d;
+        int i;
+        b=BN_new();
+        c=BN_new();
+        d=BN_new();
+        BN_one(c);
+        if(a_)
+            a=a_;
+        else
+            {
+            a=BN_new();
+            BN_bntest_rand(a,200,0,0); /**/
+            a->neg=rand_neg();
+            }
+        for (i=0; i<num0; i++)
+                {
+                BN_lshift(b,a,i+1);
+                BN_add(c,c,c);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," * ");
+                                BN_print(bp,c);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,b);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_mul(d,a,c,ctx);
+                BN_sub(d,d,b);
+                if(!BN_is_zero(d))
+                    {
+                    fprintf(stderr,"Left shift test failed!\n");
+                    fprintf(stderr,"a=");
+                    BN_print_fp(stderr,a);
+                    fprintf(stderr,"\nb=");
+                    BN_print_fp(stderr,b);
+                    fprintf(stderr,"\nc=");
+                    BN_print_fp(stderr,c);
+                    fprintf(stderr,"\nd=");
+                    BN_print_fp(stderr,d);
+                    fprintf(stderr,"\n");
+                    return 0;
+                    }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        BN_free(d);
+        return(1);
+        }
+int test_lshift1(BIO *bp)
+        {
+        BIGNUM *a,*b,*c;
+        int i;
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        BN_bntest_rand(a,200,0,0); /**/
+        a->neg=rand_neg();
+        for (i=0; i<num0; i++)
+                {
+                BN_lshift1(b,a);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," * 2");
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,b);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_add(c,a,a);
+                BN_sub(a,b,c);
+                if(!BN_is_zero(a))
+                    {
+                    fprintf(stderr,"Left shift one test failed!\n");
+                    return 0;
+                    }
+                
+                BN_copy(a,b);
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        return(1);
+        }
+int test_rshift(BIO *bp,BN_CTX *ctx)
+        {
+        BIGNUM *a,*b,*c,*d,*e;
+        int i;
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        d=BN_new();
+        e=BN_new();
+        BN_one(c);
+        BN_bntest_rand(a,200,0,0); /**/
+        a->neg=rand_neg();
+        for (i=0; i<num0; i++)
+                {
+                BN_rshift(b,a,i+1);
+                BN_add(c,c,c);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," / ");
+                                BN_print(bp,c);
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,b);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_div(d,e,a,c,ctx);
+                BN_sub(d,d,b);
+                if(!BN_is_zero(d))
+                    {
+                    fprintf(stderr,"Right shift test failed!\n");
+                    return 0;
+                    }
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        BN_free(d);
+        BN_free(e);
+        return(1);
+        }
+int test_rshift1(BIO *bp)
+        {
+        BIGNUM *a,*b,*c;
+        int i;
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        BN_bntest_rand(a,200,0,0); /**/
+        a->neg=rand_neg();
+        for (i=0; i<num0; i++)
+                {
+                BN_rshift1(b,a);
+                if (bp != NULL)
+                        {
+                        if (!results)
+                                {
+                                BN_print(bp,a);
+                                BIO_puts(bp," / 2");
+                                BIO_puts(bp," - ");
+                                }
+                        BN_print(bp,b);
+                        BIO_puts(bp,"\n");
+                        }
+                BN_sub(c,a,b);
+                BN_sub(c,c,b);
+                if(!BN_is_zero(c) && !BN_abs_is_word(c, 1))
+                    {
+                    fprintf(stderr,"Right shift one test failed!\n");
+                    return 0;
+                    }
+                BN_copy(a,b);
+                }
+        BN_free(a);
+        BN_free(b);
+        BN_free(c);
+        return(1);
+        }
+int rand_neg(void)
+        {
+        static unsigned int neg=0;
+        static int sign[8]={0,0,0,1,1,0,1,1};
+        return(sign[(neg++)%8]);
+        }
diff --git a/src/lib/libcrypto/bn/divtest.c b/src/lib/libcrypto/bn/divtest.c
new file mode 100644
index 0000000000..d3fc688f33
--- /dev/null
+++ b/src/lib/libcrypto/bn/divtest.c
@@ -0,0 +1,41 @@
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+static int Rand(n)
+{
+    unsigned char x[2];
+    RAND_pseudo_bytes(x,2);
+    return (x[0] + 2*x[1]);
+}
+static void bug(char *m, BIGNUM *a, BIGNUM *b)
+{
+    printf("%s!\na=",m);
+    BN_print_fp(stdout, a);
+    printf("\nb=");
+    BN_print_fp(stdout, b);
+    printf("\n");
+    fflush(stdout);
+}
+main()
+{
+    BIGNUM *a=BN_new(), *b=BN_new(), *c=BN_new(), *d=BN_new(),
+        *C=BN_new(), *D=BN_new();
+    BN_RECP_CTX *recp=BN_RECP_CTX_new();
+    BN_CTX *ctx=BN_CTX_new();
+    for(;;) {
+        BN_pseudo_rand(a,Rand(),0,0);
+        BN_pseudo_rand(b,Rand(),0,0);
+        if (BN_is_zero(b)) continue;
+        BN_RECP_CTX_set(recp,b,ctx);
+        if (BN_div(C,D,a,b,ctx) != 1)
+            bug("BN_div failed",a,b);
+        if (BN_div_recp(c,d,a,recp,ctx) != 1)
+            bug("BN_div_recp failed",a,b);
+        else if (BN_cmp(c,C) != 0 || BN_cmp(c,C) != 0)
+            bug("mismatch",a,b);
+    }
+}
diff --git a/src/lib/libcrypto/bn/exp.c b/src/lib/libcrypto/bn/exp.c
new file mode 100644
index 0000000000..4865b0ef74
--- /dev/null
+++ b/src/lib/libcrypto/bn/exp.c
@@ -0,0 +1,62 @@
+/* unused */
+#include <stdio.h>
+#include <openssl/tmdiff.h>
+#include "bn_lcl.h"
+#define SIZE    256
+#define NUM     (8*8*8)
+#define MOD     (8*8*8*8*8)
+main(argc,argv)
+int argc;
+char *argv[];
+        {
+        BN_CTX ctx;
+        BIGNUM a,b,c,r,rr,t,l;
+        int j,i,size=SIZE,num=NUM,mod=MOD;
+        char *start,*end;
+        BN_MONT_CTX mont;
+        double d,md;
+        BN_MONT_CTX_init(&mont);
+        BN_CTX_init(&ctx);
+        BN_init(&a);
+        BN_init(&b);
+        BN_init(&c);
+        BN_init(&r);
+        start=ms_time_new();
+        end=ms_time_new();
+        while (size <= 1024*8)
+                {
+                BN_rand(&a,size,0,0);
+                BN_rand(&b,size,1,0);
+                BN_rand(&c,size,0,1);
+                BN_mod(&a,&a,&c,&ctx);
+                ms_time_get(start);
+                for (i=0; i<10; i++)
+                        BN_MONT_CTX_set(&mont,&c,&ctx);
+                ms_time_get(end);
+                md=ms_time_diff(start,end);
+                ms_time_get(start);
+                for (i=0; i<num; i++)
+                        {
+                        /* bn_mull(&r,&a,&b,&ctx); */
+                        /* BN_sqr(&r,&a,&ctx); */
+                        BN_mod_exp_mont(&r,&a,&b,&c,&ctx,&mont);
+                        }
+                ms_time_get(end);
+                d=ms_time_diff(start,end)/* *50/33 */;
+                printf("%5d bit:%6.2f %6d %6.4f %4d m_set(%5.4f)\n",size,
+                        d,num,d/num,(int)((d/num)*mod),md/10.0);
+                num/=8;
+                mod/=8;
+                if (num <= 0) num=1;
+                size*=2;
+                }
+        }
diff --git a/src/lib/libcrypto/bn/expspeed.c b/src/lib/libcrypto/bn/expspeed.c
new file mode 100644
index 0000000000..4d5f221f33
--- /dev/null
+++ b/src/lib/libcrypto/bn/expspeed.c
@@ -0,0 +1,353 @@
+/* unused */
+/* crypto/bn/expspeed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* most of this code has been pilfered from my libdes speed.c program */
+#define BASENUM 5000
+#define NUM_START 0
+/* determine timings for modexp, modmul, modsqr, gcd, Kronecker symbol,
+ * modular inverse, or modular square roots */
+#define TEST_EXP
+#undef TEST_MUL
+#undef TEST_SQR
+#undef TEST_GCD
+#undef TEST_KRON
+#undef TEST_INV
+#undef TEST_SQRT
+#define P_MOD_64 9 /* least significant 6 bits for prime to be used for BN_sqrt timings */
+#if defined(TEST_EXP) + defined(TEST_MUL) + defined(TEST_SQR) + defined(TEST_GCD) + defined(TEST_KRON) + defined(TEST_INV) +defined(TEST_SQRT) != 1
+#  error "choose one test"
+#endif
+#if defined(TEST_INV) || defined(TEST_SQRT)
+#  define C_PRIME
+static void genprime_cb(int p, int n, void *arg);
+#endif
+#undef PROG
+#define PROG bnspeed_main
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+#define TIMES
+#endif
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.                           -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#include <openssl/bn.h>
+#include <openssl/x509.h>
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+#   define HZ   100.0
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+#undef BUFSIZE
+#define BUFSIZE ((long)1024*8)
+int run=0;
+static double Time_F(int s);
+#define START   0
+#define STOP    1
+static double Time_F(int s)
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret < 1e-3)?1e-3:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+                return((ret < 0.001)?0.001:ret);
+                }
+#endif
+        }
+#define NUM_SIZES       7
+#if NUM_START > NUM_SIZES
+#   error "NUM_START > NUM_SIZES"
+#endif
+static int sizes[NUM_SIZES]={128,256,512,1024,2048,4096,8192};
+static int mul_c[NUM_SIZES]={8*8*8*8*8*8,8*8*8*8*8,8*8*8*8,8*8*8,8*8,8,1};
+/*static int sizes[NUM_SIZES]={59,179,299,419,539}; */
+#define RAND_SEED(string) { const char str[] = string; RAND_seed(string, sizeof str); }
+void do_mul_exp(BIGNUM *r,BIGNUM *a,BIGNUM *b,BIGNUM *c,BN_CTX *ctx); 
+int main(int argc, char **argv)
+        {
+        BN_CTX *ctx;
+        BIGNUM *a,*b,*c,*r;
+#if 1
+        if (!CRYPTO_set_mem_debug_functions(0,0,0,0,0))
+                abort();
+#endif
+        ctx=BN_CTX_new();
+        a=BN_new();
+        b=BN_new();
+        c=BN_new();
+        r=BN_new();
+        while (!RAND_status())
+                /* not enough bits */
+                RAND_SEED("I demand a manual recount!");
+        do_mul_exp(r,a,b,c,ctx);
+        return 0;
+        }
+void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx)
+        {
+        int i,k;
+        double tm;
+        long num;
+        num=BASENUM;
+        for (i=NUM_START; i<NUM_SIZES; i++)
+                {
+#ifdef C_PRIME
+#  ifdef TEST_SQRT
+                if (!BN_set_word(a, 64)) goto err;
+                if (!BN_set_word(b, P_MOD_64)) goto err;
+#    define ADD a
+#    define REM b
+#  else
+#    define ADD NULL
+#    define REM NULL
+#  endif
+                if (!BN_generate_prime(c,sizes[i],0,ADD,REM,genprime_cb,NULL)) goto err;
+                putc('\n', stderr);
+                fflush(stderr);
+#endif
+                for (k=0; k<num; k++)
+                        {
+                        if (k%50 == 0) /* Average over num/50 different choices of random numbers. */
+                                {
+                                if (!BN_pseudo_rand(a,sizes[i],1,0)) goto err;
+                                if (!BN_pseudo_rand(b,sizes[i],1,0)) goto err;
+#ifndef C_PRIME
+                                if (!BN_pseudo_rand(c,sizes[i],1,1)) goto err;
+#endif
+#ifdef TEST_SQRT                                
+                                if (!BN_mod_sqr(a,a,c,ctx)) goto err;
+                                if (!BN_mod_sqr(b,b,c,ctx)) goto err;
+#else
+                                if (!BN_nnmod(a,a,c,ctx)) goto err;
+                                if (!BN_nnmod(b,b,c,ctx)) goto err;
+#endif
+                                if (k == 0)
+                                        Time_F(START);
+                                }
+#if defined(TEST_EXP)
+                        if (!BN_mod_exp(r,a,b,c,ctx)) goto err;
+#elif defined(TEST_MUL)
+                        {
+                        int i = 0;
+                        for (i = 0; i < 50; i++)
+                                if (!BN_mod_mul(r,a,b,c,ctx)) goto err;
+                        }
+#elif defined(TEST_SQR)
+                        {
+                        int i = 0;
+                        for (i = 0; i < 50; i++)
+                                {
+                                if (!BN_mod_sqr(r,a,c,ctx)) goto err;
+                                if (!BN_mod_sqr(r,b,c,ctx)) goto err;
+                                }
+                        }
+#elif defined(TEST_GCD)
+                        if (!BN_gcd(r,a,b,ctx)) goto err;
+                        if (!BN_gcd(r,b,c,ctx)) goto err;
+                        if (!BN_gcd(r,c,a,ctx)) goto err;
+#elif defined(TEST_KRON)
+                        if (-2 == BN_kronecker(a,b,ctx)) goto err;
+                        if (-2 == BN_kronecker(b,c,ctx)) goto err;
+                        if (-2 == BN_kronecker(c,a,ctx)) goto err;
+#elif defined(TEST_INV)
+                        if (!BN_mod_inverse(r,a,c,ctx)) goto err;
+                        if (!BN_mod_inverse(r,b,c,ctx)) goto err;
+#else /* TEST_SQRT */
+                        if (!BN_mod_sqrt(r,a,c,ctx)) goto err;
+                        if (!BN_mod_sqrt(r,b,c,ctx)) goto err;
+#endif
+                        }
+                tm=Time_F(STOP);
+                printf(
+#if defined(TEST_EXP)
+                        "modexp %4d ^ %4d %% %4d"
+#elif defined(TEST_MUL)
+                        "50*modmul %4d %4d %4d"
+#elif defined(TEST_SQR)
+                        "100*modsqr %4d %4d %4d"
+#elif defined(TEST_GCD)
+                        "3*gcd %4d %4d %4d"
+#elif defined(TEST_KRON)
+                        "3*kronecker %4d %4d %4d"
+#elif defined(TEST_INV)
+                        "2*inv %4d %4d mod %4d"
+#else /* TEST_SQRT */
+                        "2*sqrt [prime == %d (mod 64)] %4d %4d mod %4d"
+#endif
+                        " -> %8.6fms %5.1f (%ld)\n",
+#ifdef TEST_SQRT
+                        P_MOD_64,
+#endif
+                        sizes[i],sizes[i],sizes[i],tm*1000.0/num,tm*mul_c[i]/num, num);
+                num/=7;
+                if (num <= 0) num=1;
+                }
+        return;
+ err:
+        ERR_print_errors_fp(stderr);
+        }
+#ifdef C_PRIME
+static void genprime_cb(int p, int n, void *arg)
+        {
+        char c='*';
+        if (p == 0) c='.';
+        if (p == 1) c='+';
+        if (p == 2) c='*';
+        if (p == 3) c='\n';
+        putc(c, stderr);
+        fflush(stderr);
+        (void)n;
+        (void)arg;
+        }
+#endif
diff --git a/src/lib/libcrypto/bn/exptest.c b/src/lib/libcrypto/bn/exptest.c
new file mode 100644
index 0000000000..28aaac2ac1
--- /dev/null
+++ b/src/lib/libcrypto/bn/exptest.c
@@ -0,0 +1,201 @@
+/* crypto/bn/exptest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "../e_os.h"
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#define NUM_BITS        (BN_BITS*2)
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+int main(int argc, char *argv[])
+        {
+        BN_CTX *ctx;
+        BIO *out=NULL;
+        int i,ret;
+        unsigned char c;
+        BIGNUM *r_mont,*r_mont_const,*r_recp,*r_simple,*a,*b,*m;
+        RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't
+                                               * even check its return value
+                                               * (which we should) */
+        ERR_load_BN_strings();
+        ctx=BN_CTX_new();
+        if (ctx == NULL) EXIT(1);
+        r_mont=BN_new();
+        r_mont_const=BN_new();
+        r_recp=BN_new();
+        r_simple=BN_new();
+        a=BN_new();
+        b=BN_new();
+        m=BN_new();
+        if (    (r_mont == NULL) || (r_recp == NULL) ||
+                (a == NULL) || (b == NULL))
+                goto err;
+        out=BIO_new(BIO_s_file());
+        if (out == NULL) EXIT(1);
+        BIO_set_fp(out,stdout,BIO_NOCLOSE);
+        for (i=0; i<200; i++)
+                {
+                RAND_bytes(&c,1);
+                c=(c%BN_BITS)-BN_BITS2;
+                BN_rand(a,NUM_BITS+c,0,0);
+                RAND_bytes(&c,1);
+                c=(c%BN_BITS)-BN_BITS2;
+                BN_rand(b,NUM_BITS+c,0,0);
+                RAND_bytes(&c,1);
+                c=(c%BN_BITS)-BN_BITS2;
+                BN_rand(m,NUM_BITS+c,0,1);
+                BN_mod(a,a,m,ctx);
+                BN_mod(b,b,m,ctx);
+                ret=BN_mod_exp_mont(r_mont,a,b,m,ctx,NULL);
+                if (ret <= 0)
+                        {
+                        printf("BN_mod_exp_mont() problems\n");
+                        ERR_print_errors(out);
+                        EXIT(1);
+                        }
+                ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
+                if (ret <= 0)
+                        {
+                        printf("BN_mod_exp_recp() problems\n");
+                        ERR_print_errors(out);
+                        EXIT(1);
+                        }
+                ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);
+                if (ret <= 0)
+                        {
+                        printf("BN_mod_exp_simple() problems\n");
+                        ERR_print_errors(out);
+                        EXIT(1);
+                        }
+                ret=BN_mod_exp_mont_consttime(r_mont_const,a,b,m,ctx,NULL);
+                if (ret <= 0)
+                        {
+                        printf("BN_mod_exp_mont_consttime() problems\n");
+                        ERR_print_errors(out);
+                        EXIT(1);
+                        }
+                if (BN_cmp(r_simple, r_mont) == 0
+                    && BN_cmp(r_simple,r_recp) == 0
+                        && BN_cmp(r_simple,r_mont_const) == 0)
+                        {
+                        printf(".");
+                        fflush(stdout);
+                        }
+                else
+                        {
+                        if (BN_cmp(r_simple,r_mont) != 0)
+                                printf("\nsimple and mont results differ\n");
+                        if (BN_cmp(r_simple,r_mont) != 0)
+                                printf("\nsimple and mont const time results differ\n");
+                        if (BN_cmp(r_simple,r_recp) != 0)
+                                printf("\nsimple and recp results differ\n");
+                        printf("a (%3d) = ",BN_num_bits(a));   BN_print(out,a);
+                        printf("\nb (%3d) = ",BN_num_bits(b)); BN_print(out,b);
+                        printf("\nm (%3d) = ",BN_num_bits(m)); BN_print(out,m);
+                        printf("\nsimple   ="); BN_print(out,r_simple);
+                        printf("\nrecp     ="); BN_print(out,r_recp);
+                        printf("\nmont     ="); BN_print(out,r_mont);
+                        printf("\nmont_ct  ="); BN_print(out,r_mont_const);
+                        printf("\n");
+                        EXIT(1);
+                        }
+                }
+        BN_free(r_mont);
+        BN_free(r_mont_const);
+        BN_free(r_recp);
+        BN_free(r_simple);
+        BN_free(a);
+        BN_free(b);
+        BN_free(m);
+        BN_CTX_free(ctx);
+        ERR_remove_state(0);
+        CRYPTO_mem_leaks(out);
+        BIO_free(out);
+        printf(" done\n");
+        EXIT(0);
+err:
+        ERR_load_crypto_strings();
+        ERR_print_errors(out);
+        EXIT(1);
+        return(1);
+        }
diff --git a/src/lib/libcrypto/bn/todo b/src/lib/libcrypto/bn/todo
new file mode 100644
index 0000000000..e47e381aea
--- /dev/null
+++ b/src/lib/libcrypto/bn/todo
@@ -0,0 +1,3 @@
+Cache RECP_CTX values
+make the result argument independant of the inputs.
+split up the _exp_ functions
diff --git a/src/lib/libcrypto/bn/vms-helper.c b/src/lib/libcrypto/bn/vms-helper.c
new file mode 100644
index 0000000000..4b63149bf3
--- /dev/null
+++ b/src/lib/libcrypto/bn/vms-helper.c
@@ -0,0 +1,68 @@
+/* vms-helper.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+bn_div_words_abort(int i)
+{
+#ifdef BN_DEBUG
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
+        fprintf(stderr,"Division would overflow (%d)\n",i);
+#endif
+        abort();
+#endif
+}
diff --git a/src/lib/libcrypto/buffer/Makefile b/src/lib/libcrypto/buffer/Makefile
new file mode 100644
index 0000000000..9f3a88d2d6
--- /dev/null
+++ b/src/lib/libcrypto/buffer/Makefile
@@ -0,0 +1,90 @@
+#
+# OpenSSL/crypto/buffer/Makefile
+#
+DIR=    buffer
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= buffer.c buf_err.c
+LIBOBJ= buffer.o buf_err.o
+SRC= $(LIBSRC)
+EXHEADER= buffer.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+buf_err.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+buf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+buf_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+buf_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+buf_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+buf_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+buf_err.o: buf_err.c
+buffer.o: ../../e_os.h ../../include/openssl/bio.h
+buffer.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+buffer.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+buffer.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+buffer.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+buffer.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+buffer.o: ../../include/openssl/symhacks.h ../cryptlib.h buffer.c
diff --git a/src/lib/libcrypto/buffer/Makefile.ssl b/src/lib/libcrypto/buffer/Makefile.ssl
new file mode 100644
index 0000000000..b131ca3078
--- /dev/null
+++ b/src/lib/libcrypto/buffer/Makefile.ssl
@@ -0,0 +1,94 @@
+#
+# SSLeay/crypto/buffer/Makefile
+#
+DIR=    buffer
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= buffer.c buf_err.c
+LIBOBJ= buffer.o buf_err.o
+SRC= $(LIBSRC)
+EXHEADER= buffer.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+buf_err.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+buf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+buf_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+buf_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+buf_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+buf_err.o: ../../include/openssl/symhacks.h buf_err.c
+buffer.o: ../../e_os.h ../../include/openssl/bio.h
+buffer.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+buffer.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+buffer.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+buffer.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+buffer.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+buffer.o: ../cryptlib.h buffer.c
diff --git a/src/lib/libcrypto/buffer/buf_err.c b/src/lib/libcrypto/buffer/buf_err.c
index 3e25bbe879..1fc32a6861 100644
--- a/src/lib/libcrypto/buffer/buf_err.c
+++ b/src/lib/libcrypto/buffer/buf_err.c
@@ -70,12 +70,9 @@
 static ERR_STRING_DATA BUF_str_functs[]=
        {
-{ERR_FUNC(BUF_F_BUF_MEMDUP),    "BUF_memdup"},
 {ERR_FUNC(BUF_F_BUF_MEM_GROW),  "BUF_MEM_grow"},
-{ERR_FUNC(BUF_F_BUF_MEM_GROW_CLEAN),    "BUF_MEM_grow_clean"},
 {ERR_FUNC(BUF_F_BUF_MEM_NEW),   "BUF_MEM_new"},
 {ERR_FUNC(BUF_F_BUF_STRDUP),    "BUF_strdup"},
-{ERR_FUNC(BUF_F_BUF_STRNDUP),   "BUF_strndup"},
 {0,NULL}
        };
@@ -88,12 +85,15 @@ static ERR_STRING_DATA BUF_str_reasons[]=
 void ERR_load_BUF_strings(void)
        {
-#ifndef OPENSSL_NO_ERR
+        static int init=1;
-        if (ERR_func_error_string(BUF_str_functs[0].error) == NULL)
+        if (init)
                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
                ERR_load_strings(0,BUF_str_functs);
                ERR_load_strings(0,BUF_str_reasons);
-                }
 #endif
+                }
        }
diff --git a/src/lib/libcrypto/buffer/buffer.c b/src/lib/libcrypto/buffer/buffer.c
index 3bf03c7eff..d96487e7db 100644
--- a/src/lib/libcrypto/buffer/buffer.c
+++ b/src/lib/libcrypto/buffer/buffer.c
@@ -149,7 +149,7 @@ int BUF_MEM_grow_clean(BUF_MEM *str, int len)
                ret=OPENSSL_realloc_clean(str->data,str->max,n);
        if (ret == NULL)
                {
-                BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
+                BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
                len=0;
                }
        else
@@ -164,41 +164,22 @@ int BUF_MEM_grow_clean(BUF_MEM *str, int len)
 char *BUF_strdup(const char *str)
        {
-        if (str == NULL) return(NULL);
-        return BUF_strndup(str, strlen(str));
-        }
-char *BUF_strndup(const char *str, size_t siz)
-        {
        char *ret;
+        int n;
        if (str == NULL) return(NULL);
-        ret=OPENSSL_malloc(siz+1);
+        n=strlen(str);
+        ret=OPENSSL_malloc(n+1);
        if (ret == NULL) 
                {
-                BUFerr(BUF_F_BUF_STRNDUP,ERR_R_MALLOC_FAILURE);
+                BUFerr(BUF_F_BUF_STRDUP,ERR_R_MALLOC_FAILURE);
                return(NULL);
                }
-        BUF_strlcpy(ret,str,siz+1);
+        memcpy(ret,str,n+1);
        return(ret);
        }
-void *BUF_memdup(const void *data, size_t siz)
-        {
-        void *ret;
-        if (data == NULL) return(NULL);
-        ret=OPENSSL_malloc(siz);
-        if (ret == NULL) 
-                {
-                BUFerr(BUF_F_BUF_MEMDUP,ERR_R_MALLOC_FAILURE);
-                return(NULL);
-                }
-        return memcpy(ret, data, siz);
-        }       
 size_t BUF_strlcpy(char *dst, const char *src, size_t size)
        {
        size_t l = 0;
diff --git a/src/lib/libcrypto/buffer/buffer.h b/src/lib/libcrypto/buffer/buffer.h
index 1db9607450..465dc34f3f 100644
--- a/src/lib/libcrypto/buffer/buffer.h
+++ b/src/lib/libcrypto/buffer/buffer.h
@@ -59,35 +59,25 @@
 #ifndef HEADER_BUFFER_H
 #define HEADER_BUFFER_H
-#include <openssl/ossl_typ.h>
 #ifdef  __cplusplus
 extern "C" {
 #endif
 #include <stddef.h>
-#if !defined(NO_SYS_TYPES_H)
 #include <sys/types.h>
-#endif
-/* Already declared in ossl_typ.h */
-/* typedef struct buf_mem_st BUF_MEM; */
-struct buf_mem_st
+typedef struct buf_mem_st
        {
        int length;     /* current number of bytes */
        char *data;
        int max;        /* size of buffer */
-        };
+        } BUF_MEM;
 BUF_MEM *BUF_MEM_new(void);
 void    BUF_MEM_free(BUF_MEM *a);
 int     BUF_MEM_grow(BUF_MEM *str, int len);
 int     BUF_MEM_grow_clean(BUF_MEM *str, int len);
 char *  BUF_strdup(const char *str);
-char *  BUF_strndup(const char *str, size_t siz);
-void *  BUF_memdup(const void *data, size_t siz);
 /* safe string functions */
 size_t BUF_strlcpy(char *dst,const char *src,size_t siz);
@@ -103,12 +93,9 @@ void ERR_load_BUF_strings(void);
 /* Error codes for the BUF functions. */
 /* Function codes. */
-#define BUF_F_BUF_MEMDUP                                 103
 #define BUF_F_BUF_MEM_GROW                               100
-#define BUF_F_BUF_MEM_GROW_CLEAN                         105
 #define BUF_F_BUF_MEM_NEW                                101
 #define BUF_F_BUF_STRDUP                                 102
-#define BUF_F_BUF_STRNDUP                                104
 /* Reason codes. */
diff --git a/src/lib/libcrypto/camellia/Makefile b/src/lib/libcrypto/camellia/Makefile
new file mode 100644
index 0000000000..1579de5ce5
--- /dev/null
+++ b/src/lib/libcrypto/camellia/Makefile
@@ -0,0 +1,103 @@
+#
+# crypto/camellia/Makefile
+#
+DIR= camellia
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CAMELLIA_ASM_OBJ=
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+GENERAL=Makefile
+#TEST=camelliatest.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=camellia.c cmll_misc.c cmll_ecb.c cmll_cbc.c cmll_ofb.c \
+           cmll_cfb.c cmll_ctr.c 
+LIBOBJ= camellia.o cmll_misc.o cmll_ecb.o cmll_cbc.o cmll_ofb.o \
+                cmll_cfb.o cmll_ctr.o $(CAMELLIA_ASM_OBJ)
+SRC= $(LIBSRC)
+EXHEADER= camellia.h
+HEADER= cmll_locl.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+$(LIBOBJ): $(LIBSRC)
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+camellia.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+camellia.o: camellia.c camellia.h cmll_locl.h
+cmll_cbc.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h
+cmll_cbc.o: ../../include/openssl/opensslconf.h cmll_cbc.c cmll_locl.h
+cmll_cfb.o: ../../e_os.h ../../include/openssl/camellia.h
+cmll_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+cmll_cfb.o: cmll_cfb.c cmll_locl.h
+cmll_ctr.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h
+cmll_ctr.o: ../../include/openssl/opensslconf.h cmll_ctr.c cmll_locl.h
+cmll_ecb.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h
+cmll_ecb.o: ../../include/openssl/opensslconf.h cmll_ecb.c cmll_locl.h
+cmll_misc.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h
+cmll_misc.o: ../../include/openssl/opensslconf.h
+cmll_misc.o: ../../include/openssl/opensslv.h cmll_locl.h cmll_misc.c
+cmll_ofb.o: ../../include/openssl/camellia.h ../../include/openssl/e_os2.h
+cmll_ofb.o: ../../include/openssl/opensslconf.h cmll_locl.h cmll_ofb.c
diff --git a/src/lib/libcrypto/cast/Makefile b/src/lib/libcrypto/cast/Makefile
new file mode 100644
index 0000000000..149956ee90
--- /dev/null
+++ b/src/lib/libcrypto/cast/Makefile
@@ -0,0 +1,106 @@
+#
+# OpenSSL/crypto/cast/Makefile
+#
+DIR=    cast
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CAST_ENC=c_enc.o
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+GENERAL=Makefile
+TEST=casttest.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c 
+LIBOBJ=c_skey.o c_ecb.o $(CAST_ENC) c_cfb64.o c_ofb64.o
+SRC= $(LIBSRC)
+EXHEADER= cast.h
+HEADER= cast_s.h cast_lcl.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+# ELF
+cx86-elf.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) cast-586.pl elf $(CLAGS) $(PROCESSOR) > ../$@)
+# COFF
+cx86-cof.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) cast-586.pl coff $(CLAGS) $(PROCESSOR) > ../$@)
+# a.out
+cx86-out.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) cast-586.pl a.out $(CLAGS) $(PROCESSOR) > ../$@)
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+c_cfb64.o: ../../e_os.h ../../include/openssl/cast.h
+c_cfb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_cfb64.o: c_cfb64.c cast_lcl.h
+c_ecb.o: ../../e_os.h ../../include/openssl/cast.h
+c_ecb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_ecb.o: ../../include/openssl/opensslv.h c_ecb.c cast_lcl.h
+c_enc.o: ../../e_os.h ../../include/openssl/cast.h
+c_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_enc.o: c_enc.c cast_lcl.h
+c_ofb64.o: ../../e_os.h ../../include/openssl/cast.h
+c_ofb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_ofb64.o: c_ofb64.c cast_lcl.h
+c_skey.o: ../../e_os.h ../../include/openssl/cast.h
+c_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_skey.o: c_skey.c cast_lcl.h cast_s.h
diff --git a/src/lib/libcrypto/cast/Makefile.ssl b/src/lib/libcrypto/cast/Makefile.ssl
new file mode 100644
index 0000000000..98393a37ba
--- /dev/null
+++ b/src/lib/libcrypto/cast/Makefile.ssl
@@ -0,0 +1,120 @@
+#
+# SSLeay/crypto/cast/Makefile
+#
+DIR=    cast
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CAST_ENC=c_enc.o
+# or use
+#CAST_ENC=asm/cx86-elf.o
+#CAST_ENC=asm/cx86-out.o
+#CAST_ENC=asm/cx86-sol.o
+#CAST_ENC=asm/cx86bdsi.o
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+GENERAL=Makefile
+TEST=casttest.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c 
+LIBOBJ=c_skey.o c_ecb.o $(CAST_ENC) c_cfb64.o c_ofb64.o
+SRC= $(LIBSRC)
+EXHEADER= cast.h
+HEADER= cast_s.h cast_lcl.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+# elf
+asm/cx86-elf.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) cast-586.pl elf $(CLAGS) $(PROCESSOR) > cx86-elf.s)
+# a.out
+asm/cx86-out.o: asm/cx86unix.cpp
+        $(CPP) -DOUT asm/cx86unix.cpp | as -o asm/cx86-out.o
+# bsdi
+asm/cx86bsdi.o: asm/cx86unix.cpp
+        $(CPP) -DBSDI asm/cx86unix.cpp | sed 's/ :/:/' | as -o asm/cx86bsdi.o
+asm/cx86unix.cpp: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) cast-586.pl cpp $(PROCESSOR) >cx86unix.cpp)
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f asm/cx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+c_cfb64.o: ../../e_os.h ../../include/openssl/cast.h
+c_cfb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_cfb64.o: c_cfb64.c cast_lcl.h
+c_ecb.o: ../../e_os.h ../../include/openssl/cast.h
+c_ecb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_ecb.o: ../../include/openssl/opensslv.h c_ecb.c cast_lcl.h
+c_enc.o: ../../e_os.h ../../include/openssl/cast.h
+c_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_enc.o: c_enc.c cast_lcl.h
+c_ofb64.o: ../../e_os.h ../../include/openssl/cast.h
+c_ofb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_ofb64.o: c_ofb64.c cast_lcl.h
+c_skey.o: ../../e_os.h ../../include/openssl/cast.h
+c_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_skey.o: c_skey.c cast_lcl.h cast_s.h
diff --git a/src/lib/libcrypto/cast/asm/cast-586.pl b/src/lib/libcrypto/cast/asm/cast-586.pl
index 6be0bfe572..0ed55d1905 100644
--- a/src/lib/libcrypto/cast/asm/cast-586.pl
+++ b/src/lib/libcrypto/cast/asm/cast-586.pl
@@ -28,7 +28,7 @@ $S4="CAST_S_table3";
 &CAST_encrypt("CAST_encrypt",1);
 &CAST_encrypt("CAST_decrypt",0);
-&cbc("CAST_cbc_encrypt","CAST_encrypt","CAST_decrypt",1,4,5,3,-1,-1);
+&cbc("CAST_cbc_encrypt","CAST_encrypt","CAST_decrypt",1,4,5,3,-1,-1) unless $main'openbsd;
 &asm_finish();
diff --git a/src/lib/libcrypto/cast/asm/readme b/src/lib/libcrypto/cast/asm/readme
new file mode 100644
index 0000000000..fbcd76289e
--- /dev/null
+++ b/src/lib/libcrypto/cast/asm/readme
@@ -0,0 +1,7 @@
+There is a ppro flag in cast-586 which turns on/off
+generation of pentium pro/II friendly code
+This flag makes the inner loop one cycle longer, but generates 
+code that runs %30 faster on the pentium pro/II, while only %7 slower
+on the pentium.  By default, this flag is on.
diff --git a/src/lib/libcrypto/cast/c_ecb.c b/src/lib/libcrypto/cast/c_ecb.c
index f2dc606226..0b3da9ad87 100644
--- a/src/lib/libcrypto/cast/c_ecb.c
+++ b/src/lib/libcrypto/cast/c_ecb.c
@@ -60,7 +60,7 @@
 #include "cast_lcl.h"
 #include <openssl/opensslv.h>
-const char CAST_version[]="CAST" OPENSSL_VERSION_PTEXT;
+const char *CAST_version="CAST" OPENSSL_VERSION_PTEXT;
 void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
                      CAST_KEY *ks, int enc)
diff --git a/src/lib/libcrypto/cast/c_enc.c b/src/lib/libcrypto/cast/c_enc.c
index 0fe2cffecc..e80f65b698 100644
--- a/src/lib/libcrypto/cast/c_enc.c
+++ b/src/lib/libcrypto/cast/c_enc.c
@@ -59,6 +59,7 @@
 #include <openssl/cast.h>
 #include "cast_lcl.h"
+#ifndef OPENBSD_CAST_ASM
 void CAST_encrypt(CAST_LONG *data, CAST_KEY *key)
        {
        register CAST_LONG l,r,*k,t;
@@ -122,6 +123,7 @@ void CAST_decrypt(CAST_LONG *data, CAST_KEY *key)
        data[1]=l&0xffffffffL;
        data[0]=r&0xffffffffL;
        }
+#endif
 void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
             CAST_KEY *ks, unsigned char *iv, int enc)
diff --git a/src/lib/libcrypto/cast/c_skey.c b/src/lib/libcrypto/cast/c_skey.c
index 76e40005c9..db9b7573e0 100644
--- a/src/lib/libcrypto/cast/c_skey.c
+++ b/src/lib/libcrypto/cast/c_skey.c
@@ -56,7 +56,10 @@
 * [including the GNU Public Licence.]
 */
+#include <openssl/crypto.h>
+#include <openssl/fips.h>
 #include <openssl/cast.h>
 #include "cast_lcl.h"
 #include "cast_s.h"
@@ -72,7 +75,7 @@
 #define S6 CAST_S_table6
 #define S7 CAST_S_table7
-void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
+FIPS_NON_FIPS_VCIPHER_Init(CAST)
        {
        CAST_LONG x[16];
        CAST_LONG z[16];
diff --git a/src/lib/libcrypto/cast/cast.h b/src/lib/libcrypto/cast/cast.h
index 90b45b950a..9e300178d9 100644
--- a/src/lib/libcrypto/cast/cast.h
+++ b/src/lib/libcrypto/cast/cast.h
@@ -63,8 +63,6 @@
 extern "C" {
 #endif
-#include <openssl/opensslconf.h>
 #ifdef OPENSSL_NO_CAST
 #error CAST is disabled.
 #endif
@@ -83,7 +81,10 @@ typedef struct cast_key_st
        int short_key;  /* Use reduced rounds for short key */
        } CAST_KEY;
- 
+#ifdef OPENSSL_FIPS 
+void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
+#endif
 void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
 void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key,
                      int enc);
diff --git a/src/lib/libcrypto/cast/cast_spd.c b/src/lib/libcrypto/cast/cast_spd.c
new file mode 100644
index 0000000000..76abf50d98
--- /dev/null
+++ b/src/lib/libcrypto/cast/cast_spd.c
@@ -0,0 +1,275 @@
+/* crypto/cast/cast_spd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+#define TIMES
+#endif
+#include <stdio.h>
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+#include <signal.h>
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.                           -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#include <openssl/cast.h>
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+#ifndef CLK_TCK
+#define HZ      100.0
+#else /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif
+#endif
+#define BUFSIZE ((long)1024)
+long run=0;
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+#define START   0
+#define STOP    1
+double Time_F(int s)
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+int main(int argc, char **argv)
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static unsigned char key[] ={
+                        0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                        0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
+                        };
+        CAST_KEY sch;
+        double a,b,c,d;
+#ifndef SIGALRM
+        long ca,cb,cc;
+#endif
+#ifndef TIMES
+        printf("To get the most accurate results, try to run this\n");
+        printf("program when this computer is idle.\n");
+#endif
+#ifndef SIGALRM
+        printf("First we calculate the approximate speed ...\n");
+        CAST_set_key(&sch,16,key);
+        count=10;
+        do      {
+                long i;
+                CAST_LONG data[2];
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        CAST_encrypt(data,&sch);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count/512;
+        cb=count;
+        cc=count*8/BUFSIZE+1;
+        printf("Doing CAST_set_key %ld times\n",ca);
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        printf("Doing CAST_set_key for 10 seconds\n");
+        alarm(10);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(ca); count+=4)
+                {
+                CAST_set_key(&sch,16,key);
+                CAST_set_key(&sch,16,key);
+                CAST_set_key(&sch,16,key);
+                CAST_set_key(&sch,16,key);
+                }
+        d=Time_F(STOP);
+        printf("%ld cast set_key's in %.2f seconds\n",count,d);
+        a=((double)COUNT(ca))/d;
+#ifdef SIGALRM
+        printf("Doing CAST_encrypt's for 10 seconds\n");
+        alarm(10);
+#else
+        printf("Doing CAST_encrypt %ld times\n",cb);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cb); count+=4)
+                {
+                CAST_LONG data[2];
+                CAST_encrypt(data,&sch);
+                CAST_encrypt(data,&sch);
+                CAST_encrypt(data,&sch);
+                CAST_encrypt(data,&sch);
+                }
+        d=Time_F(STOP);
+        printf("%ld CAST_encrypt's in %.2f second\n",count,d);
+        b=((double)COUNT(cb)*8)/d;
+#ifdef SIGALRM
+        printf("Doing CAST_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+                BUFSIZE);
+        alarm(10);
+#else
+        printf("Doing CAST_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+                BUFSIZE);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cc); count++)
+                CAST_cbc_encrypt(buf,buf,BUFSIZE,&sch,
+                        &(key[0]),CAST_ENCRYPT);
+        d=Time_F(STOP);
+        printf("%ld CAST_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+                count,BUFSIZE,d);
+        c=((double)COUNT(cc)*BUFSIZE)/d;
+        printf("CAST set_key       per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
+        printf("CAST raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
+        printf("CAST cbc     bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
+        exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libcrypto/cast/castopts.c b/src/lib/libcrypto/cast/castopts.c
new file mode 100644
index 0000000000..1b858d153b
--- /dev/null
+++ b/src/lib/libcrypto/cast/castopts.c
@@ -0,0 +1,339 @@
+/* crypto/cast/castopts.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
+ * This is for machines with 64k code segment size restrictions. */
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
+#define TIMES
+#endif
+#include <stdio.h>
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+#include <signal.h>
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.                           -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#include <openssl/cast.h>
+#define CAST_DEFAULT_OPTIONS
+#undef E_CAST
+#define CAST_encrypt  CAST_encrypt_normal
+#define CAST_decrypt  CAST_decrypt_normal
+#define CAST_cbc_encrypt  CAST_cbc_encrypt_normal
+#undef HEADER_CAST_LOCL_H
+#include "c_enc.c"
+#define CAST_PTR
+#undef CAST_PTR2
+#undef E_CAST
+#undef CAST_encrypt
+#undef CAST_decrypt
+#undef CAST_cbc_encrypt
+#define CAST_encrypt  CAST_encrypt_ptr
+#define CAST_decrypt  CAST_decrypt_ptr
+#define CAST_cbc_encrypt  CAST_cbc_encrypt_ptr
+#undef HEADER_CAST_LOCL_H
+#include "c_enc.c"
+#undef CAST_PTR
+#define CAST_PTR2
+#undef E_CAST
+#undef CAST_encrypt
+#undef CAST_decrypt
+#undef CAST_cbc_encrypt
+#define CAST_encrypt  CAST_encrypt_ptr2
+#define CAST_decrypt  CAST_decrypt_ptr2
+#define CAST_cbc_encrypt  CAST_cbc_encrypt_ptr2
+#undef HEADER_CAST_LOCL_H
+#include "c_enc.c"
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
+#   define HZ   100.0
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+#define BUFSIZE ((long)1024)
+long run=0;
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+#define START   0
+#define STOP    1
+double Time_F(int s)
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+#ifdef SIGALRM
+#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);
+#else
+#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);
+#endif
+        
+#define time_it(func,name,index) \
+        print_name(name); \
+        Time_F(START); \
+        for (count=0,run=1; COND(cb); count+=4) \
+                { \
+                unsigned long d[2]; \
+                func(d,&sch); \
+                func(d,&sch); \
+                func(d,&sch); \
+                func(d,&sch); \
+                } \
+        tm[index]=Time_F(STOP); \
+        fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
+        tm[index]=((double)COUNT(cb))/tm[index];
+#define print_it(name,index) \
+        fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
+                tm[index]*8,1.0e6/tm[index]);
+int main(int argc, char **argv)
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static char key[16]={   0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                                0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+        CAST_KEY sch;
+        double d,tm[16],max=0;
+        int rank[16];
+        char *str[16];
+        int max_idx=0,i,num=0,j;
+#ifndef SIGALARM
+        long ca,cb,cc,cd,ce;
+#endif
+        for (i=0; i<12; i++)
+                {
+                tm[i]=0.0;
+                rank[i]=0;
+                }
+#ifndef TIMES
+        fprintf(stderr,"To get the most accurate results, try to run this\n");
+        fprintf(stderr,"program when this computer is idle.\n");
+#endif
+        CAST_set_key(&sch,16,key);
+#ifndef SIGALRM
+        fprintf(stderr,"First we calculate the approximate speed ...\n");
+        count=10;
+        do      {
+                long i;
+                unsigned long data[2];
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        CAST_encrypt(data,&sch);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count;
+        cb=count*3;
+        cc=count*3*8/BUFSIZE+1;
+        cd=count*8/BUFSIZE+1;
+        ce=count/20+1;
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        alarm(10);
+#endif
+        time_it(CAST_encrypt_normal,    "CAST_encrypt_normal ", 0);
+        time_it(CAST_encrypt_ptr,       "CAST_encrypt_ptr    ", 1);
+        time_it(CAST_encrypt_ptr2,      "CAST_encrypt_ptr2   ", 2);
+        num+=3;
+        str[0]="<nothing>";
+        print_it("CAST_encrypt_normal ",0);
+        max=tm[0];
+        max_idx=0;
+        str[1]="ptr      ";
+        print_it("CAST_encrypt_ptr ",1);
+        if (max < tm[1]) { max=tm[1]; max_idx=1; }
+        str[2]="ptr2     ";
+        print_it("CAST_encrypt_ptr2 ",2);
+        if (max < tm[2]) { max=tm[2]; max_idx=2; }
+        printf("options    CAST ecb/s\n");
+        printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]);
+        d=tm[max_idx];
+        tm[max_idx]= -2.0;
+        max= -1.0;
+        for (;;)
+                {
+                for (i=0; i<3; i++)
+                        {
+                        if (max < tm[i]) { max=tm[i]; j=i; }
+                        }
+                if (max < 0.0) break;
+                printf("%s %12.2f  %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0);
+                tm[j]= -2.0;
+                max= -1.0;
+                }
+        switch (max_idx)
+                {
+        case 0:
+                printf("-DCAST_DEFAULT_OPTIONS\n");
+                break;
+        case 1:
+                printf("-DCAST_PTR\n");
+                break;
+        case 2:
+                printf("-DCAST_PTR2\n");
+                break;
+                }
+        exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libcrypto/cast/casts.cpp b/src/lib/libcrypto/cast/casts.cpp
new file mode 100644
index 0000000000..8d7bd468d2
--- /dev/null
+++ b/src/lib/libcrypto/cast/casts.cpp
@@ -0,0 +1,70 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/cast.h>
+void main(int argc,char *argv[])
+        {
+        CAST_KEY key;
+        unsigned long s1,s2,e1,e2;
+        unsigned long data[2];
+        int i,j;
+        static unsigned char d[16]={0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
+        CAST_set_key(&key, 16,d);
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<1000; i++) /**/
+                        {
+                        CAST_encrypt(&data[0],&key);
+                        GetTSC(s1);
+                        CAST_encrypt(&data[0],&key);
+                        CAST_encrypt(&data[0],&key);
+                        CAST_encrypt(&data[0],&key);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        CAST_encrypt(&data[0],&key);
+                        CAST_encrypt(&data[0],&key);
+                        CAST_encrypt(&data[0],&key);
+                        CAST_encrypt(&data[0],&key);
+                        GetTSC(e2);
+                        CAST_encrypt(&data[0],&key);
+                        }
+                printf("cast %d %d (%d)\n",
+                        e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+                }
+        }
diff --git a/src/lib/libcrypto/cast/casttest.c b/src/lib/libcrypto/cast/casttest.c
new file mode 100644
index 0000000000..83e5a16c73
--- /dev/null
+++ b/src/lib/libcrypto/cast/casttest.c
@@ -0,0 +1,232 @@
+/* crypto/cast/casttest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "../e_os.h"
+#ifdef OPENSSL_NO_CAST
+int main(int argc, char *argv[])
+{
+    printf("No CAST support\n");
+    return(0);
+}
+#else
+#include <openssl/cast.h>
+#define FULL_TEST
+static unsigned char k[16]={
+        0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
+        0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A
+        };
+static unsigned char in[8]={ 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
+static int k_len[3]={16,10,5};
+static unsigned char c[3][8]={
+        {0x23,0x8B,0x4F,0xE5,0x84,0x7E,0x44,0xB2},
+        {0xEB,0x6A,0x71,0x1A,0x2C,0x02,0x27,0x1B},
+        {0x7A,0xC8,0x16,0xD1,0x6E,0x9B,0x30,0x2E},
+        };
+static unsigned char out[80];
+static unsigned char in_a[16]={
+        0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
+        0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A};
+static unsigned char in_b[16]={
+        0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
+        0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A};
+static unsigned char c_a[16]={
+        0xEE,0xA9,0xD0,0xA2,0x49,0xFD,0x3B,0xA6,
+        0xB3,0x43,0x6F,0xB8,0x9D,0x6D,0xCA,0x92};
+static unsigned char c_b[16]={
+        0xB2,0xC9,0x5E,0xB0,0x0C,0x31,0xAD,0x71,
+        0x80,0xAC,0x05,0xB8,0xE8,0x3D,0x69,0x6E};
+#if 0
+char *text="Hello to all people out there";
+static unsigned char cfb_key[16]={
+        0xe1,0xf0,0xc3,0xd2,0xa5,0xb4,0x87,0x96,
+        0x69,0x78,0x4b,0x5a,0x2d,0x3c,0x0f,0x1e,
+        };
+static unsigned char cfb_iv[80]={0x34,0x12,0x78,0x56,0xab,0x90,0xef,0xcd};
+static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
+#define CFB_TEST_SIZE 24
+static unsigned char plain[CFB_TEST_SIZE]=
+        {
+        0x4e,0x6f,0x77,0x20,0x69,0x73,
+        0x20,0x74,0x68,0x65,0x20,0x74,
+        0x69,0x6d,0x65,0x20,0x66,0x6f,
+        0x72,0x20,0x61,0x6c,0x6c,0x20
+        };
+static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
+        0x59,0xD8,0xE2,0x65,0x00,0x58,0x6C,0x3F,
+        0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
+        0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
+/*      0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
+        0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
+        0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
+        }; 
+#endif
+int main(int argc, char *argv[])
+    {
+#ifdef FULL_TEST
+    long l;
+    CAST_KEY key_b;
+#endif
+    int i,z,err=0;
+    CAST_KEY key;
+    for (z=0; z<3; z++)
+        {
+        CAST_set_key(&key,k_len[z],k);
+        CAST_ecb_encrypt(in,out,&key,CAST_ENCRYPT);
+        if (memcmp(out,&(c[z][0]),8) != 0)
+            {
+            printf("ecb cast error encrypting for keysize %d\n",k_len[z]*8);
+            printf("got     :");
+            for (i=0; i<8; i++)
+                printf("%02X ",out[i]);
+            printf("\n");
+            printf("expected:");
+            for (i=0; i<8; i++)
+                printf("%02X ",c[z][i]);
+            err=20;
+            printf("\n");
+            }
+        CAST_ecb_encrypt(out,out,&key,CAST_DECRYPT);
+        if (memcmp(out,in,8) != 0)
+            {
+            printf("ecb cast error decrypting for keysize %d\n",k_len[z]*8);
+            printf("got     :");
+            for (i=0; i<8; i++)
+                printf("%02X ",out[i]);
+            printf("\n");
+            printf("expected:");
+            for (i=0; i<8; i++)
+                printf("%02X ",in[i]);
+            printf("\n");
+            err=3;
+            }
+        }
+    if (err == 0)
+        printf("ecb cast5 ok\n");
+#ifdef FULL_TEST
+      {
+      unsigned char out_a[16],out_b[16];
+      static char *hex="0123456789ABCDEF";
+      
+      printf("This test will take some time....");
+      fflush(stdout);
+      memcpy(out_a,in_a,sizeof(in_a));
+      memcpy(out_b,in_b,sizeof(in_b));
+      i=1;
+      for (l=0; l<1000000L; l++)
+          {
+          CAST_set_key(&key_b,16,out_b);
+          CAST_ecb_encrypt(&(out_a[0]),&(out_a[0]),&key_b,CAST_ENCRYPT);
+          CAST_ecb_encrypt(&(out_a[8]),&(out_a[8]),&key_b,CAST_ENCRYPT);
+          CAST_set_key(&key,16,out_a);
+          CAST_ecb_encrypt(&(out_b[0]),&(out_b[0]),&key,CAST_ENCRYPT);
+          CAST_ecb_encrypt(&(out_b[8]),&(out_b[8]),&key,CAST_ENCRYPT);
+          if ((l & 0xffff) == 0xffff)
+              {
+              printf("%c",hex[i&0x0f]);
+              fflush(stdout);
+              i++;
+              }
+          }
+      if (      (memcmp(out_a,c_a,sizeof(c_a)) != 0) ||
+                (memcmp(out_b,c_b,sizeof(c_b)) != 0))
+          {
+          printf("\n");
+          printf("Error\n");
+          printf("A out =");
+          for (i=0; i<16; i++) printf("%02X ",out_a[i]);
+          printf("\nactual=");
+          for (i=0; i<16; i++) printf("%02X ",c_a[i]);
+          printf("\n");
+          printf("B out =");
+          for (i=0; i<16; i++) printf("%02X ",out_b[i]);
+          printf("\nactual=");
+          for (i=0; i<16; i++) printf("%02X ",c_b[i]);
+          printf("\n");
+          }
+      else
+          printf(" ok\n");
+      }
+#endif
+    EXIT(err);
+    return(err);
+    }
+#endif
diff --git a/src/lib/libcrypto/cms/Makefile b/src/lib/libcrypto/cms/Makefile
new file mode 100644
index 0000000000..e39c310b6c
--- /dev/null
+++ b/src/lib/libcrypto/cms/Makefile
@@ -0,0 +1,183 @@
+#
+# OpenSSL/crypto/cms/Makefile
+#
+DIR=    cms
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c \
+        cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c
+LIBOBJ= cms_lib.o cms_asn1.o cms_att.o cms_io.o cms_smime.o cms_err.o \
+        cms_sd.o cms_dd.o cms_cd.o cms_env.o cms_enc.o cms_ess.o
+SRC= $(LIBSRC)
+EXHEADER=  cms.h
+HEADER= cms_lcl.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+test:
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+cms_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+cms_asn1.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+cms_asn1.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+cms_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+cms_asn1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+cms_asn1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+cms_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+cms_asn1.o: ../../include/openssl/opensslconf.h
+cms_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_asn1.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+cms_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+cms_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+cms_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+cms_asn1.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+cms_asn1.o: cms.h cms_asn1.c cms_lcl.h
+cms_att.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+cms_att.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+cms_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+cms_att.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+cms_att.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+cms_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+cms_att.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+cms_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+cms_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_att.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+cms_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+cms_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+cms_att.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+cms_att.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+cms_att.o: cms.h cms_att.c cms_lcl.h
+cms_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+cms_err.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+cms_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cms_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+cms_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+cms_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+cms_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+cms_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+cms_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+cms_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+cms_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cms_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+cms_err.o: cms_err.c
+cms_io.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+cms_io.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+cms_io.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cms_io.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+cms_io.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+cms_io.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+cms_io.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+cms_io.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+cms_io.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+cms_io.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+cms_io.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+cms_io.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cms_io.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h cms.h
+cms_io.o: cms_io.c cms_lcl.h
+cms_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+cms_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+cms_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cms_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+cms_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+cms_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+cms_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+cms_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+cms_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+cms_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+cms_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+cms_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cms_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h cms.h
+cms_lib.o: cms_lcl.h cms_lib.c
+cms_sd.o: ../../e_os.h ../../include/openssl/asn1.h
+cms_sd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+cms_sd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+cms_sd.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+cms_sd.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+cms_sd.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+cms_sd.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+cms_sd.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+cms_sd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+cms_sd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_sd.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+cms_sd.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+cms_sd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+cms_sd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+cms_sd.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+cms_sd.o: ../cryptlib.h cms_lcl.h cms_sd.c
+cms_smime.o: ../../e_os.h ../../include/openssl/asn1.h
+cms_smime.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+cms_smime.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+cms_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+cms_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+cms_smime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+cms_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+cms_smime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+cms_smime.o: ../../include/openssl/objects.h
+cms_smime.o: ../../include/openssl/opensslconf.h
+cms_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+cms_smime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+cms_smime.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+cms_smime.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+cms_smime.o: ../cryptlib.h cms_lcl.h cms_smime.c
diff --git a/src/lib/libcrypto/comp/Makefile b/src/lib/libcrypto/comp/Makefile
new file mode 100644
index 0000000000..efda832dce
--- /dev/null
+++ b/src/lib/libcrypto/comp/Makefile
@@ -0,0 +1,108 @@
+#
+# OpenSSL/crypto/comp/Makefile
+#
+DIR=    comp
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= comp_lib.c comp_err.c \
+        c_rle.c c_zlib.c
+LIBOBJ= comp_lib.o comp_err.o \
+        c_rle.o c_zlib.o
+SRC= $(LIBSRC)
+EXHEADER= comp.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+c_rle.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+c_rle.o: ../../include/openssl/comp.h ../../include/openssl/crypto.h
+c_rle.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h
+c_rle.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_rle.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+c_rle.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+c_rle.o: ../../include/openssl/symhacks.h c_rle.c
+c_zlib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+c_zlib.o: ../../include/openssl/comp.h ../../include/openssl/crypto.h
+c_zlib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+c_zlib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+c_zlib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_zlib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+c_zlib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+c_zlib.o: ../../include/openssl/symhacks.h c_zlib.c
+comp_err.o: ../../include/openssl/bio.h ../../include/openssl/comp.h
+comp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+comp_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+comp_err.o: ../../include/openssl/opensslconf.h
+comp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+comp_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+comp_err.o: ../../include/openssl/symhacks.h comp_err.c
+comp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+comp_lib.o: ../../include/openssl/comp.h ../../include/openssl/crypto.h
+comp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h
+comp_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+comp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+comp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+comp_lib.o: ../../include/openssl/symhacks.h comp_lib.c
diff --git a/src/lib/libcrypto/comp/Makefile.ssl b/src/lib/libcrypto/comp/Makefile.ssl
new file mode 100644
index 0000000000..f70ba1b285
--- /dev/null
+++ b/src/lib/libcrypto/comp/Makefile.ssl
@@ -0,0 +1,114 @@
+#
+# SSLeay/crypto/comp/Makefile
+#
+DIR=    comp
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= comp_lib.c comp_err.c \
+        c_rle.c c_zlib.c
+LIBOBJ= comp_lib.o comp_err.o \
+        c_rle.o c_zlib.o
+SRC= $(LIBSRC)
+EXHEADER= comp.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+c_rle.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+c_rle.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
+c_rle.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+c_rle.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+c_rle.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_rle.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+c_rle.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h c_rle.c
+c_zlib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+c_zlib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
+c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+c_zlib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+c_zlib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_zlib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+c_zlib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+c_zlib.o: c_zlib.c
+comp_err.o: ../../include/openssl/bio.h ../../include/openssl/comp.h
+comp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+comp_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+comp_err.o: ../../include/openssl/opensslconf.h
+comp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+comp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+comp_err.o: comp_err.c
+comp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+comp_lib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
+comp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+comp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+comp_lib.o: ../../include/openssl/opensslconf.h
+comp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+comp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+comp_lib.o: ../../include/openssl/symhacks.h comp_lib.c
diff --git a/src/lib/libcrypto/comp/c_zlib.c b/src/lib/libcrypto/comp/c_zlib.c
index 0f34597e70..5fcb521ffb 100644
--- a/src/lib/libcrypto/comp/c_zlib.c
+++ b/src/lib/libcrypto/comp/c_zlib.c
@@ -24,32 +24,6 @@ static COMP_METHOD zlib_method_nozlib={
 #include <zlib.h>
-static int zlib_stateful_init(COMP_CTX *ctx);
-static void zlib_stateful_finish(COMP_CTX *ctx);
-static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out,
-        unsigned int olen, unsigned char *in, unsigned int ilen);
-static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,
-        unsigned int olen, unsigned char *in, unsigned int ilen);
-/* memory allocations functions for zlib intialization */
-static void* zlib_zalloc(void* opaque, unsigned int no, unsigned int size)
-{
-        void *p;
-        
-        p=OPENSSL_malloc(no*size);
-        if (p)
-                memset(p, 0, no*size);
-        return p;
-}
-static void zlib_zfree(void* opaque, void* address)
-{
-        OPENSSL_free(address);
-}
-#if 0
 static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
        unsigned int olen, unsigned char *in, unsigned int ilen);
 static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out,
@@ -58,7 +32,7 @@ static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out,
 static int zz_uncompress(Bytef *dest, uLongf *destLen, const Bytef *source,
        uLong sourceLen);
-static COMP_METHOD zlib_stateless_method={
+static COMP_METHOD zlib_method={
        NID_zlib_compression,
        LN_zlib_compression,
        NULL,
@@ -68,24 +42,12 @@ static COMP_METHOD zlib_stateless_method={
        NULL,
        NULL,
        };
-#endif
-static COMP_METHOD zlib_stateful_method={
-        NID_zlib_compression,
-        LN_zlib_compression,
-        zlib_stateful_init,
-        zlib_stateful_finish,
-        zlib_stateful_compress_block,
-        zlib_stateful_expand_block,
-        NULL,
-        NULL,
-        };
 /* 
 * When OpenSSL is built on Windows, we do not want to require that
 * the ZLIB.DLL be available in order for the OpenSSL DLLs to
 * work.  Therefore, all ZLIB routines are loaded at run time
- * and we do not link to a .LIB file when ZLIB_SHARED is set.
+ * and we do not link to a .LIB file.
 */
 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
 # include <windows.h>
@@ -101,19 +63,10 @@ typedef int (*inflateEnd_ft)(z_streamp strm);
 typedef int (*inflate_ft)(z_streamp strm, int flush);
 typedef int (*inflateInit__ft)(z_streamp strm,
        const char * version, int stream_size);
-typedef int (*deflateEnd_ft)(z_streamp strm);
-typedef int (*deflate_ft)(z_streamp strm, int flush);
-typedef int (*deflateInit__ft)(z_streamp strm, int level,
-        const char * version, int stream_size);
-typedef const char * (*zError__ft)(int err);
 static compress_ft      p_compress=NULL;
 static inflateEnd_ft    p_inflateEnd=NULL;
 static inflate_ft       p_inflate=NULL;
 static inflateInit__ft  p_inflateInit_=NULL;
-static deflateEnd_ft    p_deflateEnd=NULL;
-static deflate_ft       p_deflate=NULL;
-static deflateInit__ft  p_deflateInit_=NULL;
-static zError__ft       p_zError=NULL;
 static int zlib_loaded = 0;     /* only attempt to init func pts once */
 static DSO *zlib_dso = NULL;
@@ -122,133 +75,10 @@ static DSO *zlib_dso = NULL;
 #define inflateEnd              p_inflateEnd
 #define inflate                 p_inflate
 #define inflateInit_            p_inflateInit_
-#define deflateEnd              p_deflateEnd
-#define deflate                 p_deflate
-#define deflateInit_            p_deflateInit_
-#define zError                  p_zError
 #endif /* ZLIB_SHARED */
-struct zlib_state
-        {
-        z_stream istream;
-        z_stream ostream;
-        };
-static int zlib_stateful_ex_idx = -1;
-static void zlib_stateful_free_ex_data(void *obj, void *item,
-        CRYPTO_EX_DATA *ad, int ind,long argl, void *argp)
-        {
-        struct zlib_state *state = (struct zlib_state *)item;
-        inflateEnd(&state->istream);
-        deflateEnd(&state->ostream);
-        OPENSSL_free(state);
-        }
-static int zlib_stateful_init(COMP_CTX *ctx)
-        {
-        int err;
-        struct zlib_state *state =
-                (struct zlib_state *)OPENSSL_malloc(sizeof(struct zlib_state));
-        if (state == NULL)
-                goto err;
-        state->istream.zalloc = zlib_zalloc;
-        state->istream.zfree = zlib_zfree;
-        state->istream.opaque = Z_NULL;
-        state->istream.next_in = Z_NULL;
-        state->istream.next_out = Z_NULL;
-        state->istream.avail_in = 0;
-        state->istream.avail_out = 0;
-        err = inflateInit_(&state->istream,
-                ZLIB_VERSION, sizeof(z_stream));
-        if (err != Z_OK)
-                goto err;
-        state->ostream.zalloc = zlib_zalloc;
-        state->ostream.zfree = zlib_zfree;
-        state->ostream.opaque = Z_NULL;
-        state->ostream.next_in = Z_NULL;
-        state->ostream.next_out = Z_NULL;
-        state->ostream.avail_in = 0;
-        state->ostream.avail_out = 0;
-        err = deflateInit_(&state->ostream,Z_DEFAULT_COMPRESSION,
-                ZLIB_VERSION, sizeof(z_stream));
-        if (err != Z_OK)
-                goto err;
-        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);
-        CRYPTO_set_ex_data(&ctx->ex_data,zlib_stateful_ex_idx,state);
-        return 1;
- err:
-        if (state) OPENSSL_free(state);
-        return 0;
-        }
-static void zlib_stateful_finish(COMP_CTX *ctx)
-        {
-        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);
-        }
-static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out,
-        unsigned int olen, unsigned char *in, unsigned int ilen)
-        {
-        int err = Z_OK;
-        struct zlib_state *state =
-                (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
-                        zlib_stateful_ex_idx);
-        if (state == NULL)
-                return -1;
-        state->ostream.next_in = in;
-        state->ostream.avail_in = ilen;
-        state->ostream.next_out = out;
-        state->ostream.avail_out = olen;
-        if (ilen > 0)
-                err = deflate(&state->ostream, Z_SYNC_FLUSH);
-        if (err != Z_OK)
-                return -1;
-#ifdef DEBUG_ZLIB
-        fprintf(stderr,"compress(%4d)->%4d %s\n",
-                ilen,olen - state->ostream.avail_out,
-                (ilen != olen - state->ostream.avail_out)?"zlib":"clear");
-#endif
-        return olen - state->ostream.avail_out;
-        }
-static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,
-        unsigned int olen, unsigned char *in, unsigned int ilen)
-        {
-        int err = Z_OK;
-        struct zlib_state *state =
-                (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
-                        zlib_stateful_ex_idx);
-        if (state == NULL)
-                return 0;
-        state->istream.next_in = in;
-        state->istream.avail_in = ilen;
-        state->istream.next_out = out;
-        state->istream.avail_out = olen;
-        if (ilen > 0)
-                err = inflate(&state->istream, Z_SYNC_FLUSH);
-        if (err != Z_OK)
-                return -1;
-#ifdef DEBUG_ZLIB
-        fprintf(stderr,"expand(%4d)->%4d %s\n",
-                ilen,olen - state->istream.avail_out,
-                (ilen != olen - state->istream.avail_out)?"zlib":"clear");
-#endif
-        return olen - state->istream.avail_out;
-        }
-#if 0
 static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
-        unsigned int olen, unsigned char *in, unsigned int ilen)
+             unsigned int olen, unsigned char *in, unsigned int ilen)
        {
        unsigned long l;
        int i;
@@ -281,7 +111,7 @@ static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
        }
 static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out,
-        unsigned int olen, unsigned char *in, unsigned int ilen)
+             unsigned int olen, unsigned char *in, unsigned int ilen)
        {
        unsigned long l;
        int i;
@@ -323,8 +153,7 @@ static int zz_uncompress (Bytef *dest, uLongf *destLen, const Bytef *source,
    stream.zalloc = (alloc_func)0;
    stream.zfree = (free_func)0;
-    err = inflateInit_(&stream,
+    err = inflateInit(&stream);
-            ZLIB_VERSION, sizeof(z_stream));
    if (err != Z_OK) return err;
    err = inflate(&stream, Z_FINISH);
@@ -337,7 +166,6 @@ static int zz_uncompress (Bytef *dest, uLongf *destLen, const Bytef *source,
    err = inflateEnd(&stream);
    return err;
 }
-#endif
 #endif
@@ -367,22 +195,9 @@ COMP_METHOD *COMP_zlib(void)
                        p_inflateInit_
                                = (inflateInit__ft) DSO_bind_func(zlib_dso,
                                        "inflateInit_");
-                        p_deflateEnd
-                                = (deflateEnd_ft) DSO_bind_func(zlib_dso,
-                                        "deflateEnd");
-                        p_deflate
-                                = (deflate_ft) DSO_bind_func(zlib_dso,
-                                        "deflate");
-                        p_deflateInit_
-                                = (deflateInit__ft) DSO_bind_func(zlib_dso,
-                                        "deflateInit_");
-                        p_zError
-                                = (zError__ft) DSO_bind_func(zlib_dso,
-                                        "zError");
                        if (p_compress && p_inflateEnd && p_inflate
-                                && p_inflateInit_ && p_deflateEnd
+                                && p_inflateInit_)
-                                && p_deflate && p_deflateInit_ && p_zError)
                                zlib_loaded++;
                        }
                }
@@ -392,410 +207,9 @@ COMP_METHOD *COMP_zlib(void)
        if (zlib_loaded)
 #endif
 #if defined(ZLIB) || defined(ZLIB_SHARED)
-                {
+                meth = &zlib_method;
-                /* init zlib_stateful_ex_idx here so that in a multi-process
-                 * application it's enough to intialize openssl before forking
-                 * (idx will be inherited in all the children) */
-                if (zlib_stateful_ex_idx == -1)
-                        {
-                        CRYPTO_w_lock(CRYPTO_LOCK_COMP);
-                        if (zlib_stateful_ex_idx == -1)
-                                zlib_stateful_ex_idx =
-                                        CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP,
-                                                0,NULL,NULL,NULL,zlib_stateful_free_ex_data);
-                        CRYPTO_w_unlock(CRYPTO_LOCK_COMP);
-                        if (zlib_stateful_ex_idx == -1)
-                                goto err;
-                        }
-                
-                meth = &zlib_stateful_method;
-                }
-err:    
 #endif
        return(meth);
        }
-void COMP_zlib_cleanup(void)
-        {
-#ifdef ZLIB_SHARED
-        if (zlib_dso)
-                DSO_free(zlib_dso);
-#endif
-        }
-#ifdef ZLIB
-/* Zlib based compression/decompression filter BIO */
-typedef struct
-        {
-        unsigned char *ibuf;    /* Input buffer */
-        int ibufsize;           /* Buffer size */
-        z_stream zin;           /* Input decompress context */
-        unsigned char *obuf;    /* Output buffer */
-        int obufsize;           /* Output buffer size */
-        unsigned char *optr;    /* Position in output buffer */
-        int ocount;             /* Amount of data in output buffer */
-        int odone;              /* deflate EOF */
-        int comp_level;         /* Compression level to use */
-        z_stream zout;          /* Output compression context */
-        } BIO_ZLIB_CTX;
-#define ZLIB_DEFAULT_BUFSIZE 1024
-static int bio_zlib_new(BIO *bi);
-static int bio_zlib_free(BIO *bi);
-static int bio_zlib_read(BIO *b, char *out, int outl);
-static int bio_zlib_write(BIO *b, const char *in, int inl);
-static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr);
-static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp);
-static BIO_METHOD bio_meth_zlib = 
-        {
-        BIO_TYPE_COMP,
-        "zlib",
-        bio_zlib_write,
-        bio_zlib_read,
-        NULL,
-        NULL,
-        bio_zlib_ctrl,
-        bio_zlib_new,
-        bio_zlib_free,
-        bio_zlib_callback_ctrl
-        };
-BIO_METHOD *BIO_f_zlib(void)
-        {
-        return &bio_meth_zlib;
-        }
-static int bio_zlib_new(BIO *bi)
-        {
-        BIO_ZLIB_CTX *ctx;
-#ifdef ZLIB_SHARED
-        (void)COMP_zlib();
-        if (!zlib_loaded)
-                {
-                COMPerr(COMP_F_BIO_ZLIB_NEW, COMP_R_ZLIB_NOT_SUPPORTED);
-                return 0;
-                }
-#endif
-        ctx = OPENSSL_malloc(sizeof(BIO_ZLIB_CTX));
-        if(!ctx)
-                {
-                COMPerr(COMP_F_BIO_ZLIB_NEW, ERR_R_MALLOC_FAILURE);
-                return 0;
-                }
-        ctx->ibuf = NULL;
-        ctx->obuf = NULL;
-        ctx->ibufsize = ZLIB_DEFAULT_BUFSIZE;
-        ctx->obufsize = ZLIB_DEFAULT_BUFSIZE;
-        ctx->zin.zalloc = Z_NULL;
-        ctx->zin.zfree = Z_NULL;
-        ctx->zin.next_in = NULL;
-        ctx->zin.avail_in = 0;
-        ctx->zin.next_out = NULL;
-        ctx->zin.avail_out = 0;
-        ctx->zout.zalloc = Z_NULL;
-        ctx->zout.zfree = Z_NULL;
-        ctx->zout.next_in = NULL;
-        ctx->zout.avail_in = 0;
-        ctx->zout.next_out = NULL;
-        ctx->zout.avail_out = 0;
-        ctx->odone = 0;
-        ctx->comp_level = Z_DEFAULT_COMPRESSION;
-        bi->init = 1;
-        bi->ptr = (char *)ctx;
-        bi->flags = 0;
-        return 1;
-        }
-static int bio_zlib_free(BIO *bi)
-        {
-        BIO_ZLIB_CTX *ctx;
-        if(!bi) return 0;
-        ctx = (BIO_ZLIB_CTX *)bi->ptr;
-        if(ctx->ibuf)
-                {
-                /* Destroy decompress context */
-                inflateEnd(&ctx->zin);
-                OPENSSL_free(ctx->ibuf);
-                }
-        if(ctx->obuf)
-                {
-                /* Destroy compress context */
-                deflateEnd(&ctx->zout);
-                OPENSSL_free(ctx->obuf);
-                }
-        OPENSSL_free(ctx);
-        bi->ptr = NULL;
-        bi->init = 0;
-        bi->flags = 0;
-        return 1;
-        }
-static int bio_zlib_read(BIO *b, char *out, int outl)
-        {
-        BIO_ZLIB_CTX *ctx;
-        int ret;
-        z_stream *zin;
-        if(!out || !outl) return 0;
-        ctx = (BIO_ZLIB_CTX *)b->ptr;
-        zin = &ctx->zin;
-        BIO_clear_retry_flags(b);
-        if(!ctx->ibuf)
-                {
-                ctx->ibuf = OPENSSL_malloc(ctx->ibufsize);
-                if(!ctx->ibuf)
-                        {
-                        COMPerr(COMP_F_BIO_ZLIB_READ, ERR_R_MALLOC_FAILURE);
-                        return 0;
-                        }
-                inflateInit(zin);
-                zin->next_in = ctx->ibuf;
-                zin->avail_in = 0;
-                }
-        /* Copy output data directly to supplied buffer */
-        zin->next_out = (unsigned char *)out;
-        zin->avail_out = (unsigned int)outl;
-        for(;;)
-                {
-                /* Decompress while data available */
-                while(zin->avail_in)
-                        {
-                        ret = inflate(zin, 0);
-                        if((ret != Z_OK) && (ret != Z_STREAM_END))
-                                {
-                                COMPerr(COMP_F_BIO_ZLIB_READ,
-                                                COMP_R_ZLIB_INFLATE_ERROR);
-                                ERR_add_error_data(2, "zlib error:",
-                                                        zError(ret));
-                                return 0;
-                                }
-                        /* If EOF or we've read everything then return */
-                        if((ret == Z_STREAM_END) || !zin->avail_out)
-                                return outl - zin->avail_out;
-                        }
-                /* No data in input buffer try to read some in,
-                 * if an error then return the total data read.
-                 */
-                ret = BIO_read(b->next_bio, ctx->ibuf, ctx->ibufsize);
-                if(ret <= 0)
-                        {
-                        /* Total data read */
-                        int tot = outl - zin->avail_out;
-                        BIO_copy_next_retry(b);
-                        if(ret < 0) return (tot > 0) ? tot : ret;
-                        return tot;
-                        }
-                zin->avail_in = ret;
-                zin->next_in = ctx->ibuf;
-                }
-        }
-static int bio_zlib_write(BIO *b, const char *in, int inl)
-        {
-        BIO_ZLIB_CTX *ctx;
-        int ret;
-        z_stream *zout;
-        if(!in || !inl) return 0;
-        ctx = (BIO_ZLIB_CTX *)b->ptr;
-        if(ctx->odone) return 0;
-        zout = &ctx->zout;
-        BIO_clear_retry_flags(b);
-        if(!ctx->obuf)
-                {
-                ctx->obuf = OPENSSL_malloc(ctx->obufsize);
-                /* Need error here */
-                if(!ctx->obuf)
-                        {
-                        COMPerr(COMP_F_BIO_ZLIB_WRITE, ERR_R_MALLOC_FAILURE);
-                        return 0;
-                        }
-                ctx->optr = ctx->obuf;
-                ctx->ocount = 0;
-                deflateInit(zout, ctx->comp_level);
-                zout->next_out = ctx->obuf;
-                zout->avail_out = ctx->obufsize;
-                }
-        /* Obtain input data directly from supplied buffer */
-        zout->next_in = (void *)in;
-        zout->avail_in = inl;
-        for(;;)
-                {
-                /* If data in output buffer write it first */
-                while(ctx->ocount) {
-                        ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount);
-                        if(ret <= 0)
-                                {
-                                /* Total data written */
-                                int tot = inl - zout->avail_in;
-                                BIO_copy_next_retry(b);
-                                if(ret < 0) return (tot > 0) ? tot : ret;
-                                return tot;
-                                }
-                        ctx->optr += ret;
-                        ctx->ocount -= ret;
-                }
-                /* Have we consumed all supplied data? */
-                if(!zout->avail_in)
-                        return inl;
-                /* Compress some more */
-                /* Reset buffer */
-                ctx->optr = ctx->obuf;
-                zout->next_out = ctx->obuf;
-                zout->avail_out = ctx->obufsize;
-                /* Compress some more */
-                ret = deflate(zout, 0);
-                if(ret != Z_OK)
-                        {
-                        COMPerr(COMP_F_BIO_ZLIB_WRITE,
-                                                COMP_R_ZLIB_DEFLATE_ERROR);
-                        ERR_add_error_data(2, "zlib error:", zError(ret));
-                        return 0;
-                        }
-                ctx->ocount = ctx->obufsize - zout->avail_out;
-                }
-        }
-static int bio_zlib_flush(BIO *b)
-        {
-        BIO_ZLIB_CTX *ctx;
-        int ret;
-        z_stream *zout;
-        ctx = (BIO_ZLIB_CTX *)b->ptr;
-        /* If no data written or already flush show success */
-        if(!ctx->obuf || (ctx->odone && !ctx->ocount)) return 1;
-        zout = &ctx->zout;
-        BIO_clear_retry_flags(b);
-        /* No more input data */
-        zout->next_in = NULL;
-        zout->avail_in = 0;
-        for(;;)
-                {
-                /* If data in output buffer write it first */
-                while(ctx->ocount)
-                        {
-                        ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount);
-                        if(ret <= 0)
-                                {
-                                BIO_copy_next_retry(b);
-                                return ret;
-                                }
-                        ctx->optr += ret;
-                        ctx->ocount -= ret;
-                        }
-                if(ctx->odone) return 1;
-                /* Compress some more */
-                /* Reset buffer */
-                ctx->optr = ctx->obuf;
-                zout->next_out = ctx->obuf;
-                zout->avail_out = ctx->obufsize;
-                /* Compress some more */
-                ret = deflate(zout, Z_FINISH);
-                if(ret == Z_STREAM_END) ctx->odone = 1;
-                else if(ret != Z_OK)
-                        {
-                        COMPerr(COMP_F_BIO_ZLIB_FLUSH,
-                                                COMP_R_ZLIB_DEFLATE_ERROR);
-                        ERR_add_error_data(2, "zlib error:", zError(ret));
-                        return 0;
-                        }
-                ctx->ocount = ctx->obufsize - zout->avail_out;
-                }
-        }
-static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr)
-        {
-        BIO_ZLIB_CTX *ctx;
-        int ret, *ip;
-        int ibs, obs;
-        if(!b->next_bio) return 0;
-        ctx = (BIO_ZLIB_CTX *)b->ptr;
-        switch (cmd)
-                {
-        case BIO_CTRL_RESET:
-                ctx->ocount = 0;
-                ctx->odone = 0;
-                break;
-        case BIO_CTRL_FLUSH:
-                ret = bio_zlib_flush(b);
-                if (ret > 0)
-                        ret = BIO_flush(b->next_bio);
-                break;
-        case BIO_C_SET_BUFF_SIZE:
-                ibs = -1;
-                obs = -1;
-                if (ptr != NULL)
-                        {
-                        ip = ptr;
-                        if (*ip == 0)
-                                ibs = (int) num;
-                        else 
-                                obs = (int) num;
-                        }
-                else
-                        {
-                        ibs = (int)num;
-                        obs = ibs;
-                        }
-                if (ibs != -1)
-                        {
-                        if (ctx->ibuf)
-                                {
-                                OPENSSL_free(ctx->ibuf);
-                                ctx->ibuf = NULL;
-                                }
-                        ctx->ibufsize = ibs;
-                        }
-                if (obs != -1)
-                        {
-                        if (ctx->obuf)
-                                {
-                                OPENSSL_free(ctx->obuf);
-                                ctx->obuf = NULL;
-                                }
-                        ctx->obufsize = obs;
-                        }
-                break;
-        case BIO_C_DO_STATE_MACHINE:
-                BIO_clear_retry_flags(b);
-                ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
-                BIO_copy_next_retry(b);
-                break;
-        default:
-                ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
-                break;
-                }
-        return ret;
-        }
-static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-        {
-        if(!b->next_bio)
-                return 0;
-        return
-                BIO_callback_ctrl(b->next_bio, cmd, fp);
-        }
-#endif
diff --git a/src/lib/libcrypto/comp/comp.h b/src/lib/libcrypto/comp/comp.h
index 4b405c7d49..ab48b78ae9 100644
--- a/src/lib/libcrypto/comp/comp.h
+++ b/src/lib/libcrypto/comp/comp.h
@@ -8,26 +8,19 @@
 extern "C" {
 #endif
-typedef struct comp_ctx_st COMP_CTX;
 typedef struct comp_method_st
        {
        int type;               /* NID for compression library */
        const char *name;       /* A text string to identify the library */
-        int (*init)(COMP_CTX *ctx);
+        int (*init)();
-        void (*finish)(COMP_CTX *ctx);
+        void (*finish)();
-        int (*compress)(COMP_CTX *ctx,
+        int (*compress)();
-                        unsigned char *out, unsigned int olen,
+        int (*expand)();
-                        unsigned char *in, unsigned int ilen);
+        long (*ctrl)();
-        int (*expand)(COMP_CTX *ctx,
+        long (*callback_ctrl)();
-                      unsigned char *out, unsigned int olen,
-                      unsigned char *in, unsigned int ilen);
-        /* The following two do NOTHING, but are kept for backward compatibility */
-        long (*ctrl)(void);
-        long (*callback_ctrl)(void);
        } COMP_METHOD;
-struct comp_ctx_st
+typedef struct comp_ctx_st
        {
        COMP_METHOD *meth;
        unsigned long compress_in;
@@ -36,7 +29,7 @@ struct comp_ctx_st
        unsigned long expand_out;
        CRYPTO_EX_DATA  ex_data;
-        };
+        } COMP_CTX;
 COMP_CTX *COMP_CTX_new(COMP_METHOD *meth);
@@ -47,13 +40,6 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
        unsigned char *in, int ilen);
 COMP_METHOD *COMP_rle(void );
 COMP_METHOD *COMP_zlib(void );
-void COMP_zlib_cleanup(void);
-#ifdef HEADER_BIO_H
-#ifdef ZLIB
-BIO_METHOD *BIO_f_zlib(void);
-#endif
-#endif
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -64,15 +50,8 @@ void ERR_load_COMP_strings(void);
 /* Error codes for the COMP functions. */
 /* Function codes. */
-#define COMP_F_BIO_ZLIB_FLUSH                            99
-#define COMP_F_BIO_ZLIB_NEW                              100
-#define COMP_F_BIO_ZLIB_READ                             101
-#define COMP_F_BIO_ZLIB_WRITE                            102
 /* Reason codes. */
-#define COMP_R_ZLIB_DEFLATE_ERROR                        99
-#define COMP_R_ZLIB_INFLATE_ERROR                        100
-#define COMP_R_ZLIB_NOT_SUPPORTED                        101
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libcrypto/comp/comp_err.c b/src/lib/libcrypto/comp/comp_err.c
index 187d68b725..1652b8c2c4 100644
--- a/src/lib/libcrypto/comp/comp_err.c
+++ b/src/lib/libcrypto/comp/comp_err.c
@@ -1,6 +1,6 @@
 /* crypto/comp/comp_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -64,24 +64,13 @@
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_COMP,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_COMP,0,reason)
 static ERR_STRING_DATA COMP_str_functs[]=
        {
-{ERR_FUNC(COMP_F_BIO_ZLIB_FLUSH),       "BIO_ZLIB_FLUSH"},
-{ERR_FUNC(COMP_F_BIO_ZLIB_NEW), "BIO_ZLIB_NEW"},
-{ERR_FUNC(COMP_F_BIO_ZLIB_READ),        "BIO_ZLIB_READ"},
-{ERR_FUNC(COMP_F_BIO_ZLIB_WRITE),       "BIO_ZLIB_WRITE"},
 {0,NULL}
        };
 static ERR_STRING_DATA COMP_str_reasons[]=
        {
-{ERR_REASON(COMP_R_ZLIB_DEFLATE_ERROR)   ,"zlib deflate error"},
-{ERR_REASON(COMP_R_ZLIB_INFLATE_ERROR)   ,"zlib inflate error"},
-{ERR_REASON(COMP_R_ZLIB_NOT_SUPPORTED)   ,"zlib not supported"},
 {0,NULL}
        };
@@ -89,12 +78,15 @@ static ERR_STRING_DATA COMP_str_reasons[]=
 void ERR_load_COMP_strings(void)
        {
-#ifndef OPENSSL_NO_ERR
+        static int init=1;
-        if (ERR_func_error_string(COMP_str_functs[0].error) == NULL)
+        if (init)
                {
-                ERR_load_strings(0,COMP_str_functs);
+                init=0;
-                ERR_load_strings(0,COMP_str_reasons);
+#ifndef OPENSSL_NO_ERR
-                }
+                ERR_load_strings(ERR_LIB_COMP,COMP_str_functs);
+                ERR_load_strings(ERR_LIB_COMP,COMP_str_reasons);
 #endif
+                }
        }
diff --git a/src/lib/libcrypto/comp/comp_lib.c b/src/lib/libcrypto/comp/comp_lib.c
index b60ae371e8..beb98ce8cc 100644
--- a/src/lib/libcrypto/comp/comp_lib.c
+++ b/src/lib/libcrypto/comp/comp_lib.c
@@ -20,11 +20,17 @@ COMP_CTX *COMP_CTX_new(COMP_METHOD *meth)
                OPENSSL_free(ret);
                ret=NULL;
                }
+#if 0
+        else
+                CRYPTO_new_ex_data(rsa_meth,(char *)ret,&ret->ex_data);
+#endif
        return(ret);
        }
 void COMP_CTX_free(COMP_CTX *ctx)
        {
+        /* CRYPTO_free_ex_data(rsa_meth,(char *)ctx,&ctx->ex_data); */
        if(ctx == NULL)
            return;
diff --git a/src/lib/libcrypto/conf/Makefile b/src/lib/libcrypto/conf/Makefile
new file mode 100644
index 0000000000..78bb324106
--- /dev/null
+++ b/src/lib/libcrypto/conf/Makefile
@@ -0,0 +1,152 @@
+#
+# OpenSSL/crypto/conf/Makefile
+#
+DIR=    conf
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= conf_err.c conf_lib.c conf_api.c conf_def.c conf_mod.c \
+         conf_mall.c conf_sap.c
+LIBOBJ= conf_err.o conf_lib.o conf_api.o conf_def.o conf_mod.o \
+        conf_mall.o conf_sap.o
+SRC= $(LIBSRC)
+EXHEADER= conf.h conf_api.h
+HEADER= conf_def.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+conf_api.o: ../../e_os.h ../../include/openssl/bio.h
+conf_api.o: ../../include/openssl/conf.h ../../include/openssl/conf_api.h
+conf_api.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+conf_api.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+conf_api.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_api.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+conf_api.o: ../../include/openssl/symhacks.h conf_api.c
+conf_def.o: ../../e_os.h ../../include/openssl/bio.h
+conf_def.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+conf_def.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h
+conf_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+conf_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+conf_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_def.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+conf_def.o: ../../include/openssl/symhacks.h ../cryptlib.h conf_def.c
+conf_def.o: conf_def.h
+conf_err.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
+conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+conf_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+conf_err.o: ../../include/openssl/opensslconf.h
+conf_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+conf_err.o: ../../include/openssl/symhacks.h conf_err.c
+conf_lib.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
+conf_lib.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h
+conf_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+conf_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+conf_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+conf_lib.o: ../../include/openssl/symhacks.h conf_lib.c
+conf_mall.o: ../../e_os.h ../../include/openssl/asn1.h
+conf_mall.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+conf_mall.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+conf_mall.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+conf_mall.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+conf_mall.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+conf_mall.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+conf_mall.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+conf_mall.o: ../../include/openssl/objects.h
+conf_mall.o: ../../include/openssl/opensslconf.h
+conf_mall.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_mall.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+conf_mall.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+conf_mall.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+conf_mall.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_mall.c
+conf_mod.o: ../../e_os.h ../../include/openssl/asn1.h
+conf_mod.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+conf_mod.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+conf_mod.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+conf_mod.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+conf_mod.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+conf_mod.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+conf_mod.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+conf_mod.o: ../../include/openssl/opensslconf.h
+conf_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_mod.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+conf_mod.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+conf_mod.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+conf_mod.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_mod.c
+conf_sap.o: ../../e_os.h ../../include/openssl/asn1.h
+conf_sap.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+conf_sap.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+conf_sap.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+conf_sap.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+conf_sap.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+conf_sap.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+conf_sap.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+conf_sap.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+conf_sap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_sap.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+conf_sap.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+conf_sap.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+conf_sap.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_sap.c
diff --git a/src/lib/libcrypto/conf/Makefile.ssl b/src/lib/libcrypto/conf/Makefile.ssl
new file mode 100644
index 0000000000..c5873bc6e7
--- /dev/null
+++ b/src/lib/libcrypto/conf/Makefile.ssl
@@ -0,0 +1,183 @@
+#
+# SSLeay/crypto/conf/Makefile
+#
+DIR=    conf
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= conf_err.c conf_lib.c conf_api.c conf_def.c conf_mod.c \
+         conf_mall.c conf_sap.c
+LIBOBJ= conf_err.o conf_lib.o conf_api.o conf_def.o conf_mod.o \
+        conf_mall.o conf_sap.o
+SRC= $(LIBSRC)
+EXHEADER= conf.h conf_api.h
+HEADER= conf_def.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+conf_api.o: ../../e_os.h ../../include/openssl/bio.h
+conf_api.o: ../../include/openssl/conf.h ../../include/openssl/conf_api.h
+conf_api.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+conf_api.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+conf_api.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+conf_api.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+conf_api.o: conf_api.c
+conf_def.o: ../../e_os.h ../../include/openssl/bio.h
+conf_def.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+conf_def.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h
+conf_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+conf_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+conf_def.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+conf_def.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+conf_def.o: ../cryptlib.h conf_def.c conf_def.h
+conf_err.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
+conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+conf_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+conf_err.o: ../../include/openssl/opensslconf.h
+conf_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+conf_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+conf_err.o: conf_err.c
+conf_lib.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
+conf_lib.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h
+conf_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+conf_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+conf_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+conf_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+conf_lib.o: conf_lib.c
+conf_mall.o: ../../e_os.h ../../include/openssl/aes.h
+conf_mall.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+conf_mall.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+conf_mall.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+conf_mall.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+conf_mall.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+conf_mall.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+conf_mall.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+conf_mall.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+conf_mall.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+conf_mall.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+conf_mall.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+conf_mall.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+conf_mall.o: ../../include/openssl/objects.h
+conf_mall.o: ../../include/openssl/opensslconf.h
+conf_mall.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_mall.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+conf_mall.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+conf_mall.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+conf_mall.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+conf_mall.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+conf_mall.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+conf_mall.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+conf_mall.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_mall.c
+conf_mod.o: ../../e_os.h ../../include/openssl/aes.h
+conf_mod.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+conf_mod.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+conf_mod.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+conf_mod.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+conf_mod.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+conf_mod.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+conf_mod.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+conf_mod.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+conf_mod.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+conf_mod.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+conf_mod.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+conf_mod.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+conf_mod.o: ../../include/openssl/opensslconf.h
+conf_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_mod.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+conf_mod.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+conf_mod.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+conf_mod.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+conf_mod.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+conf_mod.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+conf_mod.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+conf_mod.o: ../cryptlib.h conf_mod.c
+conf_sap.o: ../../e_os.h ../../include/openssl/aes.h
+conf_sap.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+conf_sap.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+conf_sap.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+conf_sap.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+conf_sap.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+conf_sap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+conf_sap.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+conf_sap.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+conf_sap.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+conf_sap.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+conf_sap.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+conf_sap.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+conf_sap.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+conf_sap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_sap.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+conf_sap.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+conf_sap.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+conf_sap.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+conf_sap.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+conf_sap.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+conf_sap.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+conf_sap.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_sap.c
diff --git a/src/lib/libcrypto/conf/cnf_save.c b/src/lib/libcrypto/conf/cnf_save.c
new file mode 100644
index 0000000000..1439487526
--- /dev/null
+++ b/src/lib/libcrypto/conf/cnf_save.c
@@ -0,0 +1,106 @@
+/* crypto/conf/cnf_save.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <openssl/conf.h>
+static void print_conf(CONF_VALUE *cv);
+static IMPLEMENT_LHASH_DOALL_FN(print_conf, CONF_VALUE *);
+main()
+        {
+        LHASH *conf;
+        long l;
+        conf=CONF_load(NULL,"../../apps/openssl.cnf",&l);
+        if (conf == NULL)
+                {
+                fprintf(stderr,"error loading config, line %ld\n",l);
+                exit(1);
+                }
+        lh_doall(conf,LHASH_DOALL_FN(print_conf));
+        }
+static void print_conf(CONF_VALUE *cv)
+        {
+        int i;
+        CONF_VALUE *v;
+        char *section;
+        char *name;
+        char *value;
+        STACK *s;
+        /* If it is a single entry, return */
+        if (cv->name != NULL) return;
+        printf("[ %s ]\n",cv->section);
+        s=(STACK *)cv->value;
+        for (i=0; i<sk_num(s); i++)
+                {
+                v=(CONF_VALUE *)sk_value(s,i);
+                section=(v->section == NULL)?"None":v->section;
+                name=(v->name == NULL)?"None":v->name;
+                value=(v->value == NULL)?"None":v->value;
+                printf("%s=%s\n",name,value);
+                }
+        printf("\n");
+        }
diff --git a/src/lib/libcrypto/conf/conf.h b/src/lib/libcrypto/conf/conf.h
index 8aa06bc5ec..f4671442ab 100644
--- a/src/lib/libcrypto/conf/conf.h
+++ b/src/lib/libcrypto/conf/conf.h
@@ -65,8 +65,6 @@
 #include <openssl/safestack.h>
 #include <openssl/e_os2.h>
-#include <openssl/ossl_typ.h>
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -83,6 +81,7 @@ DECLARE_STACK_OF(CONF_MODULE)
 DECLARE_STACK_OF(CONF_IMODULE)
 struct conf_st;
+typedef struct conf_st CONF;
 struct conf_method_st;
 typedef struct conf_method_st CONF_METHOD;
@@ -114,7 +113,6 @@ typedef void conf_finish_func(CONF_IMODULE *md);
 #define CONF_MFLAGS_SILENT              0x4
 #define CONF_MFLAGS_NO_DSO              0x8
 #define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10
-#define CONF_MFLAGS_DEFAULT_SECTION     0x20
 int CONF_set_default_method(CONF_METHOD *meth);
 void CONF_set_nconf(CONF *conf,LHASH *hash);
@@ -214,8 +212,6 @@ void ERR_load_CONF_strings(void);
 #define CONF_F_CONF_LOAD_BIO                             102
 #define CONF_F_CONF_LOAD_FP                              103
 #define CONF_F_CONF_MODULES_LOAD                         116
-#define CONF_F_DEF_LOAD                                  120
-#define CONF_F_DEF_LOAD_BIO                              121
 #define CONF_F_MODULE_INIT                               115
 #define CONF_F_MODULE_LOAD_DSO                           117
 #define CONF_F_MODULE_RUN                                118
diff --git a/src/lib/libcrypto/conf/conf_api.c b/src/lib/libcrypto/conf/conf_api.c
index 909d72b4b8..0032baa711 100644
--- a/src/lib/libcrypto/conf/conf_api.c
+++ b/src/lib/libcrypto/conf/conf_api.c
@@ -121,7 +121,7 @@ int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value)
        v = (CONF_VALUE *)lh_insert(conf->data, value);
        if (v != NULL)
                {
-                (void)sk_CONF_VALUE_delete_ptr(ts,v);
+                sk_CONF_VALUE_delete_ptr(ts,v);
                OPENSSL_free(v->name);
                OPENSSL_free(v->value);
                OPENSSL_free(v);
diff --git a/src/lib/libcrypto/conf/conf_def.c b/src/lib/libcrypto/conf/conf_def.c
index d8bce8732a..2464f8ed90 100644
--- a/src/lib/libcrypto/conf/conf_def.c
+++ b/src/lib/libcrypto/conf/conf_def.c
@@ -60,7 +60,6 @@
 #include <stdio.h>
 #include <string.h>
-#include "cryptlib.h"
 #include <openssl/stack.h>
 #include <openssl/lhash.h>
 #include <openssl/conf.h>
@@ -68,6 +67,7 @@
 #include "conf_def.h"
 #include <openssl/buffer.h>
 #include <openssl/err.h>
+#include "cryptlib.h"
 static char *eat_ws(CONF *conf, char *p);
 static char *eat_alpha_numeric(CONF *conf, char *p);
@@ -88,7 +88,7 @@ static int def_dump(const CONF *conf, BIO *bp);
 static int def_is_number(const CONF *conf, char c);
 static int def_to_int(const CONF *conf, char c);
-const char CONF_def_version[]="CONF_def" OPENSSL_VERSION_PTEXT;
+const char *CONF_def_version="CONF_def" OPENSSL_VERSION_PTEXT;
 static CONF_METHOD default_method = {
        "OpenSSL default",
@@ -194,9 +194,9 @@ static int def_load(CONF *conf, const char *name, long *line)
        if (in == NULL)
                {
                if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE)
-                        CONFerr(CONF_F_DEF_LOAD,CONF_R_NO_SUCH_FILE);
+                        CONFerr(CONF_F_CONF_LOAD,CONF_R_NO_SUCH_FILE);
                else
-                        CONFerr(CONF_F_DEF_LOAD,ERR_R_SYS_LIB);
+                        CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
                return 0;
                }
@@ -225,28 +225,28 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
        if ((buff=BUF_MEM_new()) == NULL)
                {
-                CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_BUF_LIB);
+                CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
                goto err;
                }
        section=(char *)OPENSSL_malloc(10);
        if (section == NULL)
                {
-                CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
+                CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
                goto err;
                }
        BUF_strlcpy(section,"default",10);
        if (_CONF_new_data(conf) == 0)
                {
-                CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
+                CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
                goto err;
                }
        sv=_CONF_new_section(conf,section);
        if (sv == NULL)
                {
-                CONFerr(CONF_F_DEF_LOAD_BIO,
+                CONFerr(CONF_F_CONF_LOAD_BIO,
                                        CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
                goto err;
                }
@@ -258,7 +258,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
                {
                if (!BUF_MEM_grow(buff,bufnum+CONFBUFSIZE))
                        {
-                        CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_BUF_LIB);
+                        CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
                        goto err;
                        }
                p= &(buff->data[bufnum]);
@@ -329,7 +329,7 @@ again:
                                        ss=p;
                                        goto again;
                                        }
-                                CONFerr(CONF_F_DEF_LOAD_BIO,
+                                CONFerr(CONF_F_CONF_LOAD_BIO,
                                        CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
                                goto err;
                                }
@@ -339,7 +339,7 @@ again:
                                sv=_CONF_new_section(conf,section);
                        if (sv == NULL)
                                {
-                                CONFerr(CONF_F_DEF_LOAD_BIO,
+                                CONFerr(CONF_F_CONF_LOAD_BIO,
                                        CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
                                goto err;
                                }
@@ -362,7 +362,7 @@ again:
                        p=eat_ws(conf, end);
                        if (*p != '=')
                                {
-                                CONFerr(CONF_F_DEF_LOAD_BIO,
+                                CONFerr(CONF_F_CONF_LOAD_BIO,
                                                CONF_R_MISSING_EQUAL_SIGN);
                                goto err;
                                }
@@ -379,7 +379,7 @@ again:
                        if (!(v=(CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))))
                                {
-                                CONFerr(CONF_F_DEF_LOAD_BIO,
+                                CONFerr(CONF_F_CONF_LOAD_BIO,
                                                        ERR_R_MALLOC_FAILURE);
                                goto err;
                                }
@@ -388,7 +388,7 @@ again:
                        v->value=NULL;
                        if (v->name == NULL)
                                {
-                                CONFerr(CONF_F_DEF_LOAD_BIO,
+                                CONFerr(CONF_F_CONF_LOAD_BIO,
                                                        ERR_R_MALLOC_FAILURE);
                                goto err;
                                }
@@ -402,7 +402,7 @@ again:
                                        tv=_CONF_new_section(conf,psection);
                                if (tv == NULL)
                                        {
-                                        CONFerr(CONF_F_DEF_LOAD_BIO,
+                                        CONFerr(CONF_F_CONF_LOAD_BIO,
                                           CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
                                        goto err;
                                        }
@@ -416,7 +416,7 @@ again:
 #if 1
                        if (_CONF_add_string(conf, tv, v) == 0)
                                {
-                                CONFerr(CONF_F_DEF_LOAD_BIO,
+                                CONFerr(CONF_F_CONF_LOAD_BIO,
                                                        ERR_R_MALLOC_FAILURE);
                                goto err;
                                }
@@ -424,7 +424,7 @@ again:
                        v->section=tv->section; 
                        if (!sk_CONF_VALUE_push(ts,v))
                                {
-                                CONFerr(CONF_F_DEF_LOAD_BIO,
+                                CONFerr(CONF_F_CONF_LOAD_BIO,
                                                        ERR_R_MALLOC_FAILURE);
                                goto err;
                                }
@@ -629,7 +629,7 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from)
                                CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE);
                                goto err;
                                }
-                        BUF_MEM_grow_clean(buf,(strlen(p)+buf->length-(e-from)));
+                        BUF_MEM_grow_clean(buf,(strlen(p)+len-(e-from)));
                        while (*p)
                                buf->data[to++]= *(p++);
diff --git a/src/lib/libcrypto/conf/conf_err.c b/src/lib/libcrypto/conf/conf_err.c
index a16a5e0bd4..f5e2ca4bf0 100644
--- a/src/lib/libcrypto/conf/conf_err.c
+++ b/src/lib/libcrypto/conf/conf_err.c
@@ -75,8 +75,6 @@ static ERR_STRING_DATA CONF_str_functs[]=
 {ERR_FUNC(CONF_F_CONF_LOAD_BIO),        "CONF_load_bio"},
 {ERR_FUNC(CONF_F_CONF_LOAD_FP), "CONF_load_fp"},
 {ERR_FUNC(CONF_F_CONF_MODULES_LOAD),    "CONF_modules_load"},
-{ERR_FUNC(CONF_F_DEF_LOAD),     "DEF_LOAD"},
-{ERR_FUNC(CONF_F_DEF_LOAD_BIO), "DEF_LOAD_BIO"},
 {ERR_FUNC(CONF_F_MODULE_INIT),  "MODULE_INIT"},
 {ERR_FUNC(CONF_F_MODULE_LOAD_DSO),      "MODULE_LOAD_DSO"},
 {ERR_FUNC(CONF_F_MODULE_RUN),   "MODULE_RUN"},
@@ -118,12 +116,15 @@ static ERR_STRING_DATA CONF_str_reasons[]=
 void ERR_load_CONF_strings(void)
        {
-#ifndef OPENSSL_NO_ERR
+        static int init=1;
-        if (ERR_func_error_string(CONF_str_functs[0].error) == NULL)
+        if (init)
                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
                ERR_load_strings(0,CONF_str_functs);
                ERR_load_strings(0,CONF_str_reasons);
-                }
 #endif
+                }
        }
diff --git a/src/lib/libcrypto/conf/conf_lib.c b/src/lib/libcrypto/conf/conf_lib.c
index 2a3399d269..6a3cf109dd 100644
--- a/src/lib/libcrypto/conf/conf_lib.c
+++ b/src/lib/libcrypto/conf/conf_lib.c
@@ -63,7 +63,7 @@
 #include <openssl/conf_api.h>
 #include <openssl/lhash.h>
-const char CONF_version[]="CONF" OPENSSL_VERSION_PTEXT;
+const char *CONF_version="CONF" OPENSSL_VERSION_PTEXT;
 static CONF_METHOD *default_CONF_method=NULL;
@@ -184,7 +184,7 @@ long CONF_get_number(LHASH *conf,const char *group,const char *name)
        if (status == 0)
                {
                /* This function does not believe in errors... */
-                ERR_clear_error();
+                ERR_get_error();
                }
        return result;
        }
diff --git a/src/lib/libcrypto/conf/conf_mod.c b/src/lib/libcrypto/conf/conf_mod.c
index 628e8333a6..812e60dc70 100644
--- a/src/lib/libcrypto/conf/conf_mod.c
+++ b/src/lib/libcrypto/conf/conf_mod.c
@@ -126,18 +126,17 @@ int CONF_modules_load(const CONF *cnf, const char *appname,
        {
        STACK_OF(CONF_VALUE) *values;
        CONF_VALUE *vl;
-        char *vsection = NULL;
+        char *vsection;
        int ret, i;
        if (!cnf)
                return 1;
-        if (appname)
+        if (appname == NULL)
-                vsection = NCONF_get_string(cnf, NULL, appname);
+                appname = "openssl_conf";
-        if (!appname || (!vsection && (flags & CONF_MFLAGS_DEFAULT_SECTION)))
+        vsection = NCONF_get_string(cnf, NULL, appname); 
-                vsection = NCONF_get_string(cnf, NULL, "openssl_conf");
        if (!vsection)
                {
@@ -232,7 +231,7 @@ static int module_run(const CONF *cnf, char *name, char *value,
                if (!(flags & CONF_MFLAGS_SILENT))
                        {
                        char rcode[DECIMAL_SIZE(ret)+1];
-                        CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR);
+                        CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR);
                        BIO_snprintf(rcode, sizeof rcode, "%-8d", ret);
                        ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);
                        }
@@ -255,7 +254,7 @@ static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
        path = NCONF_get_string(cnf, value, "path");
        if (!path)
                {
-                ERR_clear_error();
+                ERR_get_error();
                path = name;
                }
        dso = DSO_load(NULL, path, NULL, 0);
@@ -432,7 +431,7 @@ void CONF_modules_unload(int all)
                if (((md->links > 0) || !md->dso) && !all)
                        continue;
                /* Since we're working in reverse this is OK */
-                (void)sk_CONF_MODULE_delete(supported_modules, i);
+                sk_CONF_MODULE_delete(supported_modules, i);
                module_free(md);
                }
        if (sk_CONF_MODULE_num(supported_modules) == 0)
@@ -588,7 +587,7 @@ int CONF_parse_list(const char *list_, int sep, int nospc,
                {
                if (nospc)
                        {
-                        while(*lstart && isspace((unsigned char)*lstart))
+                        while(isspace((unsigned char)*lstart))
                                lstart++;
                        }
                p = strchr(lstart, sep);
diff --git a/src/lib/libcrypto/conf/conf_sap.c b/src/lib/libcrypto/conf/conf_sap.c
index 9c53bac1a8..e15c2e5546 100644
--- a/src/lib/libcrypto/conf/conf_sap.c
+++ b/src/lib/libcrypto/conf/conf_sap.c
@@ -88,8 +88,8 @@ void OPENSSL_config(const char *config_name)
        ERR_clear_error();
-        if (CONF_modules_load_file(NULL, config_name,
+        if (CONF_modules_load_file(NULL, NULL,
-        CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0)
+                                        CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0)
                {
                BIO *bio_err;
                ERR_load_crypto_strings();
diff --git a/src/lib/libcrypto/conf/test.c b/src/lib/libcrypto/conf/test.c
new file mode 100644
index 0000000000..7fab85053e
--- /dev/null
+++ b/src/lib/libcrypto/conf/test.c
@@ -0,0 +1,98 @@
+/* crypto/conf/test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/conf.h>
+#include <openssl/err.h>
+main()
+        {
+        LHASH *conf;
+        long eline;
+        char *s,*s2;
+#ifdef USE_WIN32
+        CONF_set_default_method(CONF_WIN32);
+#endif
+        conf=CONF_load(NULL,"ssleay.cnf",&eline);
+        if (conf == NULL)
+                {
+                ERR_load_crypto_strings();
+                printf("unable to load configuration, line %ld\n",eline);
+                ERR_print_errors_fp(stderr);
+                exit(1);
+                }
+        lh_stats(conf,stdout);
+        lh_node_stats(conf,stdout);
+        lh_node_usage_stats(conf,stdout);
+        s=CONF_get_string(conf,NULL,"init2");
+        printf("init2=%s\n",(s == NULL)?"NULL":s);
+        s=CONF_get_string(conf,NULL,"cipher1");
+        printf("cipher1=%s\n",(s == NULL)?"NULL":s);
+        s=CONF_get_string(conf,"s_client","cipher1");
+        printf("s_client:cipher1=%s\n",(s == NULL)?"NULL":s);
+        printf("---------------------------- DUMP ------------------------\n");
+        CONF_dump_fp(conf, stdout);
+        exit(0);
+        }
diff --git a/src/lib/libcrypto/cpt_err.c b/src/lib/libcrypto/cpt_err.c
index 9fd41fff8c..06a6109cce 100644
--- a/src/lib/libcrypto/cpt_err.c
+++ b/src/lib/libcrypto/cpt_err.c
@@ -92,12 +92,15 @@ static ERR_STRING_DATA CRYPTO_str_reasons[]=
 void ERR_load_CRYPTO_strings(void)
        {
-#ifndef OPENSSL_NO_ERR
+        static int init=1;
-        if (ERR_func_error_string(CRYPTO_str_functs[0].error) == NULL)
+        if (init)
                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
                ERR_load_strings(0,CRYPTO_str_functs);
                ERR_load_strings(0,CRYPTO_str_reasons);
-                }
 #endif
+                }
        }
diff --git a/src/lib/libcrypto/cryptlib.c b/src/lib/libcrypto/cryptlib.c
index 8c68623828..e63bbe8dba 100644
--- a/src/lib/libcrypto/cryptlib.c
+++ b/src/lib/libcrypto/cryptlib.c
@@ -1,57 +1,4 @@
 /* crypto/cryptlib.c */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -108,13 +55,11 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
+#include <stdio.h>
+#include <string.h>
 #include "cryptlib.h"
+#include <openssl/crypto.h>
 #include <openssl/safestack.h>
 #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
@@ -125,7 +70,7 @@ DECLARE_STACK_OF(CRYPTO_dynlock)
 IMPLEMENT_STACK_OF(CRYPTO_dynlock)
 /* real #defines in crypto.h, keep these upto date */
-static const char* const lock_names[CRYPTO_NUM_LOCKS] =
+static const char* lock_names[CRYPTO_NUM_LOCKS] =
        {
        "<<ERROR>>",
        "err",
@@ -159,14 +104,10 @@ static const char* const lock_names[CRYPTO_NUM_LOCKS] =
        "dynlock",
        "engine",
        "ui",
-        "ecdsa",
+        "hwcrhk",               /* This is a HACK which will disappear in 0.9.8 */
-        "ec",
+        "fips",
-        "ecdh",
+        "fips2",
-        "bn",
+#if CRYPTO_NUM_LOCKS != 35
-        "ec_pre_comp",
-        "store",
-        "comp",
-#if CRYPTO_NUM_LOCKS != 39
 # error "Inconsistency between crypto.h and cryptlib.c"
 #endif
        };
@@ -277,7 +218,7 @@ int CRYPTO_get_new_dynlockid(void)
        else
                /* If we found a place with a NULL pointer, put our pointer
                   in it.  */
-                (void)sk_CRYPTO_dynlock_set(dyn_locks,i,pointer);
+                sk_CRYPTO_dynlock_set(dyn_locks,i,pointer);
        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
        if (i == -1)
@@ -319,7 +260,7 @@ void CRYPTO_destroy_dynlockid(int i)
 #endif
                        if (pointer->references <= 0)
                                {
-                                (void)sk_CRYPTO_dynlock_set(dyn_locks, i, NULL);
+                                sk_CRYPTO_dynlock_set(dyn_locks, i, NULL);
                                }
                        else
                                pointer = NULL;
@@ -539,48 +480,9 @@ const char *CRYPTO_get_lock_name(int type)
                return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
        }
-#if     defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
+int OPENSSL_NONPIC_relocated=0;
-        defined(__INTEL__) || \
-        defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64)
-unsigned long  OPENSSL_ia32cap_P=0;
-unsigned long *OPENSSL_ia32cap_loc(void) { return &OPENSSL_ia32cap_P; }
-#if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
-#define OPENSSL_CPUID_SETUP
-void OPENSSL_cpuid_setup(void)
-{ static int trigger=0;
-  unsigned long OPENSSL_ia32_cpuid(void);
-  char *env;
-    if (trigger)        return;
+#if defined(_WIN32) && defined(_WINDLL)
-    trigger=1;
-    if ((env=getenv("OPENSSL_ia32cap")))
-        OPENSSL_ia32cap_P = strtoul(env,NULL,0)|(1<<10);
-    else
-        OPENSSL_ia32cap_P = OPENSSL_ia32_cpuid()|(1<<10);
-    /*
-     * |(1<<10) sets a reserved bit to signal that variable
-     * was initialized already... This is to avoid interference
-     * with cpuid snippets in ELF .init segment.
-     */
-}
-#endif
-#else
-unsigned long *OPENSSL_ia32cap_loc(void) { return NULL; }
-#endif
-int OPENSSL_NONPIC_relocated = 0;
-#if !defined(OPENSSL_CPUID_SETUP)
-void OPENSSL_cpuid_setup(void) {}
-#endif
-#if (defined(_WIN32) || defined(__CYGWIN__)) && defined(_WINDLL)
-#ifdef __CYGWIN__
-/* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */
-#include <windows.h>
-#endif
 /* All we really need to do is remove the 'error' state when a thread
 * detaches */
@@ -591,7 +493,6 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,
        switch(fdwReason)
                {
        case DLL_PROCESS_ATTACH:
-                OPENSSL_cpuid_setup();
 #if defined(_WIN32_WINNT)
                {
                IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *)hinstDLL;
@@ -620,11 +521,11 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,
        }
 #endif
-#if defined(_WIN32) && !defined(__CYGWIN__)
+#if defined(_WIN32)
 #include <tchar.h>
 #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
-int OPENSSL_isservice(void)
+static int IsService(void)
 { HWINSTA h;
  DWORD len;
  WCHAR *name;
@@ -661,15 +562,12 @@ int OPENSSL_isservice(void)
 #endif
    else                                return 0;
 }
-#else
-int OPENSSL_isservice(void) { return 0; }
 #endif
 void OPENSSL_showfatal (const char *fmta,...)
 { va_list ap;
  TCHAR buf[256];
  const TCHAR *fmt;
-#ifdef STD_ERROR_HANDLE /* what a dirty trick! */
  HANDLE h;
    if ((h=GetStdHandle(STD_ERROR_HANDLE)) != NULL &&
@@ -680,7 +578,6 @@ void OPENSSL_showfatal (const char *fmta,...)
        va_end (ap);
        return;
    }
-#endif
    if (sizeof(TCHAR)==sizeof(char))
        fmt=(const TCHAR *)fmta;
@@ -726,7 +623,7 @@ void OPENSSL_showfatal (const char *fmta,...)
 #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
    /* this -------------v--- guards NT-specific calls */
-    if (GetVersion() < 0x80000000 && OPENSSL_isservice())
+    if (GetVersion() < 0x80000000 && IsService())
    {   HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
        const TCHAR *pmsg=buf;
        ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);
@@ -734,7 +631,21 @@ void OPENSSL_showfatal (const char *fmta,...)
    }
    else
 #endif
-        MessageBox (NULL,buf,_T("OpenSSL: FATAL"),MB_OK|MB_ICONSTOP);
+    {   MSGBOXPARAMS         m;
+        m.cbSize             = sizeof(m);
+        m.hwndOwner          = NULL;
+        m.lpszCaption        = _T("OpenSSL: FATAL");
+        m.dwStyle            = MB_OK;
+        m.hInstance          = NULL;
+        m.lpszIcon           = IDI_ERROR;
+        m.dwContextHelpId    = 0;
+        m.lpfnMsgBoxCallback = NULL;
+        m.dwLanguageId       = MAKELANGID(LANG_ENGLISH,SUBLANG_ENGLISH_US);
+        m.lpszText           = buf;
+        MessageBoxIndirect (&m);
+    }
 }
 #else
 void OPENSSL_showfatal (const char *fmta,...)
@@ -744,7 +655,6 @@ void OPENSSL_showfatal (const char *fmta,...)
    vfprintf (stderr,fmta,ap);
    va_end (ap);
 }
-int OPENSSL_isservice (void) { return 0; }
 #endif
 void OpenSSLDie(const char *file,int line,const char *assertion)
@@ -756,3 +666,79 @@ void OpenSSLDie(const char *file,int line,const char *assertion)
        }
 void *OPENSSL_stderr(void)      { return stderr; }
+#ifdef OPENSSL_FIPS
+void fips_w_lock(void)          { CRYPTO_w_lock(CRYPTO_LOCK_FIPS); }
+void fips_w_unlock(void)        { CRYPTO_w_unlock(CRYPTO_LOCK_FIPS); }
+void fips_r_lock(void)          { CRYPTO_r_lock(CRYPTO_LOCK_FIPS); }
+void fips_r_unlock(void)        { CRYPTO_r_unlock(CRYPTO_LOCK_FIPS); }
+static int fips_started = 0;
+static unsigned long fips_thread = 0;
+void fips_set_started(void)
+        {
+        fips_started = 1;
+        }
+int fips_is_started(void)
+        {
+        return fips_started;
+        }
+int fips_is_owning_thread(void)
+        {
+        int ret = 0;
+        if (fips_is_started())
+                {
+                CRYPTO_r_lock(CRYPTO_LOCK_FIPS2);
+                if (fips_thread != 0 && fips_thread == CRYPTO_thread_id())
+                        ret = 1;
+                CRYPTO_r_unlock(CRYPTO_LOCK_FIPS2);
+                }
+        return ret;
+        }
+int fips_set_owning_thread(void)
+        {
+        int ret = 0;
+        if (fips_is_started())
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
+                if (fips_thread == 0)
+                        {
+                        fips_thread = CRYPTO_thread_id();
+                        ret = 1;
+                        }
+                CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
+                }
+        return ret;
+        }
+int fips_clear_owning_thread(void)
+        {
+        int ret = 0;
+        if (fips_is_started())
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
+                if (fips_thread == CRYPTO_thread_id())
+                        {
+                        fips_thread = 0;
+                        ret = 1;
+                        }
+                CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
+                }
+        return ret;
+        }
+unsigned char *fips_signature_witness(void)
+        {
+        extern unsigned char FIPS_signature[];
+        return FIPS_signature;
+        }
+#endif /* OPENSSL_FIPS */
diff --git a/src/lib/libcrypto/cryptlib.h b/src/lib/libcrypto/cryptlib.h
index 5ceaa964b5..6f59e08ca6 100644
--- a/src/lib/libcrypto/cryptlib.h
+++ b/src/lib/libcrypto/cryptlib.h
@@ -64,11 +64,6 @@
 #include "e_os.h"
-#ifdef OPENSSL_USE_APPLINK
-#define BIO_FLAGS_UPLINK 0x8000
-#include "ms/uplink.h"
-#endif
 #include <openssl/crypto.h>
 #include <openssl/buffer.h> 
 #include <openssl/bio.h> 
@@ -98,12 +93,9 @@ extern "C" {
 #define DECIMAL_SIZE(type)      ((sizeof(type)*8+2)/3+1)
 #define HEX_SIZE(type)          (sizeof(type)*2)
-void OPENSSL_cpuid_setup(void);
-extern unsigned long OPENSSL_ia32cap_P;
 void OPENSSL_showfatal(const char *,...);
 void *OPENSSL_stderr(void);
 extern int OPENSSL_NONPIC_relocated;
-int OPENSSL_isservice(void);
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libcrypto/crypto-lib.com b/src/lib/libcrypto/crypto-lib.com
new file mode 100644
index 0000000000..427c321f25
--- /dev/null
+++ b/src/lib/libcrypto/crypto-lib.com
@@ -0,0 +1,1299 @@
+$!
+$!  CRYPTO-LIB.COM
+$!  Written By:  Robert Byer
+$!               Vice-President
+$!               A-Com Computing, Inc.
+$!               byer@mail.all-net.net
+$!
+$!  Changes by Richard Levitte <richard@levitte.org>
+$!
+$!  This command files compiles and creates the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" 
+$!  library for OpenSSL.  The "xxx" denotes the machine architecture of AXP
+$!  or VAX.
+$!
+$!  It was re-written so it would try to determine what "C" compiler to use 
+$!  or you can specify which "C" compiler to use.
+$!
+$!  Specify the following as P1 to build just that part or ALL to just
+$!  build everything.
+$!
+$!              LIBRARY    To just compile the [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library.
+$!              APPS       To just compile the [.xxx.EXE.CRYPTO]*.EXE
+$!              ALL        To do both LIBRARY and APPS
+$!
+$!  Specify DEBUG or NODEBUG as P2 to compile with or without debugger
+$!  information.
+$!
+$!  Specify which compiler at P3 to try to compile under.
+$!
+$!         VAXC  For VAX C.
+$!         DECC  For DEC C.
+$!         GNUC  For GNU C.
+$!
+$!  If you don't speficy a compiler, it will try to determine which
+$!  "C" compiler to use.
+$!
+$!  P4, if defined, sets a TCP/IP library to use, through one of the following
+$!  keywords:
+$!
+$!      UCX             for UCX
+$!      TCPIP           for TCPIP (post UCX)
+$!      SOCKETSHR       for SOCKETSHR+NETLIB
+$!
+$!  P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
+$!
+$!  P6, if defined, sets a choice of crypto methods to compile.
+$!  WARNING: this should only be done to recompile some part of an already
+$!  fully compiled library.
+$!
+$!
+$! Define A TCP/IP Library That We Will Need To Link To.
+$! (That Is, If We Need To Link To One.)
+$!
+$ TCPIP_LIB = ""
+$!
+$! Check Which Architecture We Are Using.
+$!
+$ IF (F$GETSYI("CPU").GE.128)
+$ THEN
+$!
+$!  The Architecture Is AXP
+$!
+$   ARCH := AXP
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  The Architecture Is VAX.
+$!
+$   ARCH := VAX
+$!
+$! End The Architecture Check.
+$!
+$ ENDIF
+$!
+$! Define The Different Encryption Types.
+$!
+$ ENCRYPT_TYPES = "Basic,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ -
+                  "DES,RC2,RC4,RC5,IDEA,BF,CAST,"+ -
+                  "BN,EC,RSA,DSA,DH,DSO,ENGINE,AES,"+ -
+                  "BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,"+ -
+                  "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
+                  "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5"
+$!
+$! Check To Make Sure We Have Valid Command Line Parameters.
+$!
+$ GOSUB CHECK_OPTIONS
+$!
+$! Initialise logical names and such
+$!
+$ GOSUB INITIALISE
+$!
+$! Tell The User What Kind of Machine We Run On.
+$!
+$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
+$!
+$! Define The OBJ Directory.
+$!
+$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.CRYPTO]
+$!
+$! Check To See If The Architecture Specific OBJ Directory Exists.
+$!
+$ IF (F$PARSE(OBJ_DIR).EQS."")
+$ THEN
+$!
+$!  It Dosen't Exist, So Create It.
+$!
+$   CREATE/DIR 'OBJ_DIR'
+$!
+$! End The Architecture Specific OBJ Directory Check.
+$!
+$ ENDIF
+$!
+$! Define The EXE Directory.
+$!
+$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]
+$!
+$! Check To See If The Architecture Specific Directory Exists.
+$!
+$ IF (F$PARSE(EXE_DIR).EQS."")
+$ THEN
+$!
+$!  It Dosen't Exist, So Create It.
+$!
+$   CREATE/DIRECTORY 'EXE_DIR'
+$!
+$! End The Architecture Specific Directory Check.
+$!
+$ ENDIF
+$!
+$! Define The Library Name.
+$!
+$ LIB_NAME := 'EXE_DIR'LIBCRYPTO.OLB
+$!
+$! Define The CRYPTO-LIB We Are To Use.
+$!
+$ CRYPTO_LIB := 'EXE_DIR'LIBCRYPTO.OLB
+$!
+$! Check To See If We Already Have A "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" Library...
+$!
+$ IF (F$SEARCH(LIB_NAME).EQS."")
+$ THEN
+$!
+$! Guess Not, Create The Library.
+$!
+$   LIBRARY/CREATE/OBJECT 'LIB_NAME'
+$!
+$! End The Library Check.
+$!
+$ ENDIF
+$!
+$! Build our options file for the application
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Define The Different Encryption "library" Strings.
+$!
+$ APPS_DES = "DES/DES,CBC3_ENC"
+$ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE"
+$
+$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time,o_str"
+$ LIB_MD2 = "md2_dgst,md2_one"
+$ LIB_MD4 = "md4_dgst,md4_one"
+$ LIB_MD5 = "md5_dgst,md5_one"
+$ LIB_SHA = "sha_dgst,sha1dgst,sha_one,sha1_one"
+$ LIB_MDC2 = "mdc2dgst,mdc2_one"
+$ LIB_HMAC = "hmac"
+$ LIB_RIPEMD = "rmd_dgst,rmd_one"
+$ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ -
+        "ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ -
+        "enc_read,enc_writ,ofb64enc,"+ -
+        "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ -
+        "des_enc,fcrypt_b,"+ -
+        "fcrypt,xcbc_enc,rpc_enc,cbc_cksm,"+ -
+        "ede_cbcm_enc,des_old,des_old2,read2pwd"
+$ LIB_RC2 = "rc2_ecb,rc2_skey,rc2_cbc,rc2cfb64,rc2ofb64"
+$ LIB_RC4 = "rc4_skey,rc4_enc"
+$ LIB_RC5 = "rc5_skey,rc5_ecb,rc5_enc,rc5cfb64,rc5ofb64"
+$ LIB_IDEA = "i_cbc,i_cfb64,i_ofb64,i_ecb,i_skey"
+$ LIB_BF = "bf_skey,bf_ecb,bf_enc,bf_cfb64,bf_ofb64"
+$ LIB_CAST = "c_skey,c_ecb,c_enc,c_cfb64,c_ofb64"
+$ LIB_BN_ASM = "[.asm]vms.mar,vms-helper"
+$ IF F$TRNLNM("OPENSSL_NO_ASM").OR.ARCH.EQS."AXP" THEN LIB_BN_ASM = "bn_asm"
+$ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ -
+        "bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ -
+        "bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ -
+        "bn_recp,bn_mont,bn_mpi,bn_exp2,bn_x931p"
+$ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ -
+        "rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null,"+ -
+        "rsa_pss,rsa_x931,rsa_asn1"
+$ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_recp,ecp_nist,ec_cvt,ec_mult,"+ -
+        "ec_err"
+$ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,dsa_err,dsa_ossl"
+$ LIB_DH = "dh_asn1,dh_gen,dh_key,dh_lib,dh_check,dh_err"
+$ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ -
+        "dso_openssl,dso_win32,dso_vms"
+$ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ -
+        "eng_table,eng_pkey,eng_fat,eng_all,"+ -
+        "tb_rsa,tb_dsa,tb_dh,tb_rand,tb_cipher,tb_digest,"+ -
+        "eng_openssl,eng_dyn,eng_cnf,"+ -
+        "hw_atalla,hw_cswift,hw_ncipher,hw_nuron,hw_ubsec,"+ -
+        "hw_cryptodev,hw_aep,hw_sureware,hw_4758_cca"
+$ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,aes_ctr"
+$ LIB_BUFFER = "buffer,buf_err"
+$ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
+        "bss_mem,bss_null,bss_fd,"+ -
+        "bss_file,bss_sock,bss_conn,"+ -
+        "bf_null,bf_buff,b_print,b_dump,"+ -
+        "b_sock,bss_acpt,bf_nbio,bss_rtcp,bss_bio,bss_log,"+ -
+        "bf_lbuf"
+$ LIB_STACK = "stack"
+$ LIB_LHASH = "lhash,lh_stats"
+$ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,"+ -
+        "rand_vms"
+$ LIB_ERR = "err,err_all,err_prn"
+$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err"
+$ LIB_EVP = "encode,digest,evp_enc,evp_key,evp_acnf,"+ -
+        "e_des,e_bf,e_idea,e_des3,"+ -
+        "e_rc4,e_aes,names,"+ -
+        "e_xcbc_d,e_rc2,e_cast,e_rc5"
+$ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1," + -
+        "m_dss,m_dss1,m_mdc2,m_ripemd,"+ -
+        "p_open,p_seal,p_sign,p_verify,p_lib,p_enc,p_dec,"+ -
+        "bio_md,bio_b64,bio_enc,evp_err,e_null,"+ -
+        "c_all,c_allc,c_alld,evp_lib,bio_ok,"+-
+        "evp_pkey,evp_pbe,p5_crpt,p5_crpt2"
+$ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ -
+        "a_print,a_type,a_set,a_dup,a_d2i_fp,a_i2d_fp,"+ -
+        "a_enum,a_utf8,a_sign,a_digest,a_verify,a_mbstr,a_strex,"+ -
+        "x_algor,x_val,x_pubkey,x_sig,x_req,x_attrib,x_bignum,"+ -
+        "x_long,x_name,x_x509,x_x509a,x_crl,x_info,x_spki,nsseq,"+ -
+        "d2i_pu,d2i_pr,i2d_pu,i2d_pr"
+$ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ -
+        "tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ -
+        "f_int,f_string,n_pkey,"+ -
+        "f_enum,a_hdr,x_pkey,a_bool,x_exten,"+ -
+        "asn1_par,asn1_lib,asn1_err,a_meth,a_bytes,a_strnid,"+ -
+        "evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid"
+$ LIB_PEM = "pem_sign,pem_seal,pem_info,pem_lib,pem_all,pem_err,"+ -
+        "pem_x509,pem_xaux,pem_oth,pem_pk8,pem_pkey"
+$ LIB_X509 = "x509_def,x509_d2,x509_r2x,x509_cmp,"+ -
+        "x509_obj,x509_req,x509spki,x509_vfy,"+ -
+        "x509_set,x509cset,x509rset,x509_err,"+ -
+        "x509name,x509_v3,x509_ext,x509_att,"+ -
+        "x509type,x509_lu,x_all,x509_txt,"+ -
+        "x509_trs,by_file,by_dir"
+$ LIB_X509V3 = "v3_bcons,v3_bitst,v3_conf,v3_extku,v3_ia5,v3_lib,"+ -
+        "v3_prn,v3_utl,v3err,v3_genn,v3_alt,v3_skey,v3_akey,v3_pku,"+ -
+        "v3_int,v3_enum,v3_sxnet,v3_cpols,v3_crld,v3_purp,v3_info,"+ -
+        "v3_ocsp,v3_akeya,v3_pcia,v3_pci"
+$ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall,conf_sap"
+$ LIB_TXT_DB = "txt_db"
+$ LIB_PKCS7 = "pk7_asn1,pk7_lib,pkcs7err,pk7_doit,pk7_smime,pk7_attr,"+ -
+        "pk7_mime"
+$ LIB_PKCS12 = "p12_add,p12_asn,p12_attr,p12_crpt,p12_crt,p12_decr,"+ -
+        "p12_init,p12_key,p12_kiss,p12_mutl,"+ -
+        "p12_utl,p12_npas,pk12err,p12_p8d,p12_p8e"
+$ LIB_COMP = "comp_lib,comp_err,"+ -
+        "c_rle,c_zlib"
+$ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ -
+        "ocsp_srv,ocsp_prn,ocsp_vfy,ocsp_err"
+$ LIB_UI_COMPAT = ",ui_compat"
+$ LIB_UI = "ui_err,ui_lib,ui_openssl,ui_util"+LIB_UI_COMPAT
+$ LIB_KRB5 = "krb5_asn"
+$!
+$! Setup exceptional compilations
+$!
+$ ! Add definitions for no threads on OpenVMS 7.1 and higher
+$ COMPILEWITH_CC3 = ",bss_rtcp,"
+$ ! Disable the DOLLARID warning
+$ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time,"
+$ ! Disable disjoint optimization
+$ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + -
+                    "sha_dgst,sha1dgst,rmd_dgst,bf_enc,"
+$ ! Disable the MIXLINKAGE warning
+$ COMPILEWITH_CC6 = ",enc_read,set_key,"
+$!
+$! Figure Out What Other Modules We Are To Build.
+$!
+$ BUILD_SET:
+$!
+$! Define A Module Counter.
+$!
+$ MODULE_COUNTER = 0
+$!
+$! Top Of The Loop.
+$!
+$ MODULE_NEXT:
+$!
+$! Extract The Module Name From The Encryption List.
+$!
+$ MODULE_NAME = F$ELEMENT(MODULE_COUNTER,",",ENCRYPT_TYPES)
+$ IF MODULE_NAME.EQS."Basic" THEN MODULE_NAME = ""
+$ MODULE_NAME1 = MODULE_NAME
+$!
+$! Check To See If We Are At The End Of The Module List.
+$!
+$ IF (MODULE_NAME.EQS.",") 
+$ THEN 
+$!
+$!  We Are At The End Of The Module List, Go To MODULE_DONE.
+$!
+$   GOTO MODULE_DONE
+$!
+$! End The Module List Check.
+$!
+$ ENDIF
+$!
+$! Increment The Moudle Counter.
+$!
+$ MODULE_COUNTER = MODULE_COUNTER + 1
+$!
+$! Create The Library and Apps Module Names.
+$!
+$ LIB_MODULE = "LIB_" + MODULE_NAME
+$ APPS_MODULE = "APPS_" + MODULE_NAME
+$ IF (MODULE_NAME.EQS."ASN1_2")
+$ THEN
+$   MODULE_NAME = "ASN1"
+$ ENDIF
+$ IF (MODULE_NAME.EQS."EVP_2")
+$ THEN
+$   MODULE_NAME = "EVP"
+$ ENDIF
+$!
+$! Set state (can be LIB and APPS)
+$!
+$ STATE = "LIB"
+$ IF BUILDALL .EQS. "APPS" THEN STATE = "APPS"
+$!
+$! Check if the library module name actually is defined
+$!
+$ IF F$TYPE('LIB_MODULE') .EQS. ""
+$ THEN
+$   WRITE SYS$ERROR ""
+$   WRITE SYS$ERROR "The module ",MODULE_NAME," does not exist.  Continuing..."
+$   WRITE SYS$ERROR ""
+$   GOTO MODULE_NEXT
+$ ENDIF
+$!
+$! Top Of The Module Loop.
+$!
+$ MODULE_AGAIN:
+$!
+$! Tell The User What Module We Are Building.
+$!
+$ IF (MODULE_NAME1.NES."") 
+$ THEN
+$   IF STATE .EQS. "LIB"
+$   THEN
+$     WRITE SYS$OUTPUT "Compiling The ",MODULE_NAME1," Library Files. (",BUILDALL,",",STATE,")"
+$   ELSE IF F$TYPE('APPS_MODULE') .NES. ""
+$     THEN
+$       WRITE SYS$OUTPUT "Compiling The ",MODULE_NAME1," Applications. (",BUILDALL,",",STATE,")"
+$     ENDIF
+$   ENDIF
+$ ENDIF
+$!
+$!  Define A File Counter And Set It To "0".
+$!
+$ FILE_COUNTER = 0
+$ APPLICATION = ""
+$ APPLICATION_COUNTER = 0
+$!
+$! Top Of The File Loop.
+$!
+$ NEXT_FILE:
+$!
+$! Look in the LIB_MODULE is we're in state LIB
+$!
+$ IF STATE .EQS. "LIB"
+$ THEN
+$!
+$!   O.K, Extract The File Name From The File List.
+$!
+$   FILE_NAME = F$ELEMENT(FILE_COUNTER,",",'LIB_MODULE')
+$!
+$!   else
+$!
+$ ELSE
+$   FILE_NAME = ","
+$!
+$   IF F$TYPE('APPS_MODULE') .NES. ""
+$   THEN
+$!
+$!     Extract The File Name From The File List.
+$!     This part is a bit more complicated.
+$!
+$     IF APPLICATION .EQS. ""
+$     THEN
+$       APPLICATION = F$ELEMENT(APPLICATION_COUNTER,";",'APPS_MODULE')
+$       APPLICATION_COUNTER = APPLICATION_COUNTER + 1
+$       APPLICATION_OBJECTS = F$ELEMENT(1,"/",APPLICATION)
+$       APPLICATION = F$ELEMENT(0,"/",APPLICATION)
+$       FILE_COUNTER = 0
+$     ENDIF
+$
+$!     WRITE SYS$OUTPUT "DEBUG: SHOW SYMBOL APPLICATION*"
+$!     SHOW SYMBOL APPLICATION*
+$!
+$     IF APPLICATION .NES. ";"
+$     THEN
+$       FILE_NAME = F$ELEMENT(FILE_COUNTER,",",APPLICATION_OBJECTS)
+$       IF FILE_NAME .EQS. ","
+$       THEN
+$         APPLICATION = ""
+$         GOTO NEXT_FILE
+$       ENDIF
+$     ENDIF
+$   ENDIF
+$ ENDIF
+$!
+$! Check To See If We Are At The End Of The File List.
+$!
+$ IF (FILE_NAME.EQS.",") 
+$ THEN 
+$!
+$!  We Are At The End Of The File List, Change State Or Goto FILE_DONE.
+$!
+$   IF STATE .EQS. "LIB" .AND. BUILDALL .NES. "LIBRARY"
+$   THEN
+$     STATE = "APPS"
+$     GOTO MODULE_AGAIN
+$   ELSE
+$     GOTO FILE_DONE
+$   ENDIF
+$!
+$! End The File List Check.
+$!
+$ ENDIF
+$!
+$! Increment The Counter.
+$!
+$ FILE_COUNTER = FILE_COUNTER + 1
+$!
+$! Create The Source File Name.
+$!
+$ TMP_FILE_NAME = F$ELEMENT(1,"]",FILE_NAME)
+$ IF TMP_FILE_NAME .EQS. "]" THEN TMP_FILE_NAME = FILE_NAME
+$ IF F$ELEMENT(0,".",TMP_FILE_NAME) .EQS. TMP_FILE_NAME THEN -
+        FILE_NAME = FILE_NAME + ".c"
+$ IF (MODULE_NAME.NES."")
+$ THEN
+$   SOURCE_FILE = "SYS$DISK:[." + MODULE_NAME+ "]" + FILE_NAME
+$ ELSE
+$   SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME
+$ ENDIF
+$ SOURCE_FILE = SOURCE_FILE - "]["
+$!
+$! Create The Object File Name.
+$!
+$ OBJECT_FILE = OBJ_DIR + F$PARSE(FILE_NAME,,,"NAME","SYNTAX_ONLY") + ".OBJ"
+$ ON WARNING THEN GOTO NEXT_FILE
+$!
+$! Check To See If The File We Want To Compile Is Actually There.
+$!
+$ IF (F$SEARCH(SOURCE_FILE).EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Doesn't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Doesn't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   GOTO EXIT
+$!
+$! End The File Exist Check.
+$!
+$ ENDIF
+$!
+$! Tell The User We Are Compiling The File.
+$!
+$ IF (MODULE_NAME.EQS."")
+$ THEN
+$   WRITE SYS$OUTPUT "Compiling The ",FILE_NAME," File.  (",BUILDALL,",",STATE,")"
+$ ENDIF
+$ IF (MODULE_NAME.NES."")
+$ THEN 
+$   WRITE SYS$OUTPUT "  ",FILE_NAME,""
+$ ENDIF
+$!
+$! Compile The File.
+$!
+$ ON ERROR THEN GOTO NEXT_FILE
+$ FILE_NAME0 = F$ELEMENT(0,".",FILE_NAME)
+$ IF FILE_NAME - ".mar" .NES. FILE_NAME
+$ THEN
+$   MACRO/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ ELSE
+$   IF COMPILEWITH_CC3 - FILE_NAME0 .NES. COMPILEWITH_CC3
+$   THEN
+$     CC3/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$   ELSE
+$     IF COMPILEWITH_CC4 - FILE_NAME0 .NES. COMPILEWITH_CC4
+$     THEN
+$       CC4/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$     ELSE
+$       IF COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5
+$       THEN
+$         CC5/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$       ELSE
+$         IF COMPILEWITH_CC6 - FILE_NAME0 .NES. COMPILEWITH_CC6
+$         THEN
+$           CC6/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$         ELSE
+$           CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$         ENDIF
+$       ENDIF
+$     ENDIF
+$   ENDIF
+$ ENDIF
+$ IF STATE .EQS. "LIB"
+$ THEN 
+$!
+$!   Add It To The Library.
+$!
+$   LIBRARY/REPLACE 'LIB_NAME' 'OBJECT_FILE'
+$!
+$!   Time To Clean Up The Object File.
+$!
+$   DELETE 'OBJECT_FILE';*
+$ ENDIF
+$!
+$! Go Back And Do It Again.
+$!
+$ GOTO NEXT_FILE
+$!
+$! All Done With This Library Part.
+$!
+$ FILE_DONE:
+$!
+$! Time To Build Some Applications
+$!
+$ IF F$TYPE('APPS_MODULE') .NES. "" .AND. BUILDALL .NES. "LIBRARY"
+$ THEN
+$   APPLICATION_COUNTER = 0
+$ NEXT_APPLICATION:
+$   APPLICATION = F$ELEMENT(APPLICATION_COUNTER,";",'APPS_MODULE')
+$   IF APPLICATION .EQS. ";" THEN GOTO APPLICATION_DONE
+$
+$   APPLICATION_COUNTER = APPLICATION_COUNTER + 1
+$   APPLICATION_OBJECTS = F$ELEMENT(1,"/",APPLICATION)
+$   APPLICATION = F$ELEMENT(0,"/",APPLICATION)
+$
+$!   WRITE SYS$OUTPUT "DEBUG: SHOW SYMBOL APPLICATION*"
+$!   SHOW SYMBOL APPLICATION*
+$!
+$! Tell the user what happens
+$!
+$   WRITE SYS$OUTPUT "  ",APPLICATION,".exe"
+$!
+$! Link The Program.
+$!
+$   ON ERROR THEN GOTO NEXT_APPLICATION
+$!
+$! Check To See If We Are To Link With A Specific TCP/IP Library.
+$!
+$   IF (TCPIP_LIB.NES."")
+$   THEN
+$!
+$!    Link With A TCP/IP Library.
+$!
+$     LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE -
+          'OBJ_DIR''APPLICATION_OBJECTS', -
+          'CRYPTO_LIB'/LIBRARY, -
+          'TCPIP_LIB','OPT_FILE'/OPTION
+$!
+$! Else...
+$!
+$   ELSE
+$!
+$!    Don't Link With A TCP/IP Library.
+$!
+$     LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE -
+          'OBJ_DIR''APPLICATION_OBJECTS',-
+          'CRYPTO_LIB'/LIBRARY, -
+          'OPT_FILE'/OPTION
+$!
+$! End The TCP/IP Library Check.
+$!
+$   ENDIF
+$   GOTO NEXT_APPLICATION
+$  APPLICATION_DONE:
+$ ENDIF
+$!
+$! Go Back And Get The Next Module.
+$!
+$ GOTO MODULE_NEXT
+$!
+$! All Done With This Module.
+$!
+$ MODULE_DONE:
+$!
+$! Tell The User That We Are All Done.
+$!
+$ WRITE SYS$OUTPUT "All Done..."
+$ EXIT:
+$ GOSUB CLEANUP
+$ EXIT
+$!
+$! Check For The Link Option FIle.
+$!
+$ CHECK_OPT_FILE:
+$!
+$! Check To See If We Need To Make A VAX C Option File.
+$!
+$ IF (COMPILER.EQS."VAXC")
+$ THEN
+$!
+$!  Check To See If We Already Have A VAX C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A VAX C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable VAX C Runtime Library.
+!
+SYS$SHARE:VAXCRTL.EXE/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The VAXC Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A GNU C Option File.
+$!
+$ IF (COMPILER.EQS."GNUC")
+$ THEN
+$!
+$!  Check To See If We Already Have A GNU C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A GNU C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable C Runtime Library.
+!
+GNU_CC:[000000]GCCLIB/LIBRARY
+SYS$SHARE:VAXCRTL/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The GNU C Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A DEC C Option File.
+$!
+$ IF (COMPILER.EQS."DECC")
+$ THEN
+$!
+$!  Check To See If We Already Have A DEC C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    Figure Out If We Need An AXP Or A VAX Linker Option File.
+$!
+$     IF ARCH .EQS. "VAX"
+$     THEN
+$!
+$!      We Need A DEC C Linker Option File For VAX.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable DEC C Runtime Library.
+!
+SYS$SHARE:DECC$SHR.EXE/SHARE
+$EOD
+$!
+$!    Else...
+$!
+$     ELSE
+$!
+$!      Create The AXP Linker Option File.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File For AXP To Link Agianst 
+! The Sharable C Runtime Library.
+!
+SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
+SYS$SHARE:CMA$OPEN_RTL/SHARE
+$EOD
+$!
+$!    End The VAX/AXP DEC C Option File Check.
+$!
+$     ENDIF
+$!
+$!  End The Option File Search.
+$!
+$   ENDIF
+$!
+$! End The DEC C Check.
+$!
+$ ENDIF
+$!
+$!  Tell The User What Linker Option File We Are Using.
+$!
+$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."     
+$!
+$! Time To RETURN.
+$!
+$ RETURN
+$!
+$! Check The User's Options.
+$!
+$ CHECK_OPTIONS:
+$!
+$! Check To See If P1 Is Blank.
+$!
+$ IF (P1.EQS."ALL")
+$ THEN
+$!
+$!   P1 Is Blank, So Build Everything.
+$!
+$    BUILDALL = "TRUE"
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Else, Check To See If P1 Has A Valid Arguement.
+$!
+$   IF (P1.EQS."LIBRARY").OR.(P1.EQS."APPS")
+$   THEN
+$!
+$!    A Valid Arguement.
+$!
+$     BUILDALL = P1
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Tell The User We Don't Know What They Want.
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    ALL      :  Just Build Everything."
+$     WRITE SYS$OUTPUT "    LIBRARY  :  To Compile Just The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library."
+$     WRITE SYS$OUTPUT "    APPS     :  To Compile Just The [.xxx.EXE.CRYPTO]*.EXE Programs."
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "        AXP  :  Alpha Architecture."
+$     WRITE SYS$OUTPUT "        VAX  :  VAX Architecture."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End The P1 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P2 Is Blank.
+$!
+$ IF (P2.EQS."NODEBUG")
+$ THEN
+$!
+$!   P2 Is NODEBUG, So Compile Without The Debugger Information.
+$!
+$    DEBUGGER = "NODEBUG"
+$    TRACEBACK = "NOTRACEBACK" 
+$    GCC_OPTIMIZE = "OPTIMIZE"
+$    CC_OPTIMIZE = "OPTIMIZE"
+$    MACRO_OPTIMIZE = "OPTIMIZE"
+$    WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
+$    WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
+$ ELSE
+$!
+$!  Check To See If We Are To Compile With Debugger Information.
+$!
+$   IF (P2.EQS."DEBUG")
+$   THEN
+$!
+$!    Compile With Debugger Information.
+$!
+$     DEBUGGER = "DEBUG"
+$     TRACEBACK = "TRACEBACK"
+$     GCC_OPTIMIZE = "NOOPTIMIZE"
+$     CC_OPTIMIZE = "NOOPTIMIZE"
+$     MACRO_OPTIMIZE = "NOOPTIMIZE"
+$     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
+$     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
+$   ELSE 
+$!
+$!    They Entered An Invalid Option..
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "     DEBUG   :  Compile With The Debugger Information."
+$     WRITE SYS$OUTPUT "     NODEBUG :  Compile Without The Debugger Information."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End The P2 Check.
+$!
+$ ENDIF
+$!
+$! Special Threads For OpenVMS v7.1 Or Later
+$!
+$! Written By:  Richard Levitte
+$!              richard@levitte.org
+$!
+$!
+$! Check To See If We Have A Option For P5.
+$!
+$ IF (P5.EQS."")
+$ THEN
+$!
+$!  Get The Version Of VMS We Are Using.
+$!
+$   ISSEVEN :=
+$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
+$   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
+$!
+$!  Check To See If The VMS Version Is v7.1 Or Later.
+$!
+$   IF (TMP.GE.71)
+$   THEN
+$!
+$!    We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
+$!
+$     ISSEVEN := ,PTHREAD_USE_D4
+$!
+$!  End The VMS Version Check.
+$!
+$   ENDIF
+$!
+$! End The P5 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P3 Is Blank.
+$!
+$ IF (P3.EQS."")
+$ THEN
+$!
+$!  O.K., The User Didn't Specify A Compiler, Let's Try To
+$!  Find Out Which One To Use.
+$!
+$!  Check To See If We Have GNU C.
+$!
+$   IF (F$TRNLNM("GNU_CC").NES."")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     P3 = "GNUC"
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Check To See If We Have VAXC Or DECC.
+$!
+$     IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$     THEN 
+$!
+$!      Looks Like DECC, Set To Use DECC.
+$!
+$       P3 = "DECC"
+$!
+$!    Else...
+$!
+$     ELSE
+$!
+$!      Looks Like VAXC, Set To Use VAXC.
+$!
+$       P3 = "VAXC"
+$!
+$!    End The VAXC Compiler Check.
+$!
+$     ENDIF
+$!
+$!  End The DECC & VAXC Compiler Check.
+$!
+$   ENDIF
+$!
+$!  End The Compiler Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Have A Option For P4.
+$!
+$ IF (P4.EQS."")
+$ THEN
+$!
+$!  Find out what socket library we have available
+$!
+$   IF F$PARSE("SOCKETSHR:") .NES. ""
+$   THEN
+$!
+$!    We have SOCKETSHR, and it is my opinion that it's the best to use.
+$!
+$     P4 = "SOCKETSHR"
+$!
+$!    Tell the user
+$!
+$     WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP"
+$!
+$!    Else, let's look for something else
+$!
+$   ELSE
+$!
+$!    Like UCX (the reason to do this before Multinet is that the UCX
+$!    emulation is easier to use...)
+$!
+$     IF F$TRNLNM("UCX$IPC_SHR") .NES. "" -
+         .OR. F$PARSE("SYS$SHARE:UCX$IPC_SHR.EXE") .NES. "" -
+         .OR. F$PARSE("SYS$LIBRARY:UCX$IPC.OLB") .NES. ""
+$     THEN
+$!
+$!      Last resort: a UCX or UCX-compatible library
+$!
+$       P4 = "UCX"
+$!
+$!      Tell the user
+$!
+$       WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP"
+$!
+$!      That was all...
+$!
+$     ENDIF
+$   ENDIF
+$ ENDIF
+$!
+$! Set Up Initial CC Definitions, Possibly With User Ones
+$!
+$ CCDEFS = "TCPIP_TYPE_''P4',DSO_VMS"
+$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
+$ CCEXTRAFLAGS = ""
+$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
+$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
+        CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
+$!
+$!  Check To See If The User Entered A Valid Paramter.
+$!
+$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC")
+$ THEN
+$!
+$!    Check To See If The User Wanted DECC.
+$!
+$   IF (P3.EQS."DECC")
+$   THEN
+$!
+$!    Looks Like DECC, Set To Use DECC.
+$!
+$     COMPILER = "DECC"
+$!
+$!    Tell The User We Are Using DECC.
+$!
+$     WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
+$!
+$!    Use DECC...
+$!
+$     CC = "CC"
+$     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
+         THEN CC = "CC/DECC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
+           "/NOLIST/PREFIX=ALL" + -
+           "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP])" + -
+           CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT"
+$!
+$!  End DECC Check.
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use VAXC.
+$!
+$   IF (P3.EQS."VAXC")
+$   THEN
+$!
+$!    Looks Like VAXC, Set To Use VAXC.
+$!
+$     COMPILER = "VAXC"
+$!
+$!    Tell The User We Are Using VAX C.
+$!
+$     WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
+$!
+$!    Compile Using VAXC.
+$!
+$     CC = "CC"
+$     IF ARCH.EQS."AXP"
+$     THEN
+$       WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
+$       EXIT
+$     ENDIF
+$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+           "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
+           CCEXTRAFLAGS
+$     CCDEFS = """VAXC""," + CCDEFS
+$!
+$!    Define <sys> As SYS$COMMON:[SYSLIB]
+$!
+$     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT"
+$!
+$!  End VAXC Check
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use GNU C.
+$!
+$   IF (P3.EQS."GNUC")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     COMPILER = "GNUC"
+$!
+$!    Tell The User We Are Using GNUC.
+$!
+$     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
+$!
+$!    Use GNU C...
+$!
+$     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+           "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
+           CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT"
+$!
+$!  End The GNU C Check.
+$!
+$   ENDIF
+$!
+$!  Set up default defines
+$!
+$   CCDEFS = """FLAT_INC=1""," + CCDEFS
+$!
+$!  Finish up the definition of CC.
+$!
+$   IF COMPILER .EQS. "DECC"
+$   THEN
+$     IF CCDISABLEWARNINGS .EQS. ""
+$     THEN
+$       CC4DISABLEWARNINGS = "DOLLARID"
+$       CC6DISABLEWARNINGS = "MIXLINKAGE"
+$     ELSE
+$       CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
+$       CC6DISABLEWARNINGS = CCDISABLEWARNINGS + ",MIXLINKAGE"
+$       CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
+$     ENDIF
+$     CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
+$     CC6DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC6DISABLEWARNINGS + "))"
+$   ELSE
+$     CCDISABLEWARNINGS = ""
+$     CC4DISABLEWARNINGS = ""
+$     CC6DISABLEWARNINGS = ""
+$   ENDIF
+$   CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS
+$   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
+$   IF ARCH .EQS. "VAX" .AND. COMPILER .EQS. "DECC" .AND. P2 .NES. "DEBUG"
+$   THEN
+$     CC5 = CC + "/OPTIMIZE=NODISJOINT"
+$   ELSE
+$     CC5 = CC + "/NOOPTIMIZE"
+$   ENDIF
+$   CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
+$   CC6 = CC - CCDISABLEWARNINGS + CC6DISABLEWARNINGS
+$!
+$!  Show user the result
+$!
+$   WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC
+$!
+$!  Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$!  Tell The User We Don't Know What They Want.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The Option ",P3," Is Invalid.  The Valid Options Are:"
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "    VAXC  :  To Compile With VAX C."
+$   WRITE SYS$OUTPUT "    DECC  :  To Compile With DEC C."
+$   WRITE SYS$OUTPUT "    GNUC  :  To Compile With GNU C."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Time To EXIT.
+$!
+$   EXIT
+$!
+$! End The Valid Arguement Check.
+$!
+$ ENDIF
+$!
+$! Build a MACRO command for the architecture at hand
+$!
+$ IF ARCH .EQS. "VAX" THEN MACRO = "MACRO/''DEBUGGER'"
+$ IF ARCH .EQS. "AXP" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'"
+$!
+$!  Show user the result
+$!
+$   WRITE/SYMBOL SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO
+$!
+$! Time to check the contents, and to make sure we get the correct library.
+$!
+$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" -
+     .OR. P4.EQS."TCPIP" .OR. P4.EQS."NONE"
+$ THEN
+$!
+$!  Check to see if SOCKETSHR was chosen
+$!
+$   IF P4.EQS."SOCKETSHR"
+$   THEN
+$!
+$!    Set the library to use SOCKETSHR
+$!
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT"
+$!
+$!    Done with SOCKETSHR
+$!
+$   ENDIF
+$!
+$!  Check to see if MULTINET was chosen
+$!
+$   IF P4.EQS."MULTINET"
+$   THEN
+$!
+$!    Set the library to use UCX emulation.
+$!
+$     P4 = "UCX"
+$!
+$!    Done with MULTINET
+$!
+$   ENDIF
+$!
+$!  Check to see if UCX was chosen
+$!
+$   IF P4.EQS."UCX"
+$   THEN
+$!
+$!    Set the library to use UCX.
+$!
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT"
+$     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
+$     THEN
+$       TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
+$     ELSE
+$       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
+          TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT"
+$     ENDIF
+$!
+$!    Done with UCX
+$!
+$   ENDIF
+$!
+$!  Check to see if TCPIP was chosen
+$!
+$   IF P4.EQS."TCPIP"
+$   THEN
+$!
+$!    Set the library to use TCPIP (post UCX).
+$!
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT"
+$!
+$!    Done with TCPIP
+$!
+$   ENDIF
+$!
+$!  Check to see if NONE was chosen
+$!
+$   IF P4.EQS."NONE"
+$   THEN
+$!
+$!    Do not use a TCPIP library.
+$!
+$     TCPIP_LIB = ""
+$!
+$!    Done with TCPIP
+$!
+$   ENDIF
+$!
+$!  Print info
+$!
+$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
+$!
+$!  Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$!  Tell The User We Don't Know What They Want.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The Option ",P4," Is Invalid.  The Valid Options Are:"
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "    SOCKETSHR  :  To link with SOCKETSHR TCP/IP library."
+$   WRITE SYS$OUTPUT "    UCX        :  To link with UCX TCP/IP library."
+$   WRITE SYS$OUTPUT "    TCPIP      :  To link with TCPIP (post UCX) TCP/IP library."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Time To EXIT.
+$!
+$   EXIT
+$!
+$!  Done with TCP/IP libraries
+$!
+$ ENDIF
+$!
+$! Check if the user wanted to compile just a subset of all the encryption
+$! methods.
+$!
+$ IF P6 .NES. ""
+$ THEN
+$   ENCRYPT_TYPES = P6
+$ ENDIF
+$!
+$!  Time To RETURN...
+$!
+$ RETURN
+$!
+$ INITIALISE:
+$!
+$! Save old value of the logical name OPENSSL
+$!
+$ __SAVE_OPENSSL = F$TRNLNM("OPENSSL","LNM$PROCESS_TABLE")
+$!
+$! Save directory information
+$!
+$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
+$ __HERE = F$EDIT(__HERE,"UPCASE")
+$ __TOP = __HERE - "CRYPTO]"
+$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
+$!
+$! Set up the logical name OPENSSL to point at the include directory
+$!
+$ DEFINE OPENSSL/NOLOG '__INCLUDE'
+$!
+$! Done
+$!
+$ RETURN
+$!
+$ CLEANUP:
+$!
+$! Restore the logical name OPENSSL if it had a value
+$!
+$ IF __SAVE_OPENSSL .EQS. ""
+$ THEN
+$   DEASSIGN OPENSSL
+$ ELSE
+$   DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL'
+$ ENDIF
+$!
+$! Done
+$!
+$ RETURN
diff --git a/src/lib/libcrypto/crypto.h b/src/lib/libcrypto/crypto.h
index d2b5ffe332..22fd939e65 100644
--- a/src/lib/libcrypto/crypto.h
+++ b/src/lib/libcrypto/crypto.h
@@ -1,57 +1,4 @@
 /* crypto/crypto.h */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -108,19 +55,12 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
 #ifndef HEADER_CRYPTO_H
 #define HEADER_CRYPTO_H
 #include <stdlib.h>
-#include <openssl/e_os2.h>
 #ifndef OPENSSL_NO_FP_API
 #include <stdio.h>
 #endif
@@ -128,7 +68,6 @@
 #include <openssl/stack.h>
 #include <openssl/safestack.h>
 #include <openssl/opensslv.h>
-#include <openssl/ossl_typ.h>
 #ifdef CHARSET_EBCDIC
 #include <openssl/ebcdic.h>
@@ -153,39 +92,15 @@ extern "C" {
 #define SSLEAY_PLATFORM         4
 #define SSLEAY_DIR              5
-/* Already declared in ossl_typ.h */
-#if 0
-typedef struct crypto_ex_data_st CRYPTO_EX_DATA;
-/* Called when a new object is created */
-typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-                                        int idx, long argl, void *argp);
-/* Called when an object is free()ed */
-typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-                                        int idx, long argl, void *argp);
-/* Called when we need to dup an object */
-typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, 
-                                        int idx, long argl, void *argp);
-#endif
-/* A generic structure to pass assorted data in a expandable way */
-typedef struct openssl_item_st
-        {
-        int code;
-        void *value;            /* Not used for flag attributes */
-        size_t value_size;      /* Max size of value for output, length for input */
-        size_t *value_length;   /* Returned length of value for output */
-        } OPENSSL_ITEM;
 /* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock
 * names in cryptlib.c
 */
-#define CRYPTO_LOCK_ERR                 1
+#define CRYPTO_LOCK_ERR                 1
-#define CRYPTO_LOCK_EX_DATA             2
+#define CRYPTO_LOCK_EX_DATA             2
-#define CRYPTO_LOCK_X509                3
+#define CRYPTO_LOCK_X509                3
-#define CRYPTO_LOCK_X509_INFO           4
+#define CRYPTO_LOCK_X509_INFO           4
-#define CRYPTO_LOCK_X509_PKEY           5
+#define CRYPTO_LOCK_X509_PKEY           5
 #define CRYPTO_LOCK_X509_CRL            6
 #define CRYPTO_LOCK_X509_REQ            7
 #define CRYPTO_LOCK_DSA                 8
@@ -212,14 +127,10 @@ typedef struct openssl_item_st
 #define CRYPTO_LOCK_DYNLOCK             29
 #define CRYPTO_LOCK_ENGINE              30
 #define CRYPTO_LOCK_UI                  31
-#define CRYPTO_LOCK_ECDSA               32
+#define CRYPTO_LOCK_HWCRHK              32 /* This is a HACK which will disappear in 0.9.8 */
-#define CRYPTO_LOCK_EC                  33
+#define CRYPTO_LOCK_FIPS                33
-#define CRYPTO_LOCK_ECDH                34
+#define CRYPTO_LOCK_FIPS2               34
-#define CRYPTO_LOCK_BN                  35
+#define CRYPTO_NUM_LOCKS                35
-#define CRYPTO_LOCK_EC_PRE_COMP         36
-#define CRYPTO_LOCK_STORE               37
-#define CRYPTO_LOCK_COMP                38
-#define CRYPTO_NUM_LOCKS                39
 #define CRYPTO_LOCK             1
 #define CRYPTO_UNLOCK           2
@@ -280,11 +191,21 @@ typedef struct
 /* predec of the BIO type */
 typedef struct bio_st BIO_dummy;
-struct crypto_ex_data_st
+typedef struct crypto_ex_data_st
        {
        STACK *sk;
        int dummy; /* gcc is screwing up this data structure :-( */
-        };
+        } CRYPTO_EX_DATA;
+/* Called when a new object is created */
+typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                                        int idx, long argl, void *argp);
+/* Called when an object is free()ed */
+typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                                        int idx, long argl, void *argp);
+/* Called when we need to dup an object */
+typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, 
+                                        int idx, long argl, void *argp);
 /* This stuff is basically class callback functions
 * The current classes are SSL_CTX, SSL, SSL_SESSION, and a few more */
@@ -316,10 +237,6 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
 #define CRYPTO_EX_INDEX_ENGINE          9
 #define CRYPTO_EX_INDEX_X509            10
 #define CRYPTO_EX_INDEX_UI              11
-#define CRYPTO_EX_INDEX_ECDSA           12
-#define CRYPTO_EX_INDEX_ECDH            13
-#define CRYPTO_EX_INDEX_COMP            14
-#define CRYPTO_EX_INDEX_STORE           15
 /* Dynamically assigned indexes start from this value (don't use directly, use
 * via CRYPTO_ex_data_new_class). */
@@ -517,10 +434,61 @@ void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
 /* die if we have to */
 void OpenSSLDie(const char *file,int line,const char *assertion);
-#define OPENSSL_assert(e)       (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
+#define OPENSSL_assert(e)       (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
+#ifdef OPENSSL_FIPS
+#define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
+                alg " previous FIPS forbidden algorithm error ignored");
+#define FIPS_BAD_ABORT(alg) OpenSSLDie(__FILE__, __LINE__, \
+                #alg " Algorithm forbidden in FIPS mode");
+#ifdef OPENSSL_FIPS_STRICT
+#define FIPS_BAD_ALGORITHM(alg) FIPS_BAD_ABORT(alg)
+#else
+#define FIPS_BAD_ALGORITHM(alg) \
+        { \
+        FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD); \
+        ERR_add_error_data(2, "Algorithm=", #alg); \
+        return 0; \
+        }
+#endif
+/* Low level digest API blocking macro */
+#define FIPS_NON_FIPS_MD_Init(alg) \
+        int alg##_Init(alg##_CTX *c) \
+                { \
+                if (FIPS_mode()) \
+                        FIPS_BAD_ALGORITHM(alg) \
+                return private_##alg##_Init(c); \
+                } \
+        int private_##alg##_Init(alg##_CTX *c)
+/* For ciphers the API often varies from cipher to cipher and each needs to
+ * be treated as a special case. Variable key length ciphers (Blowfish, RC4,
+ * CAST) however are very similar and can use a blocking macro.
+ */
+#define FIPS_NON_FIPS_VCIPHER_Init(alg) \
+        void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data) \
+                { \
+                if (FIPS_mode()) \
+                        FIPS_BAD_ABORT(alg) \
+                private_##alg##_set_key(key, len, data); \
+                } \
+        void private_##alg##_set_key(alg##_KEY *key, int len, \
+                                        const unsigned char *data)
+#else
+#define FIPS_NON_FIPS_VCIPHER_Init(alg) \
+        void alg##_set_key(alg##_KEY *key, int len, const unsigned char *data)
+#define FIPS_NON_FIPS_MD_Init(alg) \
+        int alg##_Init(alg##_CTX *c) 
-unsigned long *OPENSSL_ia32cap_loc(void);
+#endif /* def OPENSSL_FIPS */
-#define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
diff --git a/src/lib/libcrypto/cversion.c b/src/lib/libcrypto/cversion.c
index ea9f25fd16..beeeb14013 100644
--- a/src/lib/libcrypto/cversion.c
+++ b/src/lib/libcrypto/cversion.c
@@ -56,7 +56,10 @@
 * [including the GNU Public Licence.]
 */
+#include <stdio.h>
+#include <string.h>
 #include "cryptlib.h"
+#include <openssl/crypto.h>
 #ifndef NO_WINDOWS_BRAINDEATH
 #include "buildinf.h"
diff --git a/src/lib/libcrypto/des/DES.pm b/src/lib/libcrypto/des/DES.pm
new file mode 100644
index 0000000000..6a175b6ca4
--- /dev/null
+++ b/src/lib/libcrypto/des/DES.pm
@@ -0,0 +1,19 @@
+package DES;
+require Exporter;
+require DynaLoader;
+@ISA = qw(Exporter DynaLoader);
+# Items to export into callers namespace by default
+# (move infrequently used names to @EXPORT_OK below)
+@EXPORT = qw(
+);
+# Other items we are prepared to export if requested
+@EXPORT_OK = qw(
+crypt
+);
+# Preloaded methods go here.  Autoload methods go after __END__, and are
+# processed by the autosplit program.
+bootstrap DES;
+1;
+__END__
diff --git a/src/lib/libcrypto/des/DES.xs b/src/lib/libcrypto/des/DES.xs
new file mode 100644
index 0000000000..b8050b9edf
--- /dev/null
+++ b/src/lib/libcrypto/des/DES.xs
@@ -0,0 +1,268 @@
+#include "EXTERN.h"
+#include "perl.h"
+#include "XSUB.h"
+#include "des.h"
+#define deschar char
+static STRLEN len;
+static int
+not_here(s)
+char *s;
+{
+    croak("%s not implemented on this architecture", s);
+    return -1;
+}
+MODULE = DES    PACKAGE = DES   PREFIX = des_
+char *
+des_crypt(buf,salt)
+        char *  buf
+        char *  salt
+void
+des_set_odd_parity(key)
+        des_cblock *    key
+PPCODE:
+        {
+        SV *s;
+        s=sv_newmortal();
+        sv_setpvn(s,(char *)key,8);
+        des_set_odd_parity((des_cblock *)SvPV(s,na));
+        PUSHs(s);
+        }
+int
+des_is_weak_key(key)
+        des_cblock *    key
+des_key_schedule
+des_set_key(key)
+        des_cblock *    key
+CODE:
+        des_set_key(key,RETVAL);
+OUTPUT:
+RETVAL
+des_cblock
+des_ecb_encrypt(input,ks,encrypt)
+        des_cblock *    input
+        des_key_schedule *      ks
+        int     encrypt
+CODE:
+        des_ecb_encrypt(input,&RETVAL,*ks,encrypt);
+OUTPUT:
+RETVAL
+void
+des_cbc_encrypt(input,ks,ivec,encrypt)
+        char *  input
+        des_key_schedule *      ks
+        des_cblock *    ivec
+        int     encrypt
+PPCODE:
+        {
+        SV *s;
+        STRLEN len,l;
+        char *c;
+        l=SvCUR(ST(0));
+        len=((((unsigned long)l)+7)/8)*8;
+        s=sv_newmortal();
+        sv_setpvn(s,"",0);
+        SvGROW(s,len);
+        SvCUR_set(s,len);
+        c=(char *)SvPV(s,na);
+        des_cbc_encrypt((des_cblock *)input,(des_cblock *)c,
+                l,*ks,ivec,encrypt);
+        sv_setpvn(ST(2),(char *)c[len-8],8);
+        PUSHs(s);
+        }
+void
+des_cbc3_encrypt(input,ks1,ks2,ivec1,ivec2,encrypt)
+        char *  input
+        des_key_schedule *      ks1
+        des_key_schedule *      ks2
+        des_cblock *    ivec1
+        des_cblock *    ivec2
+        int     encrypt
+PPCODE:
+        {
+        SV *s;
+        STRLEN len,l;
+        l=SvCUR(ST(0));
+        len=((((unsigned long)l)+7)/8)*8;
+        s=sv_newmortal();
+        sv_setpvn(s,"",0);
+        SvGROW(s,len);
+        SvCUR_set(s,len);
+        des_3cbc_encrypt((des_cblock *)input,(des_cblock *)SvPV(s,na),
+                l,*ks1,*ks2,ivec1,ivec2,encrypt);
+        sv_setpvn(ST(3),(char *)ivec1,8);
+        sv_setpvn(ST(4),(char *)ivec2,8);
+        PUSHs(s);
+        }
+void
+des_cbc_cksum(input,ks,ivec)
+        char *  input
+        des_key_schedule *      ks
+        des_cblock *    ivec
+PPCODE:
+        {
+        SV *s1,*s2;
+        STRLEN len,l;
+        des_cblock c;
+        unsigned long i1,i2;
+        s1=sv_newmortal();
+        s2=sv_newmortal();
+        l=SvCUR(ST(0));
+        des_cbc_cksum((des_cblock *)input,(des_cblock *)c,
+                l,*ks,ivec);
+        i1=c[4]|(c[5]<<8)|(c[6]<<16)|(c[7]<<24);
+        i2=c[0]|(c[1]<<8)|(c[2]<<16)|(c[3]<<24);
+        sv_setiv(s1,i1);
+        sv_setiv(s2,i2);
+        sv_setpvn(ST(2),(char *)c,8);
+        PUSHs(s1);
+        PUSHs(s2);
+        }
+void
+des_cfb_encrypt(input,numbits,ks,ivec,encrypt)
+        char *  input
+        int     numbits
+        des_key_schedule *      ks
+        des_cblock *    ivec
+        int     encrypt
+PPCODE:
+        {
+        SV *s;
+        STRLEN len;
+        char *c;
+        len=SvCUR(ST(0));
+        s=sv_newmortal();
+        sv_setpvn(s,"",0);
+        SvGROW(s,len);
+        SvCUR_set(s,len);
+        c=(char *)SvPV(s,na);
+        des_cfb_encrypt((unsigned char *)input,(unsigned char *)c,
+                (int)numbits,(long)len,*ks,ivec,encrypt);
+        sv_setpvn(ST(3),(char *)ivec,8);
+        PUSHs(s);
+        }
+des_cblock *
+des_ecb3_encrypt(input,ks1,ks2,encrypt)
+        des_cblock *    input
+        des_key_schedule *      ks1
+        des_key_schedule *      ks2
+        int     encrypt
+CODE:
+        {
+        des_cblock c;
+        des_ecb3_encrypt((des_cblock *)input,(des_cblock *)&c,
+                *ks1,*ks2,encrypt);
+        RETVAL= &c;
+        }
+OUTPUT:
+RETVAL
+void
+des_ofb_encrypt(input,numbits,ks,ivec)
+        unsigned char * input
+        int     numbits
+        des_key_schedule *      ks
+        des_cblock *    ivec
+PPCODE:
+        {
+        SV *s;
+        STRLEN len,l;
+        unsigned char *c;
+        len=SvCUR(ST(0));
+        s=sv_newmortal();
+        sv_setpvn(s,"",0);
+        SvGROW(s,len);
+        SvCUR_set(s,len);
+        c=(unsigned char *)SvPV(s,na);
+        des_ofb_encrypt((unsigned char *)input,(unsigned char *)c,
+                numbits,len,*ks,ivec);
+        sv_setpvn(ST(3),(char *)ivec,8);
+        PUSHs(s);
+        }
+void
+des_pcbc_encrypt(input,ks,ivec,encrypt)
+        char *  input
+        des_key_schedule *      ks
+        des_cblock *    ivec
+        int     encrypt
+PPCODE:
+        {
+        SV *s;
+        STRLEN len,l;
+        char *c;
+        l=SvCUR(ST(0));
+        len=((((unsigned long)l)+7)/8)*8;
+        s=sv_newmortal();
+        sv_setpvn(s,"",0);
+        SvGROW(s,len);
+        SvCUR_set(s,len);
+        c=(char *)SvPV(s,na);
+        des_pcbc_encrypt((des_cblock *)input,(des_cblock *)c,
+                l,*ks,ivec,encrypt);
+        sv_setpvn(ST(2),(char *)c[len-8],8);
+        PUSHs(s);
+        }
+des_cblock *
+des_random_key()
+CODE:
+        {
+        des_cblock c;
+        des_random_key(c);
+        RETVAL=&c;
+        }
+OUTPUT:
+RETVAL
+des_cblock *
+des_string_to_key(str)
+char *  str
+CODE:
+        {
+        des_cblock c;
+        des_string_to_key(str,&c);
+        RETVAL=&c;
+        }
+OUTPUT:
+RETVAL
+void
+des_string_to_2keys(str)
+char *  str
+PPCODE:
+        {
+        des_cblock c1,c2;
+        SV *s1,*s2;
+        des_string_to_2keys(str,&c1,&c2);
+        EXTEND(sp,2);
+        s1=sv_newmortal();
+        sv_setpvn(s1,(char *)c1,8);
+        s2=sv_newmortal();
+        sv_setpvn(s2,(char *)c2,8);
+        PUSHs(s1);
+        PUSHs(s2);
+        }
diff --git a/src/lib/libcrypto/des/FILES0 b/src/lib/libcrypto/des/FILES0
new file mode 100644
index 0000000000..4c7ea2de7a
--- /dev/null
+++ b/src/lib/libcrypto/des/FILES0
@@ -0,0 +1,96 @@
+/* General stuff */
+COPYRIGHT       - Copyright info.
+MODES.DES       - A description of the features of the different modes of DES.
+FILES           - This file.
+INSTALL         - How to make things compile.
+Imakefile       - For use with kerberos.
+README          - What this package is.
+VERSION         - Which version this is and what was changed.
+KERBEROS        - Kerberos version 4 notes.
+Makefile.PL     - An old makefile to build with perl5, not current.
+Makefile.ssl    - The SSLeay makefile
+Makefile.uni    - The normal unix makefile.
+GNUmakefile     - The makefile for use with glibc.
+makefile.bc     - A Borland C makefile
+times           - Some outputs from 'speed' on some machines.
+vms.com         - For use when compiling under VMS
+/* My SunOS des(1) replacement */
+des.c           - des(1) source code.
+des.man         - des(1) manual.
+/* Testing and timing programs. */
+destest.c       - Source for libdes.a test program.
+speed.c         - Source for libdes.a timing program.
+rpw.c           - Source for libdes.a testing password reading routines.
+/* libdes.a source code */
+des_crypt.man   - libdes.a manual page.
+des.h           - Public libdes.a header file.
+ecb_enc.c       - des_ecb_encrypt() source, this contains the basic DES code.
+ecb3_enc.c      - des_ecb3_encrypt() source.
+cbc_ckm.c       - des_cbc_cksum() source.
+cbc_enc.c       - des_cbc_encrypt() source.
+ncbc_enc.c      - des_cbc_encrypt() that is 'normal' in that it copies
+                  the new iv values back in the passed iv vector.
+ede_enc.c       - des_ede3_cbc_encrypt() cbc mode des using triple DES.
+cbc3_enc.c      - des_3cbc_encrypt() source, don't use this function.
+cfb_enc.c       - des_cfb_encrypt() source.
+cfb64enc.c      - des_cfb64_encrypt() cfb in 64 bit mode but setup to be
+                  used as a stream cipher.
+cfb64ede.c      - des_ede3_cfb64_encrypt() cfb in 64 bit mode but setup to be
+                  used as a stream cipher and using triple DES.
+ofb_enc.c       - des_cfb_encrypt() source.
+ofb64_enc.c     - des_ofb_encrypt() ofb in 64 bit mode but setup to be
+                  used as a stream cipher.
+ofb64ede.c      - des_ede3_ofb64_encrypt() ofb in 64 bit mode but setup to be
+                  used as a stream cipher and using triple DES.
+enc_read.c      - des_enc_read() source.
+enc_writ.c      - des_enc_write() source.
+pcbc_enc.c      - des_pcbc_encrypt() source.
+qud_cksm.c      - quad_cksum() source.
+rand_key.c      - des_random_key() source.
+read_pwd.c      - Source for des_read_password() plus related functions.
+set_key.c       - Source for des_set_key().
+str2key.c       - Covert a string of any length into a key.
+fcrypt.c        - A small, fast version of crypt(3).
+des_locl.h      - Internal libdes.a header file.
+podd.h          - Odd parity tables - used in des_set_key().
+sk.h            - Lookup tables used in des_set_key().
+spr.h           - What is left of the S tables - used in ecb_encrypt().
+des_ver.h       - header file for the external definition of the
+                  version string.
+des.doc         - SSLeay documentation for the library.
+/* The perl scripts - you can ignore these files they are only
+ * included for the curious */
+des.pl          - des in perl anyone? des_set_key and des_ecb_encrypt
+                  both done in a perl library.
+testdes.pl      - Testing program for des.pl
+doIP            - Perl script used to develop IP xor/shift code.
+doPC1           - Perl script used to develop PC1 xor/shift code.
+doPC2           - Generates sk.h.
+PC1             - Output of doPC1 should be the same as output from PC1.
+PC2             - used in development of doPC2.
+shifts.pl       - Perl library used by my perl scripts.
+/* I started making a perl5 dynamic library for libdes
+ * but did not fully finish, these files are part of that effort. */
+DES.pm
+DES.pod
+DES.xs
+t
+typemap
+/* The following are for use with sun RPC implementaions. */
+rpc_des.h
+rpc_enc.c
+/* The following are contibuted by Mark Murray <mark@grondar.za>.  They
+ * are not normally built into libdes due to machine specific routines
+ * contained in them.  They are for use in the most recent incarnation of
+ * export kerberos v 4 (eBones). */
+supp.c
+new_rkey.c
diff --git a/src/lib/libcrypto/des/INSTALL b/src/lib/libcrypto/des/INSTALL
new file mode 100644
index 0000000000..8aebdfe110
--- /dev/null
+++ b/src/lib/libcrypto/des/INSTALL
@@ -0,0 +1,69 @@
+Check the CC and CFLAGS lines in the makefile
+If your C library does not support the times(3) function, change the
+#define TIMES to
+#undef TIMES in speed.c
+If it does, check the HZ value for the times(3) function.
+If your system does not define CLK_TCK it will be assumed to
+be 100.0.
+If possible use gcc v 2.7.?
+Turn on the maximum optimising (normally '-O3 -fomit-frame-pointer' for gcc)
+In recent times, some system compilers give better performace.
+type 'make'
+run './destest' to check things are ok.
+run './rpw' to check the tty code for reading passwords works.
+run './speed' to see how fast those optimisations make the library run :-)
+run './des_opts' to determin the best compile time options.
+The output from des_opts should be put in the makefile options and des_enc.c
+should be rebuilt.  For 64 bit computers, do not use the DES_PTR option.
+For the DEC Alpha, edit des.h and change DES_LONG to 'unsigned int'
+and then you can use the 'DES_PTR' option.
+The file options.txt has the options listed for best speed on quite a
+few systems.  Look and the options (UNROLL, PTR, RISC2 etc) and then
+turn on the relevant option in the Makefile.
+There are some special Makefile targets that make life easier.
+make cc         - standard cc build
+make gcc        - standard gcc build
+make x86-elf    - x86 assembler (elf), linux-elf.
+make x86-out    - x86 assembler (a.out), FreeBSD
+make x86-solaris- x86 assembler
+make x86-bsdi   - x86 assembler (a.out with primative assembler).
+If at all possible use the assembler (for Windows NT/95, use
+asm/win32.obj to link with).  The x86 assembler is very very fast.
+A make install will by default install
+libdes.a      in /usr/local/lib/libdes.a
+des           in /usr/local/bin/des
+des_crypt.man in /usr/local/man/man3/des_crypt.3
+des.man       in /usr/local/man/man1/des.1
+des.h         in /usr/include/des.h
+des(1) should be compatible with sunOS's but I have been unable to
+test it.
+These routines should compile on MSDOS, most 32bit and 64bit version
+of Unix (BSD and SYSV) and VMS, without modification.
+The only problems should be #include files that are in the wrong places.
+These routines can be compiled under MSDOS.
+I have successfully encrypted files using des(1) under MSDOS and then
+decrypted the files on a SparcStation.
+I have been able to compile and test the routines with
+Microsoft C v 5.1 and Turbo C v 2.0.
+The code in this library is in no way optimised for the 16bit
+operation of MSDOS.
+When building for glibc, ignore all of the above and just unpack into
+glibc-1.??/des and then gmake as per normal.
+As a final note on performace.  Certain CPUs like sparcs and Alpha often give
+a %10 speed difference depending on the link order.  It is rather anoying
+when one program reports 'x' DES encrypts a second and another reports
+'x*0.9' the speed.
diff --git a/src/lib/libcrypto/des/Imakefile b/src/lib/libcrypto/des/Imakefile
new file mode 100644
index 0000000000..1b9b5629e1
--- /dev/null
+++ b/src/lib/libcrypto/des/Imakefile
@@ -0,0 +1,35 @@
+# This Imakefile has not been tested for a while but it should still
+# work when placed in the correct directory in the kerberos v 4 distribution
+SRCS=   cbc_cksm.c cbc_enc.c ecb_enc.c pcbc_enc.c \
+        qud_cksm.c rand_key.c read_pwd.c set_key.c str2key.c \
+        enc_read.c enc_writ.c fcrypt.c cfb_enc.c \
+        ecb3_enc.c ofb_enc.c ofb64enc.c
+OBJS=   cbc_cksm.o cbc_enc.o ecb_enc.o pcbc_enc.o \
+        qud_cksm.o rand_key.o read_pwd.o set_key.o str2key.o \
+        enc_read.o enc_writ.o fcrypt.o cfb_enc.o \
+        ecb3_enc.o ofb_enc.o ofb64enc.o
+GENERAL=COPYRIGHT FILES INSTALL Imakefile README VERSION makefile times \
+        vms.com KERBEROS
+DES=    des.c des.man
+TESTING=destest.c speed.c rpw.c
+LIBDES= des_crypt.man des.h des_locl.h podd.h sk.h spr.h
+PERL=   des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl
+CODE=    $(GENERAL) $(DES) $(TESTING) $(SRCS) $(LIBDES) $(PERL)
+SRCDIR=$(SRCTOP)/lib/des
+DBG= -O
+INCLUDE= -I$(SRCDIR)
+CC= cc
+library_obj_rule()
+install_library_target(des,$(OBJS),$(SRCS),)
+test(destest,libdes.a,)
+test(rpw,libdes.a,)
diff --git a/src/lib/libcrypto/des/KERBEROS b/src/lib/libcrypto/des/KERBEROS
new file mode 100644
index 0000000000..f401b10014
--- /dev/null
+++ b/src/lib/libcrypto/des/KERBEROS
@@ -0,0 +1,41 @@
+ [ This is an old file, I don't know if it is true anymore
+   but I will leave the file here - eay 21/11/95 ]
+To use this library with Bones (kerberos without DES):
+1) Get my modified Bones - eBones.  It can be found on
+   gondwana.ecr.mu.oz.au (128.250.1.63) /pub/athena/eBones-p9.tar.Z
+   and
+   nic.funet.fi (128.214.6.100) /pub/unix/security/Kerberos/eBones-p9.tar.Z
+2) Unpack this library in src/lib/des, makeing sure it is version
+   3.00 or greater (libdes.tar.93-10-07.Z).  This versions differences
+   from the version in comp.sources.misc volume 29 patchlevel2.
+   The primarily difference is that it should compile under kerberos :-).
+   It can be found at.
+   ftp.psy.uq.oz.au (130.102.32.1) /pub/DES/libdes.tar.93-10-07.Z
+Now do a normal kerberos build and things should work.
+One problem I found when I was build on my local sun.
+---
+For sunOS 4.1.1 apply the following patch to src/util/ss/make_commands.c
+*** make_commands.c.orig        Fri Jul  3 04:18:35 1987
+--- make_commands.c     Wed May 20 08:47:42 1992
+***************
+*** 98,104 ****
+       if (!rename(o_file, z_file)) {
+          if (!vfork()) {
+               chdir("/tmp");
+!              execl("/bin/ld", "ld", "-o", o_file+5, "-s", "-r", "-n",
+                     z_file+5, 0);
+               perror("/bin/ld");
+               _exit(1);
+--- 98,104 ----
+       if (!rename(o_file, z_file)) {
+          if (!vfork()) {
+               chdir("/tmp");
+!              execl("/bin/ld", "ld", "-o", o_file+5, "-s", "-r",
+                     z_file+5, 0);
+               perror("/bin/ld");
+               _exit(1);
diff --git a/src/lib/libcrypto/des/Makefile b/src/lib/libcrypto/des/Makefile
new file mode 100644
index 0000000000..523dfe38f2
--- /dev/null
+++ b/src/lib/libcrypto/des/Makefile
@@ -0,0 +1,292 @@
+#
+# OpenSSL/crypto/des/Makefile
+#
+DIR=    des
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=-I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+RANLIB=         ranlib
+DES_ENC=        des_enc.o fcrypt_b.o
+# or use
+#DES_ENC=       dx86-elf.o yx86-elf.o
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+GENERAL=Makefile
+TEST=destest.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
+        ecb3_enc.c ecb_enc.c  enc_read.c enc_writ.c \
+        fcrypt.c ofb64enc.c ofb_enc.c  pcbc_enc.c \
+        qud_cksm.c rand_key.c rpc_enc.c  set_key.c  \
+        des_enc.c fcrypt_b.c \
+        xcbc_enc.c \
+        str2key.c  cfb64ede.c ofb64ede.c ede_cbcm_enc.c des_old.c des_old2.c \
+        read2pwd.c
+LIBOBJ= set_key.o  ecb_enc.o  cbc_enc.o \
+        ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o  ofb64ede.o \
+        enc_read.o enc_writ.o ofb64enc.o \
+        ofb_enc.o  str2key.o  pcbc_enc.o qud_cksm.o rand_key.o \
+        ${DES_ENC} \
+        fcrypt.o xcbc_enc.o rpc_enc.o  cbc_cksm.o \
+        ede_cbcm_enc.o des_old.o des_old2.o read2pwd.o
+SRC= $(LIBSRC)
+EXHEADER= des.h des_old.h
+HEADER= des_locl.h rpc_des.h spr.h des_ver.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+des: des.o cbc3_enc.o lib
+        $(CC) $(CFLAGS) -o des des.o cbc3_enc.o $(LIB)
+des_enc-sparc.S:        asm/des_enc.m4
+        m4 -B 8192 asm/des_enc.m4 > des_enc-sparc.S
+# ELF
+dx86-elf.s:     asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) des-586.pl elf $(CFLAGS) > ../$@)
+yx86-elf.s:     asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) crypt586.pl elf $(CFLAGS) > ../$@)
+# COFF
+dx86-cof.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) des-586.pl coff $(CFLAGS) > ../$@)
+yx86-cof.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) crypt586.pl coff $(CFLAGS) > ../$@)
+# a.out
+dx86-out.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) des-586.pl a.out $(CFLAGS) > ../$@)
+yx86-out.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) crypt586.pl a.out $(CFLAGS) > ../$@)
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+# We need to use force because 'install' matches 'INSTALL' on case
+# insensitive systems
+FRC.install:
+install: FRC.install
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.s *.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+cbc_cksm.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+cbc_cksm.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+cbc_cksm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+cbc_cksm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cbc_cksm.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+cbc_cksm.o: cbc_cksm.c des_locl.h
+cbc_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+cbc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+cbc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+cbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+cbc_enc.o: cbc_enc.c des_locl.h ncbc_enc.c
+cfb64ede.o: ../../e_os.h ../../include/openssl/des.h
+cfb64ede.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+cfb64ede.o: ../../include/openssl/opensslconf.h
+cfb64ede.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+cfb64ede.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cfb64ede.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+cfb64ede.o: cfb64ede.c des_locl.h
+cfb64enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+cfb64enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+cfb64enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+cfb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cfb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+cfb64enc.o: cfb64enc.c des_locl.h
+cfb_enc.o: ../../e_os.h ../../include/openssl/des.h
+cfb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+cfb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/ossl_typ.h
+cfb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+cfb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+cfb_enc.o: ../../include/openssl/ui_compat.h cfb_enc.c des_locl.h
+des_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+des_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+des_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+des_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+des_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+des_enc.o: des_enc.c des_locl.h ncbc_enc.c
+des_old.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+des_old.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+des_old.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+des_old.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+des_old.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+des_old.o: ../../include/openssl/ui_compat.h des_old.c
+des_old2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+des_old2.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+des_old2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+des_old2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+des_old2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+des_old2.o: ../../include/openssl/ui_compat.h des_old2.c
+ecb3_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ecb3_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+ecb3_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ecb3_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecb3_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ecb3_enc.o: des_locl.h ecb3_enc.c
+ecb_enc.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+ecb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ecb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+ecb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h ecb_enc.c
+ecb_enc.o: spr.h
+ede_cbcm_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ede_cbcm_enc.o: ../../include/openssl/e_os2.h
+ede_cbcm_enc.o: ../../include/openssl/opensslconf.h
+ede_cbcm_enc.o: ../../include/openssl/ossl_typ.h
+ede_cbcm_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ede_cbcm_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ede_cbcm_enc.o: ../../include/openssl/ui_compat.h des_locl.h ede_cbcm_enc.c
+enc_read.o: ../../e_os.h ../../include/openssl/bio.h
+enc_read.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+enc_read.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+enc_read.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+enc_read.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+enc_read.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+enc_read.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+enc_read.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+enc_read.o: ../../include/openssl/ui_compat.h ../cryptlib.h des_locl.h
+enc_read.o: enc_read.c
+enc_writ.o: ../../e_os.h ../../include/openssl/bio.h
+enc_writ.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+enc_writ.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+enc_writ.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+enc_writ.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+enc_writ.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+enc_writ.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+enc_writ.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+enc_writ.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+enc_writ.o: ../cryptlib.h des_locl.h enc_writ.c
+fcrypt.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+fcrypt.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+fcrypt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+fcrypt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fcrypt.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+fcrypt.o: des_locl.h fcrypt.c
+fcrypt_b.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+fcrypt_b.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+fcrypt_b.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+fcrypt_b.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fcrypt_b.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+fcrypt_b.o: des_locl.h fcrypt_b.c
+ofb64ede.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ofb64ede.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+ofb64ede.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ofb64ede.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ofb64ede.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ofb64ede.o: des_locl.h ofb64ede.c
+ofb64enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ofb64enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+ofb64enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ofb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ofb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ofb64enc.o: des_locl.h ofb64enc.c
+ofb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ofb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+ofb_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ofb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ofb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ofb_enc.o: des_locl.h ofb_enc.c
+pcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+pcbc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+pcbc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+pcbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pcbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pcbc_enc.o: des_locl.h pcbc_enc.c
+qud_cksm.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+qud_cksm.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+qud_cksm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+qud_cksm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+qud_cksm.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+qud_cksm.o: des_locl.h qud_cksm.c
+rand_key.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+rand_key.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+rand_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+rand_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rand_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+rand_key.o: ../../include/openssl/ui_compat.h rand_key.c
+read2pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+read2pwd.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+read2pwd.o: ../../include/openssl/opensslconf.h
+read2pwd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+read2pwd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+read2pwd.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+read2pwd.o: ../../include/openssl/ui_compat.h read2pwd.c
+rpc_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+rpc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+rpc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+rpc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rpc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rpc_enc.o: des_locl.h des_ver.h rpc_des.h rpc_enc.c
+set_key.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+set_key.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+set_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+set_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+set_key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+set_key.o: des_locl.h set_key.c
+str2key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+str2key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+str2key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+str2key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+str2key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+str2key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+str2key.o: des_locl.h str2key.c
+xcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+xcbc_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+xcbc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+xcbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+xcbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+xcbc_enc.o: des_locl.h xcbc_enc.c
diff --git a/src/lib/libcrypto/des/Makefile.ssl b/src/lib/libcrypto/des/Makefile.ssl
new file mode 100644
index 0000000000..0d9ba2b42f
--- /dev/null
+++ b/src/lib/libcrypto/des/Makefile.ssl
@@ -0,0 +1,316 @@
+#
+# SSLeay/crypto/des/Makefile
+#
+DIR=    des
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=-I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+RANLIB=         ranlib
+DES_ENC=        des_enc.o fcrypt_b.o
+# or use
+#DES_ENC=       dx86-elf.o yx86-elf.o
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+GENERAL=Makefile
+TEST=destest.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
+        ecb3_enc.c ecb_enc.c  enc_read.c enc_writ.c \
+        fcrypt.c ofb64enc.c ofb_enc.c  pcbc_enc.c \
+        qud_cksm.c rand_key.c rpc_enc.c  set_key.c  \
+        des_enc.c fcrypt_b.c \
+        xcbc_enc.c \
+        str2key.c  cfb64ede.c ofb64ede.c ede_cbcm_enc.c des_old.c des_old2.c \
+        read2pwd.c
+LIBOBJ= set_key.o  ecb_enc.o  cbc_enc.o \
+        ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o  ofb64ede.o \
+        enc_read.o enc_writ.o ofb64enc.o \
+        ofb_enc.o  str2key.o  pcbc_enc.o qud_cksm.o rand_key.o \
+        ${DES_ENC} \
+        fcrypt.o xcbc_enc.o rpc_enc.o  cbc_cksm.o \
+        ede_cbcm_enc.o des_old.o des_old2.o read2pwd.o
+SRC= $(LIBSRC)
+EXHEADER= des.h des_old.h
+HEADER= des_locl.h rpc_des.h spr.h des_ver.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+des: des.o cbc3_enc.o lib
+        $(CC) $(CFLAGS) -o des des.o cbc3_enc.o $(LIB)
+# elf
+asm/dx86-elf.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) des-586.pl elf $(CFLAGS) > dx86-elf.s)
+asm/yx86-elf.s: asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) crypt586.pl elf $(CFLAGS) > yx86-elf.s)
+# a.out
+asm/dx86-out.o: asm/dx86unix.cpp
+        $(CPP) -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o
+asm/yx86-out.o: asm/yx86unix.cpp
+        $(CPP) -DOUT asm/yx86unix.cpp | as -o asm/yx86-out.o
+# bsdi
+asm/dx86bsdi.o: asm/dx86unix.cpp
+        $(CPP) -DBSDI asm/dx86unix.cpp | sed 's/ :/:/' | as -o asm/dx86bsdi.o
+asm/yx86bsdi.o: asm/yx86unix.cpp
+        $(CPP) -DBSDI asm/yx86unix.cpp | sed 's/ :/:/' | as -o asm/yx86bsdi.o
+asm/dx86unix.cpp: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) des-586.pl cpp >dx86unix.cpp)
+asm/yx86unix.cpp: asm/crypt586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) crypt586.pl cpp >yx86unix.cpp)
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install: installs
+installs:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f asm/dx86unix.cpp asm/yx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+cbc_cksm.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+cbc_cksm.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+cbc_cksm.o: ../../include/openssl/opensslconf.h
+cbc_cksm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+cbc_cksm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cbc_cksm.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+cbc_cksm.o: cbc_cksm.c des_locl.h
+cbc_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+cbc_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+cbc_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+cbc_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+cbc_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+cbc_enc.o: ../../include/openssl/ui_compat.h cbc_enc.c des_locl.h ncbc_enc.c
+cfb64ede.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+cfb64ede.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+cfb64ede.o: ../../include/openssl/opensslconf.h
+cfb64ede.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+cfb64ede.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cfb64ede.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+cfb64ede.o: cfb64ede.c des_locl.h
+cfb64enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+cfb64enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+cfb64enc.o: ../../include/openssl/opensslconf.h
+cfb64enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+cfb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cfb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+cfb64enc.o: cfb64enc.c des_locl.h
+cfb_enc.o: ../../e_os.h ../../include/openssl/crypto.h
+cfb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+cfb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+cfb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+cfb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cfb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+cfb_enc.o: cfb_enc.c des_locl.h
+des_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+des_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+des_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+des_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+des_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+des_enc.o: ../../include/openssl/ui_compat.h des_enc.c des_locl.h ncbc_enc.c
+des_old.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+des_old.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+des_old.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+des_old.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+des_old.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+des_old.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+des_old.o: ../../include/openssl/ui_compat.h des_old.c
+des_old2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+des_old2.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+des_old2.o: ../../include/openssl/opensslconf.h
+des_old2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+des_old2.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+des_old2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+des_old2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+des_old2.o: des_old2.c
+ecb3_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ecb3_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+ecb3_enc.o: ../../include/openssl/opensslconf.h
+ecb3_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ecb3_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecb3_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ecb3_enc.o: des_locl.h ecb3_enc.c
+ecb_enc.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+ecb_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ecb_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+ecb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ecb_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecb_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ecb_enc.o: des_locl.h des_ver.h ecb_enc.c spr.h
+ede_cbcm_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ede_cbcm_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+ede_cbcm_enc.o: ../../include/openssl/opensslconf.h
+ede_cbcm_enc.o: ../../include/openssl/opensslv.h
+ede_cbcm_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ede_cbcm_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ede_cbcm_enc.o: ../../include/openssl/ui_compat.h des_locl.h ede_cbcm_enc.c
+enc_read.o: ../../e_os.h ../../include/openssl/bio.h
+enc_read.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+enc_read.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+enc_read.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+enc_read.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+enc_read.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+enc_read.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+enc_read.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+enc_read.o: ../cryptlib.h des_locl.h enc_read.c
+enc_writ.o: ../../e_os.h ../../include/openssl/bio.h
+enc_writ.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+enc_writ.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+enc_writ.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+enc_writ.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+enc_writ.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+enc_writ.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+enc_writ.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+enc_writ.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+enc_writ.o: ../cryptlib.h des_locl.h enc_writ.c
+fcrypt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+fcrypt.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+fcrypt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+fcrypt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fcrypt.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+fcrypt.o: ../../include/openssl/ui_compat.h des_locl.h fcrypt.c
+fcrypt_b.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+fcrypt_b.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+fcrypt_b.o: ../../include/openssl/opensslconf.h
+fcrypt_b.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+fcrypt_b.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fcrypt_b.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+fcrypt_b.o: des_locl.h fcrypt_b.c
+ofb64ede.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ofb64ede.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+ofb64ede.o: ../../include/openssl/opensslconf.h
+ofb64ede.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ofb64ede.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ofb64ede.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ofb64ede.o: des_locl.h ofb64ede.c
+ofb64enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ofb64enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+ofb64enc.o: ../../include/openssl/opensslconf.h
+ofb64enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ofb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ofb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ofb64enc.o: des_locl.h ofb64enc.c
+ofb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ofb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+ofb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ofb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ofb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ofb_enc.o: ../../include/openssl/ui_compat.h des_locl.h ofb_enc.c
+pcbc_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pcbc_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+pcbc_enc.o: ../../include/openssl/opensslconf.h
+pcbc_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+pcbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pcbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pcbc_enc.o: des_locl.h pcbc_enc.c
+qud_cksm.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+qud_cksm.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+qud_cksm.o: ../../include/openssl/opensslconf.h
+qud_cksm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+qud_cksm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+qud_cksm.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+qud_cksm.o: des_locl.h qud_cksm.c
+rand_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rand_key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+rand_key.o: ../../include/openssl/opensslconf.h
+rand_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+rand_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rand_key.o: rand_key.c
+read2pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+read2pwd.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+read2pwd.o: ../../include/openssl/opensslconf.h
+read2pwd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+read2pwd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+read2pwd.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+read2pwd.o: read2pwd.c
+rpc_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rpc_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+rpc_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rpc_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rpc_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+rpc_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h rpc_des.h
+rpc_enc.o: rpc_enc.c
+set_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+set_key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+set_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+set_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+set_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+set_key.o: ../../include/openssl/ui_compat.h des_locl.h set_key.c
+str2key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+str2key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+str2key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+str2key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+str2key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+str2key.o: ../../include/openssl/ui_compat.h des_locl.h str2key.c
+xcbc_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+xcbc_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+xcbc_enc.o: ../../include/openssl/opensslconf.h
+xcbc_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+xcbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+xcbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+xcbc_enc.o: des_locl.h xcbc_enc.c
diff --git a/src/lib/libcrypto/des/README b/src/lib/libcrypto/des/README
new file mode 100644
index 0000000000..621a5ab467
--- /dev/null
+++ b/src/lib/libcrypto/des/README
@@ -0,0 +1,54 @@
+                libdes, Version 4.01 10-Jan-97
+                Copyright (c) 1997, Eric Young
+                          All rights reserved.
+    This program is free software; you can redistribute it and/or modify
+    it under the terms specified in COPYRIGHT.
+    
+--
+The primary ftp site for this library is
+ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/libdes-x.xx.tar.gz
+libdes is now also shipped with SSLeay.  Primary ftp site of
+ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.x.x.tar.gz
+The best way to build this library is to build it as part of SSLeay.
+This kit builds a DES encryption library and a DES encryption program.
+It supports ecb, cbc, ofb, cfb, triple ecb, triple cbc, triple ofb,
+triple cfb, desx, and MIT's pcbc encryption modes and also has a fast
+implementation of crypt(3).
+It contains support routines to read keys from a terminal,
+generate a random key, generate a key from an arbitrary length string,
+read/write encrypted data from/to a file descriptor.
+The implementation was written so as to conform with the manual entry
+for the des_crypt(3) library routines from MIT's project Athena.
+destest should be run after compilation to test the des routines.
+rpw should be run after compilation to test the read password routines.
+The des program is a replacement for the sun des command.  I believe it
+conforms to the sun version.
+The Imakefile is setup for use in the kerberos distribution.
+These routines are best compiled with gcc or any other good
+optimising compiler.
+Just turn you optimiser up to the highest settings and run destest
+after the build to make sure everything works.
+I believe these routines are close to the fastest and most portable DES
+routines that use small lookup tables (4.5k) that are publicly available.
+The fcrypt routine is faster than ufc's fcrypt (when compiling with
+gcc2 -O2) on the sparc 2 (1410 vs 1270) but is not so good on other machines
+(on a sun3/260 168 vs 336).  It is a function of CPU on chip cache size.
+[ 10-Jan-97 and a function of an incorrect speed testing program in
+  ufc which gave much better test figures that reality ].
+It is worth noting that on sparc and Alpha CPUs, performance of the DES
+library can vary by upto %10 due to the positioning of files after application
+linkage.
+Eric Young (eay@cryptsoft.com)
diff --git a/src/lib/libcrypto/des/VERSION b/src/lib/libcrypto/des/VERSION
new file mode 100644
index 0000000000..c7d01542bc
--- /dev/null
+++ b/src/lib/libcrypto/des/VERSION
@@ -0,0 +1,412 @@
+        Fixed the weak key values which were wrong :-(
+        Defining SIGACTION causes sigaction() to be used instead of signal().
+        SIGUSR1/SIGUSR2 are no longer mapped in the read tty stuff because it
+        can cause problems.  This should hopefully not affect normal
+        applications.
+Version 4.04
+        Fixed a few tests in destest.  Also added x86 assember for
+        des_ncbc_encrypt() which is the standard cbc mode function.
+        This makes a very very large performace difference.
+        Ariel Glenn ariel@columbia.edu reports that the terminal
+        'turn echo off' can return (errno == EINVAL) under solaris
+        when redirection is used.  So I now catch that as well as ENOTTY.
+Version 4.03
+        Left a static out of enc_write.c, which caused to buffer to be
+        continiously malloc()ed.  Does anyone use these functions?  I keep
+        on feeling like removing them since I only had these in there
+        for a version of kerberised login.  Anyway, this was pointed out
+        by Theo de Raadt <deraadt@cvs.openbsd.org>
+        The 'n' bit ofb code was wrong, it was not shifting the shift
+        register. It worked correctly for n == 64.  Thanks to
+        Gigi Ankeny <Gigi.Ankeny@Eng.Sun.COM> for pointing this one out.
+Version 4.02
+        I was doing 'if (memcmp(weak_keys[i],key,sizeof(key)) == 0)'
+        when checking for weak keys which is wrong :-(, pointed out by
+        Markus F.X.J. Oberhumer <markus.oberhumer@jk.uni-linz.ac.at>.
+Version 4.01
+        Even faster inner loop in the DES assembler for x86 and a modification
+        for IP/FP which is faster on x86.  Both of these changes are
+        from Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>.  His
+        changes make the assembler run %40 faster on a pentium.  This is just
+        a case of getting the instruction sequence 'just right'.
+        All credit to 'Svend' :-)
+        Quite a few special x86 'make' targets.
+        A libdes-l (lite) distribution.
+Version 4.00
+        After a bit of a pause, I'll up the major version number since this
+        is mostly a performace release.  I've added x86 assembler and
+        added more options for performance.  A %28 speedup for gcc 
+        on a pentium and the assembler is a %50 speedup.
+        MIPS CPU's, sparc and Alpha are the main CPU's with speedups.
+        Run des_opts to work out which options should be used.
+        DES_RISC1/DES_RISC2 use alternative inner loops which use
+        more registers but should give speedups on any CPU that does
+        dual issue (pentium).  DES_UNROLL unrolls the inner loop,
+        which costs in code size.
+Version 3.26
+        I've finally removed one of the shifts in D_ENCRYPT.  This
+        meant I've changed the des_SPtrans table (spr.h), the set_key()
+        function and some things in des_enc.c.  This has definitly
+        made things faster :-).  I've known about this one for some
+        time but I've been too lazy to follow it up :-).
+        Noticed that in the D_ENCRYPT() macro, we can just do L^=(..)^(..)^..
+        instead of L^=((..)|(..)|(..)..  This should save a register at
+        least.
+        Assember for x86.  The file to replace is des_enc.c, which is replaced
+        by one of the assembler files found in asm.  Look at des/asm/readme
+        for more info.
+        /* Modification to fcrypt so it can be compiled to support
+        HPUX 10.x's long password format, define -DLONGCRYPT to use this.
+        Thanks to Jens Kupferschmidt <bt1cu@hpboot.rz.uni-leipzig.de>. */
+        SIGWINCH case put in des_read_passwd() so the function does not
+        'exit' if this function is recieved.
+Version 3.25 17/07/96
+        Modified read_pwd.c so that stdin can be read if not a tty.
+        Thanks to Jeff Barber <jeffb@issl.atl.hp.com> for the patches.
+        des_init_random_number_generator() shortened due to VMS linker
+        limits.
+        Added RSA's DESX cbc mode.  It is a form of cbc encryption, with 2
+        8 byte quantites xored before and after encryption.
+        des_xcbc_encryption() - the name is funny to preserve the des_
+        prefix on all functions.
+Version 3.24 20/04/96
+        The DES_PTR macro option checked and used by SSLeay configuration
+Version 3.23 11/04/96
+        Added DES_LONG.  If defined to 'unsigned int' on the DEC Alpha,
+        it gives a %20 speedup :-)
+        Fixed the problem with des.pl under perl5.  The patches were
+        sent by Ed Kubaitis (ejk@uiuc.edu).
+        if fcrypt.c, changed values to handle illegal salt values the way
+        normal crypt() implementations do.  Some programs apparently use
+        them :-(. The patch was sent by Bjorn Gronvall <bg@sics.se>
+Version 3.22 29/11/95
+        Bug in des(1), an error with the uuencoding stuff when the
+        'data' is small, thanks to Geoff Keating <keagchon@mehta.anu.edu.au>
+        for the patch.
+Version 3.21 22/11/95
+        After some emailing back and forth with 
+        Colin Plumb <colin@nyx10.cs.du.edu>, I've tweaked a few things
+        and in a future version I will probably put in some of the
+        optimisation he suggested for use with the DES_USE_PTR option.
+        Extra routines from Mark Murray <mark@grondar.za> for use in
+        freeBSD.  They mostly involve random number generation for use
+        with kerberos.  They involve evil machine specific system calls
+        etc so I would normally suggest pushing this stuff into the
+        application and/or using RAND_seed()/RAND_bytes() if you are
+        using this DES library as part of SSLeay.
+        Redone the read_pw() function so that it is cleaner and
+        supports termios, thanks to Sameer Parekh <sameer@c2.org>
+        for the initial patches for this.
+        Renamed 3ecb_encrypt() to ecb3_encrypt().  This has been
+         done just to make things more consistent.
+        I have also now added triple DES versions of cfb and ofb.
+Version 3.20
+        Damn, Damn, Damn, as pointed out by Mike_Spreitzer.PARC@xerox.com,
+        my des_random_seed() function was only copying 4 bytes of the
+        passed seed into the init structure.  It is now fixed to copy 8.
+        My own suggestion is to used something like MD5 :-)
+Version 3.19 
+        While looking at my code one day, I though, why do I keep on
+        calling des_encrypt(in,out,ks,enc) when every function that
+        calls it has in and out the same.  So I dropped the 'out'
+        parameter, people should not be using this function.
+Version 3.18 30/08/95
+        Fixed a few bit with the distribution and the filenames.
+        3.17 had been munged via a move to DOS and back again.
+        NO CODE CHANGES
+Version 3.17 14/07/95
+        Fixed ede3 cbc which I had broken in 3.16.  I have also
+        removed some unneeded variables in 7-8 of the routines.
+Version 3.16 26/06/95
+        Added des_encrypt2() which does not use IP/FP, used by triple
+        des routines.  Tweaked things a bit elsewhere. %13 speedup on
+        sparc and %6 on a R4400 for ede3 cbc mode.
+Version 3.15 06/06/95
+        Added des_ncbc_encrypt(), it is des_cbc mode except that it is
+        'normal' and copies the new iv value back over the top of the
+        passed parameter.
+        CHANGED des_ede3_cbc_encrypt() so that it too now overwrites
+        the iv.  THIS WILL BREAK EXISTING CODE, but since this function
+        only new, I feel I can change it, not so with des_cbc_encrypt :-(.
+        I need to update the documentation.
+Version 3.14 31/05/95
+        New release upon the world, as part of my SSL implementation.
+        New copyright and usage stuff.  Basically free for all to use
+        as long as you say it came from me :-)
+Version 3.13 31/05/95
+        A fix in speed.c, if HZ is not defined, I set it to 100.0
+        which is reasonable for most unixes except SunOS 4.x.
+        I now have a #ifdef sun but timing for SunOS 4.x looked very
+        good :-(.  At my last job where I used SunOS 4.x, it was
+        defined to be 60.0 (look at the old INSTALL documentation), at
+        the last release had it changed to 100.0 since I now work with
+        Solaris2 and SVR4 boxes.
+        Thanks to  Rory Chisholm <rchishol@math.ethz.ch> for pointing this
+        one out.
+Version 3.12 08/05/95
+        As pointed out by The Crypt Keeper <tck@bend.UCSD.EDU>,
+        my D_ENCRYPT macro in crypt() had an un-necessary variable.
+        It has been removed.
+Version 3.11 03/05/95
+        Added des_ede3_cbc_encrypt() which is cbc mode des with 3 keys
+        and one iv.  It is a standard and I needed it for my SSL code.
+        It makes more sense to use this for triple DES than
+        3cbc_encrypt().  I have also added (or should I say tested :-)
+        cfb64_encrypt() which is cfb64 but it will encrypt a partial
+        number of bytes - 3 bytes in 3 bytes out.  Again this is for
+        my SSL library, as a form of encryption to use with SSL
+        telnet.
+Version 3.10 22/03/95
+        Fixed a bug in 3cbc_encrypt() :-(.  When making repeated calls
+        to cbc3_encrypt, the 2 iv values that were being returned to
+        be used in the next call were reversed :-(.
+        Many thanks to Bill Wade <wade@Stoner.COM> for pointing out
+        this error.
+Version 3.09 01/02/95
+        Fixed des_random_key to far more random, it was rather feeble
+        with regards to picking the initial seed.  The problem was
+        pointed out by Olaf Kirch <okir@monad.swb.de>.
+Version 3.08 14/12/94
+        Added Makefile.PL so libdes can be built into perl5.
+        Changed des_locl.h so RAND is always defined.
+Version 3.07 05/12/94
+        Added GNUmake and stuff so the library can be build with
+        glibc.
+Version 3.06 30/08/94
+        Added rpc_enc.c which contains _des_crypt.  This is for use in
+        secure_rpc v 4.0
+        Finally fixed the cfb_enc problems.
+        Fixed a few parameter parsing bugs in des (-3 and -b), thanks
+        to Rob McMillan <R.McMillan@its.gu.edu.au>
+Version 3.05 21/04/94
+        for unsigned long l; gcc does not produce ((l>>34) == 0)
+        This causes bugs in cfb_enc.
+        Thanks to Hadmut Danisch <danisch@ira.uka.de>
+Version 3.04 20/04/94
+        Added a version number to des.c and libdes.a
+Version 3.03 12/01/94
+        Fixed a bug in non zero iv in 3cbc_enc.
+Version 3.02 29/10/93
+        I now work in a place where there are 6+ architectures and 14+
+        OS versions :-).
+        Fixed TERMIO definition so the most sys V boxes will work :-)
+Release upon comp.sources.misc
+Version 3.01 08/10/93
+        Added des_3cbc_encrypt()
+Version 3.00 07/10/93
+        Fixed up documentation.
+        quad_cksum definitely compatible with MIT's now.
+Version 2.30 24/08/93
+        Triple DES now defaults to triple cbc but can do triple ecb
+         with the -b flag.
+        Fixed some MSDOS uuen/uudecoding problems, thanks to
+        Added prototypes.
+        
+Version 2.22 29/06/93
+        Fixed a bug in des_is_weak_key() which stopped it working :-(
+        thanks to engineering@MorningStar.Com.
+Version 2.21 03/06/93
+        des(1) with no arguments gives quite a bit of help.
+        Added -c (generate ckecksum) flag to des(1).
+        Added -3 (triple DES) flag to des(1).
+        Added cfb and ofb routines to the library.
+Version 2.20 11/03/93
+        Added -u (uuencode) flag to des(1).
+        I have been playing with byte order in quad_cksum to make it
+         compatible with MIT's version.  All I can say is avid this
+         function if possible since MIT's output is endian dependent.
+Version 2.12 14/10/92
+        Added MSDOS specific macro in ecb_encrypt which gives a %70
+         speed up when the code is compiled with turbo C.
+Version 2.11 12/10/92
+        Speedup in set_key (recoding of PC-1)
+         I now do it in 47 simple operations, down from 60.
+         Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
+         for motivating me to look for a faster system :-)
+         The speedup is probably less that 1% but it is still 13
+         instructions less :-).
+Version 2.10 06/10/92
+        The code now works on the 64bit ETA10 and CRAY without modifications or
+         #defines.  I believe the code should work on any machine that
+         defines long, int or short to be 8 bytes long.
+        Thanks to Shabbir J. Safdar (shabby@mentor.cc.purdue.edu)
+         for helping me fix the code to run on 64bit machines (he had
+         access to an ETA10).
+        Thanks also to John Fletcher <john_fletcher@lccmail.ocf.llnl.gov>
+         for testing the routines on a CRAY.
+        read_password.c has been renamed to read_passwd.c
+        string_to_key.c has been renamed to string2key.c
+Version 2.00 14/09/92
+        Made mods so that the library should work on 64bit CPU's.
+        Removed all my uchar and ulong defs.  To many different
+         versions of unix define them in their header files in too many
+         different combinations :-)
+        IRIX - Sillicon Graphics mods (mostly in read_password.c).
+         Thanks to Andrew Daviel (advax@erich.triumf.ca)
+Version 1.99 26/08/92
+        Fixed a bug or 2 in enc_read.c
+        Fixed a bug in enc_write.c
+        Fixed a pseudo bug in fcrypt.c (very obscure).
+Version 1.98 31/07/92
+        Support for the ETA10.  This is a strange machine that defines
+        longs and ints as 8 bytes and shorts as 4 bytes.
+        Since I do evil things with long * that assume that they are 4
+        bytes.  Look in the Makefile for the option to compile for
+        this machine.  quad_cksum appears to have problems but I
+        will don't have the time to fix it right now, and this is not
+        a function that uses DES and so will not effect the main uses
+        of the library.
+Version 1.97 20/05/92 eay
+        Fixed the Imakefile and made some changes to des.h to fix some
+        problems when building this package with Kerberos v 4.
+Version 1.96 18/05/92 eay
+        Fixed a small bug in string_to_key() where problems could
+        occur if des_check_key was set to true and the string
+        generated a weak key.
+Patch2 posted to comp.sources.misc
+Version 1.95 13/05/92 eay
+        Added an alternative version of the D_ENCRYPT macro in
+        ecb_encrypt and fcrypt.  Depending on the compiler, one version or the
+        other will be faster.  This was inspired by 
+        Dana How <how@isl.stanford.edu>, and her pointers about doing the
+        *(ulong *)((uchar *)ptr+(value&0xfc))
+        vs
+        ptr[value&0x3f]
+        to stop the C compiler doing a <<2 to convert the long array index.
+Version 1.94 05/05/92 eay
+        Fixed an incompatibility between my string_to_key and the MIT
+         version.  When the key is longer than 8 chars, I was wrapping
+         with a different method.  To use the old version, define
+         OLD_STR_TO_KEY in the makefile.  Thanks to
+         viktor@newsu.shearson.com (Viktor Dukhovni).
+Version 1.93 28/04/92 eay
+        Fixed the VMS mods so that echo is now turned off in
+         read_password.  Thanks again to brennan@coco.cchs.su.oz.AU.
+        MSDOS support added.  The routines can be compiled with
+         Turbo C (v2.0) and MSC (v5.1).  Make sure MSDOS is defined.
+Patch1 posted to comp.sources.misc
+Version 1.92 13/04/92 eay
+        Changed D_ENCRYPT so that the rotation of R occurs outside of
+         the loop.  This required rotating all the longs in sp.h (now
+         called spr.h). Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
+        speed.c has been changed so it will work without SIGALRM.  If
+         times(3) is not present it will try to use ftime() instead.
+Version 1.91 08/04/92 eay
+        Added -E/-D options to des(1) so it can use string_to_key.
+        Added SVR4 mods suggested by witr@rwwa.COM
+        Added VMS mods suggested by brennan@coco.cchs.su.oz.AU.  If
+        anyone knows how to turn of tty echo in VMS please tell me or
+        implement it yourself :-).
+        Changed FILE *IN/*OUT to *DES_IN/*DES_OUT since it appears VMS
+        does not like IN/OUT being used.
+Libdes posted to comp.sources.misc
+Version 1.9 24/03/92 eay
+        Now contains a fast small crypt replacement.
+        Added des(1) command.
+        Added des_rw_mode so people can use cbc encryption with
+        enc_read and enc_write.
+Version 1.8 15/10/91 eay
+        Bug in cbc_cksum.
+        Many thanks to Keith Reynolds (keithr@sco.COM) for pointing this
+        one out.
+Version 1.7 24/09/91 eay
+        Fixed set_key :-)
+        set_key is 4 times faster and takes less space.
+        There are a few minor changes that could be made.
+Version 1.6 19/09/1991 eay
+        Finally go IP and FP finished.
+        Now I need to fix set_key.
+        This version is quite a bit faster that 1.51
+Version 1.52 15/06/1991 eay
+        20% speedup in ecb_encrypt by changing the E bit selection
+        to use 2 32bit words.  This also required modification of the
+        sp table.  There is still a way to speedup the IP and IP-1
+        (hints from outer@sq.com) still working on this one :-(.
+Version 1.51 07/06/1991 eay
+        Faster des_encrypt by loop unrolling
+        Fixed bug in quad_cksum.c (thanks to hughes@logos.ucs.indiana.edu)
+Version 1.50 28/05/1991 eay
+        Optimised the code a bit more for the sparc.  I have improved the
+        speed of the inner des_encrypt by speeding up the initial and
+        final permutations.
+Version 1.40 23/10/1990 eay
+        Fixed des_random_key, it did not produce a random key :-(
+Version 1.30  2/10/1990 eay
+        Have made des_quad_cksum the same as MIT's, the full package
+        should be compatible with MIT's
+        Have tested on a DECstation 3100
+        Still need to fix des_set_key (make it faster).
+        Does des_cbc_encrypts at 70.5k/sec on a 3100.
+Version 1.20 18/09/1990 eay
+        Fixed byte order dependencies.
+        Fixed (I hope) all the word alignment problems.
+        Speedup in des_ecb_encrypt.
+Version 1.10 11/09/1990 eay
+        Added des_enc_read and des_enc_write.
+        Still need to fix des_quad_cksum.
+        Still need to document des_enc_read and des_enc_write.
+Version 1.00 27/08/1990 eay
diff --git a/src/lib/libcrypto/des/asm/des-586.pl b/src/lib/libcrypto/des/asm/des-586.pl
index b75d3c6b3a..60d577cc8d 100644
--- a/src/lib/libcrypto/des/asm/des-586.pl
+++ b/src/lib/libcrypto/des/asm/des-586.pl
@@ -22,10 +22,14 @@ $R="esi";
 &external_label("DES_SPtrans");
 &DES_encrypt("DES_encrypt1",1);
 &DES_encrypt("DES_encrypt2",0);
-&DES_encrypt3("DES_encrypt3",1);
-&DES_encrypt3("DES_decrypt3",0);
+if (!$main'openbsd)
-&cbc("DES_ncbc_encrypt","DES_encrypt1","DES_encrypt1",0,4,5,3,5,-1);
+        {
-&cbc("DES_ede3_cbc_encrypt","DES_encrypt3","DES_decrypt3",0,6,7,3,4,5);
+        &DES_encrypt3("DES_encrypt3",1);
+        &DES_encrypt3("DES_decrypt3",0);
+        &cbc("DES_ncbc_encrypt","DES_encrypt1","DES_encrypt1",0,4,5,3,5,-1);
+        &cbc("DES_ede3_cbc_encrypt","DES_encrypt3","DES_decrypt3",0,6,7,3,4,5);
+        }
 &asm_finish();
diff --git a/src/lib/libcrypto/des/asm/des686.pl b/src/lib/libcrypto/des/asm/des686.pl
new file mode 100644
index 0000000000..d3ad5d5edd
--- /dev/null
+++ b/src/lib/libcrypto/des/asm/des686.pl
@@ -0,0 +1,230 @@
+#!/usr/local/bin/perl
+$prog="des686.pl";
+# base code is in microsft
+# op dest, source
+# format.
+#
+# WILL NOT WORK ANYMORE WITH desboth.pl
+require "desboth.pl";
+if (    ($ARGV[0] eq "elf"))
+        { require "x86unix.pl"; }
+elsif ( ($ARGV[0] eq "a.out"))
+        { $aout=1; require "x86unix.pl"; }
+elsif ( ($ARGV[0] eq "sol"))
+        { $sol=1; require "x86unix.pl"; }
+elsif ( ($ARGV[0] eq "cpp"))
+        { $cpp=1; require "x86unix.pl"; }
+elsif ( ($ARGV[0] eq "win32"))
+        { require "x86ms.pl"; }
+else
+        {
+        print STDERR <<"EOF";
+Pick one target type from
+        elf     - linux, FreeBSD etc
+        a.out   - old linux
+        sol     - x86 solaris
+        cpp     - format so x86unix.cpp can be used
+        win32   - Windows 95/Windows NT
+EOF
+        exit(1);
+        }
+&comment("Don't even think of reading this code");
+&comment("It was automatically generated by $prog");
+&comment("Which is a perl program used to generate the x86 assember for");
+&comment("any of elf, a.out, Win32, or Solaris");
+&comment("It can be found in SSLeay 0.6.5+ or in libdes 3.26+");
+&comment("eric <eay\@cryptsoft.com>");
+&comment("");
+&file("dx86xxxx");
+$L="edi";
+$R="esi";
+&DES_encrypt("DES_encrypt1",1);
+&DES_encrypt("DES_encrypt2",0);
+&DES_encrypt3("DES_encrypt3",1);
+&DES_encrypt3("DES_decrypt3",0);
+&file_end();
+sub DES_encrypt
+        {
+        local($name,$do_ip)=@_;
+        &function_begin($name,"EXTRN   _DES_SPtrans:DWORD");
+        &comment("");
+        &comment("Load the 2 words");
+        &mov("eax",&wparam(0));
+        &mov($L,&DWP(0,"eax","",0));
+        &mov($R,&DWP(4,"eax","",0));
+        $ksp=&wparam(1);
+        if ($do_ip)
+                {
+                &comment("");
+                &comment("IP");
+                &IP_new($L,$R,"eax");
+                }
+        &comment("");
+        &comment("fixup rotate");
+        &rotl($R,3);
+        &rotl($L,3);
+        &exch($L,$R);
+        &comment("");
+        &comment("load counter, key_schedule and enc flag");
+        &mov("eax",&wparam(2)); # get encrypt flag
+        &mov("ebp",&wparam(1)); # get ks
+        &cmp("eax","0");
+        &je(&label("start_decrypt"));
+        # encrypting part
+        for ($i=0; $i<16; $i+=2)
+                {
+                &comment("");
+                &comment("Round $i");
+                &D_ENCRYPT($L,$R,$i*2,"ebp","DES_SPtrans","ecx","edx","eax","ebx");
+                &comment("");
+                &comment("Round ".sprintf("%d",$i+1));
+                &D_ENCRYPT($R,$L,($i+1)*2,"ebp","DES_SPtrans","ecx","edx","eax","ebx");
+                }
+        &jmp(&label("end"));
+        &set_label("start_decrypt");
+        for ($i=15; $i>0; $i-=2)
+                {
+                &comment("");
+                &comment("Round $i");
+                &D_ENCRYPT($L,$R,$i*2,"ebp","DES_SPtrans","ecx","edx","eax","ebx");
+                &comment("");
+                &comment("Round ".sprintf("%d",$i-1));
+                &D_ENCRYPT($R,$L,($i-1)*2,"ebp","DES_SPtrans","ecx","edx","eax","ebx");
+                }
+        &set_label("end");
+        &comment("");
+        &comment("Fixup");
+        &rotr($L,3);            # r
+        &rotr($R,3);            # l
+        if ($do_ip)
+                {
+                &comment("");
+                &comment("FP");
+                &FP_new($R,$L,"eax");
+                }
+        &mov("eax",&wparam(0));
+        &mov(&DWP(0,"eax","",0),$L);
+        &mov(&DWP(4,"eax","",0),$R);
+        &function_end($name);
+        }
+# The logic is to load R into 2 registers and operate on both at the same time.
+# We also load the 2 R's into 2 more registers so we can do the 'move word down a byte'
+# while also masking the other copy and doing a lookup.  We then also accumulate the
+# L value in 2 registers then combine them at the end.
+sub D_ENCRYPT
+        {
+        local($L,$R,$S,$ks,$desSP,$u,$t,$tmp1,$tmp2,$tmp3)=@_;
+        &mov(   $u,             &DWP(&n2a($S*4),$ks,"",0));
+        &mov(   $t,             &DWP(&n2a(($S+1)*4),$ks,"",0));
+        &xor(   $u,             $R              );
+        &xor(   $t,             $R              );
+        &rotr(  $t,             4               );
+        # the numbers at the end of the line are origional instruction order
+        &mov(   $tmp2,          $u              );                      # 1 2
+        &mov(   $tmp1,          $t              );                      # 1 1
+        &and(   $tmp2,          "0xfc"          );                      # 1 4
+        &and(   $tmp1,          "0xfc"          );                      # 1 3
+        &shr(   $t,             8               );                      # 1 5
+        &xor(   $L,             &DWP("0x100+$desSP",$tmp1,"",0));       # 1 7
+        &shr(   $u,             8               );                      # 1 6
+        &mov(   $tmp1,          &DWP("      $desSP",$tmp2,"",0));       # 1 8
+        &mov(   $tmp2,          $u              );                      # 2 2
+        &xor(   $L,             $tmp1           );                      # 1 9
+        &and(   $tmp2,          "0xfc"          );                      # 2 4
+        &mov(   $tmp1,          $t              );                      # 2 1
+        &and(   $tmp1,          "0xfc"          );                      # 2 3
+        &shr(   $t,             8               );                      # 2 5
+        &xor(   $L,             &DWP("0x300+$desSP",$tmp1,"",0));       # 2 7
+        &shr(   $u,             8               );                      # 2 6
+        &mov(   $tmp1,          &DWP("0x200+$desSP",$tmp2,"",0));       # 2 8
+        &mov(   $tmp2,          $u              );                      # 3 2
+        &xor(   $L,             $tmp1           );                      # 2 9
+        &and(   $tmp2,          "0xfc"          );                      # 3 4
+        &mov(   $tmp1,          $t              );                      # 3 1 
+        &shr(   $u,             8               );                      # 3 6
+        &and(   $tmp1,          "0xfc"          );                      # 3 3
+        &shr(   $t,             8               );                      # 3 5
+        &xor(   $L,             &DWP("0x500+$desSP",$tmp1,"",0));       # 3 7
+        &mov(   $tmp1,          &DWP("0x400+$desSP",$tmp2,"",0));       # 3 8
+        &and(   $t,             "0xfc"          );                      # 4 1
+        &xor(   $L,             $tmp1           );                      # 3 9
+        &and(   $u,             "0xfc"          );                      # 4 2
+        &xor(   $L,             &DWP("0x700+$desSP",$t,"",0));          # 4 3
+        &xor(   $L,             &DWP("0x600+$desSP",$u,"",0));          # 4 4
+        }
+sub PERM_OP
+        {
+        local($a,$b,$tt,$shift,$mask)=@_;
+        &mov(   $tt,            $a              );
+        &shr(   $tt,            $shift          );
+        &xor(   $tt,            $b              );
+        &and(   $tt,            $mask           );
+        &xor(   $b,             $tt             );
+        &shl(   $tt,            $shift          );
+        &xor(   $a,             $tt             );
+        }
+sub IP_new
+        {
+        local($l,$r,$tt)=@_;
+        &PERM_OP($r,$l,$tt, 4,"0x0f0f0f0f");
+        &PERM_OP($l,$r,$tt,16,"0x0000ffff");
+        &PERM_OP($r,$l,$tt, 2,"0x33333333");
+        &PERM_OP($l,$r,$tt, 8,"0x00ff00ff");
+        &PERM_OP($r,$l,$tt, 1,"0x55555555");
+        }
+sub FP_new
+        {
+        local($l,$r,$tt)=@_;
+        &PERM_OP($l,$r,$tt, 1,"0x55555555");
+        &PERM_OP($r,$l,$tt, 8,"0x00ff00ff");
+        &PERM_OP($l,$r,$tt, 2,"0x33333333");
+        &PERM_OP($r,$l,$tt,16,"0x0000ffff");
+        &PERM_OP($l,$r,$tt, 4,"0x0f0f0f0f");
+        }
+sub n2a
+        {
+        sprintf("%d",$_[0]);
+        }
diff --git a/src/lib/libcrypto/des/asm/readme b/src/lib/libcrypto/des/asm/readme
new file mode 100644
index 0000000000..1beafe253b
--- /dev/null
+++ b/src/lib/libcrypto/des/asm/readme
@@ -0,0 +1,131 @@
+First up, let me say I don't like writing in assembler.  It is not portable,
+dependant on the particular CPU architecture release and is generally a pig
+to debug and get right.  Having said that, the x86 architecture is probably
+the most important for speed due to number of boxes and since
+it appears to be the worst architecture to to get
+good C compilers for.  So due to this, I have lowered myself to do
+assembler for the inner DES routines in libdes :-).
+The file to implement in assembler is des_enc.c.  Replace the following
+4 functions
+des_encrypt1(DES_LONG data[2],des_key_schedule ks, int encrypt);
+des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt);
+des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
+des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
+They encrypt/decrypt the 64 bits held in 'data' using
+the 'ks' key schedules.   The only difference between the 4 functions is that
+des_encrypt2() does not perform IP() or FP() on the data (this is an
+optimization for when doing triple DES and des_encrypt3() and des_decrypt3()
+perform triple des.  The triple DES routines are in here because it does
+make a big difference to have them located near the des_encrypt2 function
+at link time..
+Now as we all know, there are lots of different operating systems running on
+x86 boxes, and unfortunately they normally try to make sure their assembler
+formating is not the same as the other peoples.
+The 4 main formats I know of are
+Microsoft       Windows 95/Windows NT
+Elf             Includes Linux and FreeBSD(?).
+a.out           The older Linux.
+Solaris         Same as Elf but different comments :-(.
+Now I was not overly keen to write 4 different copies of the same code,
+so I wrote a few perl routines to output the correct assembler, given
+a target assembler type.  This code is ugly and is just a hack.
+The libraries are x86unix.pl and x86ms.pl.
+des586.pl, des686.pl and des-som[23].pl are the programs to actually
+generate the assembler.
+So to generate elf assembler
+perl des-som3.pl elf >dx86-elf.s
+For Windows 95/NT
+perl des-som2.pl win32 >win32.asm
+[ update 4 Jan 1996 ]
+I have added another way to do things.
+perl des-som3.pl cpp >dx86-cpp.s
+generates a file that will be included by dx86unix.cpp when it is compiled.
+To build for elf, a.out, solaris, bsdi etc,
+cc -E -DELF asm/dx86unix.cpp | as -o asm/dx86-elf.o
+cc -E -DSOL asm/dx86unix.cpp | as -o asm/dx86-sol.o
+cc -E -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o
+cc -E -DBSDI asm/dx86unix.cpp | as -o asm/dx86bsdi.o
+This was done to cut down the number of files in the distribution.
+Now the ugly part.  I acquired my copy of Intels
+"Optimization's For Intel's 32-Bit Processors" and found a few interesting
+things.  First, the aim of the exersize is to 'extract' one byte at a time
+from a word and do an array lookup.  This involves getting the byte from
+the 4 locations in the word and moving it to a new word and doing the lookup.
+The most obvious way to do this is
+xor     eax,    eax                             # clear word
+movb    al,     cl                              # get low byte
+xor     edi     DWORD PTR 0x100+des_SP[eax]     # xor in word
+movb    al,     ch                              # get next byte
+xor     edi     DWORD PTR 0x300+des_SP[eax]     # xor in word
+shr     ecx     16
+which seems ok.  For the pentium, this system appears to be the best.
+One has to do instruction interleaving to keep both functional units
+operating, but it is basically very efficient.
+Now the crunch.  When a full register is used after a partial write, eg.
+mov     al,     cl
+xor     edi,    DWORD PTR 0x100+des_SP[eax]
+386     - 1 cycle stall
+486     - 1 cycle stall
+586     - 0 cycle stall
+686     - at least 7 cycle stall (page 22 of the above mentioned document).
+So the technique that produces the best results on a pentium, according to
+the documentation, will produce hideous results on a pentium pro.
+To get around this, des686.pl will generate code that is not as fast on
+a pentium, should be very good on a pentium pro.
+mov     eax,    ecx                             # copy word 
+shr     ecx,    8                               # line up next byte
+and     eax,    0fch                            # mask byte
+xor     edi     DWORD PTR 0x100+des_SP[eax]     # xor in array lookup
+mov     eax,    ecx                             # get word
+shr     ecx     8                               # line up next byte
+and     eax,    0fch                            # mask byte
+xor     edi     DWORD PTR 0x300+des_SP[eax]     # xor in array lookup
+Due to the execution units in the pentium, this actually works quite well.
+For a pentium pro it should be very good.  This is the type of output
+Visual C++ generates.
+There is a third option.  instead of using
+mov     al,     ch
+which is bad on the pentium pro, one may be able to use
+movzx   eax,    ch
+which may not incur the partial write penalty.  On the pentium,
+this instruction takes 4 cycles so is not worth using but on the
+pentium pro it appears it may be worth while.  I need access to one to
+experiment :-).
+eric (20 Oct 1996)
+22 Nov 1996 - I have asked people to run the 2 different version on pentium
+pros and it appears that the intel documentation is wrong.  The
+mov al,bh is still faster on a pentium pro, so just use the des586.pl
+install des686.pl
+3 Dec 1996 - I added des_encrypt3/des_decrypt3 because I have moved these
+functions into des_enc.c because it does make a massive performance
+difference on some boxes to have the functions code located close to
+the des_encrypt2() function.
+9 Jan 1997 - des-som2.pl is now the correct perl script to use for
+pentiums.  It contains an inner loop from
+Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk> which does raw ecb DES calls at
+273,000 per second.  He had a previous version at 250,000 and the best
+I was able to get was 203,000.  The content has not changed, this is all
+due to instruction sequencing (and actual instructions choice) which is able
+to keep both functional units of the pentium going.
+We may have lost the ugly register usage restrictions when x86 went 32 bit
+but for the pentium it has been replaced by evil instruction ordering tricks.
+13 Jan 1997 - des-som3.pl, more optimizations from Svend Olaf.
+raw DES at 281,000 per second on a pentium 100.
diff --git a/src/lib/libcrypto/des/cbc3_enc.c b/src/lib/libcrypto/des/cbc3_enc.c
new file mode 100644
index 0000000000..b5db4e14f7
--- /dev/null
+++ b/src/lib/libcrypto/des/cbc3_enc.c
@@ -0,0 +1,99 @@
+/* crypto/des/cbc3_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "des_locl.h"
+/* HAS BUGS! DON'T USE - this is only present for use in des.c */
+void DES_3cbc_encrypt(DES_cblock *input, DES_cblock *output, long length,
+             DES_key_schedule ks1, DES_key_schedule ks2, DES_cblock *iv1,
+             DES_cblock *iv2, int enc)
+        {
+        int off=((int)length-1)/8;
+        long l8=((length+7)/8)*8;
+        DES_cblock niv1,niv2;
+        if (enc == DES_ENCRYPT)
+                {
+                DES_cbc_encrypt((unsigned char*)input,
+                                (unsigned char*)output,length,&ks1,iv1,enc);
+                if (length >= sizeof(DES_cblock))
+                        memcpy(niv1,output[off],sizeof(DES_cblock));
+                DES_cbc_encrypt((unsigned char*)output,
+                                (unsigned char*)output,l8,&ks2,iv1,!enc);
+                DES_cbc_encrypt((unsigned char*)output,
+                                (unsigned char*)output,l8,&ks1,iv2,enc);
+                if (length >= sizeof(DES_cblock))
+                        memcpy(niv2,output[off],sizeof(DES_cblock));
+                }
+        else
+                {
+                if (length >= sizeof(DES_cblock))
+                        memcpy(niv2,input[off],sizeof(DES_cblock));
+                DES_cbc_encrypt((unsigned char*)input,
+                                (unsigned char*)output,l8,&ks1,iv2,enc);
+                DES_cbc_encrypt((unsigned char*)output,
+                                (unsigned char*)output,l8,&ks2,iv1,!enc);
+                if (length >= sizeof(DES_cblock))
+                        memcpy(niv1,output[off],sizeof(DES_cblock));
+                DES_cbc_encrypt((unsigned char*)output,
+                                (unsigned char*)output,length,&ks1,iv1,enc);
+                }
+        memcpy(*iv1,niv1,sizeof(DES_cblock));
+        memcpy(*iv2,niv2,sizeof(DES_cblock));
+        }
diff --git a/src/lib/libcrypto/des/cfb64ede.c b/src/lib/libcrypto/des/cfb64ede.c
index de34ecceb9..f3c6018528 100644
--- a/src/lib/libcrypto/des/cfb64ede.c
+++ b/src/lib/libcrypto/des/cfb64ede.c
@@ -152,8 +152,8 @@ void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out,
                          DES_cblock *ivec,int enc)
        {
        register DES_LONG d0,d1,v0,v1;
-        register unsigned long l=length,n=((unsigned int)numbits+7)/8;
+        register long l=length;
-        register int num=numbits,i;
+        register int num=numbits,n=(numbits+7)/8,i;
        DES_LONG ti[2];
        unsigned char *iv;
        unsigned char ovec[16];
diff --git a/src/lib/libcrypto/des/cfb_enc.c b/src/lib/libcrypto/des/cfb_enc.c
index 720f29a28e..03cabb223c 100644
--- a/src/lib/libcrypto/des/cfb_enc.c
+++ b/src/lib/libcrypto/des/cfb_enc.c
@@ -58,7 +58,6 @@
 #include "e_os.h"
 #include "des_locl.h"
-#include <assert.h>
 /* The input and output are loaded in multiples of 8 bits.
 * What this means is that if you hame numbits=12 and length=2
@@ -73,29 +72,19 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
                     int enc)
        {
        register DES_LONG d0,d1,v0,v1;
-        register unsigned long l=length;
+        register unsigned long l=length,n=(numbits+7)/8;
-        register int num=numbits/8,n=(numbits+7)/8,i,rem=numbits%8;
+        register int num=numbits,i;
        DES_LONG ti[2];
        unsigned char *iv;
-#ifndef L_ENDIAN
        unsigned char ovec[16];
-#else
-        unsigned int  sh[4];
-        unsigned char *ovec=(unsigned char *)sh;
-        /* I kind of count that compiler optimizes away this assertioni,*/
+        if (num > 64) return;
-        assert (sizeof(sh[0])==4);      /* as this holds true for all,  */
-                                        /* but 16-bit platforms...      */
-                                        
-#endif
-        if (numbits<=0 || numbits > 64) return;
        iv = &(*ivec)[0];
        c2l(iv,v0);
        c2l(iv,v1);
        if (enc)
                {
-                while (l >= (unsigned long)n)
+                while (l >= n)
                        {
                        l-=n;
                        ti[0]=v0;
@@ -109,40 +98,35 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
                        out+=n;
                        /* 30-08-94 - eay - changed because l>>32 and
                         * l<<32 are bad under gcc :-( */
-                        if (numbits == 32)
+                        if (num == 32)
                                { v0=v1; v1=d0; }
-                        else if (numbits == 64)
+                        else if (num == 64)
                                { v0=d0; v1=d1; }
                        else
                                {
-#ifndef L_ENDIAN
                                iv=&ovec[0];
                                l2c(v0,iv);
                                l2c(v1,iv);
                                l2c(d0,iv);
                                l2c(d1,iv);
-#else
+                                /* shift ovec left most of the bits... */
-                                sh[0]=v0, sh[1]=v1, sh[2]=d0, sh[3]=d1;
+                                memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
-#endif
+                                /* now the remaining bits */
-                                if (rem==0)
+                                if(num%8 != 0)
-                                        memmove(ovec,ovec+num,8);
-                                else
                                        for(i=0 ; i < 8 ; ++i)
-                                                ovec[i]=ovec[i+num]<<rem |
+                                                {
-                                                        ovec[i+num+1]>>(8-rem);
+                                                ovec[i]<<=num%8;
-#ifdef L_ENDIAN
+                                                ovec[i]|=ovec[i+1]>>(8-num%8);
-                                v0=sh[0], v1=sh[1];
+                                                }
-#else
                                iv=&ovec[0];
                                c2l(iv,v0);
                                c2l(iv,v1);
-#endif
                                }
                        }
                }
        else
                {
-                while (l >= (unsigned long)n)
+                while (l >= n)
                        {
                        l-=n;
                        ti[0]=v0;
@@ -152,34 +136,29 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
                        in+=n;
                        /* 30-08-94 - eay - changed because l>>32 and
                         * l<<32 are bad under gcc :-( */
-                        if (numbits == 32)
+                        if (num == 32)
                                { v0=v1; v1=d0; }
-                        else if (numbits == 64)
+                        else if (num == 64)
                                { v0=d0; v1=d1; }
                        else
                                {
-#ifndef L_ENDIAN
                                iv=&ovec[0];
                                l2c(v0,iv);
                                l2c(v1,iv);
                                l2c(d0,iv);
                                l2c(d1,iv);
-#else
+                                /* shift ovec left most of the bits... */
-                                sh[0]=v0, sh[1]=v1, sh[2]=d0, sh[3]=d1;
+                                memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
-#endif
+                                /* now the remaining bits */
-                                if (rem==0)
+                                if(num%8 != 0)
-                                        memmove(ovec,ovec+num,8);
-                                else
                                        for(i=0 ; i < 8 ; ++i)
-                                                ovec[i]=ovec[i+num]<<rem |
+                                                {
-                                                        ovec[i+num+1]>>(8-rem);
+                                                ovec[i]<<=num%8;
-#ifdef L_ENDIAN
+                                                ovec[i]|=ovec[i+1]>>(8-num%8);
-                                v0=sh[0], v1=sh[1];
+                                                }
-#else
                                iv=&ovec[0];
                                c2l(iv,v0);
                                c2l(iv,v1);
-#endif
                                }
                        d0^=ti[0];
                        d1^=ti[1];
diff --git a/src/lib/libcrypto/des/des-lib.com b/src/lib/libcrypto/des/des-lib.com
new file mode 100644
index 0000000000..fc2c35a1ce
--- /dev/null
+++ b/src/lib/libcrypto/des/des-lib.com
@@ -0,0 +1,1003 @@
+$!
+$!  DES-LIB.COM
+$!  Written By:  Robert Byer
+$!               Vice-President
+$!               A-Com Computing, Inc.
+$!               byer@mail.all-net.net
+$!
+$!  Changes by Richard Levitte <richard@levitte.org>
+$!
+$!  This command files compiles and creates the 
+$!  "[.xxx.EXE.CRYPTO.DES]LIBDES.OLB" library.  The "xxx" denotes the machine 
+$!  architecture of AXP or VAX.
+$!
+$!  It was re-written to try to determine which "C" compiler to try to use
+$!  or the user can specify a compiler in P3.
+$!
+$!  Specify one of the following to build just that part, specify "ALL" to
+$!  just build everything.
+$!
+$!         ALL       To Just Build "Everything".
+$!         LIBRARY   To Just Build The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library.
+$!         DESTEST   To Just Build The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program.
+$!         SPEED     To Just Build The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program.
+$!         RPW       To Just Build The [.xxx.EXE.CRYPTO.DES]RPW.EXE Program.
+$!         DES       To Just Build The [.xxx.EXE.CRYPTO.DES]DES.EXE Program.
+$!         DES_OPTS  To Just Build The [.xxx.EXE.CRYPTO.DES]DES_OPTS.EXE Program.
+$!
+$!  Specify either DEBUG or NODEBUG as P2 to compile with or without
+$!  debugging information.
+$!
+$!  Specify which compiler at P3 to try to compile under.
+$!
+$!         VAXC  For VAX C.
+$!         DECC  For DEC C.
+$!         GNUC  For GNU C.
+$!
+$!  If you don't speficy a compiler, it will try to determine which
+$!  "C" compiler to try to use.
+$!
+$!  P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
+$!
+$!
+$! Make sure we know what architecture we run on.
+$!
+$!
+$! Check Which Architecture We Are Using.
+$!
+$ IF (F$GETSYI("CPU").GE.128)
+$ THEN
+$!
+$!  The Architecture Is AXP.
+$!
+$   ARCH := AXP
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  The Architecture Is VAX.
+$!
+$   ARCH := VAX
+$!
+$! End The Architecture Check.
+$!
+$ ENDIF
+$!
+$! Check To Make Sure We Have Valid Command Line Parameters.
+$!
+$ GOSUB CHECK_OPTIONS
+$!
+$! Tell The User What Kind of Machine We Run On.
+$!
+$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
+$!
+$! Define The OBJ Directory Name.
+$!
+$ OBJ_DIR := SYS$DISK:[--.'ARCH'.OBJ.CRYPTO.DES]
+$!
+$! Check To See If The Architecture Specific OBJ Directory Exists.
+$!
+$ IF (F$PARSE(OBJ_DIR).EQS."")
+$ THEN
+$!
+$!  It Dosen't Exist, So Create It.
+$!
+$   CREATE/DIR 'OBJ_DIR'
+$!
+$! End The Architecture Specific OBJ Directory Check.
+$!
+$ ENDIF
+$!
+$! Define The EXE Directory Name.
+$!
+$ EXE_DIR :== SYS$DISK:[--.'ARCH'.EXE.CRYPTO.DES]
+$!
+$! Check To See If The Architecture Specific Directory Exists.
+$!
+$ IF (F$PARSE(EXE_DIR).EQS."")
+$ THEN
+$!
+$!  It Dosen't Exist, So Create It.
+$!
+$   CREATE/DIR 'EXE_DIR'
+$!
+$! End The Architecture Specific Directory Check.
+$!
+$ ENDIF
+$!
+$! Define The Library Name.
+$!
+$ LIB_NAME := 'EXE_DIR'LIBDES.OLB
+$!
+$! Check To See What We Are To Do.
+$!
+$ IF (BUILDALL.EQS."TRUE")
+$ THEN
+$!
+$!  Since Nothing Special Was Specified, Do Everything.
+$!
+$   GOSUB LIBRARY
+$   GOSUB DESTEST
+$   GOSUB SPEED
+$   GOSUB RPW
+$   GOSUB DES
+$   GOSUB DES_OPTS
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!    Build Just What The User Wants Us To Build.
+$!
+$     GOSUB 'BUILDALL'
+$!
+$! End The BUILDALL Check.
+$!
+$ ENDIF
+$!
+$! Time To EXIT.
+$!
+$ EXIT
+$ LIBRARY:
+$!
+$! Tell The User That We Are Compiling.
+$!
+$ WRITE SYS$OUTPUT "Compiling The ",LIB_NAME," Files."
+$!
+$! Check To See If We Already Have A "[.xxx.EXE.CRYPTO.DES]LIBDES.OLB" Library...
+$!
+$ IF (F$SEARCH(LIB_NAME).EQS."")
+$ THEN
+$!
+$! Guess Not, Create The Library.
+$!
+$   LIBRARY/CREATE/OBJECT 'LIB_NAME'
+$!
+$! End The Library Exist Check.
+$!
+$ ENDIF
+$!
+$! Define The DES Library Files.
+$!
+$ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ -
+                "ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ -
+                "enc_read,enc_writ,ofb64enc,"+ -
+                "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ -
+                "des_enc,fcrypt_b,read2pwd,"+ -
+                "fcrypt,xcbc_enc,read_pwd,rpc_enc,cbc_cksm,supp"
+$!
+$!  Define A File Counter And Set It To "0".
+$!
+$ FILE_COUNTER = 0
+$!
+$! Top Of The File Loop.
+$!
+$ NEXT_FILE:
+$!
+$! O.K, Extract The File Name From The File List.
+$!
+$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",LIB_DES)
+$!
+$! Check To See If We Are At The End Of The File List.
+$!
+$ IF (FILE_NAME.EQS.",") THEN GOTO FILE_DONE
+$!
+$! Increment The Counter.
+$!
+$ FILE_COUNTER = FILE_COUNTER + 1
+$!
+$! Create The Source File Name.
+$!
+$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C"
+$!
+$!  Tell The User We Are Compiling The Source File.
+$!
+$ WRITE SYS$OUTPUT "    ",FILE_NAME,".C"
+$!
+$! Create The Object File Name.
+$!
+$ OBJECT_FILE = OBJ_DIR + FILE_NAME + "." + ARCH + "OBJ"
+$ ON WARNING THEN GOTO NEXT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH(SOURCE_FILE).EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The File Exists Check.
+$!
+$ ENDIF
+$!
+$! Compile The File.
+$!
+$ ON ERROR THEN GOTO NEXT_FILE
+$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$!
+$! Add It To The Library.
+$!
+$ LIBRARY/REPLACE/OBJECT 'LIB_NAME' 'OBJECT_FILE'
+$!
+$! Time To Clean Up The Object File.
+$!
+$ DELETE 'OBJECT_FILE';*
+$!
+$! Go Back And Do It Again.
+$!
+$ GOTO NEXT_FILE
+$!
+$! All Done With This Library Part.
+$!
+$ FILE_DONE:
+$!
+$! Tell The User That We Are All Done.
+$!
+$ WRITE SYS$OUTPUT "Library ",LIB_NAME," Built."
+$!
+$! All Done, Time To Return.
+$!
+$ RETURN
+$!
+$!  Compile The DESTEST Program.
+$!
+$ DESTEST:
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH("SYS$DISK:[]DESTEST.C").EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File DESTEST.C Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The DESTEST.C File Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DESTEST.EXE"
+$!
+$! Compile The DESTEST Program.
+$!
+$ CC/OBJECT='OBJ_DIR'DESTEST.OBJ SYS$DISK:[]DESTEST.C
+$!
+$! Link The DESTEST Program.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DESTEST.EXE -
+      'OBJ_DIR'DESTEST.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
+$!
+$! All Done, Time To Return.
+$!
+$ RETURN
+$!
+$!  Compile The SPEED Program.
+$!
+$ SPEED:
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH("SYS$DISK:[]SPEED.C").EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File SPEED.C Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The SPEED.C File Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"SPEED.EXE"
+$!
+$! Compile The SPEED Program.
+$!
+$ CC/OBJECT='OBJ_DIR'SPEED.OBJ SYS$DISK:[]SPEED.C
+$!
+$! Link The SPEED Program.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'SPEED.EXE -
+      'OBJ_DIR'SPEED.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
+$!
+$! All Done, Time To Return.
+$!
+$ RETURN
+$!
+$!  Compile The RPW Program.
+$!
+$ RPW:
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH("SYS$DISK:[]RPW.C").EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File RPW.C Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The RPW.C File Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"RPW.EXE"
+$!
+$! Compile The RPW Program.
+$!
+$ CC/OBJECT='OBJ_DIR'RPW.OBJ SYS$DISK:[]RPW.C
+$!
+$! Link The RPW Program.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'RPW.EXE -
+      'OBJ_DIR'RPW.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
+$!
+$! All Done, Time To Return.
+$!
+$ RETURN
+$!
+$!  Compile The DES Program.
+$!
+$ DES:
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH("SYS$DISK:[]DES.C").EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File DES.C Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The DES.C File Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DES.EXE"
+$!
+$! Compile The DES Program.
+$!
+$ CC/OBJECT='OBJ_DIR'DES.OBJ SYS$DISK:[]DES.C
+$ CC/OBJECT='OBJ_DIR'DES.OBJ SYS$DISK:[]CBC3_ENC.C
+$!
+$! Link The DES Program.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DES.EXE -
+      'OBJ_DIR'DES.OBJ,'OBJ_DIR'CBC3_ENC.OBJ,-
+      'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
+$!
+$! All Done, Time To Return.
+$!
+$ RETURN
+$!
+$!  Compile The DES_OPTS Program.
+$!
+$ DES_OPTS:
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH("SYS$DISK:[]DES_OPTS.C").EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File DES_OPTS.C Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The DES_OPTS.C File Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DES_OPTS.EXE"
+$!
+$! Compile The DES_OPTS Program.
+$!
+$ CC/OBJECT='OBJ_DIR'DES_OPTS.OBJ SYS$DISK:[]DES_OPTS.C
+$!
+$! Link The DES_OPTS Program.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DES_OPTS.EXE -
+      'OBJ_DIR'DES_OPTS.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
+$!
+$! All Done, Time To Return.
+$!
+$ RETURN
+$ EXIT
+$!
+$! Check For The Link Option FIle.
+$!
+$ CHECK_OPT_FILE:
+$!
+$! Check To See If We Need To Make A VAX C Option File.
+$!
+$ IF (COMPILER.EQS."VAXC")
+$ THEN
+$!
+$!  Check To See If We Already Have A VAX C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A VAX C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable VAX C Runtime Library.
+!
+SYS$SHARE:VAXCRTL.EXE/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The VAXC Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A GNU C Option File.
+$!
+$ IF (COMPILER.EQS."GNUC")
+$ THEN
+$!
+$!  Check To See If We Already Have A GNU C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A GNU C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable C Runtime Library.
+!
+GNU_CC:[000000]GCCLIB/LIBRARY
+SYS$SHARE:VAXCRTL/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The GNU C Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A DEC C Option File.
+$!
+$ IF (COMPILER.EQS."DECC")
+$ THEN
+$!
+$!  Check To See If We Already Have A DEC C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    Figure Out If We Need An AXP Or A VAX Linker Option File.
+$!
+$     IF (F$GETSYI("CPU").LT.128)
+$     THEN
+$!
+$!      We Need A DEC C Linker Option File For VAX.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable DEC C Runtime Library.
+!
+SYS$SHARE:DECC$SHR.EXE/SHARE
+$EOD
+$!
+$!    Else...
+$!
+$     ELSE
+$!
+$!      Create The AXP Linker Option File.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File For AXP To Link Agianst 
+! The Sharable C Runtime Library.
+!
+SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
+SYS$SHARE:CMA$OPEN_RTL/SHARE
+$EOD
+$!
+$!    End The VAX/AXP DEC C Option File Check.
+$!
+$     ENDIF
+$!
+$!  End The Option File Search.
+$!
+$   ENDIF
+$!
+$! End The DEC C Check.
+$!
+$ ENDIF
+$!
+$!  Tell The User What Linker Option File We Are Using.
+$!
+$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."     
+$!
+$! Time To RETURN.
+$!
+$ RETURN
+$!
+$! Library Check.
+$!
+$ LIB_CHECK:
+$!
+$!  Look For The Library LIBDES.OLB.
+$!
+$ IF (F$SEARCH(LIB_NAME).EQS."")
+$ THEN
+$!
+$!    Tell The User We Can't Find The [.xxx.CRYPTO.DES]LIBDES.OLB Library.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "Can't Find The Library ",LIB_NAME,"."
+$   WRITE SYS$OUTPUT "We Can't Link Without It."
+$   WRITE SYS$OUTPUT ""
+$!
+$!    Since We Can't Link Without It, Exit.
+$!
+$   EXIT
+$ ENDIF
+$!
+$! Time To Return.
+$!
+$ RETURN
+$!
+$! Check The User's Options.
+$!
+$ CHECK_OPTIONS:
+$!
+$! Check To See If We Are To "Just Build Everything".
+$!
+$ IF (P1.EQS."ALL")
+$ THEN
+$!
+$!   P1 Is "ALL", So Build Everything.
+$!
+$    BUILDALL = "TRUE"
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Else, Check To See If P1 Has A Valid Arguement.
+$!
+$   IF (P1.EQS."LIBRARY").OR.(P1.EQS."DESTEST").OR.(P1.EQS."SPEED") -
+       .OR.(P1.EQS."RPW").OR.(P1.EQS."DES").OR.(P1.EQS."DES_OPTS")
+$   THEN
+$!
+$!    A Valid Arguement.
+$!
+$     BUILDALL = P1
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Tell The User We Don't Know What They Want.
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    ALL      :  Just Build Everything.
+$     WRITE SYS$OUTPUT "    LIBRARY  :  To Compile Just The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library."
+$     WRITE SYS$OUTPUT "    DESTEST  :  To Compile Just The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program."
+$     WRITE SYS$OUTPUT "    SPEED    :  To Compile Just The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program."
+$     WRITE SYS$OUTPUT "    RPW      :  To Compile Just The [.xxx.EXE.CRYPTO.DES]RPW.EXE Program."
+$     WRITE SYS$OUTPUT "    DES      :  To Compile Just The [.xxx.EXE.CRYPTO.DES]DES.EXE Program."
+$     WRITE SYS$OUTPUT "    DES_OPTS :  To Compile Just The [.xxx.EXE.CRYTPO.DES]DES_OPTS.EXE Program."
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT " Where 'xxx' Stands For: "
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "        AXP  :  Alpha Architecture."
+$     WRITE SYS$OUTPUT "        VAX  :  VAX Architecture."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End The P1 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Are To Compile Without Debugger Information.
+$!
+$ IF (P2.EQS."NODEBUG")
+$ THEN
+$!
+$!   P2 Is Blank, So Compile Without Debugger Information.
+$!
+$    DEBUGGER  = "NODEBUG"
+$    TRACEBACK = "NOTRACEBACK" 
+$    GCC_OPTIMIZE = "OPTIMIZE"
+$    CC_OPTIMIZE = "OPTIMIZE"
+$    WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
+$    WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Check To See If We Are To Compile With Debugger Information.
+$!
+$   IF (P2.EQS."DEBUG")
+$   THEN
+$!
+$!    Compile With Debugger Information.
+$!
+$     DEBUGGER  = "DEBUG"
+$     TRACEBACK = "TRACEBACK"
+$     GCC_OPTIMIZE = "NOOPTIMIZE"
+$     CC_OPTIMIZE = "NOOPTIMIZE"
+$     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
+$     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Tell The User Entered An Invalid Option..
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    DEBUG    :  Compile With The Debugger Information."
+$     WRITE SYS$OUTPUT "    NODEBUG  :  Compile Without The Debugger Information."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End The P2 Check.
+$!
+$ ENDIF
+$!
+$! Special Threads For OpenVMS v7.1 Or Later.
+$!
+$! Written By:  Richard Levitte
+$!              richard@levitte.org
+$!
+$!
+$! Check To See If We Have A Option For P4.
+$!
+$ IF (P4.EQS."")
+$ THEN
+$!
+$!  Get The Version Of VMS We Are Using.
+$!
+$   ISSEVEN := ""
+$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
+$   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
+$!
+$!  Check To See If The VMS Version Is v7.1 Or Later.
+$!
+$   IF (TMP.GE.71)
+$   THEN
+$!
+$!    We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
+$!
+$     ISSEVEN := ,PTHREAD_USE_D4
+$!
+$!  End The VMS Version Check.
+$!
+$   ENDIF
+$!
+$! End The P4 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P3 Is Blank.
+$!
+$ IF (P3.EQS."")
+$ THEN
+$!
+$!  O.K., The User Didn't Specify A Compiler, Let's Try To
+$!  Find Out Which One To Use.
+$!
+$!  Check To See If We Have GNU C.
+$!
+$   IF (F$TRNLNM("GNU_CC").NES."")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     P3 = "GNUC"
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Check To See If We Have VAXC Or DECC.
+$!
+$     IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$     THEN 
+$!
+$!      Looks Like DECC, Set To Use DECC.
+$!
+$       P3 = "DECC"
+$!
+$!    Else...
+$!
+$     ELSE
+$!
+$!      Looks Like VAXC, Set To Use VAXC.
+$!
+$       P3 = "VAXC"
+$!
+$!    End The VAXC Compiler Check.
+$!
+$     ENDIF
+$!
+$!  End The DECC & VAXC Compiler Check.
+$!
+$   ENDIF
+$!
+$!  End The Compiler Check.
+$!
+$ ENDIF
+$!
+$! Set Up Initial CC Definitions, Possibly With User Ones
+$!
+$ CCDEFS = ""
+$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = USER_CCDEFS
+$ CCEXTRAFLAGS = ""
+$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
+$ CCDISABLEWARNINGS = ""
+$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
+        CCDISABLEWARNINGS = USER_CCDISABLEWARNINGS
+$!
+$!  Check To See If The User Entered A Valid Paramter.
+$!
+$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC")
+$ THEN
+$!
+$!    Check To See If The User Wanted DECC.
+$!
+$   IF (P3.EQS."DECC")
+$   THEN
+$!
+$!    Looks Like DECC, Set To Use DECC.
+$!
+$     COMPILER = "DECC"
+$!
+$!    Tell The User We Are Using DECC.
+$!
+$     WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
+$!
+$!    Use DECC...
+$!
+$     CC = "CC"
+$     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
+         THEN CC = "CC/DECC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
+           "/NOLIST/PREFIX=ALL" + CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT"
+$!
+$!  End DECC Check.
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use VAXC.
+$!
+$   IF (P3.EQS."VAXC")
+$   THEN
+$!
+$!    Looks Like VAXC, Set To Use VAXC.
+$!
+$     COMPILER = "VAXC"
+$!
+$!    Tell The User We Are Using VAX C.
+$!
+$     WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
+$!
+$!    Compile Using VAXC.
+$!
+$     CC = "CC"
+$     IF ARCH.EQS."AXP"
+$     THEN
+$       WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
+$       EXIT
+$     ENDIF
+$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
+$     CCDEFS = """VAXC""," + CCDEFS
+$!
+$!    Define <sys> As SYS$COMMON:[SYSLIB]
+$!
+$     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT"
+$!
+$!  End VAXC Check
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use GNU C.
+$!
+$   IF (P3.EQS."GNUC")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     COMPILER = "GNUC"
+$!
+$!    Tell The User We Are Using GNUC.
+$!
+$     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
+$!
+$!    Use GNU C...
+$!
+$     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT"
+$!
+$!  End The GNU C Check.
+$!
+$   ENDIF
+$!
+$!  Set up default defines
+$!
+$   CCDEFS = """FLAT_INC=1""," + CCDEFS
+$!
+$!  Finish up the definition of CC.
+$!
+$   IF COMPILER .EQS. "DECC"
+$   THEN
+$     IF CCDISABLEWARNINGS .EQS. ""
+$     THEN
+$       CC4DISABLEWARNINGS = "DOLLARID"
+$     ELSE
+$       CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
+$       CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
+$     ENDIF
+$     CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
+$   ELSE
+$     CCDISABLEWARNINGS = ""
+$     CC4DISABLEWARNINGS = ""
+$   ENDIF
+$   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
+$!
+$!  Show user the result
+$!
+$   WRITE SYS$OUTPUT "Main Compiling Command: ",CC
+$!
+$!  Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$!  Tell The User We Don't Know What They Want.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The Option ",P3," Is Invalid.  The Valid Options Are:"
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "    VAXC  :  To Compile With VAX C."
+$   WRITE SYS$OUTPUT "    DECC  :  To Compile With DEC C."
+$   WRITE SYS$OUTPUT "    GNUC  :  To Compile With GNU C."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Time To EXIT.
+$!
+$   EXIT
+$!
+$! End The P3 Check.
+$!
+$ ENDIF
+$!
+$!  Time To RETURN...
+$!
+$ RETURN
diff --git a/src/lib/libcrypto/des/des.c b/src/lib/libcrypto/des/des.c
new file mode 100644
index 0000000000..343135ff9e
--- /dev/null
+++ b/src/lib/libcrypto/des/des.c
@@ -0,0 +1,932 @@
+/* crypto/des/des.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_SYS_MSDOS
+#ifndef OPENSSL_SYS_VMS
+#include OPENSSL_UNISTD
+#else /* OPENSSL_SYS_VMS */
+#ifdef __DECC
+#include <unistd.h>
+#else /* not __DECC */
+#include <math.h>
+#endif /* __DECC */
+#endif /* OPENSSL_SYS_VMS */
+#else /* OPENSSL_SYS_MSDOS */
+#include <io.h>
+#endif
+#include <time.h>
+#include "des_ver.h"
+#ifdef OPENSSL_SYS_VMS
+#include <types.h>
+#include <stat.h>
+#else
+#ifndef _IRIX
+#include <sys/types.h>
+#endif
+#include <sys/stat.h>
+#endif
+#include <openssl/des.h>
+#include <openssl/rand.h>
+#include <openssl/ui_compat.h>
+void usage(void);
+void doencryption(void);
+int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp);
+void uufwriteEnd(FILE *fp);
+int uufread(unsigned char *out,int size,unsigned int num,FILE *fp);
+int uuencode(unsigned char *in,int num,unsigned char *out);
+int uudecode(unsigned char *in,int num,unsigned char *out);
+void DES_3cbc_encrypt(DES_cblock *input,DES_cblock *output,long length,
+        DES_key_schedule sk1,DES_key_schedule sk2,
+        DES_cblock *ivec1,DES_cblock *ivec2,int enc);
+#ifdef OPENSSL_SYS_VMS
+#define EXIT(a) exit(a&0x10000000L)
+#else
+#define EXIT(a) exit(a)
+#endif
+#define BUFSIZE (8*1024)
+#define VERIFY  1
+#define KEYSIZ  8
+#define KEYSIZB 1024 /* should hit tty line limit first :-) */
+char key[KEYSIZB+1];
+int do_encrypt,longk=0;
+FILE *DES_IN,*DES_OUT,*CKSUM_OUT;
+char uuname[200];
+unsigned char uubuf[50];
+int uubufnum=0;
+#define INUUBUFN        (45*100)
+#define OUTUUBUF        (65*100)
+unsigned char b[OUTUUBUF];
+unsigned char bb[300];
+DES_cblock cksum={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+char cksumname[200]="";
+int vflag,cflag,eflag,dflag,kflag,bflag,fflag,sflag,uflag,flag3,hflag,error;
+int main(int argc, char **argv)
+        {
+        int i;
+        struct stat ins,outs;
+        char *p;
+        char *in=NULL,*out=NULL;
+        vflag=cflag=eflag=dflag=kflag=hflag=bflag=fflag=sflag=uflag=flag3=0;
+        error=0;
+        memset(key,0,sizeof(key));
+        for (i=1; i<argc; i++)
+                {
+                p=argv[i];
+                if ((p[0] == '-') && (p[1] != '\0'))
+                        {
+                        p++;
+                        while (*p)
+                                {
+                                switch (*(p++))
+                                        {
+                                case '3':
+                                        flag3=1;
+                                        longk=1;
+                                        break;
+                                case 'c':
+                                        cflag=1;
+                                        strncpy(cksumname,p,200);
+                                        cksumname[sizeof(cksumname)-1]='\0';
+                                        p+=strlen(cksumname);
+                                        break;
+                                case 'C':
+                                        cflag=1;
+                                        longk=1;
+                                        strncpy(cksumname,p,200);
+                                        cksumname[sizeof(cksumname)-1]='\0';
+                                        p+=strlen(cksumname);
+                                        break;
+                                case 'e':
+                                        eflag=1;
+                                        break;
+                                case 'v':
+                                        vflag=1;
+                                        break;
+                                case 'E':
+                                        eflag=1;
+                                        longk=1;
+                                        break;
+                                case 'd':
+                                        dflag=1;
+                                        break;
+                                case 'D':
+                                        dflag=1;
+                                        longk=1;
+                                        break;
+                                case 'b':
+                                        bflag=1;
+                                        break;
+                                case 'f':
+                                        fflag=1;
+                                        break;
+                                case 's':
+                                        sflag=1;
+                                        break;
+                                case 'u':
+                                        uflag=1;
+                                        strncpy(uuname,p,200);
+                                        uuname[sizeof(uuname)-1]='\0';
+                                        p+=strlen(uuname);
+                                        break;
+                                case 'h':
+                                        hflag=1;
+                                        break;
+                                case 'k':
+                                        kflag=1;
+                                        if ((i+1) == argc)
+                                                {
+                                                fputs("must have a key with the -k option\n",stderr);
+                                                error=1;
+                                                }
+                                        else
+                                                {
+                                                int j;
+                                                i++;
+                                                strncpy(key,argv[i],KEYSIZB);
+                                                for (j=strlen(argv[i])-1; j>=0; j--)
+                                                        argv[i][j]='\0';
+                                                }
+                                        break;
+                                default:
+                                        fprintf(stderr,"'%c' unknown flag\n",p[-1]);
+                                        error=1;
+                                        break;
+                                        }
+                                }
+                        }
+                else
+                        {
+                        if (in == NULL)
+                                in=argv[i];
+                        else if (out == NULL)
+                                out=argv[i];
+                        else
+                                error=1;
+                        }
+                }
+        if (error) usage();
+        /* We either
+         * do checksum or
+         * do encrypt or
+         * do decrypt or
+         * do decrypt then ckecksum or
+         * do checksum then encrypt
+         */
+        if (((eflag+dflag) == 1) || cflag)
+                {
+                if (eflag) do_encrypt=DES_ENCRYPT;
+                if (dflag) do_encrypt=DES_DECRYPT;
+                }
+        else
+                {
+                if (vflag) 
+                        {
+#ifndef _Windows                        
+                        fprintf(stderr,"des(1) built with %s\n",libdes_version);
+#endif                  
+                        EXIT(1);
+                        }
+                else usage();
+                }
+#ifndef _Windows                        
+        if (vflag) fprintf(stderr,"des(1) built with %s\n",libdes_version);
+#endif                  
+        if (    (in != NULL) &&
+                (out != NULL) &&
+#ifndef OPENSSL_SYS_MSDOS
+                (stat(in,&ins) != -1) &&
+                (stat(out,&outs) != -1) &&
+                (ins.st_dev == outs.st_dev) &&
+                (ins.st_ino == outs.st_ino))
+#else /* OPENSSL_SYS_MSDOS */
+                (strcmp(in,out) == 0))
+#endif
+                        {
+                        fputs("input and output file are the same\n",stderr);
+                        EXIT(3);
+                        }
+        if (!kflag)
+                if (des_read_pw_string(key,KEYSIZB+1,"Enter key:",eflag?VERIFY:0))
+                        {
+                        fputs("password error\n",stderr);
+                        EXIT(2);
+                        }
+        if (in == NULL)
+                DES_IN=stdin;
+        else if ((DES_IN=fopen(in,"r")) == NULL)
+                {
+                perror("opening input file");
+                EXIT(4);
+                }
+        CKSUM_OUT=stdout;
+        if (out == NULL)
+                {
+                DES_OUT=stdout;
+                CKSUM_OUT=stderr;
+                }
+        else if ((DES_OUT=fopen(out,"w")) == NULL)
+                {
+                perror("opening output file");
+                EXIT(5);
+                }
+#ifdef OPENSSL_SYS_MSDOS
+        /* This should set the file to binary mode. */
+        {
+#include <fcntl.h>
+        if (!(uflag && dflag))
+                setmode(fileno(DES_IN),O_BINARY);
+        if (!(uflag && eflag))
+                setmode(fileno(DES_OUT),O_BINARY);
+        }
+#endif
+        doencryption();
+        fclose(DES_IN);
+        fclose(DES_OUT);
+        EXIT(0);
+        }
+void usage(void)
+        {
+        char **u;
+        static const char *Usage[]={
+"des <options> [input-file [output-file]]",
+"options:",
+"-v         : des(1) version number",
+"-e         : encrypt using SunOS compatible user key to DES key conversion.",
+"-E         : encrypt ",
+"-d         : decrypt using SunOS compatible user key to DES key conversion.",
+"-D         : decrypt ",
+"-c[ckname] : generate a cbc_cksum using SunOS compatible user key to",
+"             DES key conversion and output to ckname (stdout default,",
+"             stderr if data being output on stdout).  The checksum is",
+"             generated before encryption and after decryption if used",
+"             in conjunction with -[eEdD].",
+"-C[ckname] : generate a cbc_cksum as for -c but compatible with -[ED].",
+"-k key     : use key 'key'",
+"-h         : the key that is entered will be a hexadecimal number",
+"             that is used directly as the des key",
+"-u[uuname] : input file is uudecoded if -[dD] or output uuencoded data if -[eE]",
+"             (uuname is the filename to put in the uuencode header).",
+"-b         : encrypt using DES in ecb encryption mode, the default is cbc mode.",
+"-3         : encrypt using triple DES encryption.  This uses 2 keys",
+"             generated from the input key.  If the input key is less",
+"             than 8 characters long, this is equivalent to normal",
+"             encryption.  Default is triple cbc, -b makes it triple ecb.",
+NULL
+};
+        for (u=(char **)Usage; *u; u++)
+                {
+                fputs(*u,stderr);
+                fputc('\n',stderr);
+                }
+        EXIT(1);
+        }
+void doencryption(void)
+        {
+#ifdef _LIBC
+        extern unsigned long time();
+#endif
+        register int i;
+        DES_key_schedule ks,ks2;
+        DES_cblock iv,iv2;
+        char *p;
+        int num=0,j,k,l,rem,ll,len,last,ex=0;
+        DES_cblock kk,k2;
+        FILE *O;
+        int Exit=0;
+#ifndef OPENSSL_SYS_MSDOS
+        static unsigned char buf[BUFSIZE+8],obuf[BUFSIZE+8];
+#else
+        static unsigned char *buf=NULL,*obuf=NULL;
+        if (buf == NULL)
+                {
+                if (    (( buf=OPENSSL_malloc(BUFSIZE+8)) == NULL) ||
+                        ((obuf=OPENSSL_malloc(BUFSIZE+8)) == NULL))
+                        {
+                        fputs("Not enough memory\n",stderr);
+                        Exit=10;
+                        goto problems;
+                        }
+                }
+#endif
+        if (hflag)
+                {
+                j=(flag3?16:8);
+                p=key;
+                for (i=0; i<j; i++)
+                        {
+                        k=0;
+                        if ((*p <= '9') && (*p >= '0'))
+                                k=(*p-'0')<<4;
+                        else if ((*p <= 'f') && (*p >= 'a'))
+                                k=(*p-'a'+10)<<4;
+                        else if ((*p <= 'F') && (*p >= 'A'))
+                                k=(*p-'A'+10)<<4;
+                        else
+                                {
+                                fputs("Bad hex key\n",stderr);
+                                Exit=9;
+                                goto problems;
+                                }
+                        p++;
+                        if ((*p <= '9') && (*p >= '0'))
+                                k|=(*p-'0');
+                        else if ((*p <= 'f') && (*p >= 'a'))
+                                k|=(*p-'a'+10);
+                        else if ((*p <= 'F') && (*p >= 'A'))
+                                k|=(*p-'A'+10);
+                        else
+                                {
+                                fputs("Bad hex key\n",stderr);
+                                Exit=9;
+                                goto problems;
+                                }
+                        p++;
+                        if (i < 8)
+                                kk[i]=k;
+                        else
+                                k2[i-8]=k;
+                        }
+                DES_set_key_unchecked(&k2,&ks2);
+                OPENSSL_cleanse(k2,sizeof(k2));
+                }
+        else if (longk || flag3)
+                {
+                if (flag3)
+                        {
+                        DES_string_to_2keys(key,&kk,&k2);
+                        DES_set_key_unchecked(&k2,&ks2);
+                        OPENSSL_cleanse(k2,sizeof(k2));
+                        }
+                else
+                        DES_string_to_key(key,&kk);
+                }
+        else
+                for (i=0; i<KEYSIZ; i++)
+                        {
+                        l=0;
+                        k=key[i];
+                        for (j=0; j<8; j++)
+                                {
+                                if (k&1) l++;
+                                k>>=1;
+                                }
+                        if (l & 1)
+                                kk[i]=key[i]&0x7f;
+                        else
+                                kk[i]=key[i]|0x80;
+                        }
+        DES_set_key_unchecked(&kk,&ks);
+        OPENSSL_cleanse(key,sizeof(key));
+        OPENSSL_cleanse(kk,sizeof(kk));
+        /* woops - A bug that does not showup under unix :-( */
+        memset(iv,0,sizeof(iv));
+        memset(iv2,0,sizeof(iv2));
+        l=1;
+        rem=0;
+        /* first read */
+        if (eflag || (!dflag && cflag))
+                {
+                for (;;)
+                        {
+                        num=l=fread(&(buf[rem]),1,BUFSIZE,DES_IN);
+                        l+=rem;
+                        num+=rem;
+                        if (l < 0)
+                                {
+                                perror("read error");
+                                Exit=6;
+                                goto problems;
+                                }
+                        rem=l%8;
+                        len=l-rem;
+                        if (feof(DES_IN))
+                                {
+                                for (i=7-rem; i>0; i--)
+                                        RAND_pseudo_bytes(buf + l++, 1);
+                                buf[l++]=rem;
+                                ex=1;
+                                len+=rem;
+                                }
+                        else
+                                l-=rem;
+                        if (cflag)
+                                {
+                                DES_cbc_cksum(buf,&cksum,
+                                        (long)len,&ks,&cksum);
+                                if (!eflag)
+                                        {
+                                        if (feof(DES_IN)) break;
+                                        else continue;
+                                        }
+                                }
+                        if (bflag && !flag3)
+                                for (i=0; i<l; i+=8)
+                                        DES_ecb_encrypt(
+                                                (DES_cblock *)&(buf[i]),
+                                                (DES_cblock *)&(obuf[i]),
+                                                &ks,do_encrypt);
+                        else if (flag3 && bflag)
+                                for (i=0; i<l; i+=8)
+                                        DES_ecb2_encrypt(
+                                                (DES_cblock *)&(buf[i]),
+                                                (DES_cblock *)&(obuf[i]),
+                                                &ks,&ks2,do_encrypt);
+                        else if (flag3 && !bflag)
+                                {
+                                char tmpbuf[8];
+                                if (rem) memcpy(tmpbuf,&(buf[l]),
+                                        (unsigned int)rem);
+                                DES_3cbc_encrypt(
+                                        (DES_cblock *)buf,(DES_cblock *)obuf,
+                                        (long)l,ks,ks2,&iv,
+                                        &iv2,do_encrypt);
+                                if (rem) memcpy(&(buf[l]),tmpbuf,
+                                        (unsigned int)rem);
+                                }
+                        else
+                                {
+                                DES_cbc_encrypt(
+                                        buf,obuf,
+                                        (long)l,&ks,&iv,do_encrypt);
+                                if (l >= 8) memcpy(iv,&(obuf[l-8]),8);
+                                }
+                        if (rem) memcpy(buf,&(buf[l]),(unsigned int)rem);
+                        i=0;
+                        while (i < l)
+                                {
+                                if (uflag)
+                                        j=uufwrite(obuf,1,(unsigned int)l-i,
+                                                DES_OUT);
+                                else
+                                        j=fwrite(obuf,1,(unsigned int)l-i,
+                                                DES_OUT);
+                                if (j == -1)
+                                        {
+                                        perror("Write error");
+                                        Exit=7;
+                                        goto problems;
+                                        }
+                                i+=j;
+                                }
+                        if (feof(DES_IN))
+                                {
+                                if (uflag) uufwriteEnd(DES_OUT);
+                                break;
+                                }
+                        }
+                }
+        else /* decrypt */
+                {
+                ex=1;
+                for (;;)
+                        {
+                        if (ex) {
+                                if (uflag)
+                                        l=uufread(buf,1,BUFSIZE,DES_IN);
+                                else
+                                        l=fread(buf,1,BUFSIZE,DES_IN);
+                                ex=0;
+                                rem=l%8;
+                                l-=rem;
+                                }
+                        if (l < 0)
+                                {
+                                perror("read error");
+                                Exit=6;
+                                goto problems;
+                                }
+                        if (bflag && !flag3)
+                                for (i=0; i<l; i+=8)
+                                        DES_ecb_encrypt(
+                                                (DES_cblock *)&(buf[i]),
+                                                (DES_cblock *)&(obuf[i]),
+                                                &ks,do_encrypt);
+                        else if (flag3 && bflag)
+                                for (i=0; i<l; i+=8)
+                                        DES_ecb2_encrypt(
+                                                (DES_cblock *)&(buf[i]),
+                                                (DES_cblock *)&(obuf[i]),
+                                                &ks,&ks2,do_encrypt);
+                        else if (flag3 && !bflag)
+                                {
+                                DES_3cbc_encrypt(
+                                        (DES_cblock *)buf,(DES_cblock *)obuf,
+                                        (long)l,ks,ks2,&iv,
+                                        &iv2,do_encrypt);
+                                }
+                        else
+                                {
+                                DES_cbc_encrypt(
+                                        buf,obuf,
+                                        (long)l,&ks,&iv,do_encrypt);
+                                if (l >= 8) memcpy(iv,&(buf[l-8]),8);
+                                }
+                        if (uflag)
+                                ll=uufread(&(buf[rem]),1,BUFSIZE,DES_IN);
+                        else
+                                ll=fread(&(buf[rem]),1,BUFSIZE,DES_IN);
+                        ll+=rem;
+                        rem=ll%8;
+                        ll-=rem;
+                        if (feof(DES_IN) && (ll == 0))
+                                {
+                                last=obuf[l-1];
+                                if ((last > 7) || (last < 0))
+                                        {
+                                        fputs("The file was not decrypted correctly.\n",
+                                                stderr);
+                                        Exit=8;
+                                        last=0;
+                                        }
+                                l=l-8+last;
+                                }
+                        i=0;
+                        if (cflag) DES_cbc_cksum(obuf,
+                                (DES_cblock *)cksum,(long)l/8*8,&ks,
+                                (DES_cblock *)cksum);
+                        while (i != l)
+                                {
+                                j=fwrite(obuf,1,(unsigned int)l-i,DES_OUT);
+                                if (j == -1)
+                                        {
+                                        perror("Write error");
+                                        Exit=7;
+                                        goto problems;
+                                        }
+                                i+=j;
+                                }
+                        l=ll;
+                        if ((l == 0) && feof(DES_IN)) break;
+                        }
+                }
+        if (cflag)
+                {
+                l=0;
+                if (cksumname[0] != '\0')
+                        {
+                        if ((O=fopen(cksumname,"w")) != NULL)
+                                {
+                                CKSUM_OUT=O;
+                                l=1;
+                                }
+                        }
+                for (i=0; i<8; i++)
+                        fprintf(CKSUM_OUT,"%02X",cksum[i]);
+                fprintf(CKSUM_OUT,"\n");
+                if (l) fclose(CKSUM_OUT);
+                }
+problems:
+        OPENSSL_cleanse(buf,sizeof(buf));
+        OPENSSL_cleanse(obuf,sizeof(obuf));
+        OPENSSL_cleanse(&ks,sizeof(ks));
+        OPENSSL_cleanse(&ks2,sizeof(ks2));
+        OPENSSL_cleanse(iv,sizeof(iv));
+        OPENSSL_cleanse(iv2,sizeof(iv2));
+        OPENSSL_cleanse(kk,sizeof(kk));
+        OPENSSL_cleanse(k2,sizeof(k2));
+        OPENSSL_cleanse(uubuf,sizeof(uubuf));
+        OPENSSL_cleanse(b,sizeof(b));
+        OPENSSL_cleanse(bb,sizeof(bb));
+        OPENSSL_cleanse(cksum,sizeof(cksum));
+        if (Exit) EXIT(Exit);
+        }
+/*    We ignore this parameter but it should be > ~50 I believe    */
+int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp)
+        {
+        int i,j,left,rem,ret=num;
+        static int start=1;
+        if (start)
+                {
+                fprintf(fp,"begin 600 %s\n",
+                        (uuname[0] == '\0')?"text.d":uuname);
+                start=0;
+                }
+        if (uubufnum)
+                {
+                if (uubufnum+num < 45)
+                        {
+                        memcpy(&(uubuf[uubufnum]),data,(unsigned int)num);
+                        uubufnum+=num;
+                        return(num);
+                        }
+                else
+                        {
+                        i=45-uubufnum;
+                        memcpy(&(uubuf[uubufnum]),data,(unsigned int)i);
+                        j=uuencode((unsigned char *)uubuf,45,b);
+                        fwrite(b,1,(unsigned int)j,fp);
+                        uubufnum=0;
+                        data+=i;
+                        num-=i;
+                        }
+                }
+        for (i=0; i<(((int)num)-INUUBUFN); i+=INUUBUFN)
+                {
+                j=uuencode(&(data[i]),INUUBUFN,b);
+                fwrite(b,1,(unsigned int)j,fp);
+                }
+        rem=(num-i)%45;
+        left=(num-i-rem);
+        if (left)
+                {
+                j=uuencode(&(data[i]),left,b);
+                fwrite(b,1,(unsigned int)j,fp);
+                i+=left;
+                }
+        if (i != num)
+                {
+                memcpy(uubuf,&(data[i]),(unsigned int)rem);
+                uubufnum=rem;
+                }
+        return(ret);
+        }
+void uufwriteEnd(FILE *fp)
+        {
+        int j;
+        static const char *end=" \nend\n";
+        if (uubufnum != 0)
+                {
+                uubuf[uubufnum]='\0';
+                uubuf[uubufnum+1]='\0';
+                uubuf[uubufnum+2]='\0';
+                j=uuencode(uubuf,uubufnum,b);
+                fwrite(b,1,(unsigned int)j,fp);
+                }
+        fwrite(end,1,strlen(end),fp);
+        }
+/* int size:  should always be > ~ 60; I actually ignore this parameter :-)    */
+int uufread(unsigned char *out, int size, unsigned int num, FILE *fp)
+        {
+        int i,j,tot;
+        static int done=0;
+        static int valid=0;
+        static int start=1;
+        if (start)
+                {
+                for (;;)
+                        {
+                        b[0]='\0';
+                        fgets((char *)b,300,fp);
+                        if (b[0] == '\0')
+                                {
+                                fprintf(stderr,"no 'begin' found in uuencoded input\n");
+                                return(-1);
+                                }
+                        if (strncmp((char *)b,"begin ",6) == 0) break;
+                        }
+                start=0;
+                }
+        if (done) return(0);
+        tot=0;
+        if (valid)
+                {
+                memcpy(out,bb,(unsigned int)valid);
+                tot=valid;
+                valid=0;
+                }
+        for (;;)
+                {
+                b[0]='\0';
+                fgets((char *)b,300,fp);
+                if (b[0] == '\0') break;
+                i=strlen((char *)b);
+                if ((b[0] == 'e') && (b[1] == 'n') && (b[2] == 'd'))
+                        {
+                        done=1;
+                        while (!feof(fp))
+                                {
+                                fgets((char *)b,300,fp);
+                                }
+                        break;
+                        }
+                i=uudecode(b,i,bb);
+                if (i < 0) break;
+                if ((i+tot+8) > num)
+                        {
+                        /* num to copy to make it a multiple of 8 */
+                        j=(num/8*8)-tot-8;
+                        memcpy(&(out[tot]),bb,(unsigned int)j);
+                        tot+=j;
+                        memcpy(bb,&(bb[j]),(unsigned int)i-j);
+                        valid=i-j;
+                        break;
+                        }
+                memcpy(&(out[tot]),bb,(unsigned int)i);
+                tot+=i;
+                }
+        return(tot);
+        }
+#define ccc2l(c,l)      (l =((DES_LONG)(*((c)++)))<<16, \
+                         l|=((DES_LONG)(*((c)++)))<< 8, \
+                         l|=((DES_LONG)(*((c)++))))
+#define l2ccc(l,c)      (*((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                    *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                    *((c)++)=(unsigned char)(((l)    )&0xff))
+int uuencode(unsigned char *in, int num, unsigned char *out)
+        {
+        int j,i,n,tot=0;
+        DES_LONG l;
+        register unsigned char *p;
+        p=out;
+        for (j=0; j<num; j+=45)
+                {
+                if (j+45 > num)
+                        i=(num-j);
+                else    i=45;
+                *(p++)=i+' ';
+                for (n=0; n<i; n+=3)
+                        {
+                        ccc2l(in,l);
+                        *(p++)=((l>>18)&0x3f)+' ';
+                        *(p++)=((l>>12)&0x3f)+' ';
+                        *(p++)=((l>> 6)&0x3f)+' ';
+                        *(p++)=((l    )&0x3f)+' ';
+                        tot+=4;
+                        }
+                *(p++)='\n';
+                tot+=2;
+                }
+        *p='\0';
+        l=0;
+        return(tot);
+        }
+int uudecode(unsigned char *in, int num, unsigned char *out)
+        {
+        int j,i,k;
+        unsigned int n=0,space=0;
+        DES_LONG l;
+        DES_LONG w,x,y,z;
+        unsigned int blank=(unsigned int)'\n'-' ';
+        for (j=0; j<num; )
+                {
+                n= *(in++)-' ';
+                if (n == blank)
+                        {
+                        n=0;
+                        in--;
+                        }
+                if (n > 60)
+                        {
+                        fprintf(stderr,"uuencoded line length too long\n");
+                        return(-1);
+                        }
+                j++;
+                for (i=0; i<n; j+=4,i+=3)
+                        {
+                        /* the following is for cases where spaces are
+                         * removed from lines.
+                         */
+                        if (space)
+                                {
+                                w=x=y=z=0;
+                                }
+                        else
+                                {
+                                w= *(in++)-' ';
+                                x= *(in++)-' ';
+                                y= *(in++)-' ';
+                                z= *(in++)-' ';
+                                }
+                        if ((w > 63) || (x > 63) || (y > 63) || (z > 63))
+                                {
+                                k=0;
+                                if (w == blank) k=1;
+                                if (x == blank) k=2;
+                                if (y == blank) k=3;
+                                if (z == blank) k=4;
+                                space=1;
+                                switch (k) {
+                                case 1: w=0; in--;
+                                case 2: x=0; in--;
+                                case 3: y=0; in--;
+                                case 4: z=0; in--;
+                                        break;
+                                case 0:
+                                        space=0;
+                                        fprintf(stderr,"bad uuencoded data values\n");
+                                        w=x=y=z=0;
+                                        return(-1);
+                                        break;
+                                        }
+                                }
+                        l=(w<<18)|(x<<12)|(y<< 6)|(z    );
+                        l2ccc(l,out);
+                        }
+                if (*(in++) != '\n')
+                        {
+                        fprintf(stderr,"missing nl in uuencoded line\n");
+                        w=x=y=z=0;
+                        return(-1);
+                        }
+                j++;
+                }
+        *out='\0';
+        w=x=y=z=0;
+        return(n);
+        }
diff --git a/src/lib/libcrypto/des/des.h b/src/lib/libcrypto/des/des.h
index 92b6663599..81bd874edd 100644
--- a/src/lib/libcrypto/des/des.h
+++ b/src/lib/libcrypto/des/des.h
@@ -56,21 +56,23 @@
 * [including the GNU Public Licence.]
 */
-#ifndef HEADER_NEW_DES_H
+#ifndef HEADER_DES_H
-#define HEADER_NEW_DES_H
+#define HEADER_DES_H
-#include <openssl/e_os2.h>      /* OPENSSL_EXTERN, OPENSSL_NO_DES,
-                                   DES_LONG (via openssl/opensslconf.h */
 #ifdef OPENSSL_NO_DES
 #error DES is disabled.
 #endif
+#include <openssl/opensslconf.h> /* DES_LONG */
+#include <openssl/e_os2.h>      /* OPENSSL_EXTERN */
 #ifdef OPENSSL_BUILD_SHLIBCRYPTO
 # undef OPENSSL_EXTERN
 # define OPENSSL_EXTERN OPENSSL_EXPORT
 #endif
+#define des_SPtrans DES_SPtrans
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -128,7 +130,7 @@ OPENSSL_DECLARE_GLOBAL(int,DES_rw_mode);	/* defaults to DES_PCBC_MODE */
 #define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode)
 const char *DES_options(void);
-void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
+void DES_ecb3_encrypt(const unsigned char *input, unsigned char *output,
                      DES_key_schedule *ks1,DES_key_schedule *ks2,
                      DES_key_schedule *ks3, int enc);
 DES_LONG DES_cbc_cksum(const unsigned char *input,DES_cblock *output,
@@ -195,10 +197,9 @@ void DES_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out,
                            long length,DES_key_schedule *ks1,
                            DES_key_schedule *ks2,DES_key_schedule *ks3,
                            DES_cblock *ivec,int *num);
-#if 0
 void DES_xwhite_in2out(const_DES_cblock *DES_key,const_DES_cblock *in_white,
                       DES_cblock *out_white);
-#endif
 int DES_enc_read(int fd,void *buf,int len,DES_key_schedule *sched,
                 DES_cblock *iv);
diff --git a/src/lib/libcrypto/des/des.pod b/src/lib/libcrypto/des/des.pod
new file mode 100644
index 0000000000..bf479e83d2
--- /dev/null
+++ b/src/lib/libcrypto/des/des.pod
@@ -0,0 +1,217 @@
+=pod
+=head1 NAME
+des - encrypt or decrypt data using Data Encryption Standard
+=head1 SYNOPSIS
+B<des>
+(
+B<-e>
+|
+B<-E>
+) | (
+B<-d>
+|
+B<-D>
+) | (
+B<->[B<cC>][B<ckname>]
+) |
+[
+B<-b3hfs>
+] [
+B<-k>
+I<key>
+]
+] [
+B<-u>[I<uuname>]
+[
+I<input-file>
+[
+I<output-file>
+] ]
+=head1 NOTE
+This page describes the B<des> stand-alone program, not the B<openssl des>
+command.
+=head1 DESCRIPTION
+B<des>
+encrypts and decrypts data using the
+Data Encryption Standard algorithm.
+One of
+B<-e>, B<-E>
+(for encrypt) or
+B<-d>, B<-D>
+(for decrypt) must be specified.
+It is also possible to use
+B<-c>
+or
+B<-C>
+in conjunction or instead of the a encrypt/decrypt option to generate
+a 16 character hexadecimal checksum, generated via the
+I<des_cbc_cksum>.
+Two standard encryption modes are supported by the
+B<des>
+program, Cipher Block Chaining (the default) and Electronic Code Book
+(specified with
+B<-b>).
+The key used for the DES
+algorithm is obtained by prompting the user unless the
+B<-k>
+I<key>
+option is given.
+If the key is an argument to the
+B<des>
+command, it is potentially visible to users executing
+ps(1)
+or a derivative.  To minimise this possibility,
+B<des>
+takes care to destroy the key argument immediately upon entry.
+If your shell keeps a history file be careful to make sure it is not
+world readable.
+Since this program attempts to maintain compatibility with sunOS's
+des(1) command, there are 2 different methods used to convert the user
+supplied key to a des key.
+Whenever and one or more of
+B<-E>, B<-D>, B<-C>
+or
+B<-3>
+options are used, the key conversion procedure will not be compatible
+with the sunOS des(1) version but will use all the user supplied
+character to generate the des key.
+B<des>
+command reads from standard input unless
+I<input-file>
+is specified and writes to standard output unless
+I<output-file>
+is given.
+=head1 OPTIONS
+=over 4
+=item B<-b>
+Select ECB
+(eight bytes at a time) encryption mode.
+=item B<-3>
+Encrypt using triple encryption.
+By default triple cbc encryption is used but if the
+B<-b>
+option is used then triple ECB encryption is performed.
+If the key is less than 8 characters long, the flag has no effect.
+=item B<-e>
+Encrypt data using an 8 byte key in a manner compatible with sunOS
+des(1).
+=item B<-E>
+Encrypt data using a key of nearly unlimited length (1024 bytes).
+This will product a more secure encryption.
+=item B<-d>
+Decrypt data that was encrypted with the B<-e> option.
+=item B<-D>
+Decrypt data that was encrypted with the B<-E> option.
+=item B<-c>
+Generate a 16 character hexadecimal cbc checksum and output this to
+stderr.
+If a filename was specified after the
+B<-c>
+option, the checksum is output to that file.
+The checksum is generated using a key generated in a sunOS compatible
+manner.
+=item B<-C>
+A cbc checksum is generated in the same manner as described for the
+B<-c>
+option but the DES key is generated in the same manner as used for the
+B<-E>
+and
+B<-D>
+options
+=item B<-f>
+Does nothing - allowed for compatibility with sunOS des(1) command.
+=item B<-s>
+Does nothing - allowed for compatibility with sunOS des(1) command.
+=item B<-k> I<key>
+Use the encryption 
+I<key>
+specified.
+=item B<-h>
+The
+I<key>
+is assumed to be a 16 character hexadecimal number.
+If the
+B<-3>
+option is used the key is assumed to be a 32 character hexadecimal
+number.
+=item B<-u>
+This flag is used to read and write uuencoded files.  If decrypting,
+the input file is assumed to contain uuencoded, DES encrypted data.
+If encrypting, the characters following the B<-u> are used as the name of
+the uuencoded file to embed in the begin line of the uuencoded
+output.  If there is no name specified after the B<-u>, the name text.des
+will be embedded in the header.
+=head1 SEE ALSO
+ps(1),
+L<des_crypt(3)|des_crypt(3)>
+=head1 BUGS
+The problem with using the
+B<-e>
+option is the short key length.
+It would be better to use a real 56-bit key rather than an
+ASCII-based 56-bit pattern.  Knowing that the key was derived from ASCII
+radically reduces the time necessary for a brute-force cryptographic attack.
+My attempt to remove this problem is to add an alternative text-key to
+DES-key function.  This alternative function (accessed via
+B<-E>, B<-D>, B<-S>
+and
+B<-3>)
+uses DES to help generate the key.
+Be carefully when using the B<-u> option.  Doing B<des -ud> I<filename> will
+not decrypt filename (the B<-u> option will gobble the B<-d> option).
+The VMS operating system operates in a world where files are always a
+multiple of 512 bytes.  This causes problems when encrypted data is
+send from Unix to VMS since a 88 byte file will suddenly be padded
+with 424 null bytes.  To get around this problem, use the B<-u> option
+to uuencode the data before it is send to the VMS system.
+=head1 AUTHOR
+Eric Young (eay@cryptsoft.com)
+=cut
diff --git a/src/lib/libcrypto/des/des3s.cpp b/src/lib/libcrypto/des/des3s.cpp
new file mode 100644
index 0000000000..02d527c057
--- /dev/null
+++ b/src/lib/libcrypto/des/des3s.cpp
@@ -0,0 +1,67 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/des.h>
+void main(int argc,char *argv[])
+        {
+        des_key_schedule key1,key2,key3;
+        unsigned long s1,s2,e1,e2;
+        unsigned long data[2];
+        int i,j;
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<1000; i++) /**/
+                        {
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        GetTSC(s1);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        GetTSC(e2);
+                        des_encrypt3(&data[0],key1,key2,key3);
+                        }
+                printf("des %d %d (%d)\n",
+                        e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+                }
+        }
diff --git a/src/lib/libcrypto/des/des_enc.c b/src/lib/libcrypto/des/des_enc.c
index 1c37ab96d3..6a49ec4a55 100644
--- a/src/lib/libcrypto/des/des_enc.c
+++ b/src/lib/libcrypto/des/des_enc.c
@@ -58,6 +58,9 @@
 #include "des_locl.h"
+#ifndef OPENSSL_FIPS
+#ifndef OPENBSD_DES_ASM
 void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
        {
        register DES_LONG l,r,t,u;
@@ -246,6 +249,7 @@ void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)
        data[1]=ROTATE(r,3)&0xffffffffL;
        l=r=t=u=0;
        }
+#endif
 void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
                  DES_key_schedule *ks2, DES_key_schedule *ks3)
@@ -287,8 +291,12 @@ void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
        data[1]=r;
        }
+#endif /* ndef OPENSSL_FIPS */
 #ifndef DES_DEFAULT_OPTIONS
+#if !defined(OPENSSL_FIPS_DES_ASM)
 #undef CBC_ENC_C__DONT_UPDATE_IV
 #include "ncbc_enc.c" /* DES_ncbc_encrypt */
@@ -404,4 +412,6 @@ void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
        tin[0]=tin[1]=0;
        }
+#endif /* !defined(OPENSSL_FIPS_DES_ASM) */
 #endif /* DES_DEFAULT_OPTIONS */
diff --git a/src/lib/libcrypto/des/des_locl.h b/src/lib/libcrypto/des/des_locl.h
index 4b9ecff233..8f04b18c50 100644
--- a/src/lib/libcrypto/des/des_locl.h
+++ b/src/lib/libcrypto/des/des_locl.h
@@ -160,7 +160,7 @@
                                } \
                        }
-#if (defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)) || defined(__ICC)
+#if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)
 #define ROTATE(a,n)     (_lrotr(a,n))
 #elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
 # if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
diff --git a/src/lib/libcrypto/des/des_old.c b/src/lib/libcrypto/des/des_old.c
new file mode 100644
index 0000000000..88e9802aad
--- /dev/null
+++ b/src/lib/libcrypto/des/des_old.c
@@ -0,0 +1,271 @@
+/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
+/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ *
+ * The function names in here are deprecated and are only present to
+ * provide an interface compatible with libdes.  OpenSSL now provides
+ * functions where "des_" has been replaced with "DES_" in the names,
+ * to make it possible to make incompatible changes that are needed
+ * for C type security and other stuff.
+ *
+ * Please consider starting to use the DES_ functions rather than the
+ * des_ ones.  The des_ functions will dissapear completely before
+ * OpenSSL 1.0!
+ *
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#define OPENSSL_DES_LIBDES_COMPATIBILITY
+#include <openssl/des.h>
+#include <openssl/rand.h>
+const char *_ossl_old_des_options(void)
+        {
+        return DES_options();
+        }
+void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+        des_key_schedule ks1,des_key_schedule ks2,
+        des_key_schedule ks3, int enc)
+        {
+        DES_ecb3_encrypt((const unsigned char *)input, (unsigned char *)output,
+                (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+                (DES_key_schedule *)ks3, enc);
+        }
+DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+        long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec)
+        {
+        return DES_cbc_cksum((unsigned char *)input, output, length,
+                (DES_key_schedule *)schedule, ivec);
+        }
+void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+        des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)
+        {
+        DES_cbc_encrypt((unsigned char *)input, (unsigned char *)output,
+                length, (DES_key_schedule *)schedule, ivec, enc);
+        }
+void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+        des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)
+        {
+        DES_ncbc_encrypt((unsigned char *)input, (unsigned char *)output,
+                length, (DES_key_schedule *)schedule, ivec, enc);
+        }
+void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+        des_key_schedule schedule,_ossl_old_des_cblock *ivec,
+        _ossl_old_des_cblock *inw,_ossl_old_des_cblock *outw,int enc)
+        {
+        DES_xcbc_encrypt((unsigned char *)input, (unsigned char *)output,
+                length, (DES_key_schedule *)schedule, ivec, inw, outw, enc);
+        }
+void _ossl_old_des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
+        long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)
+        {
+        DES_cfb_encrypt(in, out, numbits, length,
+                (DES_key_schedule *)schedule, ivec, enc);
+        }
+void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+        des_key_schedule ks,int enc)
+        {
+        DES_ecb_encrypt(input, output, (DES_key_schedule *)ks, enc);
+        }
+void _ossl_old_des_encrypt(DES_LONG *data,des_key_schedule ks, int enc)
+        {
+        DES_encrypt1(data, (DES_key_schedule *)ks, enc);
+        }
+void _ossl_old_des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc)
+        {
+        DES_encrypt2(data, (DES_key_schedule *)ks, enc);
+        }
+void _ossl_old_des_encrypt3(DES_LONG *data, des_key_schedule ks1,
+        des_key_schedule ks2, des_key_schedule ks3)
+        {
+        DES_encrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+                (DES_key_schedule *)ks3);
+        }
+void _ossl_old_des_decrypt3(DES_LONG *data, des_key_schedule ks1,
+        des_key_schedule ks2, des_key_schedule ks3)
+        {
+        DES_decrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+                (DES_key_schedule *)ks3);
+        }
+void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, _ossl_old_des_cblock *output, 
+        long length, des_key_schedule ks1, des_key_schedule ks2, 
+        des_key_schedule ks3, _ossl_old_des_cblock *ivec, int enc)
+        {
+        DES_ede3_cbc_encrypt((unsigned char *)input, (unsigned char *)output,
+                length, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+                (DES_key_schedule *)ks3, ivec, enc);
+        }
+void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
+        long length, des_key_schedule ks1, des_key_schedule ks2,
+        des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num, int enc)
+        {
+        DES_ede3_cfb64_encrypt(in, out, length,
+                (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+                (DES_key_schedule *)ks3, ivec, num, enc);
+        }
+void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
+        long length, des_key_schedule ks1, des_key_schedule ks2,
+        des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num)
+        {
+        DES_ede3_ofb64_encrypt(in, out, length,
+                (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+                (DES_key_schedule *)ks3, ivec, num);
+        }
+void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white),
+        _ossl_old_des_cblock (*out_white))
+        {
+        DES_xwhite_in2out(des_key, in_white, out_white);
+        }
+int _ossl_old_des_enc_read(int fd,char *buf,int len,des_key_schedule sched,
+        _ossl_old_des_cblock *iv)
+        {
+        return DES_enc_read(fd, buf, len, (DES_key_schedule *)sched, iv);
+        }
+int _ossl_old_des_enc_write(int fd,char *buf,int len,des_key_schedule sched,
+        _ossl_old_des_cblock *iv)
+        {
+        return DES_enc_write(fd, buf, len, (DES_key_schedule *)sched, iv);
+        }
+char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret)
+        {
+        return DES_fcrypt(buf, salt, ret);
+        }
+char *_ossl_old_des_crypt(const char *buf,const char *salt)
+        {
+        return DES_crypt(buf, salt);
+        }
+char *_ossl_old_crypt(const char *buf,const char *salt)
+        {
+        return DES_crypt(buf, salt);
+        }
+void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out,
+        int numbits,long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec)
+        {
+        DES_ofb_encrypt(in, out, numbits, length, (DES_key_schedule *)schedule,
+                ivec);
+        }
+void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+        des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)
+        {
+        DES_pcbc_encrypt((unsigned char *)input, (unsigned char *)output,
+                length, (DES_key_schedule *)schedule, ivec, enc);
+        }
+DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+        long length,int out_count,_ossl_old_des_cblock *seed)
+        {
+        return DES_quad_cksum((unsigned char *)input, output, length,
+                out_count, seed);
+        }
+void _ossl_old_des_random_seed(_ossl_old_des_cblock key)
+        {
+        RAND_seed(key, sizeof(_ossl_old_des_cblock));
+        }
+void _ossl_old_des_random_key(_ossl_old_des_cblock ret)
+        {
+        DES_random_key((DES_cblock *)ret);
+        }
+int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt,
+                                int verify)
+        {
+        return DES_read_password(key, prompt, verify);
+        }
+int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1, _ossl_old_des_cblock *key2,
+        const char *prompt, int verify)
+        {
+        return DES_read_2passwords(key1, key2, prompt, verify);
+        }
+void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key)
+        {
+        DES_set_odd_parity(key);
+        }
+int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key)
+        {
+        return DES_is_weak_key(key);
+        }
+int _ossl_old_des_set_key(_ossl_old_des_cblock *key,des_key_schedule schedule)
+        {
+        return DES_set_key(key, (DES_key_schedule *)schedule);
+        }
+int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,des_key_schedule schedule)
+        {
+        return DES_key_sched(key, (DES_key_schedule *)schedule);
+        }
+void _ossl_old_des_string_to_key(char *str,_ossl_old_des_cblock *key)
+        {
+        DES_string_to_key(str, key);
+        }
+void _ossl_old_des_string_to_2keys(char *str,_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2)
+        {
+        DES_string_to_2keys(str, key1, key2);
+        }
+void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+        des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num, int enc)
+        {
+        DES_cfb64_encrypt(in, out, length, (DES_key_schedule *)schedule,
+                ivec, num, enc);
+        }
+void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
+        des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num)
+        {
+        DES_ofb64_encrypt(in, out, length, (DES_key_schedule *)schedule,
+                ivec, num);
+        }
diff --git a/src/lib/libcrypto/des/des_old.h b/src/lib/libcrypto/des/des_old.h
new file mode 100644
index 0000000000..1d8bf65101
--- /dev/null
+++ b/src/lib/libcrypto/des/des_old.h
@@ -0,0 +1,441 @@
+/* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */
+/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ *
+ * The function names in here are deprecated and are only present to
+ * provide an interface compatible with openssl 0.9.6 and older as
+ * well as libdes.  OpenSSL now provides functions where "des_" has
+ * been replaced with "DES_" in the names, to make it possible to
+ * make incompatible changes that are needed for C type security and
+ * other stuff.
+ *
+ * This include files has two compatibility modes:
+ *
+ *   - If OPENSSL_DES_LIBDES_COMPATIBILITY is defined, you get an API
+ *     that is compatible with libdes and SSLeay.
+ *   - If OPENSSL_DES_LIBDES_COMPATIBILITY isn't defined, you get an
+ *     API that is compatible with OpenSSL 0.9.5x to 0.9.6x.
+ *
+ * Note that these modes break earlier snapshots of OpenSSL, where
+ * libdes compatibility was the only available mode or (later on) the
+ * prefered compatibility mode.  However, after much consideration
+ * (and more or less violent discussions with external parties), it
+ * was concluded that OpenSSL should be compatible with earlier versions
+ * of itself before anything else.  Also, in all honesty, libdes is
+ * an old beast that shouldn't really be used any more.
+ *
+ * Please consider starting to use the DES_ functions rather than the
+ * des_ ones.  The des_ functions will disappear completely before
+ * OpenSSL 1.0!
+ *
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_DES_OLD_H
+#define HEADER_DES_OLD_H
+#ifdef OPENSSL_NO_DES
+#error DES is disabled.
+#endif
+#ifndef HEADER_DES_H
+#error You must include des.h, not des_old.h directly.
+#endif
+#ifdef _KERBEROS_DES_H
+#error <openssl/des_old.h> replaces <kerberos/des.h>.
+#endif
+#include <openssl/opensslconf.h> /* DES_LONG */
+#include <openssl/e_os2.h>      /* OPENSSL_EXTERN */
+#include <openssl/symhacks.h>
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+#ifdef  __cplusplus
+extern "C" {
+#endif
+typedef unsigned char _ossl_old_des_cblock[8];
+typedef struct _ossl_old_des_ks_struct
+        {
+        union   {
+                _ossl_old_des_cblock _;
+                /* make sure things are correct size on machines with
+                 * 8 byte longs */
+                DES_LONG pad[2];
+                } ks;
+        } _ossl_old_des_key_schedule[16];
+#ifndef OPENSSL_DES_LIBDES_COMPATIBILITY
+#define des_cblock DES_cblock
+#define const_des_cblock const_DES_cblock
+#define des_key_schedule DES_key_schedule
+#define des_ecb3_encrypt(i,o,k1,k2,k3,e)\
+        DES_ecb3_encrypt((i),(o),&(k1),&(k2),&(k3),(e))
+#define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\
+        DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e))
+#define des_ede3_cbcm_encrypt(i,o,l,k1,k2,k3,iv1,iv2,e)\
+        DES_ede3_cbcm_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv1),(iv2),(e))
+#define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\
+        DES_ede3_cfb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n),(e))
+#define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\
+        DES_ede3_ofb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n))
+#define des_options()\
+        DES_options()
+#define des_cbc_cksum(i,o,l,k,iv)\
+        DES_cbc_cksum((i),(o),(l),&(k),(iv))
+#define des_cbc_encrypt(i,o,l,k,iv,e)\
+        DES_cbc_encrypt((i),(o),(l),&(k),(iv),(e))
+#define des_ncbc_encrypt(i,o,l,k,iv,e)\
+        DES_ncbc_encrypt((i),(o),(l),&(k),(iv),(e))
+#define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\
+        DES_xcbc_encrypt((i),(o),(l),&(k),(iv),(inw),(outw),(e))
+#define des_cfb_encrypt(i,o,n,l,k,iv,e)\
+        DES_cfb_encrypt((i),(o),(n),(l),&(k),(iv),(e))
+#define des_ecb_encrypt(i,o,k,e)\
+        DES_ecb_encrypt((i),(o),&(k),(e))
+#define des_encrypt1(d,k,e)\
+        DES_encrypt1((d),&(k),(e))
+#define des_encrypt2(d,k,e)\
+        DES_encrypt2((d),&(k),(e))
+#define des_encrypt3(d,k1,k2,k3)\
+        DES_encrypt3((d),&(k1),&(k2),&(k3))
+#define des_decrypt3(d,k1,k2,k3)\
+        DES_decrypt3((d),&(k1),&(k2),&(k3))
+#define des_xwhite_in2out(k,i,o)\
+        DES_xwhite_in2out((k),(i),(o))
+#define des_enc_read(f,b,l,k,iv)\
+        DES_enc_read((f),(b),(l),&(k),(iv))
+#define des_enc_write(f,b,l,k,iv)\
+        DES_enc_write((f),(b),(l),&(k),(iv))
+#define des_fcrypt(b,s,r)\
+        DES_fcrypt((b),(s),(r))
+#define des_crypt(b,s)\
+        DES_crypt((b),(s))
+#if 0
+#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__)
+#define crypt(b,s)\
+        DES_crypt((b),(s))
+#endif
+#endif
+#define des_ofb_encrypt(i,o,n,l,k,iv)\
+        DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv))
+#define des_pcbc_encrypt(i,o,l,k,iv,e)\
+        DES_pcbc_encrypt((i),(o),(l),&(k),(iv),(e))
+#define des_quad_cksum(i,o,l,c,s)\
+        DES_quad_cksum((i),(o),(l),(c),(s))
+#define des_random_seed(k)\
+        _ossl_096_des_random_seed((k))
+#define des_random_key(r)\
+        DES_random_key((r))
+#define des_read_password(k,p,v) \
+        DES_read_password((k),(p),(v))
+#define des_read_2passwords(k1,k2,p,v) \
+        DES_read_2passwords((k1),(k2),(p),(v))
+#define des_set_odd_parity(k)\
+        DES_set_odd_parity((k))
+#define des_check_key_parity(k)\
+        DES_check_key_parity((k))
+#define des_is_weak_key(k)\
+        DES_is_weak_key((k))
+#define des_set_key(k,ks)\
+        DES_set_key((k),&(ks))
+#define des_key_sched(k,ks)\
+        DES_key_sched((k),&(ks))
+#define des_set_key_checked(k,ks)\
+        DES_set_key_checked((k),&(ks))
+#define des_set_key_unchecked(k,ks)\
+        DES_set_key_unchecked((k),&(ks))
+#define des_string_to_key(s,k)\
+        DES_string_to_key((s),(k))
+#define des_string_to_2keys(s,k1,k2)\
+        DES_string_to_2keys((s),(k1),(k2))
+#define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\
+        DES_cfb64_encrypt((i),(o),(l),&(ks),(iv),(n),(e))
+#define des_ofb64_encrypt(i,o,l,ks,iv,n)\
+        DES_ofb64_encrypt((i),(o),(l),&(ks),(iv),(n))
+                
+#define des_ecb2_encrypt(i,o,k1,k2,e) \
+        des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
+#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
+        des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
+#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
+        des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
+#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
+        des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
+#define des_check_key DES_check_key
+#define des_rw_mode DES_rw_mode
+#else /* libdes compatibility */
+/* Map all symbol names to _ossl_old_des_* form, so we avoid all
+   clashes with libdes */
+#define des_cblock _ossl_old_des_cblock
+#define des_key_schedule _ossl_old_des_key_schedule
+#define des_ecb3_encrypt(i,o,k1,k2,k3,e)\
+        _ossl_old_des_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e))
+#define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\
+        _ossl_old_des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e))
+#define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\
+        _ossl_old_des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e))
+#define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\
+        _ossl_old_des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n))
+#define des_options()\
+        _ossl_old_des_options()
+#define des_cbc_cksum(i,o,l,k,iv)\
+        _ossl_old_des_cbc_cksum((i),(o),(l),(k),(iv))
+#define des_cbc_encrypt(i,o,l,k,iv,e)\
+        _ossl_old_des_cbc_encrypt((i),(o),(l),(k),(iv),(e))
+#define des_ncbc_encrypt(i,o,l,k,iv,e)\
+        _ossl_old_des_ncbc_encrypt((i),(o),(l),(k),(iv),(e))
+#define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\
+        _ossl_old_des_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e))
+#define des_cfb_encrypt(i,o,n,l,k,iv,e)\
+        _ossl_old_des_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e))
+#define des_ecb_encrypt(i,o,k,e)\
+        _ossl_old_des_ecb_encrypt((i),(o),(k),(e))
+#define des_encrypt(d,k,e)\
+        _ossl_old_des_encrypt((d),(k),(e))
+#define des_encrypt2(d,k,e)\
+        _ossl_old_des_encrypt2((d),(k),(e))
+#define des_encrypt3(d,k1,k2,k3)\
+        _ossl_old_des_encrypt3((d),(k1),(k2),(k3))
+#define des_decrypt3(d,k1,k2,k3)\
+        _ossl_old_des_decrypt3((d),(k1),(k2),(k3))
+#define des_xwhite_in2out(k,i,o)\
+        _ossl_old_des_xwhite_in2out((k),(i),(o))
+#define des_enc_read(f,b,l,k,iv)\
+        _ossl_old_des_enc_read((f),(b),(l),(k),(iv))
+#define des_enc_write(f,b,l,k,iv)\
+        _ossl_old_des_enc_write((f),(b),(l),(k),(iv))
+#define des_fcrypt(b,s,r)\
+        _ossl_old_des_fcrypt((b),(s),(r))
+#define des_crypt(b,s)\
+        _ossl_old_des_crypt((b),(s))
+#if 0
+#define crypt(b,s)\
+        _ossl_old_crypt((b),(s))
+#endif
+#define des_ofb_encrypt(i,o,n,l,k,iv)\
+        _ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv))
+#define des_pcbc_encrypt(i,o,l,k,iv,e)\
+        _ossl_old_des_pcbc_encrypt((i),(o),(l),(k),(iv),(e))
+#define des_quad_cksum(i,o,l,c,s)\
+        _ossl_old_des_quad_cksum((i),(o),(l),(c),(s))
+#define des_random_seed(k)\
+        _ossl_old_des_random_seed((k))
+#define des_random_key(r)\
+        _ossl_old_des_random_key((r))
+#define des_read_password(k,p,v) \
+        _ossl_old_des_read_password((k),(p),(v))
+#define des_read_2passwords(k1,k2,p,v) \
+        _ossl_old_des_read_2passwords((k1),(k2),(p),(v))
+#define des_set_odd_parity(k)\
+        _ossl_old_des_set_odd_parity((k))
+#define des_is_weak_key(k)\
+        _ossl_old_des_is_weak_key((k))
+#define des_set_key(k,ks)\
+        _ossl_old_des_set_key((k),(ks))
+#define des_key_sched(k,ks)\
+        _ossl_old_des_key_sched((k),(ks))
+#define des_string_to_key(s,k)\
+        _ossl_old_des_string_to_key((s),(k))
+#define des_string_to_2keys(s,k1,k2)\
+        _ossl_old_des_string_to_2keys((s),(k1),(k2))
+#define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\
+        _ossl_old_des_cfb64_encrypt((i),(o),(l),(ks),(iv),(n),(e))
+#define des_ofb64_encrypt(i,o,l,ks,iv,n)\
+        _ossl_old_des_ofb64_encrypt((i),(o),(l),(ks),(iv),(n))
+                
+#define des_ecb2_encrypt(i,o,k1,k2,e) \
+        des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
+#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
+        des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
+#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
+        des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
+#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
+        des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
+#define des_check_key DES_check_key
+#define des_rw_mode DES_rw_mode
+#endif
+const char *_ossl_old_des_options(void);
+void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+        _ossl_old_des_key_schedule ks1,_ossl_old_des_key_schedule ks2,
+        _ossl_old_des_key_schedule ks3, int enc);
+DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+        long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec);
+void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+        _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
+void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+        _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
+void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+        _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,
+        _ossl_old_des_cblock *inw,_ossl_old_des_cblock *outw,int enc);
+void _ossl_old_des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
+        long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
+void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+        _ossl_old_des_key_schedule ks,int enc);
+void _ossl_old_des_encrypt(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc);
+void _ossl_old_des_encrypt2(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc);
+void _ossl_old_des_encrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,
+        _ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3);
+void _ossl_old_des_decrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,
+        _ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3);
+void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, _ossl_old_des_cblock *output, 
+        long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2, 
+        _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int enc);
+void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
+        long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2,
+        _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num, int enc);
+void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
+        long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2,
+        _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num);
+void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white),
+        _ossl_old_des_cblock (*out_white));
+int _ossl_old_des_enc_read(int fd,char *buf,int len,_ossl_old_des_key_schedule sched,
+        _ossl_old_des_cblock *iv);
+int _ossl_old_des_enc_write(int fd,char *buf,int len,_ossl_old_des_key_schedule sched,
+        _ossl_old_des_cblock *iv);
+char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret);
+char *_ossl_old_des_crypt(const char *buf,const char *salt);
+#if !defined(PERL5) && !defined(NeXT)
+char *_ossl_old_crypt(const char *buf,const char *salt);
+#endif
+void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out,
+        int numbits,long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec);
+void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+        _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
+DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+        long length,int out_count,_ossl_old_des_cblock *seed);
+void _ossl_old_des_random_seed(_ossl_old_des_cblock key);
+void _ossl_old_des_random_key(_ossl_old_des_cblock ret);
+int _ossl_old_des_read_password(_ossl_old_des_cblock *key,const char *prompt,int verify);
+int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2,
+        const char *prompt,int verify);
+void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key);
+int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key);
+int _ossl_old_des_set_key(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule);
+int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule);
+void _ossl_old_des_string_to_key(char *str,_ossl_old_des_cblock *key);
+void _ossl_old_des_string_to_2keys(char *str,_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2);
+void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+        _ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num, int enc);
+void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
+        _ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num);
+void _ossl_096_des_random_seed(des_cblock *key);
+/* The following definitions provide compatibility with the MIT Kerberos
+ * library. The _ossl_old_des_key_schedule structure is not binary compatible. */
+#define _KERBEROS_DES_H
+#define KRBDES_ENCRYPT DES_ENCRYPT
+#define KRBDES_DECRYPT DES_DECRYPT
+#ifdef KERBEROS
+#  define ENCRYPT DES_ENCRYPT
+#  define DECRYPT DES_DECRYPT
+#endif
+#ifndef NCOMPAT
+#  define C_Block des_cblock
+#  define Key_schedule des_key_schedule
+#  define KEY_SZ DES_KEY_SZ
+#  define string_to_key des_string_to_key
+#  define read_pw_string des_read_pw_string
+#  define random_key des_random_key
+#  define pcbc_encrypt des_pcbc_encrypt
+#  define set_key des_set_key
+#  define key_sched des_key_sched
+#  define ecb_encrypt des_ecb_encrypt
+#  define cbc_encrypt des_cbc_encrypt
+#  define ncbc_encrypt des_ncbc_encrypt
+#  define xcbc_encrypt des_xcbc_encrypt
+#  define cbc_cksum des_cbc_cksum
+#  define quad_cksum des_quad_cksum
+#  define check_parity des_check_key_parity
+#endif
+#define des_fixup_key_parity DES_fixup_key_parity
+#ifdef  __cplusplus
+}
+#endif
+/* for DES_read_pw_string et al */
+#include <openssl/ui_compat.h>
+#endif
diff --git a/src/lib/libcrypto/des/des_old2.c b/src/lib/libcrypto/des/des_old2.c
new file mode 100644
index 0000000000..c8fa3ee135
--- /dev/null
+++ b/src/lib/libcrypto/des/des_old2.c
@@ -0,0 +1,82 @@
+/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
+/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ *
+ * The function names in here are deprecated and are only present to
+ * provide an interface compatible with OpenSSL 0.9.6c.  OpenSSL now
+ * provides functions where "des_" has been replaced with "DES_" in
+ * the names, to make it possible to make incompatible changes that
+ * are needed for C type security and other stuff.
+ *
+ * Please consider starting to use the DES_ functions rather than the
+ * des_ ones.  The des_ functions will dissapear completely before
+ * OpenSSL 1.0!
+ *
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#undef OPENSSL_DES_LIBDES_COMPATIBILITY
+#include <openssl/des.h>
+#include <openssl/rand.h>
+void _ossl_096_des_random_seed(DES_cblock *key)
+        {
+        RAND_seed(key, sizeof(DES_cblock));
+        }
diff --git a/src/lib/libcrypto/des/des_opts.c b/src/lib/libcrypto/des/des_opts.c
new file mode 100644
index 0000000000..79278b920e
--- /dev/null
+++ b/src/lib/libcrypto/des/des_opts.c
@@ -0,0 +1,604 @@
+/* crypto/des/des_opts.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
+ * This is for machines with 64k code segment size restrictions. */
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+#define TIMES
+#endif
+#include <stdio.h>
+#ifndef OPENSSL_SYS_MSDOS
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD
+#else
+#include <io.h>
+extern void exit();
+#endif
+#include <signal.h>
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.                           -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#include <openssl/des.h>
+#include "spr.h"
+#define DES_DEFAULT_OPTIONS
+#if !defined(PART1) && !defined(PART2) && !defined(PART3) && !defined(PART4)
+#define PART1
+#define PART2
+#define PART3
+#define PART4
+#endif
+#ifdef PART1
+#undef DES_UNROLL
+#undef DES_RISC1
+#undef DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#define DES_encrypt1 des_encrypt_u4_cisc_idx
+#define DES_encrypt2 des_encrypt2_u4_cisc_idx
+#define DES_encrypt3 des_encrypt3_u4_cisc_idx
+#define DES_decrypt3 des_decrypt3_u4_cisc_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#define DES_UNROLL
+#undef DES_RISC1
+#undef DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u16_cisc_idx
+#define DES_encrypt2 des_encrypt2_u16_cisc_idx
+#define DES_encrypt3 des_encrypt3_u16_cisc_idx
+#define DES_decrypt3 des_decrypt3_u16_cisc_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#undef DES_UNROLL
+#define DES_RISC1
+#undef DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u4_risc1_idx
+#define DES_encrypt2 des_encrypt2_u4_risc1_idx
+#define DES_encrypt3 des_encrypt3_u4_risc1_idx
+#define DES_decrypt3 des_decrypt3_u4_risc1_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#endif
+#ifdef PART2
+#undef DES_UNROLL
+#undef DES_RISC1
+#define DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u4_risc2_idx
+#define DES_encrypt2 des_encrypt2_u4_risc2_idx
+#define DES_encrypt3 des_encrypt3_u4_risc2_idx
+#define DES_decrypt3 des_decrypt3_u4_risc2_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#define DES_UNROLL
+#define DES_RISC1
+#undef DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u16_risc1_idx
+#define DES_encrypt2 des_encrypt2_u16_risc1_idx
+#define DES_encrypt3 des_encrypt3_u16_risc1_idx
+#define DES_decrypt3 des_decrypt3_u16_risc1_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#define DES_UNROLL
+#undef DES_RISC1
+#define DES_RISC2
+#undef DES_PTR
+#undef D_ENCRYPT
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u16_risc2_idx
+#define DES_encrypt2 des_encrypt2_u16_risc2_idx
+#define DES_encrypt3 des_encrypt3_u16_risc2_idx
+#define DES_decrypt3 des_decrypt3_u16_risc2_idx
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#endif
+#ifdef PART3
+#undef DES_UNROLL
+#undef DES_RISC1
+#undef DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u4_cisc_ptr
+#define DES_encrypt2 des_encrypt2_u4_cisc_ptr
+#define DES_encrypt3 des_encrypt3_u4_cisc_ptr
+#define DES_decrypt3 des_decrypt3_u4_cisc_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#define DES_UNROLL
+#undef DES_RISC1
+#undef DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u16_cisc_ptr
+#define DES_encrypt2 des_encrypt2_u16_cisc_ptr
+#define DES_encrypt3 des_encrypt3_u16_cisc_ptr
+#define DES_decrypt3 des_decrypt3_u16_cisc_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#undef DES_UNROLL
+#define DES_RISC1
+#undef DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u4_risc1_ptr
+#define DES_encrypt2 des_encrypt2_u4_risc1_ptr
+#define DES_encrypt3 des_encrypt3_u4_risc1_ptr
+#define DES_decrypt3 des_decrypt3_u4_risc1_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#endif
+#ifdef PART4
+#undef DES_UNROLL
+#undef DES_RISC1
+#define DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u4_risc2_ptr
+#define DES_encrypt2 des_encrypt2_u4_risc2_ptr
+#define DES_encrypt3 des_encrypt3_u4_risc2_ptr
+#define DES_decrypt3 des_decrypt3_u4_risc2_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#define DES_UNROLL
+#define DES_RISC1
+#undef DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u16_risc1_ptr
+#define DES_encrypt2 des_encrypt2_u16_risc1_ptr
+#define DES_encrypt3 des_encrypt3_u16_risc1_ptr
+#define DES_decrypt3 des_decrypt3_u16_risc1_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#define DES_UNROLL
+#undef DES_RISC1
+#define DES_RISC2
+#define DES_PTR
+#undef D_ENCRYPT
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u16_risc2_ptr
+#define DES_encrypt2 des_encrypt2_u16_risc2_ptr
+#define DES_encrypt3 des_encrypt3_u16_risc2_ptr
+#define DES_decrypt3 des_decrypt3_u16_risc2_ptr
+#undef HEADER_DES_LOCL_H
+#include "des_enc.c"
+#endif
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
+#   define HZ   100.0
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+#define BUFSIZE ((long)1024)
+long run=0;
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+#define START   0
+#define STOP    1
+double Time_F(int s)
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+#ifdef SIGALRM
+#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10);
+#else
+#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb);
+#endif
+        
+#define time_it(func,name,index) \
+        print_name(name); \
+        Time_F(START); \
+        for (count=0,run=1; COND(cb); count++) \
+                { \
+                unsigned long d[2]; \
+                func(d,&sch,DES_ENCRYPT); \
+                } \
+        tm[index]=Time_F(STOP); \
+        fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
+        tm[index]=((double)COUNT(cb))/tm[index];
+#define print_it(name,index) \
+        fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
+                tm[index]*8,1.0e6/tm[index]);
+int main(int argc, char **argv)
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+        static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+        static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+        DES_key_schedule sch,sch2,sch3;
+        double d,tm[16],max=0;
+        int rank[16];
+        char *str[16];
+        int max_idx=0,i,num=0,j;
+#ifndef SIGALARM
+        long ca,cb,cc,cd,ce;
+#endif
+        for (i=0; i<12; i++)
+                {
+                tm[i]=0.0;
+                rank[i]=0;
+                }
+#ifndef TIMES
+        fprintf(stderr,"To get the most accurate results, try to run this\n");
+        fprintf(stderr,"program when this computer is idle.\n");
+#endif
+        DES_set_key_unchecked(&key,&sch);
+        DES_set_key_unchecked(&key2,&sch2);
+        DES_set_key_unchecked(&key3,&sch3);
+#ifndef SIGALRM
+        fprintf(stderr,"First we calculate the approximate speed ...\n");
+        DES_set_key_unchecked(&key,sch);
+        count=10;
+        do      {
+                long i;
+                unsigned long data[2];
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        DES_encrypt1(data,&(sch[0]),DES_ENCRYPT);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count;
+        cb=count*3;
+        cc=count*3*8/BUFSIZE+1;
+        cd=count*8/BUFSIZE+1;
+        ce=count/20+1;
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        alarm(10);
+#endif
+#ifdef PART1
+        time_it(des_encrypt_u4_cisc_idx,  "des_encrypt_u4_cisc_idx  ", 0);
+        time_it(des_encrypt_u16_cisc_idx, "des_encrypt_u16_cisc_idx ", 1);
+        time_it(des_encrypt_u4_risc1_idx, "des_encrypt_u4_risc1_idx ", 2);
+        num+=3;
+#endif
+#ifdef PART2
+        time_it(des_encrypt_u16_risc1_idx,"des_encrypt_u16_risc1_idx", 3);
+        time_it(des_encrypt_u4_risc2_idx, "des_encrypt_u4_risc2_idx ", 4);
+        time_it(des_encrypt_u16_risc2_idx,"des_encrypt_u16_risc2_idx", 5);
+        num+=3;
+#endif
+#ifdef PART3
+        time_it(des_encrypt_u4_cisc_ptr,  "des_encrypt_u4_cisc_ptr  ", 6);
+        time_it(des_encrypt_u16_cisc_ptr, "des_encrypt_u16_cisc_ptr ", 7);
+        time_it(des_encrypt_u4_risc1_ptr, "des_encrypt_u4_risc1_ptr ", 8);
+        num+=3;
+#endif
+#ifdef PART4
+        time_it(des_encrypt_u16_risc1_ptr,"des_encrypt_u16_risc1_ptr", 9);
+        time_it(des_encrypt_u4_risc2_ptr, "des_encrypt_u4_risc2_ptr ",10);
+        time_it(des_encrypt_u16_risc2_ptr,"des_encrypt_u16_risc2_ptr",11);
+        num+=3;
+#endif
+#ifdef PART1
+        str[0]=" 4  c i";
+        print_it("des_encrypt_u4_cisc_idx  ",0);
+        max=tm[0];
+        max_idx=0;
+        str[1]="16  c i";
+        print_it("des_encrypt_u16_cisc_idx ",1);
+        if (max < tm[1]) { max=tm[1]; max_idx=1; }
+        str[2]=" 4 r1 i";
+        print_it("des_encrypt_u4_risc1_idx ",2);
+        if (max < tm[2]) { max=tm[2]; max_idx=2; }
+#endif
+#ifdef PART2
+        str[3]="16 r1 i";
+        print_it("des_encrypt_u16_risc1_idx",3);
+        if (max < tm[3]) { max=tm[3]; max_idx=3; }
+        str[4]=" 4 r2 i";
+        print_it("des_encrypt_u4_risc2_idx ",4);
+        if (max < tm[4]) { max=tm[4]; max_idx=4; }
+        str[5]="16 r2 i";
+        print_it("des_encrypt_u16_risc2_idx",5);
+        if (max < tm[5]) { max=tm[5]; max_idx=5; }
+#endif
+#ifdef PART3
+        str[6]=" 4  c p";
+        print_it("des_encrypt_u4_cisc_ptr  ",6);
+        if (max < tm[6]) { max=tm[6]; max_idx=6; }
+        str[7]="16  c p";
+        print_it("des_encrypt_u16_cisc_ptr ",7);
+        if (max < tm[7]) { max=tm[7]; max_idx=7; }
+        str[8]=" 4 r1 p";
+        print_it("des_encrypt_u4_risc1_ptr ",8);
+        if (max < tm[8]) { max=tm[8]; max_idx=8; }
+#endif
+#ifdef PART4
+        str[9]="16 r1 p";
+        print_it("des_encrypt_u16_risc1_ptr",9);
+        if (max < tm[9]) { max=tm[9]; max_idx=9; }
+        str[10]=" 4 r2 p";
+        print_it("des_encrypt_u4_risc2_ptr ",10);
+        if (max < tm[10]) { max=tm[10]; max_idx=10; }
+        str[11]="16 r2 p";
+        print_it("des_encrypt_u16_risc2_ptr",11);
+        if (max < tm[11]) { max=tm[11]; max_idx=11; }
+#endif
+        printf("options    des ecb/s\n");
+        printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]);
+        d=tm[max_idx];
+        tm[max_idx]= -2.0;
+        max= -1.0;
+        for (;;)
+                {
+                for (i=0; i<12; i++)
+                        {
+                        if (max < tm[i]) { max=tm[i]; j=i; }
+                        }
+                if (max < 0.0) break;
+                printf("%s %12.2f  %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0);
+                tm[j]= -2.0;
+                max= -1.0;
+                }
+        switch (max_idx)
+                {
+        case 0:
+                printf("-DDES_DEFAULT_OPTIONS\n");
+                break;
+        case 1:
+                printf("-DDES_UNROLL\n");
+                break;
+        case 2:
+                printf("-DDES_RISC1\n");
+                break;
+        case 3:
+                printf("-DDES_UNROLL -DDES_RISC1\n");
+                break;
+        case 4:
+                printf("-DDES_RISC2\n");
+                break;
+        case 5:
+                printf("-DDES_UNROLL -DDES_RISC2\n");
+                break;
+        case 6:
+                printf("-DDES_PTR\n");
+                break;
+        case 7:
+                printf("-DDES_UNROLL -DDES_PTR\n");
+                break;
+        case 8:
+                printf("-DDES_RISC1 -DDES_PTR\n");
+                break;
+        case 9:
+                printf("-DDES_UNROLL -DDES_RISC1 -DDES_PTR\n");
+                break;
+        case 10:
+                printf("-DDES_RISC2 -DDES_PTR\n");
+                break;
+        case 11:
+                printf("-DDES_UNROLL -DDES_RISC2 -DDES_PTR\n");
+                break;
+                }
+        exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libcrypto/des/des_ver.h b/src/lib/libcrypto/des/des_ver.h
new file mode 100644
index 0000000000..379bbadda2
--- /dev/null
+++ b/src/lib/libcrypto/des/des_ver.h
@@ -0,0 +1,71 @@
+/* crypto/des/des_ver.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <openssl/e_os2.h>
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+/* The following macros make sure the names are different from libdes names */
+#define DES_version OSSL_DES_version
+#define libdes_version OSSL_libdes_version
+OPENSSL_EXTERN const char *OSSL_DES_version;    /* SSLeay version string */
+OPENSSL_EXTERN const char *OSSL_libdes_version; /* old libdes version string */
diff --git a/src/lib/libcrypto/des/dess.cpp b/src/lib/libcrypto/des/dess.cpp
new file mode 100644
index 0000000000..5549bab90a
--- /dev/null
+++ b/src/lib/libcrypto/des/dess.cpp
@@ -0,0 +1,67 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/des.h>
+void main(int argc,char *argv[])
+        {
+        des_key_schedule key;
+        unsigned long s1,s2,e1,e2;
+        unsigned long data[2];
+        int i,j;
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<1000; i++) /**/
+                        {
+                        des_encrypt1(&data[0],key,1);
+                        GetTSC(s1);
+                        des_encrypt1(&data[0],key,1);
+                        des_encrypt1(&data[0],key,1);
+                        des_encrypt1(&data[0],key,1);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        des_encrypt1(&data[0],key,1);
+                        des_encrypt1(&data[0],key,1);
+                        des_encrypt1(&data[0],key,1);
+                        des_encrypt1(&data[0],key,1);
+                        GetTSC(e2);
+                        des_encrypt1(&data[0],key,1);
+                        }
+                printf("des %d %d (%d)\n",
+                        e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+                }
+        }
diff --git a/src/lib/libcrypto/des/destest.c b/src/lib/libcrypto/des/destest.c
new file mode 100644
index 0000000000..e3e9d77f14
--- /dev/null
+++ b/src/lib/libcrypto/des/destest.c
@@ -0,0 +1,948 @@
+/* crypto/des/destest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/e_os2.h>
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_WINDOWS)
+#ifndef OPENSSL_SYS_MSDOS
+#define OPENSSL_SYS_MSDOS
+#endif
+#endif
+#ifndef OPENSSL_SYS_MSDOS
+#if !defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VMS_DECC)
+#include OPENSSL_UNISTD
+#endif
+#else
+#include <io.h>
+#endif
+#include <string.h>
+#ifdef OPENSSL_NO_DES
+int main(int argc, char *argv[])
+{
+    printf("No DES support\n");
+    return(0);
+}
+#else
+#include <openssl/des.h>
+#define crypt(c,s) (des_crypt((c),(s)))
+/* tisk tisk - the test keys don't all have odd parity :-( */
+/* test data */
+#define NUM_TESTS 34
+static unsigned char key_data[NUM_TESTS][8]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10},
+        {0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57},
+        {0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E},
+        {0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86},
+        {0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E},
+        {0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6},
+        {0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE},
+        {0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6},
+        {0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE},
+        {0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16},
+        {0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F},
+        {0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46},
+        {0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E},
+        {0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76},
+        {0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07},
+        {0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F},
+        {0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7},
+        {0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF},
+        {0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6},
+        {0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF},
+        {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
+        {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
+        {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}};
+static unsigned char plain_data[NUM_TESTS][8]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42},
+        {0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA},
+        {0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72},
+        {0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A},
+        {0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2},
+        {0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A},
+        {0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2},
+        {0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A},
+        {0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02},
+        {0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A},
+        {0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32},
+        {0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA},
+        {0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62},
+        {0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2},
+        {0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA},
+        {0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92},
+        {0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A},
+        {0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2},
+        {0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}};
+static unsigned char cipher_data[NUM_TESTS][8]={
+        {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},
+        {0x73,0x59,0xB2,0x16,0x3E,0x4E,0xDC,0x58},
+        {0x95,0x8E,0x6E,0x62,0x7A,0x05,0x55,0x7B},
+        {0xF4,0x03,0x79,0xAB,0x9E,0x0E,0xC5,0x33},
+        {0x17,0x66,0x8D,0xFC,0x72,0x92,0x53,0x2D},
+        {0x8A,0x5A,0xE1,0xF8,0x1A,0xB8,0xF2,0xDD},
+        {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7},
+        {0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4},
+        {0x69,0x0F,0x5B,0x0D,0x9A,0x26,0x93,0x9B},
+        {0x7A,0x38,0x9D,0x10,0x35,0x4B,0xD2,0x71},
+        {0x86,0x8E,0xBB,0x51,0xCA,0xB4,0x59,0x9A},
+        {0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A},
+        {0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95},
+        {0x86,0xA5,0x60,0xF1,0x0E,0xC6,0xD8,0x5B},
+        {0x0C,0xD3,0xDA,0x02,0x00,0x21,0xDC,0x09},
+        {0xEA,0x67,0x6B,0x2C,0xB7,0xDB,0x2B,0x7A},
+        {0xDF,0xD6,0x4A,0x81,0x5C,0xAF,0x1A,0x0F},
+        {0x5C,0x51,0x3C,0x9C,0x48,0x86,0xC0,0x88},
+        {0x0A,0x2A,0xEE,0xAE,0x3F,0xF4,0xAB,0x77},
+        {0xEF,0x1B,0xF0,0x3E,0x5D,0xFA,0x57,0x5A},
+        {0x88,0xBF,0x0D,0xB6,0xD7,0x0D,0xEE,0x56},
+        {0xA1,0xF9,0x91,0x55,0x41,0x02,0x0B,0x56},
+        {0x6F,0xBF,0x1C,0xAF,0xCF,0xFD,0x05,0x56},
+        {0x2F,0x22,0xE4,0x9B,0xAB,0x7C,0xA1,0xAC},
+        {0x5A,0x6B,0x61,0x2C,0xC2,0x6C,0xCE,0x4A},
+        {0x5F,0x4C,0x03,0x8E,0xD1,0x2B,0x2E,0x41},
+        {0x63,0xFA,0xC0,0xD0,0x34,0xD9,0xF7,0x93},
+        {0x61,0x7B,0x3A,0x0C,0xE8,0xF0,0x71,0x00},
+        {0xDB,0x95,0x86,0x05,0xF8,0xC8,0xC6,0x06},
+        {0xED,0xBF,0xD1,0xC6,0x6C,0x29,0xCC,0xC7},
+        {0x35,0x55,0x50,0xB2,0x15,0x0E,0x24,0x51},
+        {0xCA,0xAA,0xAF,0x4D,0xEA,0xF1,0xDB,0xAE},
+        {0xD5,0xD4,0x4F,0xF7,0x20,0x68,0x3D,0x0D},
+        {0x2A,0x2B,0xB0,0x08,0xDF,0x97,0xC2,0xF2}};
+static unsigned char cipher_ecb2[NUM_TESTS-1][8]={
+        {0x92,0x95,0xB5,0x9B,0xB3,0x84,0x73,0x6E},
+        {0x19,0x9E,0x9D,0x6D,0xF3,0x9A,0xA8,0x16},
+        {0x2A,0x4B,0x4D,0x24,0x52,0x43,0x84,0x27},
+        {0x35,0x84,0x3C,0x01,0x9D,0x18,0xC5,0xB6},
+        {0x4A,0x5B,0x2F,0x42,0xAA,0x77,0x19,0x25},
+        {0xA0,0x6B,0xA9,0xB8,0xCA,0x5B,0x17,0x8A},
+        {0xAB,0x9D,0xB7,0xFB,0xED,0x95,0xF2,0x74},
+        {0x3D,0x25,0x6C,0x23,0xA7,0x25,0x2F,0xD6},
+        {0xB7,0x6F,0xAB,0x4F,0xBD,0xBD,0xB7,0x67},
+        {0x8F,0x68,0x27,0xD6,0x9C,0xF4,0x1A,0x10},
+        {0x82,0x57,0xA1,0xD6,0x50,0x5E,0x81,0x85},
+        {0xA2,0x0F,0x0A,0xCD,0x80,0x89,0x7D,0xFA},
+        {0xCD,0x2A,0x53,0x3A,0xDB,0x0D,0x7E,0xF3},
+        {0xD2,0xC2,0xBE,0x27,0xE8,0x1B,0x68,0xE3},
+        {0xE9,0x24,0xCF,0x4F,0x89,0x3C,0x5B,0x0A},
+        {0xA7,0x18,0xC3,0x9F,0xFA,0x9F,0xD7,0x69},
+        {0x77,0x2C,0x79,0xB1,0xD2,0x31,0x7E,0xB1},
+        {0x49,0xAB,0x92,0x7F,0xD0,0x22,0x00,0xB7},
+        {0xCE,0x1C,0x6C,0x7D,0x85,0xE3,0x4A,0x6F},
+        {0xBE,0x91,0xD6,0xE1,0x27,0xB2,0xE9,0x87},
+        {0x70,0x28,0xAE,0x8F,0xD1,0xF5,0x74,0x1A},
+        {0xAA,0x37,0x80,0xBB,0xF3,0x22,0x1D,0xDE},
+        {0xA6,0xC4,0xD2,0x5E,0x28,0x93,0xAC,0xB3},
+        {0x22,0x07,0x81,0x5A,0xE4,0xB7,0x1A,0xAD},
+        {0xDC,0xCE,0x05,0xE7,0x07,0xBD,0xF5,0x84},
+        {0x26,0x1D,0x39,0x2C,0xB3,0xBA,0xA5,0x85},
+        {0xB4,0xF7,0x0F,0x72,0xFB,0x04,0xF0,0xDC},
+        {0x95,0xBA,0xA9,0x4E,0x87,0x36,0xF2,0x89},
+        {0xD4,0x07,0x3A,0xF1,0x5A,0x17,0x82,0x0E},
+        {0xEF,0x6F,0xAF,0xA7,0x66,0x1A,0x7E,0x89},
+        {0xC1,0x97,0xF5,0x58,0x74,0x8A,0x20,0xE7},
+        {0x43,0x34,0xCF,0xDA,0x22,0xC4,0x86,0xC8},
+        {0x08,0xD7,0xB4,0xFB,0x62,0x9D,0x08,0x85}};
+static unsigned char cbc_key [8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
+static unsigned char cbc2_key[8]={0xf1,0xe0,0xd3,0xc2,0xb5,0xa4,0x97,0x86};
+static unsigned char cbc3_key[8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
+static unsigned char cbc_iv  [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
+/* Changed the following text constant to binary so it will work on ebcdic
+ * machines :-) */
+/* static char cbc_data[40]="7654321 Now is the time for \0001"; */
+static unsigned char cbc_data[40]={
+        0x37,0x36,0x35,0x34,0x33,0x32,0x31,0x20,
+        0x4E,0x6F,0x77,0x20,0x69,0x73,0x20,0x74,
+        0x68,0x65,0x20,0x74,0x69,0x6D,0x65,0x20,
+        0x66,0x6F,0x72,0x20,0x00,0x31,0x00,0x00,
+        0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+        };
+static unsigned char cbc_ok[32]={
+        0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
+        0xac,0xd8,0xae,0xfd,0xdf,0xd8,0xa1,0xeb,
+        0x46,0x8e,0x91,0x15,0x78,0x88,0xba,0x68,
+        0x1d,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
+#ifdef SCREW_THE_PARITY
+#error "SCREW_THE_PARITY is not ment to be defined."
+#error "Original vectors are preserved for reference only."
+static unsigned char cbc2_key[8]={0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
+static unsigned char xcbc_ok[32]={
+        0x86,0x74,0x81,0x0D,0x61,0xA4,0xA5,0x48,
+        0xB9,0x93,0x03,0xE1,0xB8,0xBB,0xBD,0xBD,
+        0x64,0x30,0x0B,0xB9,0x06,0x65,0x81,0x76,
+        0x04,0x1D,0x77,0x62,0x17,0xCA,0x2B,0xD2,
+        };
+#else
+static unsigned char xcbc_ok[32]={
+        0x84,0x6B,0x29,0x14,0x85,0x1E,0x9A,0x29,
+        0x54,0x73,0x2F,0x8A,0xA0,0xA6,0x11,0xC1,
+        0x15,0xCD,0xC2,0xD7,0x95,0x1B,0x10,0x53,
+        0xA6,0x3C,0x5E,0x03,0xB2,0x1A,0xA3,0xC4,
+        };
+#endif
+static unsigned char cbc3_ok[32]={
+        0x3F,0xE3,0x01,0xC9,0x62,0xAC,0x01,0xD0,
+        0x22,0x13,0x76,0x3C,0x1C,0xBD,0x4C,0xDC,
+        0x79,0x96,0x57,0xC0,0x64,0xEC,0xF5,0xD4,
+        0x1C,0x67,0x38,0x12,0xCF,0xDE,0x96,0x75};
+static unsigned char pcbc_ok[32]={
+        0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4,
+        0x6d,0xec,0xb4,0x70,0xa0,0xe5,0x6b,0x15,
+        0xae,0xa6,0xbf,0x61,0xed,0x7d,0x9c,0x9f,
+        0xf7,0x17,0x46,0x3b,0x8a,0xb3,0xcc,0x88};
+static unsigned char cfb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
+static unsigned char cfb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
+static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
+static unsigned char plain[24]=
+        {
+        0x4e,0x6f,0x77,0x20,0x69,0x73,
+        0x20,0x74,0x68,0x65,0x20,0x74,
+        0x69,0x6d,0x65,0x20,0x66,0x6f,
+        0x72,0x20,0x61,0x6c,0x6c,0x20
+        };
+static unsigned char cfb_cipher8[24]= {
+        0xf3,0x1f,0xda,0x07,0x01,0x14, 0x62,0xee,0x18,0x7f,0x43,0xd8,
+        0x0a,0x7c,0xd9,0xb5,0xb0,0xd2, 0x90,0xda,0x6e,0x5b,0x9a,0x87 };
+static unsigned char cfb_cipher16[24]={
+        0xF3,0x09,0x87,0x87,0x7F,0x57, 0xF7,0x3C,0x36,0xB6,0xDB,0x70,
+        0xD8,0xD5,0x34,0x19,0xD3,0x86, 0xB2,0x23,0xB7,0xB2,0xAD,0x1B };
+static unsigned char cfb_cipher32[24]={
+        0xF3,0x09,0x62,0x49,0xA4,0xDF, 0xA4,0x9F,0x33,0xDC,0x7B,0xAD,
+        0x4C,0xC8,0x9F,0x64,0xE4,0x53, 0xE5,0xEC,0x67,0x20,0xDA,0xB6 };
+static unsigned char cfb_cipher48[24]={
+        0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x30,0xB5,0x15,0xEC,0xBB,0x85,
+        0x97,0x5A,0x13,0x8C,0x68,0x60, 0xE2,0x38,0x34,0x3C,0xDC,0x1F };
+static unsigned char cfb_cipher64[24]={
+        0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x6E,0x51,0xA6,0x9E,0x83,0x9B,
+        0x1A,0x92,0xF7,0x84,0x03,0x46, 0x71,0x33,0x89,0x8E,0xA6,0x22 };
+static unsigned char ofb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
+static unsigned char ofb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef};
+static unsigned char ofb_buf1[24],ofb_buf2[24],ofb_tmp[8];
+static unsigned char ofb_cipher[24]=
+        {
+        0xf3,0x09,0x62,0x49,0xc7,0xf4,0x6e,0x51,
+        0x35,0xf2,0x4a,0x24,0x2e,0xeb,0x3d,0x3f,
+        0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3
+        };
+#if 0
+static DES_LONG cbc_cksum_ret=0xB462FEF7L;
+#else
+static DES_LONG cbc_cksum_ret=0xF7FE62B4L;
+#endif
+static unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
+static char *pt(unsigned char *p);
+static int cfb_test(int bits, unsigned char *cfb_cipher);
+static int cfb64_test(unsigned char *cfb_cipher);
+static int ede_cfb64_test(unsigned char *cfb_cipher);
+int main(int argc, char *argv[])
+        {
+        int i,j,err=0;
+        des_cblock in,out,outin,iv3,iv2;
+        des_key_schedule ks,ks2,ks3;
+        unsigned char cbc_in[40];
+        unsigned char cbc_out[40];
+        DES_LONG cs;
+        unsigned char cret[8];
+#ifdef _CRAY
+        struct {
+            int a:32;
+            int b:32;
+        } lqret[2];
+#else
+        DES_LONG lqret[4];
+#endif
+        int num;
+        char *str;
+#ifndef OPENSSL_NO_DESCBCM
+        printf("Doing cbcm\n");
+        if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
+                {
+                printf("Key error %d\n",j);
+                err=1;
+                }
+        if ((j=DES_set_key_checked(&cbc2_key,&ks2)) != 0)
+                {
+                printf("Key error %d\n",j);
+                err=1;
+                }
+        if ((j=DES_set_key_checked(&cbc3_key,&ks3)) != 0)
+                {
+                printf("Key error %d\n",j);
+                err=1;
+                }
+        memset(cbc_out,0,40);
+        memset(cbc_in,0,40);
+        i=strlen((char *)cbc_data)+1;
+        /* i=((i+7)/8)*8; */
+        memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+        memset(iv2,'\0',sizeof iv2);
+        DES_ede3_cbcm_encrypt(cbc_data,cbc_out,16L,&ks,&ks2,&ks3,&iv3,&iv2,
+                              DES_ENCRYPT);
+        DES_ede3_cbcm_encrypt(&cbc_data[16],&cbc_out[16],i-16,&ks,&ks2,&ks3,
+                              &iv3,&iv2,DES_ENCRYPT);
+        /*      if (memcmp(cbc_out,cbc3_ok,
+                (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
+                {
+                printf("des_ede3_cbc_encrypt encrypt error\n");
+                err=1;
+                }
+        */
+        memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+        memset(iv2,'\0',sizeof iv2);
+        DES_ede3_cbcm_encrypt(cbc_out,cbc_in,i,&ks,&ks2,&ks3,&iv3,&iv2,DES_DECRYPT);
+        if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
+                {
+                int n;
+                printf("des_ede3_cbcm_encrypt decrypt error\n");
+                for(n=0 ; n < i ; ++n)
+                    printf(" %02x",cbc_data[n]);
+                printf("\n");
+                for(n=0 ; n < i ; ++n)
+                    printf(" %02x",cbc_in[n]);
+                printf("\n");
+                err=1;
+                }
+#endif
+        printf("Doing ecb\n");
+        for (i=0; i<NUM_TESTS; i++)
+                {
+                DES_set_key_unchecked(&key_data[i],&ks);
+                memcpy(in,plain_data[i],8);
+                memset(out,0,8);
+                memset(outin,0,8);
+                des_ecb_encrypt(&in,&out,ks,DES_ENCRYPT);
+                des_ecb_encrypt(&out,&outin,ks,DES_DECRYPT);
+                if (memcmp(out,cipher_data[i],8) != 0)
+                        {
+                        printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
+                                i+1,pt(key_data[i]),pt(in),pt(cipher_data[i]),
+                                pt(out));
+                        err=1;
+                        }
+                if (memcmp(in,outin,8) != 0)
+                        {
+                        printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
+                                i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));
+                        err=1;
+                        }
+                }
+#ifndef LIBDES_LIT
+        printf("Doing ede ecb\n");
+        for (i=0; i<(NUM_TESTS-2); i++)
+                {
+                DES_set_key_unchecked(&key_data[i],&ks);
+                DES_set_key_unchecked(&key_data[i+1],&ks2);
+                DES_set_key_unchecked(&key_data[i+2],&ks3);
+                memcpy(in,plain_data[i],8);
+                memset(out,0,8);
+                memset(outin,0,8);
+                des_ecb2_encrypt(in,out,ks,ks2,DES_ENCRYPT);
+                des_ecb2_encrypt(out,outin,ks,ks2,DES_DECRYPT);
+                if (memcmp(out,cipher_ecb2[i],8) != 0)
+                        {
+                        printf("Encryption error %2d\nk=%s p=%s o=%s act=%s\n",
+                                i+1,pt(key_data[i]),pt(in),pt(cipher_ecb2[i]),
+                                pt(out));
+                        err=1;
+                        }
+                if (memcmp(in,outin,8) != 0)
+                        {
+                        printf("Decryption error %2d\nk=%s p=%s o=%s act=%s\n",
+                                i+1,pt(key_data[i]),pt(out),pt(in),pt(outin));
+                        err=1;
+                        }
+                }
+#endif
+        printf("Doing cbc\n");
+        if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
+                {
+                printf("Key error %d\n",j);
+                err=1;
+                }
+        memset(cbc_out,0,40);
+        memset(cbc_in,0,40);
+        memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+        des_ncbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
+                         &iv3,DES_ENCRYPT);
+        if (memcmp(cbc_out,cbc_ok,32) != 0)
+                {
+                printf("cbc_encrypt encrypt error\n");
+                err=1;
+                }
+        memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+        des_ncbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,
+                         &iv3,DES_DECRYPT);
+        if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)) != 0)
+                {
+                printf("cbc_encrypt decrypt error\n");
+                err=1;
+                }
+#ifndef LIBDES_LIT
+        printf("Doing desx cbc\n");
+        if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
+                {
+                printf("Key error %d\n",j);
+                err=1;
+                }
+        memset(cbc_out,0,40);
+        memset(cbc_in,0,40);
+        memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+        des_xcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
+                         &iv3,&cbc2_key,&cbc3_key, DES_ENCRYPT);
+        if (memcmp(cbc_out,xcbc_ok,32) != 0)
+                {
+                printf("des_xcbc_encrypt encrypt error\n");
+                err=1;
+                }
+        memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+        des_xcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,
+                         &iv3,&cbc2_key,&cbc3_key, DES_DECRYPT);
+        if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
+                {
+                printf("des_xcbc_encrypt decrypt error\n");
+                err=1;
+                }
+#endif
+        printf("Doing ede cbc\n");
+        if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
+                {
+                printf("Key error %d\n",j);
+                err=1;
+                }
+        if ((j=DES_set_key_checked(&cbc2_key,&ks2)) != 0)
+                {
+                printf("Key error %d\n",j);
+                err=1;
+                }
+        if ((j=DES_set_key_checked(&cbc3_key,&ks3)) != 0)
+                {
+                printf("Key error %d\n",j);
+                err=1;
+                }
+        memset(cbc_out,0,40);
+        memset(cbc_in,0,40);
+        i=strlen((char *)cbc_data)+1;
+        /* i=((i+7)/8)*8; */
+        memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+        des_ede3_cbc_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3,
+                             DES_ENCRYPT);
+        des_ede3_cbc_encrypt(&(cbc_data[16]),&(cbc_out[16]),i-16,ks,ks2,ks3,
+                             &iv3,DES_ENCRYPT);
+        if (memcmp(cbc_out,cbc3_ok,
+                (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
+                {
+                int n;
+                printf("des_ede3_cbc_encrypt encrypt error\n");
+                for(n=0 ; n < i ; ++n)
+                    printf(" %02x",cbc_out[n]);
+                printf("\n");
+                for(n=0 ; n < i ; ++n)
+                    printf(" %02x",cbc3_ok[n]);
+                printf("\n");
+                err=1;
+                }
+        memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+        des_ede3_cbc_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,DES_DECRYPT);
+        if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
+                {
+                int n;
+                printf("des_ede3_cbc_encrypt decrypt error\n");
+                for(n=0 ; n < i ; ++n)
+                    printf(" %02x",cbc_data[n]);
+                printf("\n");
+                for(n=0 ; n < i ; ++n)
+                    printf(" %02x",cbc_in[n]);
+                printf("\n");
+                err=1;
+                }
+#ifndef LIBDES_LIT
+        printf("Doing pcbc\n");
+        if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
+                {
+                printf("Key error %d\n",j);
+                err=1;
+                }
+        memset(cbc_out,0,40);
+        memset(cbc_in,0,40);
+        des_pcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
+                         &cbc_iv,DES_ENCRYPT);
+        if (memcmp(cbc_out,pcbc_ok,32) != 0)
+                {
+                printf("pcbc_encrypt encrypt error\n");
+                err=1;
+                }
+        des_pcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,&cbc_iv,
+                         DES_DECRYPT);
+        if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
+                {
+                printf("pcbc_encrypt decrypt error\n");
+                err=1;
+                }
+        printf("Doing ");
+        printf("cfb8 ");
+        err+=cfb_test(8,cfb_cipher8);
+        printf("cfb16 ");
+        err+=cfb_test(16,cfb_cipher16);
+        printf("cfb32 ");
+        err+=cfb_test(32,cfb_cipher32);
+        printf("cfb48 ");
+        err+=cfb_test(48,cfb_cipher48);
+        printf("cfb64 ");
+        err+=cfb_test(64,cfb_cipher64);
+        printf("cfb64() ");
+        err+=cfb64_test(cfb_cipher64);
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        for (i=0; i<sizeof(plain); i++)
+                des_cfb_encrypt(&(plain[i]),&(cfb_buf1[i]),
+                        8,1,ks,&cfb_tmp,DES_ENCRYPT);
+        if (memcmp(cfb_cipher8,cfb_buf1,sizeof(plain)) != 0)
+                {
+                printf("cfb_encrypt small encrypt error\n");
+                err=1;
+                }
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        for (i=0; i<sizeof(plain); i++)
+                des_cfb_encrypt(&(cfb_buf1[i]),&(cfb_buf2[i]),
+                        8,1,ks,&cfb_tmp,DES_DECRYPT);
+        if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
+                {
+                printf("cfb_encrypt small decrypt error\n");
+                err=1;
+                }
+        printf("ede_cfb64() ");
+        err+=ede_cfb64_test(cfb_cipher64);
+        printf("done\n");
+        printf("Doing ofb\n");
+        DES_set_key_checked(&ofb_key,&ks);
+        memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+        des_ofb_encrypt(plain,ofb_buf1,64,sizeof(plain)/8,ks,&ofb_tmp);
+        if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
+                {
+                printf("ofb_encrypt encrypt error\n");
+printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+ofb_buf1[8+0], ofb_buf1[8+1], ofb_buf1[8+2], ofb_buf1[8+3],
+ofb_buf1[8+4], ofb_buf1[8+5], ofb_buf1[8+6], ofb_buf1[8+7]);
+printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+ofb_buf1[8+0], ofb_cipher[8+1], ofb_cipher[8+2], ofb_cipher[8+3],
+ofb_buf1[8+4], ofb_cipher[8+5], ofb_cipher[8+6], ofb_cipher[8+7]);
+                err=1;
+                }
+        memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+        des_ofb_encrypt(ofb_buf1,ofb_buf2,64,sizeof(ofb_buf1)/8,ks,&ofb_tmp);
+        if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
+                {
+                printf("ofb_encrypt decrypt error\n");
+printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+ofb_buf2[8+0], ofb_buf2[8+1], ofb_buf2[8+2], ofb_buf2[8+3],
+ofb_buf2[8+4], ofb_buf2[8+5], ofb_buf2[8+6], ofb_buf2[8+7]);
+printf("%02X %02X %02X %02X %02X %02X %02X %02X\n",
+plain[8+0], plain[8+1], plain[8+2], plain[8+3],
+plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
+                err=1;
+                }
+        printf("Doing ofb64\n");
+        DES_set_key_checked(&ofb_key,&ks);
+        memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+        memset(ofb_buf1,0,sizeof(ofb_buf1));
+        memset(ofb_buf2,0,sizeof(ofb_buf1));
+        num=0;
+        for (i=0; i<sizeof(plain); i++)
+                {
+                des_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,&ofb_tmp,
+                                  &num);
+                }
+        if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
+                {
+                printf("ofb64_encrypt encrypt error\n");
+                err=1;
+                }
+        memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+        num=0;
+        des_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,&ofb_tmp,
+                          &num);
+        if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
+                {
+                printf("ofb64_encrypt decrypt error\n");
+                err=1;
+                }
+        printf("Doing ede_ofb64\n");
+        DES_set_key_checked(&ofb_key,&ks);
+        memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+        memset(ofb_buf1,0,sizeof(ofb_buf1));
+        memset(ofb_buf2,0,sizeof(ofb_buf1));
+        num=0;
+        for (i=0; i<sizeof(plain); i++)
+                {
+                des_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,ks,
+                                       ks,&ofb_tmp,&num);
+                }
+        if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
+                {
+                printf("ede_ofb64_encrypt encrypt error\n");
+                err=1;
+                }
+        memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
+        num=0;
+        des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,ks,ks,
+                               &ofb_tmp,&num);
+        if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
+                {
+                printf("ede_ofb64_encrypt decrypt error\n");
+                err=1;
+                }
+        printf("Doing cbc_cksum\n");
+        DES_set_key_checked(&cbc_key,&ks);
+        cs=des_cbc_cksum(cbc_data,&cret,strlen((char *)cbc_data),ks,&cbc_iv);
+        if (cs != cbc_cksum_ret)
+                {
+                printf("bad return value (%08lX), should be %08lX\n",
+                        (unsigned long)cs,(unsigned long)cbc_cksum_ret);
+                err=1;
+                }
+        if (memcmp(cret,cbc_cksum_data,8) != 0)
+                {
+                printf("bad cbc_cksum block returned\n");
+                err=1;
+                }
+        printf("Doing quad_cksum\n");
+        cs=des_quad_cksum(cbc_data,(des_cblock *)lqret,
+                (long)strlen((char *)cbc_data),2,(des_cblock *)cbc_iv);
+        if (cs != 0x70d7a63aL)
+                {
+                printf("quad_cksum error, ret %08lx should be 70d7a63a\n",
+                        (unsigned long)cs);
+                err=1;
+                }
+#ifdef _CRAY
+        if (lqret[0].a != 0x327eba8dL)
+                {
+                printf("quad_cksum error, out[0] %08lx is not %08lx\n",
+                        (unsigned long)lqret[0].a,0x327eba8dUL);
+                err=1;
+                }
+        if (lqret[0].b != 0x201a49ccL)
+                {
+                printf("quad_cksum error, out[1] %08lx is not %08lx\n",
+                        (unsigned long)lqret[0].b,0x201a49ccUL);
+                err=1;
+                }
+        if (lqret[1].a != 0x70d7a63aL)
+                {
+                printf("quad_cksum error, out[2] %08lx is not %08lx\n",
+                        (unsigned long)lqret[1].a,0x70d7a63aUL);
+                err=1;
+                }
+        if (lqret[1].b != 0x501c2c26L)
+                {
+                printf("quad_cksum error, out[3] %08lx is not %08lx\n",
+                        (unsigned long)lqret[1].b,0x501c2c26UL);
+                err=1;
+                }
+#else
+        if (lqret[0] != 0x327eba8dL)
+                {
+                printf("quad_cksum error, out[0] %08lx is not %08lx\n",
+                        (unsigned long)lqret[0],0x327eba8dUL);
+                err=1;
+                }
+        if (lqret[1] != 0x201a49ccL)
+                {
+                printf("quad_cksum error, out[1] %08lx is not %08lx\n",
+                        (unsigned long)lqret[1],0x201a49ccUL);
+                err=1;
+                }
+        if (lqret[2] != 0x70d7a63aL)
+                {
+                printf("quad_cksum error, out[2] %08lx is not %08lx\n",
+                        (unsigned long)lqret[2],0x70d7a63aUL);
+                err=1;
+                }
+        if (lqret[3] != 0x501c2c26L)
+                {
+                printf("quad_cksum error, out[3] %08lx is not %08lx\n",
+                        (unsigned long)lqret[3],0x501c2c26UL);
+                err=1;
+                }
+#endif
+#endif
+        printf("input word alignment test");
+        for (i=0; i<4; i++)
+                {
+                printf(" %d",i);
+                des_ncbc_encrypt(&(cbc_out[i]),cbc_in,
+                                 strlen((char *)cbc_data)+1,ks,
+                                 &cbc_iv,DES_ENCRYPT);
+                }
+        printf("\noutput word alignment test");
+        for (i=0; i<4; i++)
+                {
+                printf(" %d",i);
+                des_ncbc_encrypt(cbc_out,&(cbc_in[i]),
+                                 strlen((char *)cbc_data)+1,ks,
+                                 &cbc_iv,DES_ENCRYPT);
+                }
+        printf("\n");
+        printf("fast crypt test ");
+        str=crypt("testing","ef");
+        if (strcmp("efGnQx2725bI2",str) != 0)
+                {
+                printf("fast crypt error, %s should be efGnQx2725bI2\n",str);
+                err=1;
+                }
+        str=crypt("bca76;23","yA");
+        if (strcmp("yA1Rp/1hZXIJk",str) != 0)
+                {
+                printf("fast crypt error, %s should be yA1Rp/1hZXIJk\n",str);
+                err=1;
+                }
+        printf("\n");
+        return(err);
+        }
+static char *pt(unsigned char *p)
+        {
+        static char bufs[10][20];
+        static int bnum=0;
+        char *ret;
+        int i;
+        static char *f="0123456789ABCDEF";
+        ret= &(bufs[bnum++][0]);
+        bnum%=10;
+        for (i=0; i<8; i++)
+                {
+                ret[i*2]=f[(p[i]>>4)&0xf];
+                ret[i*2+1]=f[p[i]&0xf];
+                }
+        ret[16]='\0';
+        return(ret);
+        }
+#ifndef LIBDES_LIT
+static int cfb_test(int bits, unsigned char *cfb_cipher)
+        {
+        des_key_schedule ks;
+        int i,err=0;
+        DES_set_key_checked(&cfb_key,&ks);
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        des_cfb_encrypt(plain,cfb_buf1,bits,sizeof(plain),ks,&cfb_tmp,
+                        DES_ENCRYPT);
+        if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
+                {
+                err=1;
+                printf("cfb_encrypt encrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf1[i])));
+                }
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        des_cfb_encrypt(cfb_buf1,cfb_buf2,bits,sizeof(plain),ks,&cfb_tmp,
+                        DES_DECRYPT);
+        if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
+                {
+                err=1;
+                printf("cfb_encrypt decrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf1[i])));
+                }
+        return(err);
+        }
+static int cfb64_test(unsigned char *cfb_cipher)
+        {
+        des_key_schedule ks;
+        int err=0,i,n;
+        DES_set_key_checked(&cfb_key,&ks);
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        n=0;
+        des_cfb64_encrypt(plain,cfb_buf1,12,ks,&cfb_tmp,&n,DES_ENCRYPT);
+        des_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),sizeof(plain)-12,ks,
+                          &cfb_tmp,&n,DES_ENCRYPT);
+        if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
+                {
+                err=1;
+                printf("cfb_encrypt encrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf1[i])));
+                }
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        n=0;
+        des_cfb64_encrypt(cfb_buf1,cfb_buf2,17,ks,&cfb_tmp,&n,DES_DECRYPT);
+        des_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
+                          sizeof(plain)-17,ks,&cfb_tmp,&n,DES_DECRYPT);
+        if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
+                {
+                err=1;
+                printf("cfb_encrypt decrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf2[i])));
+                }
+        return(err);
+        }
+static int ede_cfb64_test(unsigned char *cfb_cipher)
+        {
+        des_key_schedule ks;
+        int err=0,i,n;
+        DES_set_key_checked(&cfb_key,&ks);
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        n=0;
+        des_ede3_cfb64_encrypt(plain,cfb_buf1,12,ks,ks,ks,&cfb_tmp,&n,
+                               DES_ENCRYPT);
+        des_ede3_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
+                               sizeof(plain)-12,ks,ks,ks,
+                               &cfb_tmp,&n,DES_ENCRYPT);
+        if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
+                {
+                err=1;
+                printf("ede_cfb_encrypt encrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf1[i])));
+                }
+        memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
+        n=0;
+        des_ede3_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,ks,ks,
+                               &cfb_tmp,&n,DES_DECRYPT);
+        des_ede3_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
+                               sizeof(plain)-17,ks,ks,ks,
+                               &cfb_tmp,&n,DES_DECRYPT);
+        if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
+                {
+                err=1;
+                printf("ede_cfb_encrypt decrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf2[i])));
+                }
+        return(err);
+        }
+#endif
+#endif
diff --git a/src/lib/libcrypto/des/ecb3_enc.c b/src/lib/libcrypto/des/ecb3_enc.c
index c3437bc606..fa0c9c4d4f 100644
--- a/src/lib/libcrypto/des/ecb3_enc.c
+++ b/src/lib/libcrypto/des/ecb3_enc.c
@@ -58,15 +58,13 @@
 #include "des_locl.h"
-void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
+void DES_ecb3_encrypt(const unsigned char *in, unsigned char *out,
                      DES_key_schedule *ks1, DES_key_schedule *ks2,
                      DES_key_schedule *ks3,
             int enc)
        {
        register DES_LONG l0,l1;
        DES_LONG ll[2];
-        const unsigned char *in = &(*input)[0];
-        unsigned char *out = &(*output)[0];
        c2l(in,l0);
        c2l(in,l1);
diff --git a/src/lib/libcrypto/des/ecb_enc.c b/src/lib/libcrypto/des/ecb_enc.c
index 00d5b91e8c..784aa5ba23 100644
--- a/src/lib/libcrypto/des/ecb_enc.c
+++ b/src/lib/libcrypto/des/ecb_enc.c
@@ -62,8 +62,8 @@
 #include <openssl/opensslv.h>
 #include <openssl/bio.h>
-OPENSSL_GLOBAL const char libdes_version[]="libdes" OPENSSL_VERSION_PTEXT;
+OPENSSL_GLOBAL const char *libdes_version="libdes" OPENSSL_VERSION_PTEXT;
-OPENSSL_GLOBAL const char DES_version[]="DES" OPENSSL_VERSION_PTEXT;
+OPENSSL_GLOBAL const char *DES_version="DES" OPENSSL_VERSION_PTEXT;
 const char *DES_options(void)
        {
diff --git a/src/lib/libcrypto/des/ede_cbcm_enc.c b/src/lib/libcrypto/des/ede_cbcm_enc.c
index adfcb75cf3..fa45aa272b 100644
--- a/src/lib/libcrypto/des/ede_cbcm_enc.c
+++ b/src/lib/libcrypto/des/ede_cbcm_enc.c
@@ -68,8 +68,6 @@ http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz
 */
-#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_DESCBCM is defined */
 #ifndef OPENSSL_NO_DESCBCM
 #include "des_locl.h"
diff --git a/src/lib/libcrypto/des/fcrypt.c b/src/lib/libcrypto/des/fcrypt.c
index ccbdff250f..2758c32656 100644
--- a/src/lib/libcrypto/des/fcrypt.c
+++ b/src/lib/libcrypto/des/fcrypt.c
@@ -58,6 +58,9 @@ static unsigned const char cov_2char[64]={
 0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A
 };
+void fcrypt_body(DES_LONG *out,DES_key_schedule *ks,
+                 DES_LONG Eswap0, DES_LONG Eswap1);
 char *DES_crypt(const char *buf, const char *salt)
        {
        static char buff[14];
diff --git a/src/lib/libcrypto/des/makefile.bc b/src/lib/libcrypto/des/makefile.bc
new file mode 100644
index 0000000000..1fe6d4915a
--- /dev/null
+++ b/src/lib/libcrypto/des/makefile.bc
@@ -0,0 +1,50 @@
+#
+# Origional BC Makefile from Teun <Teun.Nijssen@kub.nl>
+#
+#
+CC      = bcc
+TLIB    = tlib /0 /C
+# note: the -3 flag produces code for 386, 486, Pentium etc; omit it for 286s
+OPTIMIZE= -3 -O2
+#WINDOWS= -W
+CFLAGS  = -c -ml -d $(OPTIMIZE) $(WINDOWS) -DMSDOS
+LFLAGS  = -ml $(WINDOWS)
+.c.obj:
+        $(CC) $(CFLAGS) $*.c
+.obj.exe:
+        $(CC) $(LFLAGS) -e$*.exe $*.obj libdes.lib  
+all: $(LIB) destest.exe rpw.exe des.exe speed.exe
+# "make clean": use a directory containing only libdes .exe and .obj files...
+clean:
+        del *.exe
+        del *.obj
+        del libdes.lib
+        del libdes.rsp
+OBJS=   cbc_cksm.obj cbc_enc.obj  ecb_enc.obj  pcbc_enc.obj \
+        qud_cksm.obj rand_key.obj set_key.obj  str2key.obj \
+        enc_read.obj enc_writ.obj fcrypt.obj   cfb_enc.obj \
+        ecb3_enc.obj ofb_enc.obj  cbc3_enc.obj read_pwd.obj\
+        cfb64enc.obj ofb64enc.obj ede_enc.obj  cfb64ede.obj\
+        ofb64ede.obj supp.obj
+LIB=    libdes.lib
+$(LIB): $(OBJS)
+        del $(LIB)
+        makersp "+%s &\n" &&|
+        $(OBJS)
+|       >libdes.rsp
+        $(TLIB) libdes.lib @libdes.rsp,nul
+        del libdes.rsp
+destest.exe: destest.obj libdes.lib
+rpw.exe:     rpw.obj libdes.lib
+speed.exe:   speed.obj libdes.lib
+des.exe:     des.obj libdes.lib
diff --git a/src/lib/libcrypto/des/options.txt b/src/lib/libcrypto/des/options.txt
new file mode 100644
index 0000000000..6e2b50f765
--- /dev/null
+++ b/src/lib/libcrypto/des/options.txt
@@ -0,0 +1,39 @@
+Note that the UNROLL option makes the 'inner' des loop unroll all 16 rounds
+instead of the default 4.
+RISC1 and RISC2 are 2 alternatives for the inner loop and
+PTR means to use pointers arithmatic instead of arrays.
+FreeBSD - Pentium Pro 200mhz - gcc 2.7.2.2 - assembler          577,000 4620k/s
+IRIX 6.2 - R10000 195mhz - cc (-O3 -n32) - UNROLL RISC2 PTR     496,000 3968k/s
+solaris 2.5.1 usparc 167mhz?? - SC4.0 - UNROLL RISC1 PTR [1]    459,400 3672k/s
+FreeBSD - Pentium Pro 200mhz - gcc 2.7.2.2 - UNROLL RISC1       433,000 3468k/s
+solaris 2.5.1 usparc 167mhz?? - gcc 2.7.2 - UNROLL              380,000 3041k/s
+linux - pentium 100mhz - gcc 2.7.0 - assembler                  281,000 2250k/s
+NT 4.0 - pentium 100mhz - VC 4.2 - assembler                    281,000 2250k/s
+AIX 4.1? - PPC604 100mhz - cc - UNROLL                          275,000 2200k/s
+IRIX 5.3 - R4400 200mhz - gcc 2.6.3 - UNROLL RISC2 PTR          235,300 1882k/s
+IRIX 5.3 - R4400 200mhz - cc - UNROLL RISC2 PTR                 233,700 1869k/s
+NT 4.0 - pentium 100mhz - VC 4.2 - UNROLL RISC1 PTR             191,000 1528k/s
+DEC Alpha 165mhz??  - cc - RISC2 PTR [2]                        181,000 1448k/s
+linux - pentium 100mhz - gcc 2.7.0 - UNROLL RISC1 PTR           158,500 1268k/s
+HPUX 10 - 9000/887 - cc - UNROLL [3]                            148,000 1190k/s
+solaris 2.5.1 - sparc 10 50mhz - gcc 2.7.2 - UNROLL             123,600  989k/s
+IRIX 5.3 - R4000 100mhz - cc - UNROLL RISC2 PTR                 101,000  808k/s
+DGUX - 88100 50mhz(?) - gcc 2.6.3 - UNROLL                       81,000  648k/s
+solaris 2.4 486 50mhz - gcc 2.6.3 - assembler                    65,000  522k/s
+HPUX 10 - 9000/887 - k&r cc (default compiler) - UNROLL PTR      76,000  608k/s
+solaris 2.4 486 50mhz - gcc 2.6.3 - UNROLL RISC2                 43,500  344k/s
+AIX - old slow one :-) - cc -                                    39,000  312k/s
+Notes.
+[1] For the ultra sparc, SunC 4.0 
+    cc -xtarget=ultra -xarch=v8plus -Xa -xO5, running 'des_opts'
+    gives a speed of 344,000 des/s while 'speed' gives 459,000 des/s.
+    I'll record the higher since it is coming from the library but it
+    is all rather weird.
+[2] Similar to the ultra sparc ([1]), 181,000 for 'des_opts' vs 175,000.
+[3] I was unable to get access to this machine when it was not heavily loaded.
+    As such, my timing program was never able to get more that %30 of the CPU.
+    This would cause the program to give much lower speed numbers because
+    it would be 'fighting' to stay in the cache with the other CPU burning
+    processes.
diff --git a/src/lib/libcrypto/des/read2pwd.c b/src/lib/libcrypto/des/read2pwd.c
new file mode 100644
index 0000000000..3a63c4016c
--- /dev/null
+++ b/src/lib/libcrypto/des/read2pwd.c
@@ -0,0 +1,139 @@
+/* crypto/des/read2pwd.c */
+/* ====================================================================
+ * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <string.h>
+#include <openssl/des.h>
+#include <openssl/ui.h>
+int DES_read_password(DES_cblock *key, const char *prompt, int verify)
+        {
+        int ok;
+        char buf[BUFSIZ],buff[BUFSIZ];
+        if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+                DES_string_to_key(buf,key);
+        OPENSSL_cleanse(buf,BUFSIZ);
+        OPENSSL_cleanse(buff,BUFSIZ);
+        return(ok);
+        }
+int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt,
+             int verify)
+        {
+        int ok;
+        char buf[BUFSIZ],buff[BUFSIZ];
+        if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+                DES_string_to_2keys(buf,key1,key2);
+        OPENSSL_cleanse(buf,BUFSIZ);
+        OPENSSL_cleanse(buff,BUFSIZ);
+        return(ok);
+        }
diff --git a/src/lib/libcrypto/des/read_pwd.c b/src/lib/libcrypto/des/read_pwd.c
new file mode 100644
index 0000000000..ce5fa00a37
--- /dev/null
+++ b/src/lib/libcrypto/des/read_pwd.c
@@ -0,0 +1,521 @@
+/* crypto/des/read_pwd.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <openssl/e_os2.h>
+#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WIN32)
+#ifdef OPENSSL_UNISTD
+# include OPENSSL_UNISTD
+#else
+# include <unistd.h>
+#endif
+/* If unistd.h defines _POSIX_VERSION, we conclude that we
+ * are on a POSIX system and have sigaction and termios. */
+#if defined(_POSIX_VERSION)
+# define SIGACTION
+# if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
+# define TERMIOS
+# endif
+#endif
+#endif
+/* #define SIGACTION */ /* Define this if you have sigaction() */
+#ifdef WIN16TTY
+#undef OPENSSL_SYS_WIN16
+#undef _WINDOWS
+#include <graph.h>
+#endif
+/* 06-Apr-92 Luke Brennan    Support for VMS */
+#include "des_locl.h"
+#include "cryptlib.h"
+#include <signal.h>
+#include <stdio.h>
+#include <string.h>
+#include <setjmp.h>
+#include <errno.h>
+#ifdef OPENSSL_SYS_VMS                  /* prototypes for sys$whatever */
+#include <starlet.h>
+#ifdef __DECC
+#pragma message disable DOLLARID
+#endif
+#endif
+#ifdef WIN_CONSOLE_BUG
+#include <windows.h>
+#ifndef OPENSSL_SYS_WINCE
+#include <wincon.h>
+#endif
+#endif
+/* There are 5 types of terminal interface supported,
+ * TERMIO, TERMIOS, VMS, MSDOS and SGTTY
+ */
+#if defined(__sgi) && !defined(TERMIOS)
+#define TERMIOS
+#undef  TERMIO
+#undef  SGTTY
+#endif
+#if defined(linux) && !defined(TERMIO)
+#undef  TERMIOS
+#define TERMIO
+#undef  SGTTY
+#endif
+#ifdef _LIBC
+#undef  TERMIOS
+#define TERMIO
+#undef  SGTTY
+#endif
+#if !defined(TERMIO) && !defined(TERMIOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MSDOS) && !defined(MAC_OS_pre_X) && !defined(MAC_OS_GUSI_SOURCE)
+#undef  TERMIOS
+#undef  TERMIO
+#define SGTTY
+#endif
+#if defined(OPENSSL_SYS_VXWORKS)
+#undef TERMIOS
+#undef TERMIO
+#undef SGTTY
+#endif
+#ifdef TERMIOS
+#include <termios.h>
+#define TTY_STRUCT              struct termios
+#define TTY_FLAGS               c_lflag
+#define TTY_get(tty,data)       tcgetattr(tty,data)
+#define TTY_set(tty,data)       tcsetattr(tty,TCSANOW,data)
+#endif
+#ifdef TERMIO
+#include <termio.h>
+#define TTY_STRUCT              struct termio
+#define TTY_FLAGS               c_lflag
+#define TTY_get(tty,data)       ioctl(tty,TCGETA,data)
+#define TTY_set(tty,data)       ioctl(tty,TCSETA,data)
+#endif
+#ifdef SGTTY
+#include <sgtty.h>
+#define TTY_STRUCT              struct sgttyb
+#define TTY_FLAGS               sg_flags
+#define TTY_get(tty,data)       ioctl(tty,TIOCGETP,data)
+#define TTY_set(tty,data)       ioctl(tty,TIOCSETP,data)
+#endif
+#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(MAC_OS_pre_X)
+#include <sys/ioctl.h>
+#endif
+#if defined(OPENSSL_SYS_MSDOS) && !defined(__CYGWIN32__) && !defined(OPENSSL_SYS_WINCE)
+#include <conio.h>
+#define fgets(a,b,c) noecho_fgets(a,b,c)
+#endif
+#ifdef OPENSSL_SYS_VMS
+#include <ssdef.h>
+#include <iodef.h>
+#include <ttdef.h>
+#include <descrip.h>
+struct IOSB {
+        short iosb$w_value;
+        short iosb$w_count;
+        long  iosb$l_info;
+        };
+#endif
+#if defined(MAC_OS_pre_X) || defined(MAC_OS_GUSI_SOURCE)
+/*
+ * This one needs work. As a matter of fact the code is unoperational
+ * and this is only a trick to get it compiled.
+ *                                      <appro@fy.chalmers.se>
+ */
+#define TTY_STRUCT int
+#endif
+#ifndef NX509_SIG
+#define NX509_SIG 32
+#endif
+static void read_till_nl(FILE *);
+static void recsig(int);
+static void pushsig(void);
+static void popsig(void);
+#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16)
+static int noecho_fgets(char *buf, int size, FILE *tty);
+#endif
+#ifdef SIGACTION
+ static struct sigaction savsig[NX509_SIG];
+#else
+  static void (*savsig[NX509_SIG])(int );
+#endif
+static jmp_buf save;
+int des_read_pw_string(char *buf, int length, const char *prompt,
+             int verify)
+        {
+        char buff[BUFSIZ];
+        int ret;
+        ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
+        OPENSSL_cleanse(buff,BUFSIZ);
+        return(ret);
+        }
+#ifdef OPENSSL_SYS_WINCE
+int des_read_pw(char *buf, char *buff, int size, const char *prompt, int verify)
+        { 
+        memset(buf,0,size);
+        memset(buff,0,size);
+        return(0);
+        }
+#elif defined(OPENSSL_SYS_WIN16)
+int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify)
+        { 
+        memset(buf,0,size);
+        memset(buff,0,size);
+        return(0);
+        }
+#else /* !OPENSSL_SYS_WINCE && !OPENSSL_SYS_WIN16 */
+static void read_till_nl(FILE *in)
+        {
+#define SIZE 4
+        char buf[SIZE+1];
+        do      {
+                fgets(buf,SIZE,in);
+                } while (strchr(buf,'\n') == NULL);
+        }
+/* return 0 if ok, 1 (or -1) otherwise */
+int des_read_pw(char *buf, char *buff, int size, const char *prompt,
+             int verify)
+        {
+#ifdef OPENSSL_SYS_VMS
+        struct IOSB iosb;
+        $DESCRIPTOR(terminal,"TT");
+        long tty_orig[3], tty_new[3];
+        long status;
+        unsigned short channel = 0;
+#else
+#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
+        TTY_STRUCT tty_orig,tty_new;
+#endif
+#endif
+        int number;
+        int ok;
+        /* statics are simply to avoid warnings about longjmp clobbering
+           things */
+        static int ps;
+        int is_a_tty;
+        static FILE *tty;
+        char *p;
+        if (setjmp(save))
+                {
+                ok=0;
+                goto error;
+                }
+        number=5;
+        ok=0;
+        ps=0;
+        is_a_tty=1;
+        tty=NULL;
+#ifdef OPENSSL_SYS_MSDOS
+        if ((tty=fopen("con","r")) == NULL)
+                tty=stdin;
+#elif defined(MAC_OS_pre_X) || defined(OPENSSL_SYS_VXWORKS)
+        tty=stdin;
+#else
+#ifndef OPENSSL_SYS_MPE
+        if ((tty=fopen("/dev/tty","r")) == NULL)
+#endif
+                tty=stdin;
+#endif
+#if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)
+        if (TTY_get(fileno(tty),&tty_orig) == -1)
+                {
+#ifdef ENOTTY
+                if (errno == ENOTTY)
+                        is_a_tty=0;
+                else
+#endif
+#ifdef EINVAL
+                /* Ariel Glenn ariel@columbia.edu reports that solaris
+                 * can return EINVAL instead.  This should be ok */
+                if (errno == EINVAL)
+                        is_a_tty=0;
+                else
+#endif
+                        return(-1);
+                }
+        memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));
+#endif
+#ifdef OPENSSL_SYS_VMS
+        status = sys$assign(&terminal,&channel,0,0);
+        if (status != SS$_NORMAL)
+                return(-1);
+        status=sys$qiow(0,channel,IO$_SENSEMODE,&iosb,0,0,tty_orig,12,0,0,0,0);
+        if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+                return(-1);
+#endif
+        pushsig();
+        ps=1;
+#ifdef TTY_FLAGS
+        tty_new.TTY_FLAGS &= ~ECHO;
+#endif
+#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+        if (is_a_tty && (TTY_set(fileno(tty),&tty_new) == -1))
+#ifdef OPENSSL_SYS_MPE 
+                ; /* MPE lies -- echo really has been disabled */
+#else
+                return(-1);
+#endif
+#endif
+#ifdef OPENSSL_SYS_VMS
+        tty_new[0] = tty_orig[0];
+        tty_new[1] = tty_orig[1] | TT$M_NOECHO;
+        tty_new[2] = tty_orig[2];
+        status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0);
+        if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+                return(-1);
+#endif
+        ps=2;
+        while ((!ok) && (number--))
+                {
+                fputs(prompt,stderr);
+                fflush(stderr);
+                buf[0]='\0';
+                fgets(buf,size,tty);
+                if (feof(tty)) goto error;
+                if (ferror(tty)) goto error;
+                if ((p=(char *)strchr(buf,'\n')) != NULL)
+                        *p='\0';
+                else    read_till_nl(tty);
+                if (verify)
+                        {
+                        fprintf(stderr,"\nVerifying password - %s",prompt);
+                        fflush(stderr);
+                        buff[0]='\0';
+                        fgets(buff,size,tty);
+                        if (feof(tty)) goto error;
+                        if ((p=(char *)strchr(buff,'\n')) != NULL)
+                                *p='\0';
+                        else    read_till_nl(tty);
+                                
+                        if (strcmp(buf,buff) != 0)
+                                {
+                                fprintf(stderr,"\nVerify failure");
+                                fflush(stderr);
+                                break;
+                                /* continue; */
+                                }
+                        }
+                ok=1;
+                }
+error:
+        fprintf(stderr,"\n");
+#if 0
+        perror("fgets(tty)");
+#endif
+        /* What can we do if there is an error? */
+#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+        if (ps >= 2) TTY_set(fileno(tty),&tty_orig);
+#endif
+#ifdef OPENSSL_SYS_VMS
+        if (ps >= 2)
+                status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0
+                        ,tty_orig,12,0,0,0,0);
+#endif
+        
+        if (ps >= 1) popsig();
+        if (stdin != tty) fclose(tty);
+#ifdef OPENSSL_SYS_VMS
+        status = sys$dassgn(channel);
+#endif
+        return(!ok);
+        }
+static void pushsig(void)
+        {
+        int i;
+#ifdef SIGACTION
+        struct sigaction sa;
+        memset(&sa,0,sizeof sa);
+        sa.sa_handler=recsig;
+#endif
+        for (i=1; i<NX509_SIG; i++)
+                {
+#ifdef SIGUSR1
+                if (i == SIGUSR1)
+                        continue;
+#endif
+#ifdef SIGUSR2
+                if (i == SIGUSR2)
+                        continue;
+#endif
+#ifdef SIGACTION
+                sigaction(i,&sa,&savsig[i]);
+#else
+                savsig[i]=signal(i,recsig);
+#endif
+                }
+#ifdef SIGWINCH
+        signal(SIGWINCH,SIG_DFL);
+#endif
+        }
+static void popsig(void)
+        {
+        int i;
+        for (i=1; i<NX509_SIG; i++)
+                {
+#ifdef SIGUSR1
+                if (i == SIGUSR1)
+                        continue;
+#endif
+#ifdef SIGUSR2
+                if (i == SIGUSR2)
+                        continue;
+#endif
+#ifdef SIGACTION
+                sigaction(i,&savsig[i],NULL);
+#else
+                signal(i,savsig[i]);
+#endif
+                }
+        }
+static void recsig(int i)
+        {
+        longjmp(save,1);
+#ifdef LINT
+        i=i;
+#endif
+        }
+#ifdef OPENSSL_SYS_MSDOS
+static int noecho_fgets(char *buf, int size, FILE *tty)
+        {
+        int i;
+        char *p;
+        p=buf;
+        for (;;)
+                {
+                if (size == 0)
+                        {
+                        *p='\0';
+                        break;
+                        }
+                size--;
+#ifdef WIN16TTY
+                i=_inchar();
+#else
+                i=getch();
+#endif
+                if (i == '\r') i='\n';
+                *(p++)=i;
+                if (i == '\n')
+                        {
+                        *p='\0';
+                        break;
+                        }
+                }
+#ifdef WIN_CONSOLE_BUG
+/* Win95 has several evil console bugs: one of these is that the
+ * last character read using getch() is passed to the next read: this is
+ * usually a CR so this can be trouble. No STDIO fix seems to work but
+ * flushing the console appears to do the trick.
+ */
+                {
+                        HANDLE inh;
+                        inh = GetStdHandle(STD_INPUT_HANDLE);
+                        FlushConsoleInputBuffer(inh);
+                }
+#endif
+        return(strlen(buf));
+        }
+#endif
+#endif /* !OPENSSL_SYS_WINCE && !WIN16 */
diff --git a/src/lib/libcrypto/des/rpc_des.h b/src/lib/libcrypto/des/rpc_des.h
new file mode 100644
index 0000000000..4cbb4d2dcd
--- /dev/null
+++ b/src/lib/libcrypto/des/rpc_des.h
@@ -0,0 +1,131 @@
+/* crypto/des/rpc_des.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/*  @(#)des.h   2.2 88/08/10 4.0 RPCSRC; from 2.7 88/02/08 SMI  */
+/*
+ * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
+ * unrestricted use provided that this legend is included on all tape
+ * media and as a part of the software program in whole or part.  Users
+ * may copy or modify Sun RPC without charge, but are not authorized
+ * to license or distribute it to anyone else except as part of a product or
+ * program developed by the user.
+ * 
+ * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
+ * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
+ * 
+ * Sun RPC is provided with no support and without any obligation on the
+ * part of Sun Microsystems, Inc. to assist in its use, correction,
+ * modification or enhancement.
+ * 
+ * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
+ * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
+ * OR ANY PART THEREOF.
+ * 
+ * In no event will Sun Microsystems, Inc. be liable for any lost revenue
+ * or profits or other special, indirect and consequential damages, even if
+ * Sun has been advised of the possibility of such damages.
+ * 
+ * Sun Microsystems, Inc.
+ * 2550 Garcia Avenue
+ * Mountain View, California  94043
+ */
+/*
+ * Generic DES driver interface
+ * Keep this file hardware independent!
+ * Copyright (c) 1986 by Sun Microsystems, Inc.
+ */
+#define DES_MAXLEN      65536   /* maximum # of bytes to encrypt  */
+#define DES_QUICKLEN    16      /* maximum # of bytes to encrypt quickly */
+#ifdef HEADER_DES_H
+#undef ENCRYPT
+#undef DECRYPT
+#endif
+enum desdir { ENCRYPT, DECRYPT };
+enum desmode { CBC, ECB };
+/*
+ * parameters to ioctl call
+ */
+struct desparams {
+        unsigned char des_key[8];       /* key (with low bit parity) */
+        enum desdir des_dir;    /* direction */
+        enum desmode des_mode;  /* mode */
+        unsigned char des_ivec[8];      /* input vector */
+        unsigned des_len;       /* number of bytes to crypt */
+        union {
+                unsigned char UDES_data[DES_QUICKLEN];
+                unsigned char *UDES_buf;
+        } UDES;
+#       define des_data UDES.UDES_data  /* direct data here if quick */
+#       define des_buf  UDES.UDES_buf   /* otherwise, pointer to data */
+};
+/*
+ * Encrypt an arbitrary sized buffer
+ */
+#define DESIOCBLOCK     _IOWR(d, 6, struct desparams)
+/* 
+ * Encrypt of small amount of data, quickly
+ */
+#define DESIOCQUICK     _IOWR(d, 7, struct desparams) 
diff --git a/src/lib/libcrypto/des/rpc_enc.c b/src/lib/libcrypto/des/rpc_enc.c
new file mode 100644
index 0000000000..d937d08da5
--- /dev/null
+++ b/src/lib/libcrypto/des/rpc_enc.c
@@ -0,0 +1,98 @@
+/* crypto/des/rpc_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "rpc_des.h"
+#include "des_locl.h"
+#include "des_ver.h"
+int _des_crypt(char *buf,int len,struct desparams *desp);
+int _des_crypt(char *buf, int len, struct desparams *desp)
+        {
+        DES_key_schedule ks;
+        int enc;
+        DES_set_key_unchecked(&desp->des_key,&ks);
+        enc=(desp->des_dir == ENCRYPT)?DES_ENCRYPT:DES_DECRYPT;
+        if (desp->des_mode == CBC)
+                DES_ecb_encrypt((const_DES_cblock *)desp->UDES.UDES_buf,
+                                (DES_cblock *)desp->UDES.UDES_buf,&ks,
+                                enc);
+        else
+                {
+                DES_ncbc_encrypt(desp->UDES.UDES_buf,desp->UDES.UDES_buf,
+                                len,&ks,&desp->des_ivec,enc);
+#ifdef undef
+                /* len will always be %8 if called from common_crypt
+                 * in secure_rpc.
+                 * Libdes's cbc encrypt does not copy back the iv,
+                 * so we have to do it here. */
+                /* It does now :-) eay 20/09/95 */
+                a=(char *)&(desp->UDES.UDES_buf[len-8]);
+                b=(char *)&(desp->des_ivec[0]);
+                *(a++)= *(b++); *(a++)= *(b++);
+                *(a++)= *(b++); *(a++)= *(b++);
+                *(a++)= *(b++); *(a++)= *(b++);
+                *(a++)= *(b++); *(a++)= *(b++);
+#endif
+                }
+        return(1);      
+        }
diff --git a/src/lib/libcrypto/des/rpw.c b/src/lib/libcrypto/des/rpw.c
new file mode 100644
index 0000000000..8a9473c4f9
--- /dev/null
+++ b/src/lib/libcrypto/des/rpw.c
@@ -0,0 +1,99 @@
+/* crypto/des/rpw.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <openssl/des.h>
+int main(int argc, char *argv[])
+        {
+        DES_cblock k,k1;
+        int i;
+        printf("read passwd\n");
+        if ((i=des_read_password(&k,"Enter password:",0)) == 0)
+                {
+                printf("password = ");
+                for (i=0; i<8; i++)
+                        printf("%02x ",k[i]);
+                }
+        else
+                printf("error %d\n",i);
+        printf("\n");
+        printf("read 2passwds and verify\n");
+        if ((i=des_read_2passwords(&k,&k1,
+                "Enter verified password:",1)) == 0)
+                {
+                printf("password1 = ");
+                for (i=0; i<8; i++)
+                        printf("%02x ",k[i]);
+                printf("\n");
+                printf("password2 = ");
+                for (i=0; i<8; i++)
+                        printf("%02x ",k1[i]);
+                printf("\n");
+                exit(1);
+                }
+        else
+                {
+                printf("error %d\n",i);
+                exit(0);
+                }
+#ifdef LINT
+        return(0);
+#endif
+        }
diff --git a/src/lib/libcrypto/des/set_key.c b/src/lib/libcrypto/des/set_key.c
index a43ef3c881..8881d46a7a 100644
--- a/src/lib/libcrypto/des/set_key.c
+++ b/src/lib/libcrypto/des/set_key.c
@@ -65,6 +65,8 @@
 */
 #include "des_locl.h"
+#ifndef OPENSSL_FIPS
 OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key);    /* defaults to false */
 static const unsigned char odd_parity[256]={
@@ -87,7 +89,7 @@ static const unsigned char odd_parity[256]={
 void DES_set_odd_parity(DES_cblock *key)
        {
-        unsigned int i;
+        int i;
        for (i=0; i<DES_KEY_SZ; i++)
                (*key)[i]=odd_parity[(*key)[i]];
@@ -95,7 +97,7 @@ void DES_set_odd_parity(DES_cblock *key)
 int DES_check_key_parity(const_DES_cblock *key)
        {
-        unsigned int i;
+        int i;
        for (i=0; i<DES_KEY_SZ; i++)
                {
@@ -115,7 +117,7 @@ int DES_check_key_parity(const_DES_cblock *key)
 * (and actual cblock values).
 */
 #define NUM_WEAK_KEY    16
-static const DES_cblock weak_keys[NUM_WEAK_KEY]={
+static DES_cblock weak_keys[NUM_WEAK_KEY]={
        /* weak keys */
        {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
        {0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE},
@@ -405,3 +407,5 @@ void des_fixup_key_parity(des_cblock *key)
        des_set_odd_parity(key);
        }
 */
+#endif /* ndef OPENSSL_FIPS */
diff --git a/src/lib/libcrypto/des/speed.c b/src/lib/libcrypto/des/speed.c
new file mode 100644
index 0000000000..48fc1d49fc
--- /dev/null
+++ b/src/lib/libcrypto/des/speed.c
@@ -0,0 +1,310 @@
+/* crypto/des/speed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+#define TIMES
+#endif
+#include <stdio.h>
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+#include <signal.h>
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.                           -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#include <openssl/des.h>
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# ifndef CLK_TCK
+#  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
+#   define HZ   100.0
+#  else /* _BSD_CLK_TCK_ */
+#   define HZ ((double)_BSD_CLK_TCK_)
+#  endif
+# else /* CLK_TCK */
+#  define HZ ((double)CLK_TCK)
+# endif
+#endif
+#define BUFSIZE ((long)1024)
+long run=0;
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+#define START   0
+#define STOP    1
+double Time_F(int s)
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+int main(int argc, char **argv)
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+        static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+        static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+        DES_key_schedule sch,sch2,sch3;
+        double a,b,c,d,e;
+#ifndef SIGALRM
+        long ca,cb,cc,cd,ce;
+#endif
+#ifndef TIMES
+        printf("To get the most accurate results, try to run this\n");
+        printf("program when this computer is idle.\n");
+#endif
+        DES_set_key_unchecked(&key2,&sch2);
+        DES_set_key_unchecked(&key3,&sch3);
+#ifndef SIGALRM
+        printf("First we calculate the approximate speed ...\n");
+        DES_set_key_unchecked(&key,&sch);
+        count=10;
+        do      {
+                long i;
+                DES_LONG data[2];
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        DES_encrypt1(data,&sch,DES_ENCRYPT);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count;
+        cb=count*3;
+        cc=count*3*8/BUFSIZE+1;
+        cd=count*8/BUFSIZE+1;
+        ce=count/20+1;
+        printf("Doing set_key %ld times\n",ca);
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        printf("Doing set_key for 10 seconds\n");
+        alarm(10);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(ca); count++)
+                DES_set_key_unchecked(&key,&sch);
+        d=Time_F(STOP);
+        printf("%ld set_key's in %.2f seconds\n",count,d);
+        a=((double)COUNT(ca))/d;
+#ifdef SIGALRM
+        printf("Doing DES_encrypt's for 10 seconds\n");
+        alarm(10);
+#else
+        printf("Doing DES_encrypt %ld times\n",cb);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cb); count++)
+                {
+                DES_LONG data[2];
+                DES_encrypt1(data,&sch,DES_ENCRYPT);
+                }
+        d=Time_F(STOP);
+        printf("%ld DES_encrypt's in %.2f second\n",count,d);
+        b=((double)COUNT(cb)*8)/d;
+#ifdef SIGALRM
+        printf("Doing DES_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+                BUFSIZE);
+        alarm(10);
+#else
+        printf("Doing DES_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+                BUFSIZE);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cc); count++)
+                DES_ncbc_encrypt(buf,buf,BUFSIZE,&sch,
+                        &key,DES_ENCRYPT);
+        d=Time_F(STOP);
+        printf("%ld DES_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+                count,BUFSIZE,d);
+        c=((double)COUNT(cc)*BUFSIZE)/d;
+#ifdef SIGALRM
+        printf("Doing DES_ede_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+                BUFSIZE);
+        alarm(10);
+#else
+        printf("Doing DES_ede_cbc_encrypt %ld times on %ld byte blocks\n",cd,
+                BUFSIZE);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cd); count++)
+                DES_ede3_cbc_encrypt(buf,buf,BUFSIZE,
+                        &sch,
+                        &sch2,
+                        &sch3,
+                        &key,
+                        DES_ENCRYPT);
+        d=Time_F(STOP);
+        printf("%ld DES_ede_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+                count,BUFSIZE,d);
+        d=((double)COUNT(cd)*BUFSIZE)/d;
+#ifdef SIGALRM
+        printf("Doing crypt for 10 seconds\n");
+        alarm(10);
+#else
+        printf("Doing crypt %ld times\n",ce);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(ce); count++)
+                crypt("testing1","ef");
+        e=Time_F(STOP);
+        printf("%ld crypts in %.2f second\n",count,e);
+        e=((double)COUNT(ce))/e;
+        printf("set_key            per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
+        printf("DES raw ecb bytes  per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
+        printf("DES cbc bytes      per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
+        printf("DES ede cbc bytes  per sec = %12.2f (%9.3fuS)\n",d,8.0e6/d);
+        printf("crypt              per sec = %12.2f (%9.3fuS)\n",e,1.0e6/e);
+        exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libcrypto/des/str2key.c b/src/lib/libcrypto/des/str2key.c
index 9c2054bda6..0373db469c 100644
--- a/src/lib/libcrypto/des/str2key.c
+++ b/src/lib/libcrypto/des/str2key.c
@@ -57,7 +57,6 @@
 */
 #include "des_locl.h"
-#include <openssl/crypto.h>
 void DES_string_to_key(const char *str, DES_cblock *key)
        {
diff --git a/src/lib/libcrypto/des/t/test b/src/lib/libcrypto/des/t/test
new file mode 100644
index 0000000000..97acd0552e
--- /dev/null
+++ b/src/lib/libcrypto/des/t/test
@@ -0,0 +1,27 @@
+#!./perl
+BEGIN { push(@INC, qw(../../../lib ../../lib ../lib lib)); }
+use DES;
+$key='00000000';
+$ks=DES::set_key($key);
+@a=split(//,$ks);
+foreach (@a) { printf "%02x-",ord($_); }
+print "\n";
+$key=DES::random_key();
+print "($_)\n";
+@a=split(//,$key);
+foreach (@a) { printf "%02x-",ord($_); }
+print "\n";
+$str="this is and again into the breach";
+($k1,$k2)=DES::string_to_2keys($str);
+@a=split(//,$k1);
+foreach (@a) { printf "%02x-",ord($_); }
+print "\n";
+@a=split(//,$k2);
+foreach (@a) { printf "%02x-",ord($_); }
+print "\n";
diff --git a/src/lib/libcrypto/des/times/486-50.sol b/src/lib/libcrypto/des/times/486-50.sol
new file mode 100644
index 0000000000..0de62d6db3
--- /dev/null
+++ b/src/lib/libcrypto/des/times/486-50.sol
@@ -0,0 +1,16 @@
+Solaris 2.4, 486 50mhz, gcc 2.6.3
+options    des ecb/s
+16 r2 i     43552.51 100.0%
+16 r1 i     43487.45  99.9%
+16  c p     43003.23  98.7%
+16 r2 p     42339.00  97.2%
+16  c i     41900.91  96.2%
+16 r1 p     41360.64  95.0%
+ 4  c i     38728.48  88.9%
+ 4  c p     38225.63  87.8%
+ 4 r1 i     38085.79  87.4%
+ 4 r2 i     37825.64  86.9%
+ 4 r2 p     34611.00  79.5%
+ 4 r1 p     31802.00  73.0%
+-DDES_UNROLL -DDES_RISC2
diff --git a/src/lib/libcrypto/des/times/586-100.lnx b/src/lib/libcrypto/des/times/586-100.lnx
new file mode 100644
index 0000000000..4323914a11
--- /dev/null
+++ b/src/lib/libcrypto/des/times/586-100.lnx
@@ -0,0 +1,20 @@
+Pentium 100
+Linux 2 kernel
+gcc 2.7.0 -O3 -fomit-frame-pointer
+No X server running, just a console, it makes the top speed jump from 151,000
+to 158,000 :-).
+options    des ecb/s
+assember   281000.00 177.1%
+16 r1 p    158667.40 100.0%
+16 r1 i    148471.70  93.6%
+16 r2 p    143961.80  90.7%
+16 r2 i    141689.20  89.3%
+ 4 r1 i    140100.00  88.3%
+ 4 r2 i    134049.40  84.5%
+16  c i    124145.20  78.2%
+16  c p    121584.20  76.6%
+ 4  c i    118116.00  74.4%
+ 4 r2 p    117977.90  74.4%
+ 4  c p    114971.40  72.5%
+ 4 r1 p    114578.40  72.2%
+-DDES_UNROLL -DDES_RISC1 -DDES_PTR
diff --git a/src/lib/libcrypto/des/times/686-200.fre b/src/lib/libcrypto/des/times/686-200.fre
new file mode 100644
index 0000000000..7d83f6adee
--- /dev/null
+++ b/src/lib/libcrypto/des/times/686-200.fre
@@ -0,0 +1,18 @@
+Pentium 100
+Free BSD 2.1.5 kernel
+gcc 2.7.2.2 -O3 -fomit-frame-pointer
+options    des ecb/s
+assember   578000.00 133.1%
+16 r2 i    434454.80 100.0%
+16 r1 i    433621.43  99.8%
+16 r2 p    431375.69  99.3%
+ 4 r1 i    423722.30  97.5%
+ 4 r2 i    422399.40  97.2%
+16 r1 p    421739.40  97.1%
+16  c i    399027.94  91.8%
+16  c p    372251.70  85.7%
+ 4  c i    365118.35  84.0%
+ 4  c p    352880.51  81.2%
+ 4 r2 p    255104.90  58.7%
+ 4 r1 p    251289.18  57.8%
+-DDES_UNROLL -DDES_RISC2
diff --git a/src/lib/libcrypto/des/times/aix.cc b/src/lib/libcrypto/des/times/aix.cc
new file mode 100644
index 0000000000..d96b74e2ce
--- /dev/null
+++ b/src/lib/libcrypto/des/times/aix.cc
@@ -0,0 +1,26 @@
+From: Paco Garcia <pgarcia@cam.es>
+This machine is a Bull Estrella  Minitower Model MT604-100
+Processor        : PPC604 
+P.Speed          : 100Mhz 
+Data/Instr Cache :    16 K
+L2 Cache         :   256 K
+PCI BUS Speed    :    33 Mhz
+TransfRate PCI   :   132 MB/s
+Memory           :    96 MB
+options    des ecb/s       
+ 4  c p    275118.61 100.0%
+ 4  c i    273545.07  99.4%
+ 4 r2 p    270441.02  98.3%
+ 4 r1 p    253052.15  92.0%
+ 4 r2 i    240842.97  87.5%
+ 4 r1 i    240556.66  87.4%
+16  c i    224603.99  81.6%
+16  c p    224483.98  81.6%
+16 r2 p    215691.19  78.4%
+16 r1 p    208332.83  75.7%
+16 r1 i    199206.50  72.4%
+16 r2 i    198963.70  72.3%
+-DDES_PTR
diff --git a/src/lib/libcrypto/des/times/alpha.cc b/src/lib/libcrypto/des/times/alpha.cc
new file mode 100644
index 0000000000..95c17efae7
--- /dev/null
+++ b/src/lib/libcrypto/des/times/alpha.cc
@@ -0,0 +1,18 @@
+cc -O2
+DES_LONG is 'unsigned int'
+options    des ecb/s
+ 4 r2 p    181146.14 100.0%
+16 r2 p    172102.94  95.0%
+ 4 r2 i    165424.11  91.3%
+16  c p    160468.64  88.6%
+ 4  c p    156653.59  86.5%
+ 4  c i    155245.18  85.7%
+ 4 r1 p    154729.68  85.4%
+16 r2 i    154137.69  85.1%
+16 r1 p    152357.96  84.1%
+16  c i    148743.91  82.1%
+ 4 r1 i    146695.59  81.0%
+16 r1 i    144961.00  80.0%
+-DDES_RISC2 -DDES_PTR
diff --git a/src/lib/libcrypto/des/times/hpux.cc b/src/lib/libcrypto/des/times/hpux.cc
new file mode 100644
index 0000000000..3de856ddac
--- /dev/null
+++ b/src/lib/libcrypto/des/times/hpux.cc
@@ -0,0 +1,17 @@
+HPUX 10 - 9000/887 - cc -D_HPUX_SOURCE -Aa +ESlit +O2 -Wl,-a,archive
+options    des ecb/s
+16  c i    149448.90 100.0%
+ 4  c i    145861.79  97.6%
+16 r2 i    141710.96  94.8%
+16 r1 i    139455.33  93.3%
+ 4 r2 i    138800.00  92.9%
+ 4 r1 i    136692.65  91.5%
+16 r2 p    110228.17  73.8%
+16 r1 p    109397.07  73.2%
+16  c p    109209.89  73.1%
+ 4  c p    108014.71  72.3%
+ 4 r2 p    107873.88  72.2%
+ 4 r1 p    107685.83  72.1%
+-DDES_UNROLL
diff --git a/src/lib/libcrypto/des/times/sparc.gcc b/src/lib/libcrypto/des/times/sparc.gcc
new file mode 100644
index 0000000000..8eaa042104
--- /dev/null
+++ b/src/lib/libcrypto/des/times/sparc.gcc
@@ -0,0 +1,17 @@
+solaris 2.5.1 - sparc 10 50mhz - gcc 2.7.2
+options    des ecb/s
+16  c i    124382.70 100.0%
+ 4  c i    118884.68  95.6%
+16  c p    112261.20  90.3%
+16 r2 i    111777.10  89.9%
+16 r2 p    108896.30  87.5%
+16 r1 p    108791.59  87.5%
+ 4  c p    107290.10  86.3%
+ 4 r1 p    104583.80  84.1%
+16 r1 i    104206.20  83.8%
+ 4 r2 p    103709.80  83.4%
+ 4 r2 i     98306.43  79.0%
+ 4 r1 i     91525.80  73.6%
+-DDES_UNROLL
+      
diff --git a/src/lib/libcrypto/des/times/usparc.cc b/src/lib/libcrypto/des/times/usparc.cc
new file mode 100644
index 0000000000..0864285ef6
--- /dev/null
+++ b/src/lib/libcrypto/des/times/usparc.cc
@@ -0,0 +1,31 @@
+solaris 2.5.1 usparc 167mhz?? - SC4.0 cc -fast -Xa -xO5
+For the ultra sparc, SunC 4.0 cc -fast -Xa -xO5, running 'des_opts'
+gives a speed of 475,000 des/s while 'speed' gives 417,000 des/s.
+I believe the difference is tied up in optimisation that the compiler
+is able to perform when the code is 'inlined'.  For 'speed', the DES
+routines are being linked from a library.  I'll record the higher
+speed since if performance is everything, you can always inline
+'des_enc.c'.
+[ 16-Jan-06 - I've been playing with the
+  '-xtarget=ultra -xarch=v8plus -Xa -xO5 -Xa'
+  and while it makes the des_opts numbers much slower, it makes the
+  actual 'speed' numbers look better which is a realistic version of
+  using the libraries. ]
+options    des ecb/s
+16 r1 p    475516.90 100.0%
+16 r2 p    439388.10  92.4%
+16  c i    427001.40  89.8%
+16  c p    419516.50  88.2%
+ 4 r2 p    409491.70  86.1%
+ 4 r1 p    404266.90  85.0%
+ 4  c p    398121.00  83.7%
+ 4  c i    370588.40  77.9%
+ 4 r1 i    362742.20  76.3%
+16 r2 i    331275.50  69.7%
+16 r1 i    324730.60  68.3%
+ 4 r2 i     63535.10  13.4%     <-- very very weird, must be cache problems.
+-DDES_UNROLL -DDES_RISC1 -DDES_PTR
diff --git a/src/lib/libcrypto/des/typemap b/src/lib/libcrypto/des/typemap
new file mode 100644
index 0000000000..a524f53634
--- /dev/null
+++ b/src/lib/libcrypto/des/typemap
@@ -0,0 +1,34 @@
+#
+# DES SECTION
+#
+deschar *       T_DESCHARP
+des_cblock *    T_CBLOCK
+des_cblock      T_CBLOCK
+des_key_schedule        T_SCHEDULE
+des_key_schedule *      T_SCHEDULE
+INPUT
+T_CBLOCK
+        $var=(des_cblock *)SvPV($arg,len);
+        if (len < DES_KEY_SZ)
+                {
+                croak(\"$var needs to be at least %u bytes long\",DES_KEY_SZ);
+                }
+T_SCHEDULE
+        $var=(des_key_schedule *)SvPV($arg,len);
+        if (len < DES_SCHEDULE_SZ)
+                {
+                croak(\"$var needs to be at least %u bytes long\",
+                        DES_SCHEDULE_SZ);
+                }
+OUTPUT
+T_CBLOCK
+        sv_setpvn($arg,(char *)$var,DES_KEY_SZ);
+T_SCHEDULE
+        sv_setpvn($arg,(char *)$var,DES_SCHEDULE_SZ);
+T_DESCHARP
+        sv_setpvn($arg,(char *)$var,len);
diff --git a/src/lib/libcrypto/des/xcbc_enc.c b/src/lib/libcrypto/des/xcbc_enc.c
index dc0c761b71..47246eb466 100644
--- a/src/lib/libcrypto/des/xcbc_enc.c
+++ b/src/lib/libcrypto/des/xcbc_enc.c
@@ -60,7 +60,6 @@
 /* RSA's DESX */
-#if 0 /* broken code, preserved just in case anyone specifically looks for this */
 static unsigned char desx_white_in2out[256]={
 0xBD,0x56,0xEA,0xF2,0xA2,0xF1,0xAC,0x2A,0xB0,0x93,0xD1,0x9C,0x1B,0x33,0xFD,0xD0,
 0x30,0x04,0xB6,0xDC,0x7D,0xDF,0x32,0x4B,0xF7,0xCB,0x45,0x9B,0x31,0xBB,0x21,0x5A,
@@ -99,7 +98,7 @@ void DES_xwhite_in2out(const_DES_cblock *des_key, const_DES_cblock *in_white,
                }
        out0=out[0];
-        out1=out[i]; /* BUG: out-of-bounds read */
+        out1=out[i];
        for (i=0; i<8; i++)
                {
                out[i]=in[i]^desx_white_in2out[out0^out1];
@@ -107,7 +106,6 @@ void DES_xwhite_in2out(const_DES_cblock *des_key, const_DES_cblock *in_white,
                out1=(int)out[i&0x07];
                }
        }
-#endif
 void DES_xcbc_encrypt(const unsigned char *in, unsigned char *out,
                      long length, DES_key_schedule *schedule,
diff --git a/src/lib/libcrypto/dh/Makefile b/src/lib/libcrypto/dh/Makefile
new file mode 100644
index 0000000000..d368e33b4c
--- /dev/null
+++ b/src/lib/libcrypto/dh/Makefile
@@ -0,0 +1,133 @@
+#
+# OpenSSL/crypto/dh/Makefile
+#
+DIR=    dh
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST= dhtest.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c
+LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o dh_depr.o
+SRC= $(LIBSRC)
+EXHEADER= dh.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+dh_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+dh_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+dh_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dh_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dh_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dh_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dh_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_asn1.c
+dh_check.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_check.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_check.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_check.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_check.o: ../../include/openssl/opensslconf.h
+dh_check.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_check.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_check.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_check.c
+dh_depr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_depr.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_depr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_depr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_depr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dh_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dh_depr.o: ../cryptlib.h dh_depr.c
+dh_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+dh_err.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dh_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dh_err.o: dh_err.c
+dh_gen.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_gen.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_gen.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dh_gen.o: ../cryptlib.h dh_gen.c
+dh_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_key.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_key.c
+dh_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_lib.c
diff --git a/src/lib/libcrypto/dh/Makefile.ssl b/src/lib/libcrypto/dh/Makefile.ssl
new file mode 100644
index 0000000000..e05fc01a12
--- /dev/null
+++ b/src/lib/libcrypto/dh/Makefile.ssl
@@ -0,0 +1,133 @@
+#
+# SSLeay/crypto/dh/Makefile
+#
+DIR=    dh
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST= dhtest.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c
+LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o
+SRC= $(LIBSRC)
+EXHEADER= dh.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+dh_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+dh_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+dh_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dh_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dh_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dh_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dh_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_asn1.c
+dh_check.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_check.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_check.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_check.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_check.o: ../../include/openssl/opensslconf.h
+dh_check.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_check.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_check.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_check.c
+dh_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dh_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dh_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_err.o: ../../include/openssl/symhacks.h dh_err.c
+dh_gen.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_gen.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_gen.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dh_gen.o: ../cryptlib.h dh_gen.c
+dh_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_key.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_key.c
+dh_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dh_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dh_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+dh_lib.o: ../cryptlib.h dh_lib.c
diff --git a/src/lib/libcrypto/dh/dh.h b/src/lib/libcrypto/dh/dh.h
index ccdf35ae1c..582b34329f 100644
--- a/src/lib/libcrypto/dh/dh.h
+++ b/src/lib/libcrypto/dh/dh.h
@@ -59,8 +59,6 @@
 #ifndef HEADER_DH_H
 #define HEADER_DH_H
-#include <openssl/e_os2.h>
 #ifdef OPENSSL_NO_DH
 #error DH is disabled.
 #endif
@@ -68,14 +66,11 @@
 #ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
-#include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
 #include <openssl/bn.h>
-#endif
+#include <openssl/crypto.h>
+#include <openssl/ossl_typ.h>
        
-#ifndef OPENSSL_DH_MAX_MODULUS_BITS
+#define OPENSSL_DH_MAX_MODULUS_BITS     10000
-# define OPENSSL_DH_MAX_MODULUS_BITS    10000
-#endif
 #define DH_FLAG_CACHE_MONT_P     0x01
 #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
@@ -90,12 +85,9 @@
 extern "C" {
 #endif
-/* Already defined in ossl_typ.h */
+typedef struct dh_st DH;
-/* typedef struct dh_st DH; */
-/* typedef struct dh_method DH_METHOD; */
-struct dh_method
+typedef struct dh_method {
-        {
        const char *name;
        /* Methods here */
        int (*generate_key)(DH *dh);
@@ -108,9 +100,7 @@ struct dh_method
        int (*finish)(DH *dh);
        int flags;
        char *app_data;
-        /* If this is non-NULL, it will be used to generate parameters */
+} DH_METHOD;
-        int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb);
-        };
 struct dh_st
        {
@@ -120,12 +110,12 @@ struct dh_st
        int version;
        BIGNUM *p;
        BIGNUM *g;
-        long length; /* optional */
+        int length; /* optional */
        BIGNUM *pub_key;        /* g^x */
        BIGNUM *priv_key;       /* x */
        int flags;
-        BN_MONT_CTX *method_mont_p;
+        char *method_mont_p;
        /* Place holders if we want to do X9.42 DH */
        BIGNUM *q;
        BIGNUM *j;
@@ -157,13 +147,21 @@ struct dh_st
   this for backward compatibility: */
 #define DH_CHECK_P_NOT_STRONG_PRIME     DH_CHECK_P_NOT_SAFE_PRIME
-#define DHparams_dup(x) ASN1_dup_of_const(DH,i2d_DHparams,d2i_DHparams,x)
+#define DHparams_dup(x) (DH *)ASN1_dup((int (*)())i2d_DHparams, \
+                (char *(*)())d2i_DHparams,(char *)(x))
 #define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
                (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x))
 #define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \
                (unsigned char *)(x))
-#define d2i_DHparams_bio(bp,x) ASN1_d2i_bio_of(DH,DH_new,d2i_DHparams,bp,x)
+#define d2i_DHparams_bio(bp,x) (DH *)ASN1_d2i_bio((char *(*)())DH_new, \
-#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)
+                (char *(*)())d2i_DHparams,(bp),(unsigned char **)(x))
+#ifdef  __cplusplus
+#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio((int (*)())i2d_DHparams,(bp), \
+                (unsigned char *)(x))
+#else
+#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio(i2d_DHparams,(bp), \
+                (unsigned char *)(x))
+#endif
 const DH_METHOD *DH_OpenSSL(void);
@@ -180,16 +178,8 @@ int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 int DH_set_ex_data(DH *d, int idx, void *arg);
 void *DH_get_ex_data(DH *d, int idx);
-/* Deprecated version */
-#ifndef OPENSSL_NO_DEPRECATED
 DH *    DH_generate_parameters(int prime_len,int generator,
                void (*callback)(int,int,void *),void *cb_arg);
-#endif /* !defined(OPENSSL_NO_DEPRECATED) */
-/* New version */
-int     DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb);
 int     DH_check(const DH *dh,int *codes);
 int     DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes);
 int     DH_generate_key(DH *dh);
@@ -214,19 +204,18 @@ void ERR_load_DH_strings(void);
 /* Error codes for the DH functions. */
 /* Function codes. */
-#define DH_F_COMPUTE_KEY                                 102
 #define DH_F_DHPARAMS_PRINT                              100
 #define DH_F_DHPARAMS_PRINT_FP                           101
-#define DH_F_DH_BUILTIN_GENPARAMS                        106
+#define DH_F_DH_COMPUTE_KEY                              102
+#define DH_F_DH_GENERATE_KEY                             103
+#define DH_F_DH_GENERATE_PARAMETERS                      104
 #define DH_F_DH_NEW_METHOD                               105
-#define DH_F_GENERATE_KEY                                103
-#define DH_F_GENERATE_PARAMETERS                         104
 /* Reason codes. */
 #define DH_R_BAD_GENERATOR                               101
+#define DH_R_NO_PRIVATE_VALUE                            100
 #define DH_R_INVALID_PUBKEY                              102
 #define DH_R_MODULUS_TOO_LARGE                           103
-#define DH_R_NO_PRIVATE_VALUE                            100
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libcrypto/dh/dh1024.pem b/src/lib/libcrypto/dh/dh1024.pem
new file mode 100644
index 0000000000..81d43f6a3e
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh1024.pem
@@ -0,0 +1,5 @@
+-----BEGIN DH PARAMETERS-----
+MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq
+/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx
+/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC
+-----END DH PARAMETERS-----
diff --git a/src/lib/libcrypto/dh/dh192.pem b/src/lib/libcrypto/dh/dh192.pem
new file mode 100644
index 0000000000..521c07271d
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh192.pem
@@ -0,0 +1,3 @@
+-----BEGIN DH PARAMETERS-----
+MB4CGQDUoLoCULb9LsYm5+/WN992xxbiLQlEuIsCAQM=
+-----END DH PARAMETERS-----
diff --git a/src/lib/libcrypto/dh/dh2048.pem b/src/lib/libcrypto/dh/dh2048.pem
new file mode 100644
index 0000000000..295460f508
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh2048.pem
@@ -0,0 +1,16 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA7ZKJNYJFVcs7+6J2WmkEYb8h86tT0s0h2v94GRFS8Q7B4lW9aG9o
+AFO5Imov5Jo0H2XMWTKKvbHbSe3fpxJmw/0hBHAY8H/W91hRGXKCeyKpNBgdL8sh
+z22SrkO2qCnHJ6PLAMXy5fsKpFmFor2tRfCzrfnggTXu2YOzzK7q62bmqVdmufEo
+pT8igNcLpvZxk5uBDvhakObMym9mX3rAEBoe8PwttggMYiiw7NuJKO4MqD1llGkW
+aVM8U2ATsCun1IKHrRxynkE1/MJ86VHeYYX8GZt2YA8z+GuzylIOKcMH6JAWzMwA
+Gbatw6QwizOhr9iMjZ0B26TE3X8LvW84wwIBAg==
+-----END DH PARAMETERS-----
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEArtA3w73zP6Lu3EOQtwogiXt3AXXpuS6yD4BhzNS1pZFyPHk0/an5
+8ydEkPhQZHKDW+BZJxxPLANaTudWo2YT8TgtvUdN6KSgMiEi6McwqDw+SADuvW+F
+SKUYFxG6VFIxyEP6xBdf+vhJxEDbRG2EYsHDRRtJ76gp9cSKTHusf2R+4AAVGqnt
+gRAbNqtcOar/7FSj+Pl8G3v0Bty0LcCSpbqgYlnv6z+rErQmmC6PPvSz97TDMCok
+yKpCE9hFA1zkqK3TH4FmFvGeIaXJUIBZf4mArWuBTjWFW3nmhESRUn1VK3K3x42N
+a5k6c2+EhrMFiLjxuH6JZoqL0/E93FF9SwIBAg==
+-----END DH PARAMETERS-----
diff --git a/src/lib/libcrypto/dh/dh4096.pem b/src/lib/libcrypto/dh/dh4096.pem
new file mode 100644
index 0000000000..390943a21d
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh4096.pem
@@ -0,0 +1,14 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEA/urRnb6vkPYc/KEGXWnbCIOaKitq7ySIq9dTH7s+Ri59zs77zty7
+vfVlSe6VFTBWgYjD2XKUFmtqq6CqXMhVX5ElUDoYDpAyTH85xqNFLzFC7nKrff/H
+TFKNttp22cZE9V0IPpzedPfnQkE7aUdmF9JnDyv21Z/818O93u1B4r0szdnmEvEF
+bKuIxEHX+bp0ZR7RqE1AeifXGJX3d6tsd2PMAObxwwsv55RGkn50vHO4QxtTARr1
+rRUV5j3B3oPMgC7Offxx+98Xn45B1/G0Prp11anDsR1PGwtaCYipqsvMwQUSJtyE
+EOQWk+yFkeMe4vWv367eEi0Sd/wnC+TSXBE3pYvpYerJ8n1MceI5GQTdarJ77OW9
+bGTHmxRsLSCM1jpLdPja5jjb4siAa6EHc4qN9c/iFKS3PQPJEnX7pXKBRs5f7AF3
+W3RIGt+G9IVNZfXaS7Z/iCpgzgvKCs0VeqN38QsJGtC1aIkwOeyjPNy2G6jJ4yqH
+ovXYt/0mc00vCWeSNS1wren0pR2EiLxX0ypjjgsU1mk/Z3b/+zVf7fZSIB+nDLjb
+NPtUlJCVGnAeBK1J1nG3TQicqowOXoM6ISkdaXj5GPJdXHab2+S7cqhKGv5qC7rR
+jT6sx7RUr0CNTxzLI7muV2/a4tGmj0PSdXQdsZ7tw7gbXlaWT1+MM2MCAQI=
+-----END DH PARAMETERS-----
diff --git a/src/lib/libcrypto/dh/dh512.pem b/src/lib/libcrypto/dh/dh512.pem
new file mode 100644
index 0000000000..0a4d863ebe
--- /dev/null
+++ b/src/lib/libcrypto/dh/dh512.pem
@@ -0,0 +1,4 @@
+-----BEGIN DH PARAMETERS-----
+MEYCQQDaWDwW2YUiidDkr3VvTMqS3UvlM7gE+w/tlO+cikQD7VdGUNNpmdsp13Yn
+a6LT1BLiGPTdHghM9tgAPnxHdOgzAgEC
+-----END DH PARAMETERS-----
diff --git a/src/lib/libcrypto/dh/dh_check.c b/src/lib/libcrypto/dh/dh_check.c
index b846913004..17debff62d 100644
--- a/src/lib/libcrypto/dh/dh_check.c
+++ b/src/lib/libcrypto/dh/dh_check.c
@@ -62,7 +62,7 @@
 #include <openssl/dh.h>
 /* Check that p is a safe prime and
- * if g is 2, 3 or 5, check that it is a suitable generator
+ * if g is 2, 3 or 5, check that is is a suitable generator
 * where
 * for 2, p mod 24 == 11
 * for 3, p mod 12 == 5
@@ -70,6 +70,8 @@
 * should hold.
 */
+#ifndef OPENSSL_FIPS
 int DH_check(const DH *dh, int *ret)
        {
        int ok=0;
@@ -104,12 +106,12 @@ int DH_check(const DH *dh, int *ret)
        else
                *ret|=DH_UNABLE_TO_CHECK_GENERATOR;
-        if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL))
+        if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx,NULL))
                *ret|=DH_CHECK_P_NOT_PRIME;
        else
                {
                if (!BN_rshift1(q,dh->p)) goto err;
-                if (!BN_is_prime_ex(q,BN_prime_checks,ctx,NULL))
+                if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL))
                        *ret|=DH_CHECK_P_NOT_SAFE_PRIME;
                }
        ok=1;
@@ -140,3 +142,5 @@ err:
        if (q != NULL) BN_free(q);
        return(ok);
        }
+#endif
diff --git a/src/lib/libcrypto/dh/dh_err.c b/src/lib/libcrypto/dh/dh_err.c
index a2d8196ecb..611067ef4a 100644
--- a/src/lib/libcrypto/dh/dh_err.c
+++ b/src/lib/libcrypto/dh/dh_err.c
@@ -70,22 +70,21 @@
 static ERR_STRING_DATA DH_str_functs[]=
        {
-{ERR_FUNC(DH_F_COMPUTE_KEY),    "COMPUTE_KEY"},
 {ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"},
 {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP),      "DHparams_print_fp"},
-{ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS),   "DH_BUILTIN_GENPARAMS"},
+{ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"},
+{ERR_FUNC(DH_F_DH_GENERATE_KEY),        "DH_generate_key"},
+{ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS), "DH_generate_parameters"},
 {ERR_FUNC(DH_F_DH_NEW_METHOD),  "DH_new_method"},
-{ERR_FUNC(DH_F_GENERATE_KEY),   "GENERATE_KEY"},
-{ERR_FUNC(DH_F_GENERATE_PARAMETERS),    "GENERATE_PARAMETERS"},
 {0,NULL}
        };
 static ERR_STRING_DATA DH_str_reasons[]=
        {
 {ERR_REASON(DH_R_BAD_GENERATOR)          ,"bad generator"},
+{ERR_REASON(DH_R_NO_PRIVATE_VALUE)       ,"no private value"},
 {ERR_REASON(DH_R_INVALID_PUBKEY)         ,"invalid public key"},
 {ERR_REASON(DH_R_MODULUS_TOO_LARGE)      ,"modulus too large"},
-{ERR_REASON(DH_R_NO_PRIVATE_VALUE)       ,"no private value"},
 {0,NULL}
        };
@@ -93,12 +92,15 @@ static ERR_STRING_DATA DH_str_reasons[]=
 void ERR_load_DH_strings(void)
        {
-#ifndef OPENSSL_NO_ERR
+        static int init=1;
-        if (ERR_func_error_string(DH_str_functs[0].error) == NULL)
+        if (init)
                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
                ERR_load_strings(0,DH_str_functs);
                ERR_load_strings(0,DH_str_reasons);
-                }
 #endif
+                }
        }
diff --git a/src/lib/libcrypto/dh/dh_gen.c b/src/lib/libcrypto/dh/dh_gen.c
index cfd5b11868..23777f5a16 100644
--- a/src/lib/libcrypto/dh/dh_gen.c
+++ b/src/lib/libcrypto/dh/dh_gen.c
@@ -56,25 +56,11 @@
 * [including the GNU Public Licence.]
 */
-/* NB: These functions have been upgraded - the previous prototypes are in
- * dh_depr.c as wrappers to these ones.
- *  - Geoff
- */
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/dh.h>
-static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
-int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
-        {
-        if(ret->meth->generate_params)
-                return ret->meth->generate_params(ret, prime_len, generator, cb);
-        return dh_builtin_genparams(ret, prime_len, generator, cb);
-        }
 /* We generate DH parameters as follows
 * find a prime q which is prime_len/2 bits long.
 * p=(2*q)+1 or (p-1)/2 = q
@@ -100,26 +86,29 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *c
 * It's just as OK (and in some sense better) to use a generator of the
 * order-q subgroup.
 */
-static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb)
+#ifndef OPENSSL_FIPS
+DH *DH_generate_parameters(int prime_len, int generator,
+             void (*callback)(int,int,void *), void *cb_arg)
        {
-        BIGNUM *t1,*t2;
+        BIGNUM *p=NULL,*t1,*t2;
+        DH *ret=NULL;
        int g,ok= -1;
        BN_CTX *ctx=NULL;
+        ret=DH_new();
+        if (ret == NULL) goto err;
        ctx=BN_CTX_new();
        if (ctx == NULL) goto err;
        BN_CTX_start(ctx);
        t1 = BN_CTX_get(ctx);
        t2 = BN_CTX_get(ctx);
        if (t1 == NULL || t2 == NULL) goto err;
-        /* Make sure 'ret' has the necessary elements */
-        if(!ret->p && ((ret->p = BN_new()) == NULL)) goto err;
-        if(!ret->g && ((ret->g = BN_new()) == NULL)) goto err;
        
        if (generator <= 1)
                {
-                DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR);
+                DHerr(DH_F_DH_GENERATE_PARAMETERS, DH_R_BAD_GENERATOR);
                goto err;
                }
        if (generator == DH_GENERATOR_2)
@@ -155,14 +144,18 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB
                g=generator;
                }
        
-        if(!BN_generate_prime_ex(ret->p,prime_len,1,t1,t2,cb)) goto err;
+        p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg);
-        if(!BN_GENCB_call(cb, 3, 0)) goto err;
+        if (p == NULL) goto err;
+        if (callback != NULL) callback(3,0,cb_arg);
+        ret->p=p;
+        ret->g=BN_new();
+        if (ret->g == NULL) goto err;
        if (!BN_set_word(ret->g,g)) goto err;
        ok=1;
 err:
        if (ok == -1)
                {
-                DHerr(DH_F_DH_BUILTIN_GENPARAMS,ERR_R_BN_LIB);
+                DHerr(DH_F_DH_GENERATE_PARAMETERS,ERR_R_BN_LIB);
                ok=0;
                }
@@ -171,5 +164,12 @@ err:
                BN_CTX_end(ctx);
                BN_CTX_free(ctx);
                }
-        return ok;
+        if (!ok && (ret != NULL))
+                {
+                DH_free(ret);
+                ret=NULL;
+                }
+        return(ret);
        }
+#endif
diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c
index e7db440342..74de589204 100644
--- a/src/lib/libcrypto/dh/dh_key.c
+++ b/src/lib/libcrypto/dh/dh_key.c
@@ -62,6 +62,8 @@
 #include <openssl/rand.h>
 #include <openssl/dh.h>
+#ifndef OPENSSL_FIPS
 static int generate_key(DH *dh);
 static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
 static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
@@ -89,7 +91,6 @@ dh_bn_mod_exp,
 dh_init,
 dh_finish,
 0,
-NULL,
 NULL
 };
@@ -130,7 +131,8 @@ static int generate_key(DH *dh)
        if (dh->flags & DH_FLAG_CACHE_MONT_P)
                {
-                mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
+                mont = BN_MONT_CTX_set_locked(
+                                (BN_MONT_CTX **)&dh->method_mont_p,
                                CRYPTO_LOCK_DH, dh->p, ctx);
                if (!mont)
                        goto err;
@@ -150,7 +152,7 @@ static int generate_key(DH *dh)
                        {
                        BN_init(&local_prk);
                        prk = &local_prk;
-                        BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
+                        BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
                        }
                else
                        prk = priv_key;
@@ -163,7 +165,7 @@ static int generate_key(DH *dh)
        ok=1;
 err:
        if (ok != 1)
-                DHerr(DH_F_GENERATE_KEY,ERR_R_BN_LIB);
+                DHerr(DH_F_DH_GENERATE_KEY,ERR_R_BN_LIB);
        if ((pub_key != NULL)  && (dh->pub_key == NULL))  BN_free(pub_key);
        if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
@@ -173,16 +175,16 @@ err:
 static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
        {
-        BN_CTX *ctx=NULL;
+        BN_CTX *ctx;
        BN_MONT_CTX *mont=NULL;
        BIGNUM *tmp;
        int ret= -1;
-        int check_result;
+        int check_result;
        if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
                {
-                DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
+                DHerr(DH_F_DH_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
-                goto err;
+                return -1;
                }
        ctx = BN_CTX_new();
@@ -192,32 +194,31 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
        
        if (dh->priv_key == NULL)
                {
-                DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
+                DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
                goto err;
                }
        if (dh->flags & DH_FLAG_CACHE_MONT_P)
                {
-                mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
+                mont = BN_MONT_CTX_set_locked(
+                                (BN_MONT_CTX **)&dh->method_mont_p,
                                CRYPTO_LOCK_DH, dh->p, ctx);
                if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
                        {
                        /* XXX */
-                        BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
+                        BN_set_flags(dh->priv_key, BN_FLG_EXP_CONSTTIME);
                        }
                if (!mont)
                        goto err;
                }
+        if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result)
-        if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result)
                {
-                DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY);
+                DHerr(DH_F_DH_COMPUTE_KEY,DH_R_INVALID_PUBKEY);
                goto err;
                }
        if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
                {
-                DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB);
+                DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
                goto err;
                }
@@ -258,6 +259,8 @@ static int dh_init(DH *dh)
 static int dh_finish(DH *dh)
        {
        if(dh->method_mont_p)
-                BN_MONT_CTX_free(dh->method_mont_p);
+                BN_MONT_CTX_free((BN_MONT_CTX *)dh->method_mont_p);
        return(1);
        }
+#endif
diff --git a/src/lib/libcrypto/dh/dh_lib.c b/src/lib/libcrypto/dh/dh_lib.c
index 7aef080e7a..09965ee2ea 100644
--- a/src/lib/libcrypto/dh/dh_lib.c
+++ b/src/lib/libcrypto/dh/dh_lib.c
@@ -64,7 +64,7 @@
 #include <openssl/engine.h>
 #endif
-const char DH_version[]="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
+const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
 static const DH_METHOD *default_DH_method = NULL;
diff --git a/src/lib/libcrypto/dh/dhtest.c b/src/lib/libcrypto/dh/dhtest.c
new file mode 100644
index 0000000000..b76dede771
--- /dev/null
+++ b/src/lib/libcrypto/dh/dhtest.c
@@ -0,0 +1,216 @@
+/* crypto/dh/dhtest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "../e_os.h"
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#ifdef OPENSSL_NO_DH
+int main(int argc, char *argv[])
+{
+    printf("No DH support\n");
+    return(0);
+}
+#else
+#include <openssl/dh.h>
+#ifdef OPENSSL_SYS_WIN16
+#define MS_CALLBACK     _far _loadds
+#else
+#define MS_CALLBACK
+#endif
+static void MS_CALLBACK cb(int p, int n, void *arg);
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+int main(int argc, char *argv[])
+        {
+        DH *a;
+        DH *b=NULL;
+        char buf[12];
+        unsigned char *abuf=NULL,*bbuf=NULL;
+        int i,alen,blen,aout,bout,ret=1;
+        BIO *out;
+        CRYPTO_malloc_debug_init();
+        CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+#ifdef OPENSSL_SYS_WIN32
+        CRYPTO_malloc_init();
+#endif
+        RAND_seed(rnd_seed, sizeof rnd_seed);
+        out=BIO_new(BIO_s_file());
+        if (out == NULL) EXIT(1);
+        BIO_set_fp(out,stdout,BIO_NOCLOSE);
+        a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out);
+        if (a == NULL) goto err;
+        if (!DH_check(a, &i)) goto err;
+        if (i & DH_CHECK_P_NOT_PRIME)
+                BIO_puts(out, "p value is not prime\n");
+        if (i & DH_CHECK_P_NOT_SAFE_PRIME)
+                BIO_puts(out, "p value is not a safe prime\n");
+        if (i & DH_UNABLE_TO_CHECK_GENERATOR)
+                BIO_puts(out, "unable to check the generator value\n");
+        if (i & DH_NOT_SUITABLE_GENERATOR)
+                BIO_puts(out, "the g value is not a generator\n");
+        BIO_puts(out,"\np    =");
+        BN_print(out,a->p);
+        BIO_puts(out,"\ng    =");
+        BN_print(out,a->g);
+        BIO_puts(out,"\n");
+        b=DH_new();
+        if (b == NULL) goto err;
+        b->p=BN_dup(a->p);
+        b->g=BN_dup(a->g);
+        if ((b->p == NULL) || (b->g == NULL)) goto err;
+        /* Set a to run with normal modexp and b to use constant time */
+        a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME;
+        b->flags |= DH_FLAG_NO_EXP_CONSTTIME;
+        if (!DH_generate_key(a)) goto err;
+        BIO_puts(out,"pri 1=");
+        BN_print(out,a->priv_key);
+        BIO_puts(out,"\npub 1=");
+        BN_print(out,a->pub_key);
+        BIO_puts(out,"\n");
+        if (!DH_generate_key(b)) goto err;
+        BIO_puts(out,"pri 2=");
+        BN_print(out,b->priv_key);
+        BIO_puts(out,"\npub 2=");
+        BN_print(out,b->pub_key);
+        BIO_puts(out,"\n");
+        alen=DH_size(a);
+        abuf=(unsigned char *)OPENSSL_malloc(alen);
+        aout=DH_compute_key(abuf,b->pub_key,a);
+        BIO_puts(out,"key1 =");
+        for (i=0; i<aout; i++)
+                {
+                sprintf(buf,"%02X",abuf[i]);
+                BIO_puts(out,buf);
+                }
+        BIO_puts(out,"\n");
+        blen=DH_size(b);
+        bbuf=(unsigned char *)OPENSSL_malloc(blen);
+        bout=DH_compute_key(bbuf,a->pub_key,b);
+        BIO_puts(out,"key2 =");
+        for (i=0; i<bout; i++)
+                {
+                sprintf(buf,"%02X",bbuf[i]);
+                BIO_puts(out,buf);
+                }
+        BIO_puts(out,"\n");
+        if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))
+                {
+                fprintf(stderr,"Error in DH routines\n");
+                ret=1;
+                }
+        else
+                ret=0;
+err:
+        ERR_print_errors_fp(stderr);
+        if (abuf != NULL) OPENSSL_free(abuf);
+        if (bbuf != NULL) OPENSSL_free(bbuf);
+        if(b != NULL) DH_free(b);
+        if(a != NULL) DH_free(a);
+        BIO_free(out);
+        CRYPTO_cleanup_all_ex_data();
+        ERR_remove_state(0);
+        CRYPTO_mem_leaks_fp(stderr);
+        EXIT(ret);
+        return(ret);
+        }
+static void MS_CALLBACK cb(int p, int n, void *arg)
+        {
+        char c='*';
+        if (p == 0) c='.';
+        if (p == 1) c='+';
+        if (p == 2) c='*';
+        if (p == 3) c='\n';
+        BIO_write((BIO *)arg,&c,1);
+        (void)BIO_flush((BIO *)arg);
+#ifdef LINT
+        p=n;
+#endif
+        }
+#endif
diff --git a/src/lib/libcrypto/dh/example b/src/lib/libcrypto/dh/example
new file mode 100644
index 0000000000..16a33d2910
--- /dev/null
+++ b/src/lib/libcrypto/dh/example
@@ -0,0 +1,50 @@
+From owner-cypherpunks@toad.com Mon Sep 25 10:50:51 1995
+Received: from minbne.mincom.oz.au by orb.mincom.oz.au with SMTP id AA10562
+  (5.65c/IDA-1.4.4 for eay); Wed, 27 Sep 1995 19:41:55 +1000
+Received: by minbne.mincom.oz.au id AA19958
+  (5.65c/IDA-1.4.4 for eay@orb.mincom.oz.au); Wed, 27 Sep 1995 19:34:59 +1000
+Received: from relay3.UU.NET by bunyip.cc.uq.oz.au with SMTP (PP);
+          Wed, 27 Sep 1995 19:13:05 +1000
+Received: from toad.com by relay3.UU.NET with SMTP id QQzizb16156;
+          Wed, 27 Sep 1995 04:48:46 -0400
+Received: by toad.com id AA07905; Tue, 26 Sep 95 06:31:45 PDT
+Received: from by toad.com id AB07851; Tue, 26 Sep 95 06:31:40 PDT
+Received: from servo.qualcomm.com (servo.qualcomm.com [129.46.128.14]) 
+          by cygnus.com (8.6.12/8.6.9) with ESMTP id RAA18442 
+          for <cypherpunks@toad.com>; Mon, 25 Sep 1995 17:52:47 -0700
+Received: (karn@localhost) by servo.qualcomm.com (8.6.12/QC-BSD-2.5.1) 
+          id RAA14732; Mon, 25 Sep 1995 17:50:51 -0700
+Date: Mon, 25 Sep 1995 17:50:51 -0700
+From: Phil Karn <karn@qualcomm.com>
+Message-Id: <199509260050.RAA14732@servo.qualcomm.com>
+To: cypherpunks@toad.com, ipsec-dev@eit.com
+Subject: Primality verification needed
+Sender: owner-cypherpunks@toad.com
+Precedence: bulk
+Status: RO
+X-Status: 
+Hi. I've generated a 2047-bit "strong" prime number that I would like to
+use with Diffie-Hellman key exchange. I assert that not only is this number
+'p' prime, but so is (p-1)/2.
+I've used the mpz_probab_prime() function in the Gnu Math Package (GMP) version
+1.3.2 to test this number. This function uses the Miller-Rabin primality test.
+However, to increase my confidence that this number really is a strong prime,
+I'd like to ask others to confirm it with other tests. Here's the number in hex:
+72a925f760b2f954ed287f1b0953f3e6aef92e456172f9fe86fdd8822241b9c9788fbc289982743e
+fbcd2ccf062b242d7a567ba8bbb40d79bca7b8e0b6c05f835a5b938d985816bc648985adcff5402a
+a76756b36c845a840a1d059ce02707e19cf47af0b5a882f32315c19d1b86a56c5389c5e9bee16b65
+fde7b1a8d74a7675de9b707d4c5a4633c0290c95ff30a605aeb7ae864ff48370f13cf01d49adb9f2
+3d19a439f753ee7703cf342d87f431105c843c78ca4df639931f3458fae8a94d1687e99a76ed99d0
+ba87189f42fd31ad8262c54a8cf5914ae6c28c540d714a5f6087a171fb74f4814c6f968d72386ef3
+56a05180c3bec7ddd5ef6fe76b1f717b
+The generator, g, for this prime is 2.
+Thanks!
+Phil Karn
diff --git a/src/lib/libcrypto/dh/generate b/src/lib/libcrypto/dh/generate
new file mode 100644
index 0000000000..5d407231df
--- /dev/null
+++ b/src/lib/libcrypto/dh/generate
@@ -0,0 +1,65 @@
+From: stewarts@ix.netcom.com (Bill Stewart)
+Newsgroups: sci.crypt
+Subject: Re: Diffie-Hellman key exchange
+Date: Wed, 11 Oct 1995 23:08:28 GMT
+Organization: Freelance Information Architect
+Lines: 32
+Message-ID: <45hir2$7l8@ixnews7.ix.netcom.com>
+References: <458rhn$76m$1@mhadf.production.compuserve.com>
+NNTP-Posting-Host: ix-pl4-16.ix.netcom.com
+X-NETCOM-Date: Wed Oct 11  4:09:22 PM PDT 1995
+X-Newsreader: Forte Free Agent 1.0.82
+Kent Briggs <72124.3234@CompuServe.COM> wrote:
+>I have a copy of the 1976 IEEE article describing the
+>Diffie-Hellman public key exchange algorithm: y=a^x mod q.  I'm
+>looking for sources that give examples of secure a,q pairs and
+>possible some source code that I could examine.
+q should be prime, and ideally should be a "strong prime",
+which means it's of the form 2n+1 where n is also prime.
+q also needs to be long enough to prevent the attacks LaMacchia and
+Odlyzko described (some variant on a factoring attack which generates
+a large pile of simultaneous equations and then solves them);
+long enough is about the same size as factoring, so 512 bits may not
+be secure enough for most applications.  (The 192 bits used by
+"secure NFS" was certainly not long enough.)
+a should be a generator for q, which means it needs to be
+relatively prime to q-1.   Usually a small prime like 2, 3 or 5 will
+work.  
+....
+Date: Tue, 26 Sep 1995 13:52:36 MST
+From: "Richard Schroeppel" <rcs@cs.arizona.edu>
+To: karn
+Cc: ho@cs.arizona.edu
+Subject: random large primes
+Since your prime is really random, proving it is hard.
+My personal limit on rigorously proved primes is ~350 digits.
+If you really want a proof, we should talk to Francois Morain,
+or the Australian group.
+If you want 2 to be a generator (mod P), then you need it
+to be a non-square.  If (P-1)/2 is also prime, then
+non-square == primitive-root for bases << P.
+In the case at hand, this means 2 is a generator iff P = 11 (mod 24).
+If you want this, you should restrict your sieve accordingly.
+3 is a generator iff P = 5 (mod 12).
+5 is a generator iff P = 3 or 7 (mod 10).
+2 is perfectly usable as a base even if it's a non-generator, since
+it still covers half the space of possible residues.  And an
+eavesdropper can always determine the low-bit of your exponent for
+a generator anyway.
+Rich  rcs@cs.arizona.edu
diff --git a/src/lib/libcrypto/dh/p1024.c b/src/lib/libcrypto/dh/p1024.c
new file mode 100644
index 0000000000..368ceca4eb
--- /dev/null
+++ b/src/lib/libcrypto/dh/p1024.c
@@ -0,0 +1,92 @@
+/* crypto/dh/p1024.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <openssl/bn.h>
+#include <openssl/asn1.h>
+#include <openssl/dh.h>
+#include <openssl/pem.h>
+unsigned char data[]={0x97,0xF6,0x42,0x61,0xCA,0xB5,0x05,0xDD,
+        0x28,0x28,0xE1,0x3F,0x1D,0x68,0xB6,0xD3,
+        0xDB,0xD0,0xF3,0x13,0x04,0x7F,0x40,0xE8,
+        0x56,0xDA,0x58,0xCB,0x13,0xB8,0xA1,0xBF,
+        0x2B,0x78,0x3A,0x4C,0x6D,0x59,0xD5,0xF9,
+        0x2A,0xFC,0x6C,0xFF,0x3D,0x69,0x3F,0x78,
+        0xB2,0x3D,0x4F,0x31,0x60,0xA9,0x50,0x2E,
+        0x3E,0xFA,0xF7,0xAB,0x5E,0x1A,0xD5,0xA6,
+        0x5E,0x55,0x43,0x13,0x82,0x8D,0xA8,0x3B,
+        0x9F,0xF2,0xD9,0x41,0xDE,0xE9,0x56,0x89,
+        0xFA,0xDA,0xEA,0x09,0x36,0xAD,0xDF,0x19,
+        0x71,0xFE,0x63,0x5B,0x20,0xAF,0x47,0x03,
+        0x64,0x60,0x3C,0x2D,0xE0,0x59,0xF5,0x4B,
+        0x65,0x0A,0xD8,0xFA,0x0C,0xF7,0x01,0x21,
+        0xC7,0x47,0x99,0xD7,0x58,0x71,0x32,0xBE,
+        0x9B,0x99,0x9B,0xB9,0xB7,0x87,0xE8,0xAB,
+        };
+main()
+        {
+        DH *dh;
+        dh=DH_new();
+        dh->p=BN_bin2bn(data,sizeof(data),NULL);
+        dh->g=BN_new();
+        BN_set_word(dh->g,2);
+        PEM_write_DHparams(stdout,dh);
+        }
diff --git a/src/lib/libcrypto/dh/p192.c b/src/lib/libcrypto/dh/p192.c
new file mode 100644
index 0000000000..7bdf40410e
--- /dev/null
+++ b/src/lib/libcrypto/dh/p192.c
@@ -0,0 +1,80 @@
+/* crypto/dh/p192.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <openssl/bn.h>
+#include <openssl/asn1.h>
+#include <openssl/dh.h>
+#include <openssl/pem.h>
+unsigned char data[]={
+0xD4,0xA0,0xBA,0x02,0x50,0xB6,0xFD,0x2E,
+0xC6,0x26,0xE7,0xEF,0xD6,0x37,0xDF,0x76,
+0xC7,0x16,0xE2,0x2D,0x09,0x44,0xB8,0x8B,
+        };
+main()
+        {
+        DH *dh;
+        dh=DH_new();
+        dh->p=BN_bin2bn(data,sizeof(data),NULL);
+        dh->g=BN_new();
+        BN_set_word(dh->g,3);
+        PEM_write_DHparams(stdout,dh);
+        }
diff --git a/src/lib/libcrypto/dh/p512.c b/src/lib/libcrypto/dh/p512.c
new file mode 100644
index 0000000000..a9b6aa83f0
--- /dev/null
+++ b/src/lib/libcrypto/dh/p512.c
@@ -0,0 +1,85 @@
+/* crypto/dh/p512.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <openssl/bn.h>
+#include <openssl/asn1.h>
+#include <openssl/dh.h>
+#include <openssl/pem.h>
+unsigned char data[]={
+0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,
+0xD0,0xE4,0xAF,0x75,0x6F,0x4C,0xCA,0x92,
+0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
+0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,
+0x57,0x46,0x50,0xD3,0x69,0x99,0xDB,0x29,
+0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
+0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,
+0xD8,0x00,0x3E,0x7C,0x47,0x74,0xE8,0x33,
+        };
+main()
+        {
+        DH *dh;
+        dh=DH_new();
+        dh->p=BN_bin2bn(data,sizeof(data),NULL);
+        dh->g=BN_new();
+        BN_set_word(dh->g,2);
+        PEM_write_DHparams(stdout,dh);
+        }
diff --git a/src/lib/libcrypto/doc/DH_set_method.pod b/src/lib/libcrypto/doc/DH_set_method.pod
index d5cdc3be0c..73261fc467 100644
--- a/src/lib/libcrypto/doc/DH_set_method.pod
+++ b/src/lib/libcrypto/doc/DH_set_method.pod
@@ -36,7 +36,7 @@ structures created later. B<NB>: This is true only whilst no ENGINE has been set
 as a default for DH, so this function is no longer recommended.
 DH_get_default_method() returns a pointer to the current default DH_METHOD.
-However, the meaningfulness of this result is dependent on whether the ENGINE
+However, the meaningfulness of this result is dependant on whether the ENGINE
 API is being used, so this function is no longer recommended.
 DH_set_method() selects B<meth> to perform all operations using the key B<dh>.
diff --git a/src/lib/libcrypto/doc/DSA_set_method.pod b/src/lib/libcrypto/doc/DSA_set_method.pod
index 9c1434bd8d..bc3cfb1f0a 100644
--- a/src/lib/libcrypto/doc/DSA_set_method.pod
+++ b/src/lib/libcrypto/doc/DSA_set_method.pod
@@ -36,7 +36,7 @@ structures created later. B<NB>: This is true only whilst no ENGINE has
 been set as a default for DSA, so this function is no longer recommended.
 DSA_get_default_method() returns a pointer to the current default
-DSA_METHOD. However, the meaningfulness of this result is dependent on
+DSA_METHOD. However, the meaningfulness of this result is dependant on
 whether the ENGINE API is being used, so this function is no longer 
 recommended.
diff --git a/src/lib/libcrypto/doc/EVP_BytesToKey.pod b/src/lib/libcrypto/doc/EVP_BytesToKey.pod
index d375c46e03..016381f3e9 100644
--- a/src/lib/libcrypto/doc/EVP_BytesToKey.pod
+++ b/src/lib/libcrypto/doc/EVP_BytesToKey.pod
@@ -60,7 +60,7 @@ EVP_BytesToKey() returns the size of the derived key in bytes.
 =head1 SEE ALSO
 L<evp(3)|evp(3)>, L<rand(3)|rand(3)>,
-L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>
+L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
 =head1 HISTORY
diff --git a/src/lib/libcrypto/doc/EVP_DigestInit.pod b/src/lib/libcrypto/doc/EVP_DigestInit.pod
index 130cd7f60a..faa992286b 100644
--- a/src/lib/libcrypto/doc/EVP_DigestInit.pod
+++ b/src/lib/libcrypto/doc/EVP_DigestInit.pod
@@ -18,7 +18,7 @@ EVP digest routines
 EVP_MD_CTX *EVP_MD_CTX_create(void);
 int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
- int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
+ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
        unsigned int *s);
@@ -236,9 +236,9 @@ even though they are identical digests.
 =head1 SEE ALSO
-L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+L<evp(3)|evp(3)>, L<HMAC(3)|HMAC(3)>, L<MD2(3)|MD2(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<MD5(3)|MD5(3)>, L<MDC2(3)|MDC2(3)>, L<RIPEMD160(3)|RIPEMD160(3)>,
-L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
+L<SHA1(3)|SHA1(3)>
 =head1 HISTORY
diff --git a/src/lib/libcrypto/doc/EVP_SealInit.pod b/src/lib/libcrypto/doc/EVP_SealInit.pod
index 7d793e19ef..48a0e29954 100644
--- a/src/lib/libcrypto/doc/EVP_SealInit.pod
+++ b/src/lib/libcrypto/doc/EVP_SealInit.pod
@@ -8,9 +8,9 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption
 #include <openssl/evp.h>
- int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, 
-                  unsigned char **ek, int *ekl, unsigned char *iv,
+                unsigned char **ek, int *ekl, unsigned char *iv,
-                  EVP_PKEY **pubk, int npubk);
+                EVP_PKEY **pubk, int npubk);
 int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
         int *outl, unsigned char *in, int inl);
 int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
diff --git a/src/lib/libcrypto/doc/EVP_SignInit.pod b/src/lib/libcrypto/doc/EVP_SignInit.pod
index b6e62ce7f6..0bace24938 100644
--- a/src/lib/libcrypto/doc/EVP_SignInit.pod
+++ b/src/lib/libcrypto/doc/EVP_SignInit.pod
@@ -80,10 +80,10 @@ EVP_SignUpdate() could not be made after calling EVP_SignFinal().
 =head1 SEE ALSO
 L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
-L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
-L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+L<evp(3)|evp(3)>, L<HMAC(3)|HMAC(3)>, L<MD2(3)|MD2(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<MD5(3)|MD5(3)>, L<MDC2(3)|MDC2(3)>, L<RIPEMD(3)|RIPEMD(3)>,
-L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
+L<SHA1(3)|SHA1(3)>, L<digest(1)|digest(1)>
 =head1 HISTORY
diff --git a/src/lib/libcrypto/doc/RAND_bytes.pod b/src/lib/libcrypto/doc/RAND_bytes.pod
index 1a9b91e281..ce6329ce54 100644
--- a/src/lib/libcrypto/doc/RAND_bytes.pod
+++ b/src/lib/libcrypto/doc/RAND_bytes.pod
@@ -25,9 +25,6 @@ unpredictable. They can be used for non-cryptographic purposes and for
 certain purposes in cryptographic protocols, but usually not for key
 generation etc.
-The contents of B<buf> is mixed into the entropy pool before retrieving
-the new pseudo-random bytes unless disabled at compile time (see FAQ).
 =head1 RETURN VALUES
 RAND_bytes() returns 1 on success, 0 otherwise. The error code can be
diff --git a/src/lib/libcrypto/doc/RAND_set_rand_method.pod b/src/lib/libcrypto/doc/RAND_set_rand_method.pod
index e5b780fad0..c9bb6d9f27 100644
--- a/src/lib/libcrypto/doc/RAND_set_rand_method.pod
+++ b/src/lib/libcrypto/doc/RAND_set_rand_method.pod
@@ -30,7 +30,7 @@ true only whilst no ENGINE has been set as a default for RAND, so this function
 is no longer recommended.
 RAND_get_default_method() returns a pointer to the current RAND_METHOD.
-However, the meaningfulness of this result is dependent on whether the ENGINE
+However, the meaningfulness of this result is dependant on whether the ENGINE
 API is being used, so this function is no longer recommended.
 =head1 THE RAND_METHOD STRUCTURE
diff --git a/src/lib/libcrypto/doc/RSA_get_ex_new_index.pod b/src/lib/libcrypto/doc/RSA_get_ex_new_index.pod
index 7d0fd1f91d..46cc8f5359 100644
--- a/src/lib/libcrypto/doc/RSA_get_ex_new_index.pod
+++ b/src/lib/libcrypto/doc/RSA_get_ex_new_index.pod
@@ -17,12 +17,12 @@ RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data - add application specifi
 void *RSA_get_ex_data(RSA *r, int idx);
- typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+ typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-                           int idx, long argl, void *argp);
+                int idx, long argl, void *argp);
- typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+ typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-                             int idx, long argl, void *argp);
+                int idx, long argl, void *argp);
- typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
+ typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, 
-                           int idx, long argl, void *argp);
+                int idx, long argl, void *argp);
 =head1 DESCRIPTION
diff --git a/src/lib/libcrypto/doc/RSA_set_method.pod b/src/lib/libcrypto/doc/RSA_set_method.pod
index 2c963d7e5b..0a305f6b14 100644
--- a/src/lib/libcrypto/doc/RSA_set_method.pod
+++ b/src/lib/libcrypto/doc/RSA_set_method.pod
@@ -42,7 +42,7 @@ structures created later. B<NB>: This is true only whilst no ENGINE has
 been set as a default for RSA, so this function is no longer recommended.
 RSA_get_default_method() returns a pointer to the current default
-RSA_METHOD. However, the meaningfulness of this result is dependent on
+RSA_METHOD. However, the meaningfulness of this result is dependant on
 whether the ENGINE API is being used, so this function is no longer 
 recommended.
diff --git a/src/lib/libcrypto/doc/RSA_sign.pod b/src/lib/libcrypto/doc/RSA_sign.pod
index 8553be8e99..71688a665e 100644
--- a/src/lib/libcrypto/doc/RSA_sign.pod
+++ b/src/lib/libcrypto/doc/RSA_sign.pod
@@ -8,10 +8,10 @@ RSA_sign, RSA_verify - RSA signatures
 #include <openssl/rsa.h>
- int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
+ int RSA_sign(int type, unsigned char *m, unsigned int m_len,
    unsigned char *sigret, unsigned int *siglen, RSA *rsa);
- int RSA_verify(int type, const unsigned char *m, unsigned int m_len,
+ int RSA_verify(int type, unsigned char *m, unsigned int m_len,
    unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
 =head1 DESCRIPTION
diff --git a/src/lib/libcrypto/doc/bn.pod b/src/lib/libcrypto/doc/bn.pod
index cd2f8e50c6..210dfeac08 100644
--- a/src/lib/libcrypto/doc/bn.pod
+++ b/src/lib/libcrypto/doc/bn.pod
@@ -27,9 +27,6 @@ bn - multiprecision integer arithmetics
 int BN_num_bits(const BIGNUM *a);
 int BN_num_bits_word(BN_ULONG w);
- void BN_set_negative(BIGNUM *a, int n);
- int  BN_is_negative(const BIGNUM *a);
 int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
 int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
@@ -121,25 +118,6 @@ bn - multiprecision integer arithmetics
 int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
         BN_CTX *ctx);
- BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai,
-        BIGNUM *mod);
- void BN_BLINDING_free(BN_BLINDING *b);
- int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
- int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
- int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
- int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b,
-        BN_CTX *ctx);
- int BN_BLINDING_invert_ex(BIGNUM *n,const BIGNUM *r,BN_BLINDING *b,
-        BN_CTX *ctx);
- unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
- void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
- unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
- void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
- BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
-        const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
-        int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-                          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
-        BN_MONT_CTX *m_ctx);
 =head1 DESCRIPTION
@@ -175,7 +153,6 @@ L<BN_cmp(3)|BN_cmp(3)>, L<BN_zero(3)|BN_zero(3)>, L<BN_rand(3)|BN_rand(3)>,
 L<BN_generate_prime(3)|BN_generate_prime(3)>, L<BN_set_bit(3)|BN_set_bit(3)>,
 L<BN_bn2bin(3)|BN_bn2bin(3)>, L<BN_mod_inverse(3)|BN_mod_inverse(3)>,
 L<BN_mod_mul_reciprocal(3)|BN_mod_mul_reciprocal(3)>,
-L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)>,
+L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)> 
-L<BN_BLINDING_new(3)|BN_BLINDING_new(3)>
 =cut
diff --git a/src/lib/libcrypto/doc/dsa.pod b/src/lib/libcrypto/doc/dsa.pod
index da07d2b930..ae2e5d81f9 100644
--- a/src/lib/libcrypto/doc/dsa.pod
+++ b/src/lib/libcrypto/doc/dsa.pod
@@ -101,8 +101,7 @@ Standard, DSS), ANSI X9.30
 =head1 SEE ALSO
 L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
-L<rsa(3)|rsa(3)>, L<sha(3)|sha(3)>, L<engine(3)|engine(3)>,
+L<rsa(3)|rsa(3)>, L<SHA1(3)|SHA1(3)>, L<DSA_new(3)|DSA_new(3)>,
-L<DSA_new(3)|DSA_new(3)>,
 L<DSA_size(3)|DSA_size(3)>,
 L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
 L<DSA_dup_DH(3)|DSA_dup_DH(3)>,
diff --git a/src/lib/libcrypto/dsa/Makefile b/src/lib/libcrypto/dsa/Makefile
new file mode 100644
index 0000000000..676baf7d49
--- /dev/null
+++ b/src/lib/libcrypto/dsa/Makefile
@@ -0,0 +1,164 @@
+#
+# OpenSSL/crypto/dsa/Makefile
+#
+DIR=    dsa
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=dsatest.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \
+        dsa_err.c dsa_ossl.c dsa_depr.c
+LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \
+        dsa_err.o dsa_ossl.o dsa_depr.o
+SRC= $(LIBSRC)
+EXHEADER= dsa.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+dsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+dsa_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_asn1.o: ../../include/openssl/opensslconf.h
+dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_asn1.c
+dsa_depr.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_depr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_depr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dsa_depr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dsa_depr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dsa_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_depr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_depr.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_depr.c
+dsa_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+dsa_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dsa_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_err.o: dsa_err.c
+dsa_gen.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dsa_gen.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dsa_gen.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_gen.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_gen.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_gen.c
+dsa_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_key.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_key.c
+dsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+dsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_lib.o: ../cryptlib.h dsa_lib.c
+dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_ossl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_ossl.o: ../../include/openssl/opensslconf.h
+dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_ossl.o: ../cryptlib.h dsa_ossl.c
+dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_sign.o: ../../include/openssl/opensslconf.h
+dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_sign.o: ../cryptlib.h dsa_sign.c
+dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+dsa_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_vrf.o: ../cryptlib.h dsa_vrf.c
diff --git a/src/lib/libcrypto/dsa/Makefile.ssl b/src/lib/libcrypto/dsa/Makefile.ssl
new file mode 100644
index 0000000000..e5f8a8cf51
--- /dev/null
+++ b/src/lib/libcrypto/dsa/Makefile.ssl
@@ -0,0 +1,171 @@
+#
+# SSLeay/crypto/dsa/Makefile
+#
+DIR=    dsa
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=dsatest.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \
+        dsa_err.c dsa_ossl.c
+LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \
+        dsa_err.o dsa_ossl.o
+SRC= $(LIBSRC)
+EXHEADER= dsa.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+dsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+dsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_asn1.o: ../../include/openssl/opensslconf.h
+dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_asn1.c
+dsa_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dsa_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_err.o: dsa_err.c
+dsa_gen.o: ../../e_os.h ../../include/openssl/aes.h
+dsa_gen.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dsa_gen.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+dsa_gen.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+dsa_gen.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dsa_gen.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+dsa_gen.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+dsa_gen.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+dsa_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_gen.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+dsa_gen.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+dsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_gen.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+dsa_gen.o: ../../include/openssl/ui_compat.h ../cryptlib.h dsa_gen.c
+dsa_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_key.o: ../cryptlib.h dsa_key.c
+dsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+dsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_lib.o: ../../include/openssl/ui.h ../cryptlib.h dsa_lib.c
+dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_ossl.o: ../cryptlib.h dsa_ossl.c
+dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_sign.o: ../cryptlib.h dsa_sign.c
+dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_vrf.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_vrf.c
diff --git a/src/lib/libcrypto/dsa/README b/src/lib/libcrypto/dsa/README
new file mode 100644
index 0000000000..6a7e9c170a
--- /dev/null
+++ b/src/lib/libcrypto/dsa/README
@@ -0,0 +1,4 @@
+The stuff in here is based on patches supplied to me by
+Steven Schoch <schoch@sheba.arc.nasa.gov> to do DSS.
+I have since modified a them a little but a debt of gratitude
+is due for doing the initial work.
diff --git a/src/lib/libcrypto/dsa/dsa.h b/src/lib/libcrypto/dsa/dsa.h
index 3a8fe5b56b..aa0669eb7a 100644
--- a/src/lib/libcrypto/dsa/dsa.h
+++ b/src/lib/libcrypto/dsa/dsa.h
@@ -65,8 +65,6 @@
 #ifndef HEADER_DSA_H
 #define HEADER_DSA_H
-#include <openssl/e_os2.h>
 #ifdef OPENSSL_NO_DSA
 #error DSA is disabled.
 #endif
@@ -74,19 +72,14 @@
 #ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
+#include <openssl/bn.h>
 #include <openssl/crypto.h>
 #include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
 #ifndef OPENSSL_NO_DH
 # include <openssl/dh.h>
 #endif
-#endif
-#ifndef OPENSSL_DSA_MAX_MODULUS_BITS
+#define OPENSSL_DSA_MAX_MODULUS_BITS    3072
-# define OPENSSL_DSA_MAX_MODULUS_BITS   10000
-#endif
 #define DSA_FLAG_CACHE_MONT_P   0x01
 #define DSA_FLAG_NO_EXP_CONSTTIME       0x02 /* new with 0.9.7h; the built-in DSA
@@ -97,13 +90,22 @@
                                              * be used for all exponents.
                                              */
+/* If this flag is set external DSA_METHOD callbacks are allowed in FIPS mode
+ * it is then the applications responsibility to ensure the external method
+ * is compliant.
+ */
+#define DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW     0x04
+#if defined(OPENSSL_FIPS)
+#define FIPS_DSA_SIZE_T int
+#endif
 #ifdef  __cplusplus
 extern "C" {
 #endif
-/* Already defined in ossl_typ.h */
+typedef struct dsa_st DSA;
-/* typedef struct dsa_st DSA; */
-/* typedef struct dsa_method DSA_METHOD; */
 typedef struct DSA_SIG_st
        {
@@ -111,8 +113,7 @@ typedef struct DSA_SIG_st
        BIGNUM *s;
        } DSA_SIG;
-struct dsa_method
+typedef struct dsa_method {
-        {
        const char *name;
        DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa);
        int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
@@ -129,14 +130,7 @@ struct dsa_method
        int (*finish)(DSA *dsa);
        int flags;
        char *app_data;
-        /* If this is non-NULL, it is used to generate DSA parameters */
+} DSA_METHOD;
-        int (*dsa_paramgen)(DSA *dsa, int bits,
-                        unsigned char *seed, int seed_len,
-                        int *counter_ret, unsigned long *h_ret,
-                        BN_GENCB *cb);
-        /* If this is non-NULL, it is used to generate DSA keys */
-        int (*dsa_keygen)(DSA *dsa);
-        };
 struct dsa_st
        {
@@ -157,7 +151,7 @@ struct dsa_st
        int flags;
        /* Normally used to cache montgomery values */
-        BN_MONT_CTX *method_mont_p;
+        char *method_mont_p;
        int references;
        CRYPTO_EX_DATA ex_data;
        const DSA_METHOD *meth;
@@ -165,13 +159,16 @@ struct dsa_st
        ENGINE *engine;
        };
-#define DSAparams_dup(x) ASN1_dup_of_const(DSA,i2d_DSAparams,d2i_DSAparams,x)
+#define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \
+                (char *(*)())d2i_DSAparams,(char *)(x))
 #define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
                (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
 #define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
                (unsigned char *)(x))
-#define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x)
+#define d2i_DSAparams_bio(bp,x) (DSA *)ASN1_d2i_bio((char *(*)())DSA_new, \
-#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x)
+                (char *(*)())d2i_DSAparams,(bp),(unsigned char **)(x))
+#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio(i2d_DSAparams,(bp), \
+                (unsigned char *)(x))
 DSA_SIG * DSA_SIG_new(void);
@@ -209,20 +206,10 @@ void *DSA_get_ex_data(DSA *d, int idx);
 DSA *   d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
 DSA *   d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
 DSA *   d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
-/* Deprecated version */
-#ifndef OPENSSL_NO_DEPRECATED
 DSA *   DSA_generate_parameters(int bits,
                unsigned char *seed,int seed_len,
                int *counter_ret, unsigned long *h_ret,void
                (*callback)(int, int, void *),void *cb_arg);
-#endif /* !defined(OPENSSL_NO_DEPRECATED) */
-/* New version */
-int     DSA_generate_parameters_ex(DSA *dsa, int bits,
-                unsigned char *seed,int seed_len,
-                int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
 int     DSA_generate_key(DSA *a);
 int     i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
 int     i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
diff --git a/src/lib/libcrypto/dsa/dsa_err.c b/src/lib/libcrypto/dsa/dsa_err.c
index 768711994b..d7fac69154 100644
--- a/src/lib/libcrypto/dsa/dsa_err.c
+++ b/src/lib/libcrypto/dsa/dsa_err.c
@@ -100,12 +100,15 @@ static ERR_STRING_DATA DSA_str_reasons[]=
 void ERR_load_DSA_strings(void)
        {
-#ifndef OPENSSL_NO_ERR
+        static int init=1;
-        if (ERR_func_error_string(DSA_str_functs[0].error) == NULL)
+        if (init)
                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
                ERR_load_strings(0,DSA_str_functs);
                ERR_load_strings(0,DSA_str_reasons);
-                }
 #endif
+                }
        }
diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c
index ca0b86a6cf..e40afeea51 100644
--- a/src/lib/libcrypto/dsa/dsa_gen.c
+++ b/src/lib/libcrypto/dsa/dsa_gen.c
@@ -69,8 +69,6 @@
 #define HASH    EVP_sha1()
 #endif 
-#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */
 #ifndef OPENSSL_NO_SHA
 #include <stdio.h>
@@ -82,24 +80,12 @@
 #include <openssl/rand.h>
 #include <openssl/sha.h>
-static int dsa_builtin_paramgen(DSA *ret, int bits,
+#ifndef OPENSSL_FIPS
-                unsigned char *seed_in, int seed_len,
+DSA *DSA_generate_parameters(int bits,
-                int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
-int DSA_generate_parameters_ex(DSA *ret, int bits,
-                unsigned char *seed_in, int seed_len,
-                int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
-        {
-        if(ret->meth->dsa_paramgen)
-                return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
-                                counter_ret, h_ret, cb);
-        return dsa_builtin_paramgen(ret, bits, seed_in, seed_len,
-                        counter_ret, h_ret, cb);
-        }
-static int dsa_builtin_paramgen(DSA *ret, int bits,
                unsigned char *seed_in, int seed_len,
-                int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
+                int *counter_ret, unsigned long *h_ret,
+                void (*callback)(int, int, void *),
+                void *cb_arg)
        {
        int ok=0;
        unsigned char seed[SHA_DIGEST_LENGTH];
@@ -111,43 +97,40 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
        int k,n=0,i,b,m=0;
        int counter=0;
        int r=0;
-        BN_CTX *ctx=NULL;
+        BN_CTX *ctx=NULL,*ctx2=NULL,*ctx3=NULL;
        unsigned int h=2;
+        DSA *ret=NULL;
        if (bits < 512) bits=512;
        bits=(bits+63)/64*64;
-        /* NB: seed_len == 0 is special case: copy generated seed to
+        if (seed_len < 20)
-         * seed_in if it is not NULL.
-         */
-        if (seed_len && (seed_len < 20))
                seed_in = NULL; /* seed buffer too small -- ignore */
        if (seed_len > 20) 
                seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
                                * but our internal buffers are restricted to 160 bits*/
        if ((seed_in != NULL) && (seed_len == 20))
-                {
                memcpy(seed,seed_in,seed_len);
-                /* set seed_in to NULL to avoid it being copied back */
-                seed_in = NULL;
-                }
        if ((ctx=BN_CTX_new()) == NULL) goto err;
+        if ((ctx2=BN_CTX_new()) == NULL) goto err;
+        if ((ctx3=BN_CTX_new()) == NULL) goto err;
+        if ((ret=DSA_new()) == NULL) goto err;
        if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
-        BN_CTX_start(ctx);
+        BN_CTX_start(ctx2);
-        r0 = BN_CTX_get(ctx);
+        r0 = BN_CTX_get(ctx2);
-        g = BN_CTX_get(ctx);
+        g = BN_CTX_get(ctx2);
-        W = BN_CTX_get(ctx);
+        W = BN_CTX_get(ctx2);
-        q = BN_CTX_get(ctx);
+        q = BN_CTX_get(ctx2);
-        X = BN_CTX_get(ctx);
+        X = BN_CTX_get(ctx2);
-        c = BN_CTX_get(ctx);
+        c = BN_CTX_get(ctx2);
-        p = BN_CTX_get(ctx);
+        p = BN_CTX_get(ctx2);
-        test = BN_CTX_get(ctx);
+        test = BN_CTX_get(ctx2);
+        if (test == NULL) goto err;
-        if (!BN_lshift(test,BN_value_one(),bits-1))
+        if (!BN_lshift(test,BN_value_one(),bits-1)) goto err;
-                goto err;
        for (;;)
                {
@@ -156,8 +139,7 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
                        int seed_is_random;
                        /* step 1 */
-                        if(!BN_GENCB_call(cb, 0, m++))
+                        if (callback != NULL) callback(0,m++,cb_arg);
-                                goto err;
                        if (!seed_len)
                                {
@@ -190,8 +172,7 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
                        if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err;
                        /* step 4 */
-                        r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
+                        r = BN_is_prime_fasttest(q, DSS_prime_checks, callback, ctx3, cb_arg, seed_is_random);
-                                        seed_is_random, cb);
                        if (r > 0)
                                break;
                        if (r != 0)
@@ -201,8 +182,8 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
                        /* step 5 */
                        }
-                if(!BN_GENCB_call(cb, 2, 0)) goto err;
+                if (callback != NULL) callback(2,0,cb_arg);
-                if(!BN_GENCB_call(cb, 3, 0)) goto err;
+                if (callback != NULL) callback(3,0,cb_arg);
                /* step 6 */
                counter=0;
@@ -213,11 +194,11 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
                for (;;)
                        {
-                        if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
+                        if (callback != NULL && counter != 0)
-                                goto err;
+                                callback(0,counter,cb_arg);
                        /* step 7 */
-                        BN_zero(W);
+                        if (!BN_zero(W)) goto err;
                        /* now 'buf' contains "SEED + offset - 1" */
                        for (k=0; k<=n; k++)
                                {
@@ -252,8 +233,7 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
                        if (BN_cmp(p,test) >= 0)
                                {
                                /* step 11 */
-                                r = BN_is_prime_fasttest_ex(p, DSS_prime_checks,
+                                r = BN_is_prime_fasttest(p, DSS_prime_checks, callback, ctx3, cb_arg, 1);
-                                                ctx, 1, cb);
                                if (r > 0)
                                                goto end; /* found it */
                                if (r != 0)
@@ -269,8 +249,7 @@ static int dsa_builtin_paramgen(DSA *ret, int bits,
                        }
                }
 end:
-        if(!BN_GENCB_call(cb, 2, 1))
+        if (callback != NULL) callback(2,1,cb_arg);
-                goto err;
        /* We now need to generate g */
        /* Set r0=(p-1)/q */
@@ -289,16 +268,16 @@ end:
                h++;
                }
-        if(!BN_GENCB_call(cb, 3, 1))
+        if (callback != NULL) callback(3,1,cb_arg);
-                goto err;
        ok=1;
 err:
-        if (ok)
+        if (!ok)
+                {
+                if (ret != NULL) DSA_free(ret);
+                }
+        else
                {
-                if(ret->p) BN_free(ret->p);
-                if(ret->q) BN_free(ret->q);
-                if(ret->g) BN_free(ret->g);
                ret->p=BN_dup(p);
                ret->q=BN_dup(q);
                ret->g=BN_dup(g);
@@ -307,16 +286,20 @@ err:
                        ok=0;
                        goto err;
                        }
-                if (seed_in != NULL) memcpy(seed_in,seed,20);
+                if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20);
                if (counter_ret != NULL) *counter_ret=counter;
                if (h_ret != NULL) *h_ret=h;
                }
-        if(ctx)
+        if (ctx != NULL) BN_CTX_free(ctx);
+        if (ctx2 != NULL)
                {
-                BN_CTX_end(ctx);
+                BN_CTX_end(ctx2);
-                BN_CTX_free(ctx);
+                BN_CTX_free(ctx2);
                }
+        if (ctx3 != NULL) BN_CTX_free(ctx3);
        if (mont != NULL) BN_MONT_CTX_free(mont);
-        return ok;
+        return(ok?ret:NULL);
        }
-#endif
+#endif /* ndef OPENSSL_FIPS */
+#endif /* ndef OPENSSL_NO_SHA */
diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c
index c4aa86bc6d..980b6dc2d3 100644
--- a/src/lib/libcrypto/dsa/dsa_key.c
+++ b/src/lib/libcrypto/dsa/dsa_key.c
@@ -56,25 +56,17 @@
 * [including the GNU Public Licence.]
 */
+#ifndef OPENSSL_NO_SHA
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
-#ifndef OPENSSL_NO_SHA
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
-static int dsa_builtin_keygen(DSA *dsa);
+#ifndef OPENSSL_FIPS
 int DSA_generate_key(DSA *dsa)
        {
-        if(dsa->meth->dsa_keygen)
-                return dsa->meth->dsa_keygen(dsa);
-        return dsa_builtin_keygen(dsa);
-        }
-static int dsa_builtin_keygen(DSA *dsa)
-        {
        int ok=0;
        BN_CTX *ctx=NULL;
        BIGNUM *pub_key=NULL,*priv_key=NULL;
@@ -107,7 +99,7 @@ static int dsa_builtin_keygen(DSA *dsa)
                        {
                        BN_init(&local_prk);
                        prk = &local_prk;
-                        BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
+                        BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
                        }
                else
                        prk = priv_key;
@@ -126,3 +118,4 @@ err:
        return(ok);
        }
 #endif
+#endif
diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c
index e9b75902db..4171af24c6 100644
--- a/src/lib/libcrypto/dsa/dsa_lib.c
+++ b/src/lib/libcrypto/dsa/dsa_lib.c
@@ -66,11 +66,8 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT;
+const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
 static const DSA_METHOD *default_DSA_method = NULL;
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index 75ff7cc4af..5de5fc7e91 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -65,63 +65,33 @@
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
+#ifndef OPENSSL_FIPS
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
 static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
 static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                  DSA *dsa);
 static int dsa_init(DSA *dsa);
 static int dsa_finish(DSA *dsa);
+static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
+                BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
+                BN_MONT_CTX *in_mont);
+static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                                const BIGNUM *m, BN_CTX *ctx,
+                                BN_MONT_CTX *m_ctx);
 static DSA_METHOD openssl_dsa_meth = {
 "OpenSSL DSA method",
 dsa_do_sign,
 dsa_sign_setup,
 dsa_do_verify,
-NULL, /* dsa_mod_exp, */
+dsa_mod_exp,
-NULL, /* dsa_bn_mod_exp, */
+dsa_bn_mod_exp,
 dsa_init,
 dsa_finish,
 0,
-NULL,
-NULL,
 NULL
 };
-/* These macro wrappers replace attempts to use the dsa_mod_exp() and
- * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of
- * having a the macro work as an expression by bundling an "err_instr". So;
- * 
- *     if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
- *                 dsa->method_mont_p)) goto err;
- *
- * can be replaced by;
- *
- *     DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, &k, dsa->p, ctx,
- *                 dsa->method_mont_p);
- */
-#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
-        do { \
-        int _tmp_res53; \
-        if((dsa)->meth->dsa_mod_exp) \
-                _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \
-                                (a2), (p2), (m), (ctx), (in_mont)); \
-        else \
-                _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \
-                                (m), (ctx), (in_mont)); \
-        if(!_tmp_res53) err_instr; \
-        } while(0)
-#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
-        do { \
-        int _tmp_res53; \
-        if((dsa)->meth->bn_mod_exp) \
-                _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \
-                                (m), (ctx), (m_ctx)); \
-        else \
-                _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \
-        if(!_tmp_res53) err_instr; \
-        } while(0)
 const DSA_METHOD *DSA_OpenSSL(void)
 {
        return &openssl_dsa_meth;
@@ -229,12 +199,12 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
        while (BN_is_zero(&k));
        if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
                {
-                BN_set_flags(&k, BN_FLG_CONSTTIME);
+                BN_set_flags(&k, BN_FLG_EXP_CONSTTIME);
                }
        if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
                {
-                if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
+                if (!BN_MONT_CTX_set_locked((BN_MONT_CTX **)&dsa->method_mont_p,
                                                CRYPTO_LOCK_DSA,
                                                dsa->p, ctx))
                        goto err;
@@ -264,8 +234,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
                {
                K = &k;
                }
-        DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
+        if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,K,dsa->p,ctx,
-                        dsa->method_mont_p);
+                (BN_MONT_CTX *)dsa->method_mont_p)) goto err;
        if (!BN_mod(r,r,dsa->q,ctx)) goto err;
        /* Compute  part of 's = inv(k) (m + xr) mod q' */
@@ -322,14 +292,12 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
        if ((ctx=BN_CTX_new()) == NULL) goto err;
-        if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
+        if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
-            BN_ucmp(sig->r, dsa->q) >= 0)
                {
                ret = 0;
                goto err;
                }
-        if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
+        if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
-            BN_ucmp(sig->s, dsa->q) >= 0)
                {
                ret = 0;
                goto err;
@@ -351,25 +319,43 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
        if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
                {
-                mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,
+                mont = BN_MONT_CTX_set_locked(
+                                        (BN_MONT_CTX **)&dsa->method_mont_p,
                                        CRYPTO_LOCK_DSA, dsa->p, ctx);
                if (!mont)
                        goto err;
                }
+#if 0
-        DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont);
+        {
+        BIGNUM t2;
+        BN_init(&t2);
+        /* v = ( g^u1 * y^u2 mod p ) mod q */
+        /* let t1 = g ^ u1 mod p */
+        if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err;
+        /* let t2 = y ^ u2 mod p */
+        if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err;
+        /* let u1 = t1 * t2 mod p */
+        if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn;
+        BN_free(&t2);
+        }
+        /* let u1 = u1 mod q */
+        if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
+#else
+        {
+        if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
+                                                dsa->p,ctx,mont)) goto err;
        /* BN_copy(&u1,&t1); */
        /* let u1 = u1 mod q */
        if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
+        }
+#endif
        /* V is now in u1.  If the signature is correct, it will be
         * equal to R. */
        ret=(BN_ucmp(&u1, sig->r) == 0);
        err:
-        /* XXX: surely this is wrong - if ret is 0, it just didn't verify;
-           there is no error in BN. Test should be ret == -1 (Ben) */
        if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
        if (ctx != NULL) BN_CTX_free(ctx);
        BN_free(&u1);
@@ -387,7 +373,21 @@ static int dsa_init(DSA *dsa)
 static int dsa_finish(DSA *dsa)
 {
        if(dsa->method_mont_p)
-                BN_MONT_CTX_free(dsa->method_mont_p);
+                BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p);
        return(1);
 }
+static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
+                BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
+                BN_MONT_CTX *in_mont)
+{
+        return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont);
+}
+        
+static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                                const BIGNUM *m, BN_CTX *ctx,
+                                BN_MONT_CTX *m_ctx)
+{
+        return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
+}
+#endif
diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c
index 89205026f0..37c65efb20 100644
--- a/src/lib/libcrypto/dsa/dsa_sign.c
+++ b/src/lib/libcrypto/dsa/dsa_sign.c
@@ -64,9 +64,18 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/fips.h>
 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        {
+#ifdef OPENSSL_FIPS
+        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
+                && !FIPS_dsa_check(dsa))
+                return NULL;
+#endif
        return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
        }
@@ -87,6 +96,11 @@ int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
        {
+#ifdef OPENSSL_FIPS
+        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
+                && !FIPS_dsa_check(dsa))
+                return 0;
+#endif
        return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
        }
diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c
index c4aeddd056..c9784bed48 100644
--- a/src/lib/libcrypto/dsa/dsa_vrf.c
+++ b/src/lib/libcrypto/dsa/dsa_vrf.c
@@ -65,10 +65,19 @@
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1_mac.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/fips.h>
 int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                  DSA *dsa)
        {
+#ifdef OPENSSL_FIPS
+        if(FIPS_mode() && !(dsa->flags & DSA_FLAG_FIPS_EXTERNAL_METHOD_ALLOW)
+                && !FIPS_dsa_check(dsa))
+                return -1;
+#endif
        return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
        }
diff --git a/src/lib/libcrypto/dsa/dsagen.c b/src/lib/libcrypto/dsa/dsagen.c
new file mode 100644
index 0000000000..1b6a1cca0f
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsagen.c
@@ -0,0 +1,111 @@
+/* crypto/dsa/dsagen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <openssl/dsa.h>
+#define TEST
+#define GENUINE_DSA
+#ifdef GENUINE_DSA
+#define LAST_VALUE 0xbd
+#else
+#define LAST_VALUE 0xd3
+#endif
+#ifdef TEST
+unsigned char seed[20]={
+        0xd5,0x01,0x4e,0x4b,
+        0x60,0xef,0x2b,0xa8,
+        0xb6,0x21,0x1b,0x40,
+        0x62,0xba,0x32,0x24,
+        0xe0,0x42,0x7d,LAST_VALUE};
+#endif
+int cb(int p, int n)
+        {
+        char c='*';
+        if (p == 0) c='.';
+        if (p == 1) c='+';
+        if (p == 2) c='*';
+        if (p == 3) c='\n';
+        printf("%c",c);
+        fflush(stdout);
+        }
+main()
+        {
+        int i;
+        BIGNUM *n;
+        BN_CTX *ctx;
+        unsigned char seed_buf[20];
+        DSA *dsa;
+        int counter,h;
+        BIO *bio_err=NULL;
+        if (bio_err == NULL)
+                bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+        memcpy(seed_buf,seed,20);
+        dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb,bio_err);
+        if (dsa == NULL)
+                DSA_print(bio_err,dsa,0);
+        }
diff --git a/src/lib/libcrypto/dsa/dsatest.c b/src/lib/libcrypto/dsa/dsatest.c
new file mode 100644
index 0000000000..55a3756aff
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsatest.c
@@ -0,0 +1,251 @@
+/* crypto/dsa/dsatest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "../e_os.h"
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#ifdef OPENSSL_NO_DSA
+int main(int argc, char *argv[])
+{
+    printf("No DSA support\n");
+    return(0);
+}
+#else
+#include <openssl/dsa.h>
+#ifdef OPENSSL_SYS_WIN16
+#define MS_CALLBACK     _far _loadds
+#else
+#define MS_CALLBACK
+#endif
+static void MS_CALLBACK dsa_cb(int p, int n, void *arg);
+/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
+ * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
+static unsigned char seed[20]={
+        0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
+        0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
+        };
+static unsigned char out_p[]={
+        0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa,
+        0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb,
+        0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7,
+        0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5,
+        0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf,
+        0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac,
+        0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2,
+        0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91,
+        };
+static unsigned char out_q[]={
+        0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee,
+        0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e,
+        0xda,0xce,0x91,0x5f,
+        };
+static unsigned char out_g[]={
+        0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13,
+        0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00,
+        0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb,
+        0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e,
+        0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf,
+        0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c,
+        0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c,
+        0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02,
+        };
+static const unsigned char str1[]="12345678901234567890";
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+static BIO *bio_err=NULL;
+int main(int argc, char **argv)
+        {
+        DSA *dsa=NULL;
+        int counter,ret=0,i,j;
+        unsigned char buf[256];
+        unsigned long h;
+        unsigned char sig[256];
+        unsigned int siglen;
+        if (bio_err == NULL)
+                bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+        CRYPTO_malloc_debug_init();
+        CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+        ERR_load_crypto_strings();
+        RAND_seed(rnd_seed, sizeof rnd_seed);
+        BIO_printf(bio_err,"test generation of DSA parameters\n");
+        dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,bio_err);
+        BIO_printf(bio_err,"seed\n");
+        for (i=0; i<20; i+=4)
+                {
+                BIO_printf(bio_err,"%02X%02X%02X%02X ",
+                        seed[i],seed[i+1],seed[i+2],seed[i+3]);
+                }
+        BIO_printf(bio_err,"\ncounter=%d h=%d\n",counter,h);
+                
+        if (dsa == NULL) goto end;
+        DSA_print(bio_err,dsa,0);
+        if (counter != 105) 
+                {
+                BIO_printf(bio_err,"counter should be 105\n");
+                goto end;
+                }
+        if (h != 2)
+                {
+                BIO_printf(bio_err,"h should be 2\n");
+                goto end;
+                }
+        i=BN_bn2bin(dsa->q,buf);
+        j=sizeof(out_q);
+        if ((i != j) || (memcmp(buf,out_q,i) != 0))
+                {
+                BIO_printf(bio_err,"q value is wrong\n");
+                goto end;
+                }
+        i=BN_bn2bin(dsa->p,buf);
+        j=sizeof(out_p);
+        if ((i != j) || (memcmp(buf,out_p,i) != 0))
+                {
+                BIO_printf(bio_err,"p value is wrong\n");
+                goto end;
+                }
+        i=BN_bn2bin(dsa->g,buf);
+        j=sizeof(out_g);
+        if ((i != j) || (memcmp(buf,out_g,i) != 0))
+                {
+                BIO_printf(bio_err,"g value is wrong\n");
+                goto end;
+                }
+        dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME;
+        DSA_generate_key(dsa);
+        DSA_sign(0, str1, 20, sig, &siglen, dsa);
+        if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
+                ret=1;
+        dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME;
+        DSA_generate_key(dsa);
+        DSA_sign(0, str1, 20, sig, &siglen, dsa);
+        if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
+                ret=1;
+end:
+        if (!ret)
+                ERR_print_errors(bio_err);
+        if (dsa != NULL) DSA_free(dsa);
+        CRYPTO_cleanup_all_ex_data();
+        ERR_remove_state(0);
+        ERR_free_strings();
+        CRYPTO_mem_leaks(bio_err);
+        if (bio_err != NULL)
+                {
+                BIO_free(bio_err);
+                bio_err = NULL;
+                }
+        EXIT(!ret);
+        return(0);
+        }
+static int cb_exit(int ec)
+        {
+        EXIT(ec);
+        return(0);              /* To keep some compilers quiet */
+        }
+static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
+        {
+        char c='*';
+        static int ok=0,num=0;
+        if (p == 0) { c='.'; num++; };
+        if (p == 1) c='+';
+        if (p == 2) { c='*'; ok++; }
+        if (p == 3) c='\n';
+        BIO_write(arg,&c,1);
+        (void)BIO_flush(arg);
+        if (!ok && (p == 0) && (num > 1))
+                {
+                BIO_printf((BIO *)arg,"error in dsatest\n");
+                cb_exit(1);
+                }
+        }
+#endif
diff --git a/src/lib/libcrypto/dsa/fips186a.txt b/src/lib/libcrypto/dsa/fips186a.txt
new file mode 100644
index 0000000000..3a2e0a0d51
--- /dev/null
+++ b/src/lib/libcrypto/dsa/fips186a.txt
@@ -0,0 +1,122 @@
+The origional FIPE 180 used SHA-0 (FIPS 180) for its appendix 5
+examples.  This is an updated version that uses SHA-1 (FIPS 180-1)
+supplied to me by Wei Dai
+--
+                     APPENDIX 5. EXAMPLE OF THE DSA
+This appendix is for informational purposes only and is not required to meet
+the standard.
+Let L = 512 (size of p).  The values in this example are expressed in
+hexadecimal notation.  The p and q given here were generated by the prime
+generation standard described in appendix 2 using the 160-bit SEED:
+          d5014e4b 60ef2ba8 b6211b40 62ba3224 e0427dd3
+With this SEED, the algorithm found p and q when the counter was at 105.
+x was generated by the algorithm described in appendix 3, section 3.1, using
+the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit XSEED:
+XSEED =   
+        bd029bbe 7f51960b cf9edb2b 61f06f0f eb5a38b6
+t =
+        67452301 EFCDAB89 98BADCFE 10325476 C3D2E1F0
+x = G(t,XSEED) mod q
+k was generated by the algorithm described in appendix 3, section 3.2, using
+the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit KSEED:
+KSEED =
+        687a66d9 0648f993 867e121f 4ddf9ddb 01205584
+t =
+        EFCDAB89 98BADCFE 10325476 C3D2E1F0 67452301
+k = G(t,KSEED) mod q
+Finally:
+h = 2
+p =
+        8df2a494 492276aa 3d25759b b06869cb eac0d83a fb8d0cf7
+        cbb8324f 0d7882e5 d0762fc5 b7210eaf c2e9adac 32ab7aac
+        49693dfb f83724c2 ec0736ee 31c80291
+q =
+        c773218c 737ec8ee 993b4f2d ed30f48e dace915f
+g =
+        626d0278 39ea0a13 413163a5 5b4cb500 299d5522 956cefcb
+        3bff10f3 99ce2c2e 71cb9de5 fa24babf 58e5b795 21925c9c
+        c42e9f6f 464b088c c572af53 e6d78802
+x =
+        2070b322 3dba372f de1c0ffc 7b2e3b49 8b260614
+k =
+        358dad57 1462710f 50e254cf 1a376b2b deaadfbf
+kinv = 
+        0d516729 8202e49b 4116ac10 4fc3f415 ae52f917
+M = ASCII form of "abc" (See FIPS PUB 180-1, Appendix A)
+SHA(M) =  
+        a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d
+y =
+        19131871 d75b1612 a819f29d 78d1b0d7 346f7aa7 7bb62a85 
+        9bfd6c56 75da9d21 2d3a36ef 1672ef66 0b8c7c25 5cc0ec74
+        858fba33 f44c0669 9630a76b 030ee333
+r =
+        8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0
+s =
+        41e2345f 1f56df24 58f426d1 55b4ba2d b6dcd8c8
+w =
+        9df4ece5 826be95f ed406d41 b43edc0b 1c18841b
+u1 =
+        bf655bd0 46f0b35e c791b004 804afcbb 8ef7d69d
+u2 =
+        821a9263 12e97ade abcc8d08 2b527897 8a2df4b0
+gu1 mod p =
+        51b1bf86 7888e5f3 af6fb476 9dd016bc fe667a65 aafc2753
+        9063bd3d 2b138b4c e02cc0c0 2ec62bb6 7306c63e 4db95bbf
+        6f96662a 1987a21b e4ec1071 010b6069
+yu2 mod p =
+        8b510071 2957e950 50d6b8fd 376a668e 4b0d633c 1e46e665
+        5c611a72 e2b28483 be52c74d 4b30de61 a668966e dc307a67 
+        c19441f4 22bf3c34 08aeba1f 0a4dbec7
+v =
+        8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0
diff --git a/src/lib/libcrypto/dso/Makefile b/src/lib/libcrypto/dso/Makefile
new file mode 100644
index 0000000000..07f5d8d159
--- /dev/null
+++ b/src/lib/libcrypto/dso/Makefile
@@ -0,0 +1,142 @@
+#
+# OpenSSL/crypto/dso/Makefile
+#
+DIR=    dso
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c \
+        dso_openssl.c dso_win32.c dso_vms.c
+LIBOBJ= dso_dl.o dso_dlfcn.o dso_err.o dso_lib.o dso_null.o \
+        dso_openssl.o dso_win32.o dso_vms.o
+SRC= $(LIBSRC)
+EXHEADER= dso.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+dso_dl.o: ../../e_os.h ../../include/openssl/bio.h
+dso_dl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_dl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_dl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_dl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dso_dl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dso_dl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dso_dl.o: ../cryptlib.h dso_dl.c
+dso_dlfcn.o: ../../e_os.h ../../include/openssl/bio.h
+dso_dlfcn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_dlfcn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_dlfcn.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_dlfcn.o: ../../include/openssl/opensslconf.h
+dso_dlfcn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dso_dlfcn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_dlfcn.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_dlfcn.c
+dso_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+dso_err.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dso_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dso_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dso_err.o: dso_err.c
+dso_lib.o: ../../e_os.h ../../include/openssl/bio.h
+dso_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_lib.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dso_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dso_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dso_lib.o: ../cryptlib.h dso_lib.c
+dso_null.o: ../../e_os.h ../../include/openssl/bio.h
+dso_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_null.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_null.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_null.o: ../../include/openssl/opensslconf.h
+dso_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dso_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_null.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_null.c
+dso_openssl.o: ../../e_os.h ../../include/openssl/bio.h
+dso_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_openssl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_openssl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_openssl.o: ../../include/openssl/opensslconf.h
+dso_openssl.o: ../../include/openssl/opensslv.h
+dso_openssl.o: ../../include/openssl/ossl_typ.h
+dso_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_openssl.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_openssl.c
+dso_vms.o: ../../e_os.h ../../include/openssl/bio.h
+dso_vms.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_vms.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_vms.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_vms.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dso_vms.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dso_vms.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dso_vms.o: ../cryptlib.h dso_vms.c
+dso_win32.o: ../../e_os.h ../../include/openssl/bio.h
+dso_win32.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_win32.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_win32.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_win32.o: ../../include/openssl/opensslconf.h
+dso_win32.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dso_win32.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_win32.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_win32.c
diff --git a/src/lib/libcrypto/dso/Makefile.ssl b/src/lib/libcrypto/dso/Makefile.ssl
new file mode 100644
index 0000000000..c0449d184e
--- /dev/null
+++ b/src/lib/libcrypto/dso/Makefile.ssl
@@ -0,0 +1,142 @@
+#
+# SSLeay/crypto/dso/Makefile
+#
+DIR=    dso
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c \
+        dso_openssl.c dso_win32.c dso_vms.c
+LIBOBJ= dso_dl.o dso_dlfcn.o dso_err.o dso_lib.o dso_null.o \
+        dso_openssl.o dso_win32.o dso_vms.o
+SRC= $(LIBSRC)
+EXHEADER= dso.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+dso_dl.o: ../../e_os.h ../../include/openssl/bio.h
+dso_dl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_dl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_dl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_dl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dso_dl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_dl.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_dl.c
+dso_dlfcn.o: ../../e_os.h ../../include/openssl/bio.h
+dso_dlfcn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_dlfcn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_dlfcn.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_dlfcn.o: ../../include/openssl/opensslconf.h
+dso_dlfcn.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+dso_dlfcn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dso_dlfcn.o: ../cryptlib.h dso_dlfcn.c
+dso_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+dso_err.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dso_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_err.o: ../../include/openssl/symhacks.h dso_err.c
+dso_lib.o: ../../e_os.h ../../include/openssl/bio.h
+dso_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_lib.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dso_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_lib.c
+dso_null.o: ../../e_os.h ../../include/openssl/bio.h
+dso_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_null.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_null.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_null.o: ../../include/openssl/opensslconf.h
+dso_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+dso_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dso_null.o: ../cryptlib.h dso_null.c
+dso_openssl.o: ../../e_os.h ../../include/openssl/bio.h
+dso_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_openssl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_openssl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_openssl.o: ../../include/openssl/opensslconf.h
+dso_openssl.o: ../../include/openssl/opensslv.h
+dso_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_openssl.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_openssl.c
+dso_vms.o: ../../e_os.h ../../include/openssl/bio.h
+dso_vms.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_vms.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_vms.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_vms.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dso_vms.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_vms.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_vms.c
+dso_win32.o: ../../e_os.h ../../include/openssl/bio.h
+dso_win32.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_win32.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_win32.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_win32.o: ../../include/openssl/opensslconf.h
+dso_win32.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+dso_win32.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dso_win32.o: ../cryptlib.h dso_win32.c
diff --git a/src/lib/libcrypto/dso/README b/src/lib/libcrypto/dso/README
new file mode 100644
index 0000000000..d0bc9a89fb
--- /dev/null
+++ b/src/lib/libcrypto/dso/README
@@ -0,0 +1,22 @@
+NOTES
+-----
+I've checked out HPUX (well, version 11 at least) and shl_t is
+a pointer type so it's safe to use in the way it has been in
+dso_dl.c. On the other hand, HPUX11 support dlfcn too and
+according to their man page, prefer developers to move to that.
+I'll leave Richard's changes there as I guess dso_dl is needed
+for HPUX10.20.
+There is now a callback scheme in place where filename conversion can
+(a) be turned off altogether through the use of the
+    DSO_FLAG_NO_NAME_TRANSLATION flag,
+(b) be handled by default using the default DSO_METHOD's converter
+(c) overriden per-DSO by setting the override callback
+(d) a mix of (b) and (c) - eg. implement an override callback that;
+    (i) checks if we're win32 (if(strstr(dso->meth->name, "win32")....)
+        and if so, convert "blah" into "blah32.dll" (the default is
+        otherwise to make it "blah.dll").
+    (ii) default to the normal behaviour - we're not on win32, eg.
+         finish with (return dso->meth->dso_name_converter(dso,NULL)).
diff --git a/src/lib/libcrypto/dso/dso.h b/src/lib/libcrypto/dso/dso.h
index 3e51913a72..aa721f7feb 100644
--- a/src/lib/libcrypto/dso/dso.h
+++ b/src/lib/libcrypto/dso/dso.h
@@ -1,4 +1,4 @@
-/* dso.h -*- mode:C; c-file-style: "eay" -*- */
+/* dso.h */
 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
@@ -95,13 +95,6 @@ extern "C" {
 */
 #define DSO_FLAG_UPCASE_SYMBOL                  0x10
-/* This flag loads the library with public symbols.
- * Meaning: The exported symbols of this library are public
- * to all libraries loaded after this library.
- * At the moment only implemented in unix.
- */
-#define DSO_FLAG_GLOBAL_SYMBOLS                 0x20
 typedef void (*DSO_FUNC_TYPE)(void);
@@ -114,22 +107,6 @@ typedef struct dso_st DSO;
 * condition) or a newly allocated string containing the transformed form that
 * the caller will need to free with OPENSSL_free() when done. */
 typedef char* (*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *);
-/* The function prototype used for method functions (or caller-provided
- * callbacks) that merge two file specifications. They are passed a
- * DSO structure pointer (or NULL if they are to be used independantly of
- * a DSO object) and two file specifications to merge. They should
- * either return NULL (if there is an error condition) or a newly allocated
- * string containing the result of merging that the caller will need
- * to free with OPENSSL_free() when done.
- * Here, merging means that bits and pieces are taken from each of the
- * file specifications and added together in whatever fashion that is
- * sensible for the DSO method in question.  The only rule that really
- * applies is that if the two specification contain pieces of the same
- * type, the copy from the first string takes priority.  One could see
- * it as the first specification is the one given by the user and the
- * second being a bunch of defaults to add on if they're missing in the
- * first. */
-typedef char* (*DSO_MERGER_FUNC)(DSO *, const char *, const char *);
 typedef struct dso_meth_st
        {
@@ -163,9 +140,6 @@ typedef struct dso_meth_st
        /* The default DSO_METHOD-specific function for converting filenames to
         * a canonical native form. */
        DSO_NAME_CONVERTER_FUNC dso_name_converter;
-        /* The default DSO_METHOD-specific function for converting filenames to
-         * a canonical native form. */
-        DSO_MERGER_FUNC dso_merger;
        /* [De]Initialisation handlers. */
        int (*init)(DSO *dso);
@@ -190,13 +164,9 @@ struct dso_st
         * don't touch meth_data! */
        CRYPTO_EX_DATA ex_data;
        /* If this callback function pointer is set to non-NULL, then it will
-         * be used in DSO_load() in place of meth->dso_name_converter. NB: This
+         * be used on DSO_load() in place of meth->dso_name_converter. NB: This
         * should normally set using DSO_set_name_converter(). */
        DSO_NAME_CONVERTER_FUNC name_converter;
-        /* If this callback function pointer is set to non-NULL, then it will
-         * be used in DSO_load() in place of meth->dso_merger. NB: This
-         * should normally set using DSO_set_merger(). */
-        DSO_MERGER_FUNC merger;
        /* This is populated with (a copy of) the platform-independant
         * filename used for this DSO. */
        char *filename;
@@ -239,11 +209,6 @@ int	DSO_set_filename(DSO *dso, const char *filename);
 * caller-created DSO_METHODs can do the same thing. A non-NULL return value
 * will need to be OPENSSL_free()'d. */
 char    *DSO_convert_filename(DSO *dso, const char *filename);
-/* This function will invoke the DSO's merger callback to merge two file
- * specifications, or if the callback isn't set it will instead use the
- * DSO_METHOD's merger.  A non-NULL return value will need to be
- * OPENSSL_free()'d. */
-char    *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2);
 /* If the DSO is currently loaded, this returns the filename that it was loaded
 * under, otherwise it returns NULL. So it is also useful as a test as to
 * whether the DSO is currently loaded. NB: This will not necessarily return
@@ -308,13 +273,11 @@ void ERR_load_DSO_strings(void);
 #define DSO_F_DLFCN_BIND_FUNC                            100
 #define DSO_F_DLFCN_BIND_VAR                             101
 #define DSO_F_DLFCN_LOAD                                 102
-#define DSO_F_DLFCN_MERGER                               130
 #define DSO_F_DLFCN_NAME_CONVERTER                       123
 #define DSO_F_DLFCN_UNLOAD                               103
 #define DSO_F_DL_BIND_FUNC                               104
 #define DSO_F_DL_BIND_VAR                                105
 #define DSO_F_DL_LOAD                                    106
-#define DSO_F_DL_MERGER                                  131
 #define DSO_F_DL_NAME_CONVERTER                          124
 #define DSO_F_DL_UNLOAD                                  107
 #define DSO_F_DSO_BIND_FUNC                              108
@@ -325,36 +288,27 @@ void ERR_load_DSO_strings(void);
 #define DSO_F_DSO_GET_FILENAME                           127
 #define DSO_F_DSO_GET_LOADED_FILENAME                    128
 #define DSO_F_DSO_LOAD                                   112
-#define DSO_F_DSO_MERGE                                  132
 #define DSO_F_DSO_NEW_METHOD                             113
 #define DSO_F_DSO_SET_FILENAME                           129
 #define DSO_F_DSO_SET_NAME_CONVERTER                     122
 #define DSO_F_DSO_UP_REF                                 114
-#define DSO_F_VMS_BIND_SYM                               115
+#define DSO_F_VMS_BIND_VAR                               115
 #define DSO_F_VMS_LOAD                                   116
-#define DSO_F_VMS_MERGER                                 133
 #define DSO_F_VMS_UNLOAD                                 117
 #define DSO_F_WIN32_BIND_FUNC                            118
 #define DSO_F_WIN32_BIND_VAR                             119
-#define DSO_F_WIN32_JOINER                               135
 #define DSO_F_WIN32_LOAD                                 120
-#define DSO_F_WIN32_MERGER                               134
 #define DSO_F_WIN32_NAME_CONVERTER                       125
-#define DSO_F_WIN32_SPLITTER                             136
 #define DSO_F_WIN32_UNLOAD                               121
 /* Reason codes. */
 #define DSO_R_CTRL_FAILED                                100
 #define DSO_R_DSO_ALREADY_LOADED                         110
-#define DSO_R_EMPTY_FILE_STRUCTURE                       113
-#define DSO_R_FAILURE                                    114
 #define DSO_R_FILENAME_TOO_BIG                           101
 #define DSO_R_FINISH_FAILED                              102
-#define DSO_R_INCORRECT_FILE_SYNTAX                      115
 #define DSO_R_LOAD_FAILED                                103
 #define DSO_R_NAME_TRANSLATION_FAILED                    109
 #define DSO_R_NO_FILENAME                                111
-#define DSO_R_NO_FILE_SPECIFICATION                      116
 #define DSO_R_NULL_HANDLE                                104
 #define DSO_R_SET_FILENAME_FAILED                        112
 #define DSO_R_STACK_ERROR                                105
diff --git a/src/lib/libcrypto/dso/dso_dl.c b/src/lib/libcrypto/dso/dso_dl.c
new file mode 100644
index 0000000000..f7b4dfc0c3
--- /dev/null
+++ b/src/lib/libcrypto/dso/dso_dl.c
@@ -0,0 +1,317 @@
+/* dso_dl.c */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#ifndef DSO_DL
+DSO_METHOD *DSO_METHOD_dl(void)
+       {
+       return NULL;
+       }
+#else
+#include <dl.h>
+/* Part of the hack in "dl_load" ... */
+#define DSO_MAX_TRANSLATED_SIZE 256
+static int dl_load(DSO *dso);
+static int dl_unload(DSO *dso);
+static void *dl_bind_var(DSO *dso, const char *symname);
+static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname);
+#if 0
+static int dl_unbind_var(DSO *dso, char *symname, void *symptr);
+static int dl_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
+static int dl_init(DSO *dso);
+static int dl_finish(DSO *dso);
+static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg);
+#endif
+static char *dl_name_converter(DSO *dso, const char *filename);
+static DSO_METHOD dso_meth_dl = {
+        "OpenSSL 'dl' shared library method",
+        dl_load,
+        dl_unload,
+        dl_bind_var,
+        dl_bind_func,
+/* For now, "unbind" doesn't exist */
+#if 0
+        NULL, /* unbind_var */
+        NULL, /* unbind_func */
+#endif
+        NULL, /* ctrl */
+        dl_name_converter,
+        NULL, /* init */
+        NULL  /* finish */
+        };
+DSO_METHOD *DSO_METHOD_dl(void)
+        {
+        return(&dso_meth_dl);
+        }
+/* For this DSO_METHOD, our meth_data STACK will contain;
+ * (i) the handle (shl_t) returned from shl_load().
+ * NB: I checked on HPUX11 and shl_t is itself a pointer
+ * type so the cast is safe.
+ */
+static int dl_load(DSO *dso)
+        {
+        shl_t ptr = NULL;
+        /* We don't do any fancy retries or anything, just take the method's
+         * (or DSO's if it has the callback set) best translation of the
+         * platform-independant filename and try once with that. */
+        char *filename= DSO_convert_filename(dso, NULL);
+        if(filename == NULL)
+                {
+                DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME);
+                goto err;
+                }
+        ptr = shl_load(filename, BIND_IMMEDIATE |
+                (dso->flags&DSO_FLAG_NO_NAME_TRANSLATION?0:DYNAMIC_PATH), 0L);
+        if(ptr == NULL)
+                {
+                DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED);
+                ERR_add_error_data(4, "filename(", filename, "): ",
+                        strerror(errno));
+                goto err;
+                }
+        if(!sk_push(dso->meth_data, (char *)ptr))
+                {
+                DSOerr(DSO_F_DL_LOAD,DSO_R_STACK_ERROR);
+                goto err;
+                }
+        /* Success, stick the converted filename we've loaded under into the DSO
+         * (it also serves as the indicator that we are currently loaded). */
+        dso->loaded_filename = filename;
+        return(1);
+err:
+        /* Cleanup! */
+        if(filename != NULL)
+                OPENSSL_free(filename);
+        if(ptr != NULL)
+                shl_unload(ptr);
+        return(0);
+        }
+static int dl_unload(DSO *dso)
+        {
+        shl_t ptr;
+        if(dso == NULL)
+                {
+                DSOerr(DSO_F_DL_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if(sk_num(dso->meth_data) < 1)
+                return(1);
+        /* Is this statement legal? */
+        ptr = (shl_t)sk_pop(dso->meth_data);
+        if(ptr == NULL)
+                {
+                DSOerr(DSO_F_DL_UNLOAD,DSO_R_NULL_HANDLE);
+                /* Should push the value back onto the stack in
+                 * case of a retry. */
+                sk_push(dso->meth_data, (char *)ptr);
+                return(0);
+                }
+        shl_unload(ptr);
+        return(1);
+        }
+static void *dl_bind_var(DSO *dso, const char *symname)
+        {
+        shl_t ptr;
+        void *sym;
+        if((dso == NULL) || (symname == NULL))
+                {
+                DSOerr(DSO_F_DL_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
+                return(NULL);
+                }
+        if(sk_num(dso->meth_data) < 1)
+                {
+                DSOerr(DSO_F_DL_BIND_VAR,DSO_R_STACK_ERROR);
+                return(NULL);
+                }
+        ptr = (shl_t)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+        if(ptr == NULL)
+                {
+                DSOerr(DSO_F_DL_BIND_VAR,DSO_R_NULL_HANDLE);
+                return(NULL);
+                }
+        if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0)
+                {
+                DSOerr(DSO_F_DL_BIND_VAR,DSO_R_SYM_FAILURE);
+                ERR_add_error_data(4, "symname(", symname, "): ",
+                        strerror(errno));
+                return(NULL);
+                }
+        return(sym);
+        }
+static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname)
+        {
+        shl_t ptr;
+        void *sym;
+        if((dso == NULL) || (symname == NULL))
+                {
+                DSOerr(DSO_F_DL_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
+                return(NULL);
+                }
+        if(sk_num(dso->meth_data) < 1)
+                {
+                DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_STACK_ERROR);
+                return(NULL);
+                }
+        ptr = (shl_t)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+        if(ptr == NULL)
+                {
+                DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_NULL_HANDLE);
+                return(NULL);
+                }
+        if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0)
+                {
+                DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_SYM_FAILURE);
+                ERR_add_error_data(4, "symname(", symname, "): ",
+                        strerror(errno));
+                return(NULL);
+                }
+        return((DSO_FUNC_TYPE)sym);
+        }
+/* This function is identical to the one in dso_dlfcn.c, but as it is highly
+ * unlikely that both the "dl" *and* "dlfcn" variants are being compiled at the
+ * same time, there's no great duplicating the code. Figuring out an elegant 
+ * way to share one copy of the code would be more difficult and would not
+ * leave the implementations independant. */
+#if defined(__hpux)
+static const char extension[] = ".sl";
+#else
+static const char extension[] = ".so";
+#endif
+static char *dl_name_converter(DSO *dso, const char *filename)
+        {
+        char *translated;
+        int len, rsize, transform;
+        len = strlen(filename);
+        rsize = len + 1;
+        transform = (strstr(filename, "/") == NULL);
+                {
+                /* We will convert this to "%s.s?" or "lib%s.s?" */
+                rsize += strlen(extension);/* The length of ".s?" */
+                if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+                        rsize += 3; /* The length of "lib" */
+                }
+        translated = OPENSSL_malloc(rsize);
+        if(translated == NULL)
+                {
+                DSOerr(DSO_F_DL_NAME_CONVERTER,
+                                DSO_R_NAME_TRANSLATION_FAILED); 
+                return(NULL);   
+                }
+        if(transform)
+                {
+                if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+                        sprintf(translated, "lib%s%s", filename, extension);
+                else
+                        sprintf(translated, "%s%s", filename, extension);
+                }
+        else
+                sprintf(translated, "%s", filename);
+        return(translated);
+        }
+#ifdef OPENSSL_FIPS
+static void dl_ref_point(){}
+int DSO_pathbyaddr(void *addr,char *path,int sz)
+        {
+        struct shl_descriptor inf;
+        int i,len;
+        if (addr == NULL)
+                {
+                union { void(*f)(); void *p; } t = { dl_ref_point };
+                addr = t.p;
+                }
+        for (i=-1;shl_get_r(i,&inf)==0;i++)
+                {
+                if (((size_t)addr >= inf.tstart && (size_t)addr < inf.tend) ||
+                    ((size_t)addr >= inf.dstart && (size_t)addr < inf.dend))
+                        {
+                        len = (int)strlen(inf.filename);
+                        if (sz <= 0) return len+1;
+                        if (len >= sz) len=sz-1;
+                        memcpy(path,inf.filename,len);
+                        path[len++] = 0;
+                        return len;
+                        }
+                }
+        return -1;
+        }
+#endif
+#endif /* DSO_DL */
diff --git a/src/lib/libcrypto/dso/dso_dlfcn.c b/src/lib/libcrypto/dso/dso_dlfcn.c
index 1fd10104c5..d48b4202f2 100644
--- a/src/lib/libcrypto/dso/dso_dlfcn.c
+++ b/src/lib/libcrypto/dso/dso_dlfcn.c
@@ -1,4 +1,4 @@
-/* dso_dlfcn.c -*- mode:C; c-file-style: "eay" -*- */
+/* dso_dlfcn.c */
 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
@@ -56,6 +56,10 @@
 *
 */
+#ifdef __linux
+#define _GNU_SOURCE
+#endif
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/dso.h>
@@ -85,8 +89,6 @@ static int dlfcn_finish(DSO *dso);
 static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg);
 #endif
 static char *dlfcn_name_converter(DSO *dso, const char *filename);
-static char *dlfcn_merger(DSO *dso, const char *filespec1,
-        const char *filespec2);
 static DSO_METHOD dso_meth_dlfcn = {
        "OpenSSL 'dlfcn' shared library method",
@@ -101,7 +103,6 @@ static DSO_METHOD dso_meth_dlfcn = {
 #endif
        NULL, /* ctrl */
        dlfcn_name_converter,
-        dlfcn_merger,
        NULL, /* init */
        NULL  /* finish */
        };
@@ -144,19 +145,13 @@ static int dlfcn_load(DSO *dso)
        void *ptr = NULL;
        /* See applicable comments in dso_dl.c */
        char *filename = DSO_convert_filename(dso, NULL);
-        int flags = DLOPEN_FLAG;
        if(filename == NULL)
                {
                DSOerr(DSO_F_DLFCN_LOAD,DSO_R_NO_FILENAME);
                goto err;
                }
+        ptr = dlopen(filename, DLOPEN_FLAG);
-#ifdef RTLD_GLOBAL
-        if (dso->flags & DSO_FLAG_GLOBAL_SYMBOLS)
-                flags |= RTLD_GLOBAL;
-#endif
-        ptr = dlopen(filename, flags);
        if(ptr == NULL)
                {
                DSOerr(DSO_F_DLFCN_LOAD,DSO_R_LOAD_FAILED);
@@ -255,7 +250,7 @@ static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
                DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE);
                return(NULL);
                }
-        *(void **)(tsym) = dlsym(ptr, symname);
+        *(void**)(tsym) = dlsym(ptr, symname);
        if(sym == NULL)
                {
                DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE);
@@ -265,73 +260,6 @@ static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
        return(sym);
        }
-static char *dlfcn_merger(DSO *dso, const char *filespec1,
-        const char *filespec2)
-        {
-        char *merged;
-        if(!filespec1 && !filespec2)
-                {
-                DSOerr(DSO_F_DLFCN_MERGER,
-                                ERR_R_PASSED_NULL_PARAMETER);
-                return(NULL);
-                }
-        /* If the first file specification is a rooted path, it rules.
-           same goes if the second file specification is missing. */
-        if (!filespec2 || filespec1[0] == '/')
-                {
-                merged = OPENSSL_malloc(strlen(filespec1) + 1);
-                if(!merged)
-                        {
-                        DSOerr(DSO_F_DLFCN_MERGER,
-                                ERR_R_MALLOC_FAILURE);
-                        return(NULL);
-                        }
-                strcpy(merged, filespec1);
-                }
-        /* If the first file specification is missing, the second one rules. */
-        else if (!filespec1)
-                {
-                merged = OPENSSL_malloc(strlen(filespec2) + 1);
-                if(!merged)
-                        {
-                        DSOerr(DSO_F_DLFCN_MERGER,
-                                ERR_R_MALLOC_FAILURE);
-                        return(NULL);
-                        }
-                strcpy(merged, filespec2);
-                }
-        else
-                /* This part isn't as trivial as it looks.  It assumes that
-                   the second file specification really is a directory, and
-                   makes no checks whatsoever.  Therefore, the result becomes
-                   the concatenation of filespec2 followed by a slash followed
-                   by filespec1. */
-                {
-                int spec2len, len;
-                spec2len = (filespec2 ? strlen(filespec2) : 0);
-                len = spec2len + (filespec1 ? strlen(filespec1) : 0);
-                if(filespec2 && filespec2[spec2len - 1] == '/')
-                        {
-                        spec2len--;
-                        len--;
-                        }
-                merged = OPENSSL_malloc(len + 2);
-                if(!merged)
-                        {
-                        DSOerr(DSO_F_DLFCN_MERGER,
-                                ERR_R_MALLOC_FAILURE);
-                        return(NULL);
-                        }
-                strcpy(merged, filespec2);
-                merged[spec2len] = '/';
-                strcpy(&merged[spec2len + 1], filespec1);
-                }
-        return(merged);
-        }
 static char *dlfcn_name_converter(DSO *dso, const char *filename)
        {
        char *translated;
@@ -357,13 +285,41 @@ static char *dlfcn_name_converter(DSO *dso, const char *filename)
        if(transform)
                {
                if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
-                        sprintf(translated, "lib%s.so", filename);
+                        snprintf(translated, rsize, "lib%s.so", filename);
                else
-                        sprintf(translated, "%s.so", filename);
+                        snprintf(translated, rsize, "%s.so", filename);
                }
        else
-                sprintf(translated, "%s", filename);
+                snprintf(translated, rsize, "%s", filename);
        return(translated);
        }
+#ifdef OPENSSL_FIPS
+static void dlfcn_ref_point(){}
+int DSO_pathbyaddr(void *addr,char *path,int sz)
+        {
+        Dl_info dli;
+        int len;
+        if (addr == NULL)
+                {
+                union { void(*f)(void); void *p; } t = { dlfcn_ref_point };
+                addr = t.p;
+                }
+        if (dladdr(addr,&dli))
+                {
+                len = (int)strlen(dli.dli_fname);
+                if (sz <= 0) return len+1;
+                if (len >= sz) len=sz-1;
+                memcpy(path,dli.dli_fname,len);
+                path[len++]=0;
+                return len;
+                }
+        ERR_add_error_data(4, "dlfcn_pathbyaddr(): ", dlerror());
+        return -1;
+        }
+#endif
 #endif /* DSO_DLFCN */
diff --git a/src/lib/libcrypto/dso/dso_err.c b/src/lib/libcrypto/dso/dso_err.c
index a8b0a210de..581677cc36 100644
--- a/src/lib/libcrypto/dso/dso_err.c
+++ b/src/lib/libcrypto/dso/dso_err.c
@@ -73,13 +73,11 @@ static ERR_STRING_DATA DSO_str_functs[]=
 {ERR_FUNC(DSO_F_DLFCN_BIND_FUNC),       "DLFCN_BIND_FUNC"},
 {ERR_FUNC(DSO_F_DLFCN_BIND_VAR),        "DLFCN_BIND_VAR"},
 {ERR_FUNC(DSO_F_DLFCN_LOAD),    "DLFCN_LOAD"},
-{ERR_FUNC(DSO_F_DLFCN_MERGER),  "DLFCN_MERGER"},
 {ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER),  "DLFCN_NAME_CONVERTER"},
 {ERR_FUNC(DSO_F_DLFCN_UNLOAD),  "DLFCN_UNLOAD"},
 {ERR_FUNC(DSO_F_DL_BIND_FUNC),  "DL_BIND_FUNC"},
 {ERR_FUNC(DSO_F_DL_BIND_VAR),   "DL_BIND_VAR"},
 {ERR_FUNC(DSO_F_DL_LOAD),       "DL_LOAD"},
-{ERR_FUNC(DSO_F_DL_MERGER),     "DL_MERGER"},
 {ERR_FUNC(DSO_F_DL_NAME_CONVERTER),     "DL_NAME_CONVERTER"},
 {ERR_FUNC(DSO_F_DL_UNLOAD),     "DL_UNLOAD"},
 {ERR_FUNC(DSO_F_DSO_BIND_FUNC), "DSO_bind_func"},
@@ -90,22 +88,17 @@ static ERR_STRING_DATA DSO_str_functs[]=
 {ERR_FUNC(DSO_F_DSO_GET_FILENAME),      "DSO_get_filename"},
 {ERR_FUNC(DSO_F_DSO_GET_LOADED_FILENAME),       "DSO_get_loaded_filename"},
 {ERR_FUNC(DSO_F_DSO_LOAD),      "DSO_load"},
-{ERR_FUNC(DSO_F_DSO_MERGE),     "DSO_merge"},
 {ERR_FUNC(DSO_F_DSO_NEW_METHOD),        "DSO_new_method"},
 {ERR_FUNC(DSO_F_DSO_SET_FILENAME),      "DSO_set_filename"},
 {ERR_FUNC(DSO_F_DSO_SET_NAME_CONVERTER),        "DSO_set_name_converter"},
 {ERR_FUNC(DSO_F_DSO_UP_REF),    "DSO_up_ref"},
-{ERR_FUNC(DSO_F_VMS_BIND_SYM),  "VMS_BIND_SYM"},
+{ERR_FUNC(DSO_F_VMS_BIND_VAR),  "VMS_BIND_VAR"},
 {ERR_FUNC(DSO_F_VMS_LOAD),      "VMS_LOAD"},
-{ERR_FUNC(DSO_F_VMS_MERGER),    "VMS_MERGER"},
 {ERR_FUNC(DSO_F_VMS_UNLOAD),    "VMS_UNLOAD"},
 {ERR_FUNC(DSO_F_WIN32_BIND_FUNC),       "WIN32_BIND_FUNC"},
 {ERR_FUNC(DSO_F_WIN32_BIND_VAR),        "WIN32_BIND_VAR"},
-{ERR_FUNC(DSO_F_WIN32_JOINER),  "WIN32_JOINER"},
 {ERR_FUNC(DSO_F_WIN32_LOAD),    "WIN32_LOAD"},
-{ERR_FUNC(DSO_F_WIN32_MERGER),  "WIN32_MERGER"},
 {ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER),  "WIN32_NAME_CONVERTER"},
-{ERR_FUNC(DSO_F_WIN32_SPLITTER),        "WIN32_SPLITTER"},
 {ERR_FUNC(DSO_F_WIN32_UNLOAD),  "WIN32_UNLOAD"},
 {0,NULL}
        };
@@ -114,15 +107,11 @@ static ERR_STRING_DATA DSO_str_reasons[]=
        {
 {ERR_REASON(DSO_R_CTRL_FAILED)           ,"control command failed"},
 {ERR_REASON(DSO_R_DSO_ALREADY_LOADED)    ,"dso already loaded"},
-{ERR_REASON(DSO_R_EMPTY_FILE_STRUCTURE)  ,"empty file structure"},
-{ERR_REASON(DSO_R_FAILURE)               ,"failure"},
 {ERR_REASON(DSO_R_FILENAME_TOO_BIG)      ,"filename too big"},
 {ERR_REASON(DSO_R_FINISH_FAILED)         ,"cleanup method function failed"},
-{ERR_REASON(DSO_R_INCORRECT_FILE_SYNTAX) ,"incorrect file syntax"},
 {ERR_REASON(DSO_R_LOAD_FAILED)           ,"could not load the shared library"},
 {ERR_REASON(DSO_R_NAME_TRANSLATION_FAILED),"name translation failed"},
 {ERR_REASON(DSO_R_NO_FILENAME)           ,"no filename"},
-{ERR_REASON(DSO_R_NO_FILE_SPECIFICATION) ,"no file specification"},
 {ERR_REASON(DSO_R_NULL_HANDLE)           ,"a null shared library handle was used"},
 {ERR_REASON(DSO_R_SET_FILENAME_FAILED)   ,"set filename failed"},
 {ERR_REASON(DSO_R_STACK_ERROR)           ,"the meth_data stack is corrupt"},
@@ -136,12 +125,15 @@ static ERR_STRING_DATA DSO_str_reasons[]=
 void ERR_load_DSO_strings(void)
        {
-#ifndef OPENSSL_NO_ERR
+        static int init=1;
-        if (ERR_func_error_string(DSO_str_functs[0].error) == NULL)
+        if (init)
                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
                ERR_load_strings(0,DSO_str_functs);
                ERR_load_strings(0,DSO_str_reasons);
-                }
 #endif
+                }
        }
diff --git a/src/lib/libcrypto/dso/dso_lib.c b/src/lib/libcrypto/dso/dso_lib.c
index 49bdd71309..48d9fdb25e 100644
--- a/src/lib/libcrypto/dso/dso_lib.c
+++ b/src/lib/libcrypto/dso/dso_lib.c
@@ -1,4 +1,4 @@
-/* dso_lib.c -*- mode:C; c-file-style: "eay" -*- */
+/* dso_lib.c */
 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
 * project 2000.
 */
@@ -390,33 +390,6 @@ int DSO_set_filename(DSO *dso, const char *filename)
        return(1);
        }
-char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2)
-        {
-        char *result = NULL;
-        if(dso == NULL || filespec1 == NULL)
-                {
-                DSOerr(DSO_F_DSO_MERGE,ERR_R_PASSED_NULL_PARAMETER);
-                return(NULL);
-                }
-        if(filespec1 == NULL)
-                filespec1 = dso->filename;
-        if(filespec1 == NULL)
-                {
-                DSOerr(DSO_F_DSO_MERGE,DSO_R_NO_FILE_SPECIFICATION);
-                return(NULL);
-                }
-        if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0)
-                {
-                if(dso->merger != NULL)
-                        result = dso->merger(dso, filespec1, filespec2);
-                else if(dso->meth->dso_merger != NULL)
-                        result = dso->meth->dso_merger(dso,
-                                filespec1, filespec2);
-                }
-        return(result);
-        }
 char *DSO_convert_filename(DSO *dso, const char *filename)
        {
        char *result = NULL;
diff --git a/src/lib/libcrypto/dso/dso_null.c b/src/lib/libcrypto/dso/dso_null.c
index 4972984651..fa13a7cb0f 100644
--- a/src/lib/libcrypto/dso/dso_null.c
+++ b/src/lib/libcrypto/dso/dso_null.c
@@ -75,8 +75,6 @@ static DSO_METHOD dso_meth_null = {
        NULL, /* unbind_func */
 #endif
        NULL, /* ctrl */
-        NULL, /* dso_name_converter */
-        NULL, /* dso_merger */
        NULL, /* init */
        NULL  /* finish */
        };
diff --git a/src/lib/libcrypto/dso/dso_vms.c b/src/lib/libcrypto/dso/dso_vms.c
new file mode 100644
index 0000000000..1674619d17
--- /dev/null
+++ b/src/lib/libcrypto/dso/dso_vms.c
@@ -0,0 +1,379 @@
+/* dso_vms.c */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#ifdef OPENSSL_SYS_VMS
+#pragma message disable DOLLARID
+#include <lib$routines.h>
+#include <stsdef.h>
+#include <descrip.h>
+#include <starlet.h>
+#endif
+#ifndef OPENSSL_SYS_VMS
+DSO_METHOD *DSO_METHOD_vms(void)
+        {
+        return NULL;
+        }
+#else
+#pragma message disable DOLLARID
+static int vms_load(DSO *dso);
+static int vms_unload(DSO *dso);
+static void *vms_bind_var(DSO *dso, const char *symname);
+static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname);
+#if 0
+static int vms_unbind_var(DSO *dso, char *symname, void *symptr);
+static int vms_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
+static int vms_init(DSO *dso);
+static int vms_finish(DSO *dso);
+static long vms_ctrl(DSO *dso, int cmd, long larg, void *parg);
+#endif
+static char *vms_name_converter(DSO *dso, const char *filename);
+static DSO_METHOD dso_meth_vms = {
+        "OpenSSL 'VMS' shared library method",
+        vms_load,
+        NULL, /* unload */
+        vms_bind_var,
+        vms_bind_func,
+/* For now, "unbind" doesn't exist */
+#if 0
+        NULL, /* unbind_var */
+        NULL, /* unbind_func */
+#endif
+        NULL, /* ctrl */
+        vms_name_converter,
+        NULL, /* init */
+        NULL  /* finish */
+        };
+/* On VMS, the only "handle" is the file name.  LIB$FIND_IMAGE_SYMBOL depends
+ * on the reference to the file name being the same for all calls regarding
+ * one shared image, so we'll just store it in an instance of the following
+ * structure and put a pointer to that instance in the meth_data stack.
+ */
+typedef struct dso_internal_st
+        {
+        /* This should contain the name only, no directory,
+         * no extension, nothing but a name. */
+        struct dsc$descriptor_s filename_dsc;
+        char filename[FILENAME_MAX+1];
+        /* This contains whatever is not in filename, if needed.
+         * Normally not defined. */
+        struct dsc$descriptor_s imagename_dsc;
+        char imagename[FILENAME_MAX+1];
+        } DSO_VMS_INTERNAL;
+DSO_METHOD *DSO_METHOD_vms(void)
+        {
+        return(&dso_meth_vms);
+        }
+static int vms_load(DSO *dso)
+        {
+        void *ptr = NULL;
+        /* See applicable comments in dso_dl.c */
+        char *filename = DSO_convert_filename(dso, NULL);
+        DSO_VMS_INTERNAL *p;
+        const char *sp1, *sp2;  /* Search result */
+        if(filename == NULL)
+                {
+                DSOerr(DSO_F_DLFCN_LOAD,DSO_R_NO_FILENAME);
+                goto err;
+                }
+        /* A file specification may look like this:
+         *
+         *      node::dev:[dir-spec]name.type;ver
+         *
+         * or (for compatibility with TOPS-20):
+         *
+         *      node::dev:<dir-spec>name.type;ver
+         *
+         * and the dir-spec uses '.' as separator.  Also, a dir-spec
+         * may consist of several parts, with mixed use of [] and <>:
+         *
+         *      [dir1.]<dir2>
+         *
+         * We need to split the file specification into the name and
+         * the rest (both before and after the name itself).
+         */
+        /* Start with trying to find the end of a dir-spec, and save the
+           position of the byte after in sp1 */
+        sp1 = strrchr(filename, ']');
+        sp2 = strrchr(filename, '>');
+        if (sp1 == NULL) sp1 = sp2;
+        if (sp2 != NULL && sp2 > sp1) sp1 = sp2;
+        if (sp1 == NULL) sp1 = strrchr(filename, ':');
+        if (sp1 == NULL)
+                sp1 = filename;
+        else
+                sp1++;          /* The byte after the found character */
+        /* Now, let's see if there's a type, and save the position in sp2 */
+        sp2 = strchr(sp1, '.');
+        /* If we found it, that's where we'll cut.  Otherwise, look for a
+           version number and save the position in sp2 */
+        if (sp2 == NULL) sp2 = strchr(sp1, ';');
+        /* If there was still nothing to find, set sp2 to point at the end of
+           the string */
+        if (sp2 == NULL) sp2 = sp1 + strlen(sp1);
+        /* Check that we won't get buffer overflows */
+        if (sp2 - sp1 > FILENAME_MAX
+                || (sp1 - filename) + strlen(sp2) > FILENAME_MAX)
+                {
+                DSOerr(DSO_F_VMS_LOAD,DSO_R_FILENAME_TOO_BIG);
+                goto err;
+                }
+        p = (DSO_VMS_INTERNAL *)OPENSSL_malloc(sizeof(DSO_VMS_INTERNAL));
+        if(p == NULL)
+                {
+                DSOerr(DSO_F_VMS_LOAD,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        strncpy(p->filename, sp1, sp2-sp1);
+        p->filename[sp2-sp1] = '\0';
+        strncpy(p->imagename, filename, sp1-filename);
+        p->imagename[sp1-filename] = '\0';
+        strcat(p->imagename, sp2);
+        p->filename_dsc.dsc$w_length = strlen(p->filename);
+        p->filename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+        p->filename_dsc.dsc$b_class = DSC$K_CLASS_S;
+        p->filename_dsc.dsc$a_pointer = p->filename;
+        p->imagename_dsc.dsc$w_length = strlen(p->imagename);
+        p->imagename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+        p->imagename_dsc.dsc$b_class = DSC$K_CLASS_S;
+        p->imagename_dsc.dsc$a_pointer = p->imagename;
+        if(!sk_push(dso->meth_data, (char *)p))
+                {
+                DSOerr(DSO_F_VMS_LOAD,DSO_R_STACK_ERROR);
+                goto err;
+                }
+        /* Success (for now, we lie.  We actually do not know...) */
+        dso->loaded_filename = filename;
+        return(1);
+err:
+        /* Cleanup! */
+        if(p != NULL)
+                OPENSSL_free(p);
+        if(filename != NULL)
+                OPENSSL_free(filename);
+        return(0);
+        }
+/* Note that this doesn't actually unload the shared image, as there is no
+ * such thing in VMS.  Next time it get loaded again, a new copy will
+ * actually be loaded.
+ */
+static int vms_unload(DSO *dso)
+        {
+        DSO_VMS_INTERNAL *p;
+        if(dso == NULL)
+                {
+                DSOerr(DSO_F_VMS_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if(sk_num(dso->meth_data) < 1)
+                return(1);
+        p = (DSO_VMS_INTERNAL *)sk_pop(dso->meth_data);
+        if(p == NULL)
+                {
+                DSOerr(DSO_F_VMS_UNLOAD,DSO_R_NULL_HANDLE);
+                return(0);
+                }
+        /* Cleanup */
+        OPENSSL_free(p);
+        return(1);
+        }
+/* We must do this in a separate function because of the way the exception
+   handler works (it makes this function return */
+static int do_find_symbol(DSO_VMS_INTERNAL *ptr,
+        struct dsc$descriptor_s *symname_dsc, void **sym,
+        unsigned long flags)
+        {
+        /* Make sure that signals are caught and returned instead of
+           aborting the program.  The exception handler gets unestablished
+           automatically on return from this function.  */
+        lib$establish(lib$sig_to_ret);
+        if(ptr->imagename_dsc.dsc$w_length)
+                return lib$find_image_symbol(&ptr->filename_dsc,
+                        symname_dsc, sym,
+                        &ptr->imagename_dsc, flags);
+        else
+                return lib$find_image_symbol(&ptr->filename_dsc,
+                        symname_dsc, sym,
+                        0, flags);
+        }
+void vms_bind_sym(DSO *dso, const char *symname, void **sym)
+        {
+        DSO_VMS_INTERNAL *ptr;
+        int status;
+#if 0
+        int flags = (1<<4); /* LIB$M_FIS_MIXEDCASE, but this symbol isn't
+                               defined in VMS older than 7.0 or so */
+#else
+        int flags = 0;
+#endif
+        struct dsc$descriptor_s symname_dsc;
+        *sym = NULL;
+        symname_dsc.dsc$w_length = strlen(symname);
+        symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+        symname_dsc.dsc$b_class = DSC$K_CLASS_S;
+        symname_dsc.dsc$a_pointer = (char *)symname; /* The cast is needed */
+        if((dso == NULL) || (symname == NULL))
+                {
+                DSOerr(DSO_F_VMS_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
+                return;
+                }
+        if(sk_num(dso->meth_data) < 1)
+                {
+                DSOerr(DSO_F_VMS_BIND_VAR,DSO_R_STACK_ERROR);
+                return;
+                }
+        ptr = (DSO_VMS_INTERNAL *)sk_value(dso->meth_data,
+                sk_num(dso->meth_data) - 1);
+        if(ptr == NULL)
+                {
+                DSOerr(DSO_F_VMS_BIND_VAR,DSO_R_NULL_HANDLE);
+                return;
+                }
+        if(dso->flags & DSO_FLAG_UPCASE_SYMBOL) flags = 0;
+        status = do_find_symbol(ptr, &symname_dsc, sym, flags);
+        if(!$VMS_STATUS_SUCCESS(status))
+                {
+                unsigned short length;
+                char errstring[257];
+                struct dsc$descriptor_s errstring_dsc;
+                errstring_dsc.dsc$w_length = sizeof(errstring);
+                errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+                errstring_dsc.dsc$b_class = DSC$K_CLASS_S;
+                errstring_dsc.dsc$a_pointer = errstring;
+                *sym = NULL;
+                status = sys$getmsg(status, &length, &errstring_dsc, 1, 0);
+                if (!$VMS_STATUS_SUCCESS(status))
+                        lib$signal(status); /* This is really bad.  Abort!  */
+                else
+                        {
+                        errstring[length] = '\0';
+                        DSOerr(DSO_F_VMS_BIND_VAR,DSO_R_SYM_FAILURE);
+                        if (ptr->imagename_dsc.dsc$w_length)
+                                ERR_add_error_data(9,
+                                        "Symbol ", symname,
+                                        " in ", ptr->filename,
+                                        " (", ptr->imagename, ")",
+                                        ": ", errstring);
+                        else
+                                ERR_add_error_data(6,
+                                        "Symbol ", symname,
+                                        " in ", ptr->filename,
+                                        ": ", errstring);
+                        }
+                return;
+                }
+        return;
+        }
+static void *vms_bind_var(DSO *dso, const char *symname)
+        {
+        void *sym = 0;
+        vms_bind_sym(dso, symname, &sym);
+        return sym;
+        }
+static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname)
+        {
+        DSO_FUNC_TYPE sym = 0;
+        vms_bind_sym(dso, symname, (void **)&sym);
+        return sym;
+        }
+static char *vms_name_converter(DSO *dso, const char *filename)
+        {
+        int len = strlen(filename);
+        char *not_translated = OPENSSL_malloc(len+1);
+        strcpy(not_translated,filename);
+        return(not_translated);
+        }
+#endif /* OPENSSL_SYS_VMS */
diff --git a/src/lib/libcrypto/dso/dso_win32.c b/src/lib/libcrypto/dso/dso_win32.c
new file mode 100644
index 0000000000..cc4ac68696
--- /dev/null
+++ b/src/lib/libcrypto/dso/dso_win32.c
@@ -0,0 +1,298 @@
+/* dso_win32.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#if !defined(DSO_WIN32)
+DSO_METHOD *DSO_METHOD_win32(void)
+        {
+        return NULL;
+        }
+#else
+#ifdef _WIN32_WCE
+# if _WIN32_WCE < 300
+static FARPROC GetProcAddressA(HMODULE hModule,LPCSTR lpProcName)
+        {
+        WCHAR lpProcNameW[64];
+        int i;
+        for (i=0;lpProcName[i] && i<64;i++)
+                lpProcNameW[i] = (WCHAR)lpProcName[i];
+        if (i==64) return NULL;
+        lpProcNameW[i] = 0;
+        return GetProcAddressW(hModule,lpProcNameW);
+        }
+# endif
+# undef GetProcAddress
+# define GetProcAddress GetProcAddressA
+#endif
+/* Part of the hack in "win32_load" ... */
+#define DSO_MAX_TRANSLATED_SIZE 256
+static int win32_load(DSO *dso);
+static int win32_unload(DSO *dso);
+static void *win32_bind_var(DSO *dso, const char *symname);
+static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname);
+#if 0
+static int win32_unbind_var(DSO *dso, char *symname, void *symptr);
+static int win32_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
+static int win32_init(DSO *dso);
+static int win32_finish(DSO *dso);
+static long win32_ctrl(DSO *dso, int cmd, long larg, void *parg);
+#endif
+static char *win32_name_converter(DSO *dso, const char *filename);
+static DSO_METHOD dso_meth_win32 = {
+        "OpenSSL 'win32' shared library method",
+        win32_load,
+        win32_unload,
+        win32_bind_var,
+        win32_bind_func,
+/* For now, "unbind" doesn't exist */
+#if 0
+        NULL, /* unbind_var */
+        NULL, /* unbind_func */
+#endif
+        NULL, /* ctrl */
+        win32_name_converter,
+        NULL, /* init */
+        NULL  /* finish */
+        };
+DSO_METHOD *DSO_METHOD_win32(void)
+        {
+        return(&dso_meth_win32);
+        }
+/* For this DSO_METHOD, our meth_data STACK will contain;
+ * (i) a pointer to the handle (HINSTANCE) returned from
+ *     LoadLibrary(), and copied.
+ */
+static int win32_load(DSO *dso)
+        {
+        HINSTANCE h = NULL, *p = NULL;
+        /* See applicable comments from dso_dl.c */
+        char *filename = DSO_convert_filename(dso, NULL);
+        if(filename == NULL)
+                {
+                DSOerr(DSO_F_WIN32_LOAD,DSO_R_NO_FILENAME);
+                goto err;
+                }
+        h = LoadLibraryA(filename);
+        if(h == NULL)
+                {
+                DSOerr(DSO_F_WIN32_LOAD,DSO_R_LOAD_FAILED);
+                ERR_add_error_data(3, "filename(", filename, ")");
+                goto err;
+                }
+        p = (HINSTANCE *)OPENSSL_malloc(sizeof(HINSTANCE));
+        if(p == NULL)
+                {
+                DSOerr(DSO_F_WIN32_LOAD,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        *p = h;
+        if(!sk_push(dso->meth_data, (char *)p))
+                {
+                DSOerr(DSO_F_WIN32_LOAD,DSO_R_STACK_ERROR);
+                goto err;
+                }
+        /* Success */
+        dso->loaded_filename = filename;
+        return(1);
+err:
+        /* Cleanup !*/
+        if(filename != NULL)
+                OPENSSL_free(filename);
+        if(p != NULL)
+                OPENSSL_free(p);
+        if(h != NULL)
+                FreeLibrary(h);
+        return(0);
+        }
+static int win32_unload(DSO *dso)
+        {
+        HINSTANCE *p;
+        if(dso == NULL)
+                {
+                DSOerr(DSO_F_WIN32_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
+                return(0);
+                }
+        if(sk_num(dso->meth_data) < 1)
+                return(1);
+        p = (HINSTANCE *)sk_pop(dso->meth_data);
+        if(p == NULL)
+                {
+                DSOerr(DSO_F_WIN32_UNLOAD,DSO_R_NULL_HANDLE);
+                return(0);
+                }
+        if(!FreeLibrary(*p))
+                {
+                DSOerr(DSO_F_WIN32_UNLOAD,DSO_R_UNLOAD_FAILED);
+                /* We should push the value back onto the stack in
+                 * case of a retry. */
+                sk_push(dso->meth_data, (char *)p);
+                return(0);
+                }
+        /* Cleanup */
+        OPENSSL_free(p);
+        return(1);
+        }
+/* Using GetProcAddress for variables? TODO: Check this out in
+ * the Win32 API docs, there's probably a variant for variables. */
+static void *win32_bind_var(DSO *dso, const char *symname)
+        {
+        HINSTANCE *ptr;
+        void *sym;
+        if((dso == NULL) || (symname == NULL))
+                {
+                DSOerr(DSO_F_WIN32_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
+                return(NULL);
+                }
+        if(sk_num(dso->meth_data) < 1)
+                {
+                DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_STACK_ERROR);
+                return(NULL);
+                }
+        ptr = (HINSTANCE *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+        if(ptr == NULL)
+                {
+                DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_NULL_HANDLE);
+                return(NULL);
+                }
+        sym = GetProcAddress(*ptr, symname);
+        if(sym == NULL)
+                {
+                DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_SYM_FAILURE);
+                ERR_add_error_data(3, "symname(", symname, ")");
+                return(NULL);
+                }
+        return(sym);
+        }
+static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname)
+        {
+        HINSTANCE *ptr;
+        void *sym;
+        if((dso == NULL) || (symname == NULL))
+                {
+                DSOerr(DSO_F_WIN32_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
+                return(NULL);
+                }
+        if(sk_num(dso->meth_data) < 1)
+                {
+                DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_STACK_ERROR);
+                return(NULL);
+                }
+        ptr = (HINSTANCE *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+        if(ptr == NULL)
+                {
+                DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_NULL_HANDLE);
+                return(NULL);
+                }
+        sym = GetProcAddress(*ptr, symname);
+        if(sym == NULL)
+                {
+                DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_SYM_FAILURE);
+                ERR_add_error_data(3, "symname(", symname, ")");
+                return(NULL);
+                }
+        return((DSO_FUNC_TYPE)sym);
+        }
+static char *win32_name_converter(DSO *dso, const char *filename)
+        {
+        char *translated;
+        int len, transform;
+        len = strlen(filename);
+        transform = ((strstr(filename, "/") == NULL) &&
+                        (strstr(filename, "\\") == NULL) &&
+                        (strstr(filename, ":") == NULL));
+        if(transform)
+                /* We will convert this to "%s.dll" */
+                translated = OPENSSL_malloc(len + 5);
+        else
+                /* We will simply duplicate filename */
+                translated = OPENSSL_malloc(len + 1);
+        if(translated == NULL)
+                {
+                DSOerr(DSO_F_WIN32_NAME_CONVERTER,
+                                DSO_R_NAME_TRANSLATION_FAILED); 
+                return(NULL);   
+                }
+        if(transform)
+                sprintf(translated, "%s.dll", filename);
+        else
+                sprintf(translated, "%s", filename);
+        return(translated);
+        }
+#endif /* OPENSSL_SYS_WIN32 */
diff --git a/src/lib/libcrypto/ebcdic.c b/src/lib/libcrypto/ebcdic.c
new file mode 100644
index 0000000000..d1bece87f7
--- /dev/null
+++ b/src/lib/libcrypto/ebcdic.c
@@ -0,0 +1,218 @@
+/* crypto/ebcdic.c */
+#ifdef CHARSET_EBCDIC
+#include "ebcdic.h"
+/*      Initial Port for  Apache-1.3     by <Martin.Kraemer@Mch.SNI.De>
+ *      Adapted for       OpenSSL-0.9.4  by <Martin.Kraemer@Mch.SNI.De>
+ */
+#ifdef _OSD_POSIX
+/*
+    "BS2000 OSD" is a POSIX subsystem on a main frame.
+    It is made by Siemens AG, Germany, for their BS2000 mainframe machines.
+    Within the POSIX subsystem, the same character set was chosen as in
+    "native BS2000", namely EBCDIC. (EDF04)
+    The name "ASCII" in these routines is misleading: actually, conversion
+    is not between EBCDIC and ASCII, but EBCDIC(EDF04) and ISO-8859.1;
+    that means that (western european) national characters are preserved.
+    This table is identical to the one used by rsh/rcp/ftp and other POSIX tools.
+*/
+/* Here's the bijective ebcdic-to-ascii table: */
+const unsigned char os_toascii[256] = {
+/*00*/ 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f,
+       0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /*................*/
+/*10*/ 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97,
+       0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /*................*/
+/*20*/ 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b,
+       0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /*................*/
+/*30*/ 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04,
+       0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /*................*/
+/*40*/ 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5,
+       0xe7, 0xf1, 0x60, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* .........`.<(+|*/
+/*50*/ 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef,
+       0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x9f, /*&.........!$*);.*/
+/*60*/ 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5,
+       0xc7, 0xd1, 0x5e, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /*-/........^,%_>?*/
+/*70*/ 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf,
+       0xcc, 0xa8, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /*..........:#@'="*/
+/*80*/ 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+       0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /*.abcdefghi......*/
+/*90*/ 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+       0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /*.jklmnopqr......*/
+/*a0*/ 0xb5, 0xaf, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78,
+       0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0xdd, 0xde, 0xae, /*..stuvwxyz......*/
+/*b0*/ 0xa2, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc,
+       0xbd, 0xbe, 0xac, 0x5b, 0x5c, 0x5d, 0xb4, 0xd7, /*...........[\]..*/
+/*c0*/ 0xf9, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+       0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /*.ABCDEFGHI......*/
+/*d0*/ 0xa6, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50,
+       0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xdb, 0xfa, 0xff, /*.JKLMNOPQR......*/
+/*e0*/ 0xd9, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58,
+       0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /*..STUVWXYZ......*/
+/*f0*/ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+       0x38, 0x39, 0xb3, 0x7b, 0xdc, 0x7d, 0xda, 0x7e  /*0123456789.{.}.~*/
+};
+/* The ascii-to-ebcdic table: */
+const unsigned char os_toebcdic[256] = {
+/*00*/  0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f,
+        0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,  /*................*/
+/*10*/  0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26,
+        0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f,  /*................*/
+/*20*/  0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d,
+        0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61,  /* !"#$%&'()*+,-./ */
+/*30*/  0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+        0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f,  /*0123456789:;<=>?*/
+/*40*/  0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+        0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6,  /*@ABCDEFGHIJKLMNO*/
+/*50*/  0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6,
+        0xe7, 0xe8, 0xe9, 0xbb, 0xbc, 0xbd, 0x6a, 0x6d,  /*PQRSTUVWXYZ[\]^_*/
+/*60*/  0x4a, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+        0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96,  /*`abcdefghijklmno*/
+/*70*/  0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6,
+        0xa7, 0xa8, 0xa9, 0xfb, 0x4f, 0xfd, 0xff, 0x07,  /*pqrstuvwxyz{|}~.*/
+/*80*/  0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08,
+        0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14,  /*................*/
+/*90*/  0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17,
+        0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0x5f,  /*................*/
+/*a0*/  0x41, 0xaa, 0xb0, 0xb1, 0x9f, 0xb2, 0xd0, 0xb5,
+        0x79, 0xb4, 0x9a, 0x8a, 0xba, 0xca, 0xaf, 0xa1,  /*................*/
+/*b0*/  0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3,
+        0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab,  /*................*/
+/*c0*/  0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68,
+        0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77,  /*................*/
+/*d0*/  0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf,
+        0x80, 0xe0, 0xfe, 0xdd, 0xfc, 0xad, 0xae, 0x59,  /*................*/
+/*e0*/  0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48,
+        0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57,  /*................*/
+/*f0*/  0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1,
+        0x70, 0xc0, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf   /*................*/
+};
+#else  /*_OSD_POSIX*/
+/*
+This code does basic character mapping for IBM's TPF and OS/390 operating systems.
+It is a modified version of the BS2000 table.
+Bijective EBCDIC (character set IBM-1047) to US-ASCII table:
+This table is bijective - there are no ambigous or duplicate characters.
+*/
+const unsigned char os_toascii[256] = {
+    0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, /* 00-0f:           */
+    0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
+    0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97, /* 10-1f:           */
+    0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
+    0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b, /* 20-2f:           */
+    0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /* ................ */
+    0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, /* 30-3f:           */
+    0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /* ................ */
+    0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5, /* 40-4f:           */
+    0xe7, 0xf1, 0xa2, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /*  ...........<(+| */
+    0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef, /* 50-5f:           */
+    0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x5e, /* &.........!$*);^ */
+    0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5, /* 60-6f:           */
+    0xc7, 0xd1, 0xa6, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /* -/.........,%_>? */
+    0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf, /* 70-7f:           */
+    0xcc, 0x60, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /* .........`:#@'=" */
+    0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, /* 80-8f:           */
+    0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /* .abcdefghi...... */
+    0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, /* 90-9f:           */
+    0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /* .jklmnopqr...... */
+    0xb5, 0x7e, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, /* a0-af:           */
+    0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0x5b, 0xde, 0xae, /* .~stuvwxyz...[.. */
+    0xac, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc, /* b0-bf:           */
+    0xbd, 0xbe, 0xdd, 0xa8, 0xaf, 0x5d, 0xb4, 0xd7, /* .............].. */
+    0x7b, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, /* c0-cf:           */
+    0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /* {ABCDEFGHI...... */
+    0x7d, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, /* d0-df:           */
+    0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xf9, 0xfa, 0xff, /* }JKLMNOPQR...... */
+    0x5c, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, /* e0-ef:           */
+    0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /* \.STUVWXYZ...... */
+    0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* f0-ff:           */
+    0x38, 0x39, 0xb3, 0xdb, 0xdc, 0xd9, 0xda, 0x9f  /* 0123456789...... */
+};
+/*
+The US-ASCII to EBCDIC (character set IBM-1047) table:
+This table is bijective (no ambiguous or duplicate characters)
+*/
+const unsigned char os_toebcdic[256] = {
+    0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, /* 00-0f:           */
+    0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
+    0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, /* 10-1f:           */
+    0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
+    0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, /* 20-2f:           */
+    0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /*  !"#$%&'()*+,-./ */
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, /* 30-3f:           */
+    0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /* 0123456789:;<=>? */
+    0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, /* 40-4f:           */
+    0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /* @ABCDEFGHIJKLMNO */
+    0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, /* 50-5f:           */
+    0xe7, 0xe8, 0xe9, 0xad, 0xe0, 0xbd, 0x5f, 0x6d, /* PQRSTUVWXYZ[\]^_ */
+    0x79, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, /* 60-6f:           */
+    0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /* `abcdefghijklmno */
+    0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, /* 70-7f:           */
+    0xa7, 0xa8, 0xa9, 0xc0, 0x4f, 0xd0, 0xa1, 0x07, /* pqrstuvwxyz{|}~. */
+    0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08, /* 80-8f:           */
+    0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /* ................ */
+    0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17, /* 90-9f:           */
+    0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0xff, /* ................ */
+    0x41, 0xaa, 0x4a, 0xb1, 0x9f, 0xb2, 0x6a, 0xb5, /* a0-af:           */
+    0xbb, 0xb4, 0x9a, 0x8a, 0xb0, 0xca, 0xaf, 0xbc, /* ................ */
+    0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3, /* b0-bf:           */
+    0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /* ................ */
+    0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68, /* c0-cf:           */
+    0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /* ................ */
+    0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf, /* d0-df:           */
+    0x80, 0xfd, 0xfe, 0xfb, 0xfc, 0xba, 0xae, 0x59, /* ................ */
+    0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48, /* e0-ef:           */
+    0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /* ................ */
+    0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1, /* f0-ff:           */
+    0x70, 0xdd, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf  /* ................ */
+};
+#endif /*_OSD_POSIX*/
+/* Translate a memory block from EBCDIC (host charset) to ASCII (net charset)
+ * dest and srce may be identical, or separate memory blocks, but
+ * should not overlap. These functions intentionally have an interface
+ * compatible to memcpy(3).
+ */
+void *
+ebcdic2ascii(void *dest, const void *srce, size_t count)
+{
+    unsigned char *udest = dest;
+    const unsigned char *usrce = srce;
+    while (count-- != 0) {
+        *udest++ = os_toascii[*usrce++];
+    }
+    return dest;
+}
+void *
+ascii2ebcdic(void *dest, const void *srce, size_t count)
+{
+    unsigned char *udest = dest;
+    const unsigned char *usrce = srce;
+    while (count-- != 0) {
+        *udest++ = os_toebcdic[*usrce++];
+    }
+    return dest;
+}
+#else /*CHARSET_EBCDIC*/
+#include <openssl/e_os2.h>
+#if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX)
+static void *dummy=&dummy;
+#endif
+#endif
diff --git a/src/lib/libcrypto/ebcdic.h b/src/lib/libcrypto/ebcdic.h
new file mode 100644
index 0000000000..6d65afcf9e
--- /dev/null
+++ b/src/lib/libcrypto/ebcdic.h
@@ -0,0 +1,19 @@
+/* crypto/ebcdic.h */
+#ifndef HEADER_EBCDIC_H
+#define HEADER_EBCDIC_H
+#include <sys/types.h>
+/* Avoid name clashes with other applications */
+#define os_toascii   _openssl_os_toascii
+#define os_toebcdic  _openssl_os_toebcdic
+#define ebcdic2ascii _openssl_ebcdic2ascii
+#define ascii2ebcdic _openssl_ascii2ebcdic
+extern const unsigned char os_toascii[256];
+extern const unsigned char os_toebcdic[256];
+void *ebcdic2ascii(void *dest, const void *srce, size_t count);
+void *ascii2ebcdic(void *dest, const void *srce, size_t count);
+#endif
diff --git a/src/lib/libcrypto/ec/Makefile b/src/lib/libcrypto/ec/Makefile
new file mode 100644
index 0000000000..42f7bb7fc8
--- /dev/null
+++ b/src/lib/libcrypto/ec/Makefile
@@ -0,0 +1,193 @@
+#
+# crypto/ec/Makefile
+#
+DIR=    ec
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=ectest.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c\
+        ec_err.c ec_curve.c ec_check.c ec_print.c ec_asn1.c ec_key.c\
+        ec2_smpl.c ec2_smpt.c ec2_mult.c
+LIBOBJ= ec_lib.o ecp_smpl.o ecp_mont.o ecp_nist.o ec_cvt.o ec_mult.o\
+        ec_err.o ec_curve.o ec_check.o ec_print.o ec_asn1.o ec_key.o\
+        ec2_smpl.o ec2_mult.o
+SRC= $(LIBSRC)
+EXHEADER= ec.h
+HEADER= ec_lcl.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+ec2_mult.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec2_mult.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec2_mult.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec2_mult.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ec2_mult.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec2_mult.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec2_mult.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec2_mult.o: ../../include/openssl/symhacks.h ec2_mult.c ec_lcl.h
+ec2_smpl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec2_smpl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec2_smpl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec2_smpl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ec2_smpl.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec2_smpl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec2_smpl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec2_smpl.o: ../../include/openssl/symhacks.h ec2_smpl.c ec2_smpt.c ec_lcl.h
+ec2_smpt.o: ec2_smpt.c
+ec_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+ec_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ec_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ec_asn1.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+ec_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ec_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+ec_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec_asn1.o: ../../include/openssl/symhacks.h ec_asn1.c ec_lcl.h
+ec_check.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec_check.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec_check.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec_check.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ec_check.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec_check.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_check.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec_check.o: ../../include/openssl/symhacks.h ec_check.c ec_lcl.h
+ec_curve.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec_curve.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec_curve.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec_curve.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ec_curve.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec_curve.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_curve.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec_curve.o: ../../include/openssl/symhacks.h ec_curve.c ec_lcl.h
+ec_cvt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec_cvt.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec_cvt.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec_cvt.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ec_cvt.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec_cvt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_cvt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec_cvt.o: ../../include/openssl/symhacks.h ec_cvt.c ec_lcl.h
+ec_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ec_err.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+ec_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ec_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec_err.o: ../../include/openssl/symhacks.h ec_err.c
+ec_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec_key.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ec_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec_key.o: ../../include/openssl/symhacks.h ec_key.c ec_lcl.h
+ec_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ec_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec_lib.o: ../../include/openssl/symhacks.h ec_lcl.h ec_lib.c
+ec_mult.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec_mult.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec_mult.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec_mult.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ec_mult.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec_mult.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_mult.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec_mult.o: ../../include/openssl/symhacks.h ec_lcl.h ec_mult.c
+ec_print.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec_print.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec_print.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec_print.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec_print.o: ../../include/openssl/symhacks.h ec_lcl.h ec_print.c
+ecp_mont.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecp_mont.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ecp_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecp_mont.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ecp_mont.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ecp_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecp_mont.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecp_mont.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_mont.c
+ecp_nist.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecp_nist.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ecp_nist.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecp_nist.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ecp_nist.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ecp_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecp_nist.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecp_nist.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_nist.c
+ecp_smpl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecp_smpl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ecp_smpl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecp_smpl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ecp_smpl.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ecp_smpl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecp_smpl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecp_smpl.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_smpl.c
diff --git a/src/lib/libcrypto/ec/Makefile.ssl b/src/lib/libcrypto/ec/Makefile.ssl
new file mode 100644
index 0000000000..a2805c47a2
--- /dev/null
+++ b/src/lib/libcrypto/ec/Makefile.ssl
@@ -0,0 +1,128 @@
+#
+# crypto/ec/Makefile
+#
+DIR=    ec
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=ectest.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= ec_lib.c ecp_smpl.c ecp_mont.c ecp_recp.c ecp_nist.c ec_cvt.c ec_mult.c \
+        ec_err.c
+LIBOBJ= ec_lib.o ecp_smpl.o ecp_mont.o ecp_recp.o ecp_nist.o ec_cvt.o ec_mult.o \
+        ec_err.o
+SRC= $(LIBSRC)
+EXHEADER= ec.h
+HEADER= ec_lcl.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+ec_cvt.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h
+ec_cvt.o: ../../include/openssl/ec.h ../../include/openssl/opensslconf.h
+ec_cvt.o: ../../include/openssl/symhacks.h ec_cvt.c ec_lcl.h
+ec_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ec_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ec_err.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+ec_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ec_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ec_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ec_err.o: ec_err.c
+ec_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ec_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ec_lib.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+ec_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ec_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ec_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ec_lib.o: ec_lcl.h ec_lib.c
+ec_mult.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ec_mult.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ec_mult.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+ec_mult.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ec_mult.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ec_mult.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ec_mult.o: ec_lcl.h ec_mult.c
+ecp_mont.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ecp_mont.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ecp_mont.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+ecp_mont.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ecp_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ecp_mont.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecp_mont.o: ec_lcl.h ecp_mont.c
+ecp_nist.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h
+ecp_nist.o: ../../include/openssl/ec.h ../../include/openssl/opensslconf.h
+ecp_nist.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_nist.c
+ecp_recp.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h
+ecp_recp.o: ../../include/openssl/ec.h ../../include/openssl/opensslconf.h
+ecp_recp.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_recp.c
+ecp_smpl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ecp_smpl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ecp_smpl.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+ecp_smpl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ecp_smpl.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ecp_smpl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecp_smpl.o: ec_lcl.h ecp_smpl.c
diff --git a/src/lib/libcrypto/ec/ec.h b/src/lib/libcrypto/ec/ec.h
index 8bc2a235b1..6d6a9b7127 100644
--- a/src/lib/libcrypto/ec/ec.h
+++ b/src/lib/libcrypto/ec/ec.h
@@ -1,9 +1,6 @@
 /* crypto/ec/ec.h */
-/*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
 /* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -55,48 +52,22 @@
 * Hudson (tjh@cryptsoft.com).
 *
 */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by 
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by 
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
 #ifndef HEADER_EC_H
 #define HEADER_EC_H
-#include <openssl/opensslconf.h>
 #ifdef OPENSSL_NO_EC
 #error EC is disabled.
 #endif
-#include <openssl/asn1.h>
-#include <openssl/symhacks.h>
-#ifndef OPENSSL_NO_DEPRECATED
 #include <openssl/bn.h>
-#endif
+#include <openssl/symhacks.h>
 #ifdef  __cplusplus
 extern "C" {
-#elif defined(__SUNPRO_C)
-# if __SUNPRO_C >= 0x520
-# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)
-# endif
 #endif
-#ifndef OPENSSL_ECC_MAX_FIELD_BITS
-# define OPENSSL_ECC_MAX_FIELD_BITS 661
-#endif
 typedef enum {
        /* values as defined in X9.62 (ECDSA) and elsewhere */
        POINT_CONVERSION_COMPRESSED = 2,
@@ -113,8 +84,7 @@ typedef struct ec_group_st
         -- field definition
         -- curve coefficients
         -- optional generator with associated information (order, cofactor)
-         -- optional extra data (precomputed table for fast computation of multiples of generator)
+         -- optional extra data (TODO: precomputed table for fast computation of multiples of generator)
-         -- ASN1 stuff
        */
        EC_GROUP;
@@ -126,84 +96,40 @@ typedef struct ec_point_st EC_POINT;
 */
 const EC_METHOD *EC_GFp_simple_method(void);
 const EC_METHOD *EC_GFp_mont_method(void);
-const EC_METHOD *EC_GFp_nist_method(void);
+#if 0
+const EC_METHOD *EC_GFp_recp_method(void); /* TODO */
-/* EC_METHOD for curves over GF(2^m).
+const EC_METHOD *EC_GFp_nist_method(void); /* TODO */
- */
+#endif
-const EC_METHOD *EC_GF2m_simple_method(void);
 EC_GROUP *EC_GROUP_new(const EC_METHOD *);
 void EC_GROUP_free(EC_GROUP *);
 void EC_GROUP_clear_free(EC_GROUP *);
 int EC_GROUP_copy(EC_GROUP *, const EC_GROUP *);
-EC_GROUP *EC_GROUP_dup(const EC_GROUP *);
 const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *);
-int EC_METHOD_get_field_type(const EC_METHOD *);
+        
-int EC_GROUP_set_generator(EC_GROUP *, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor);
-const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *);
-int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *);
-int EC_GROUP_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *);
-void EC_GROUP_set_curve_name(EC_GROUP *, int nid);
-int EC_GROUP_get_curve_name(const EC_GROUP *);
-void EC_GROUP_set_asn1_flag(EC_GROUP *, int flag);
-int EC_GROUP_get_asn1_flag(const EC_GROUP *);
-void EC_GROUP_set_point_conversion_form(EC_GROUP *, point_conversion_form_t);
-point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);
-unsigned char *EC_GROUP_get0_seed(const EC_GROUP *);
-size_t EC_GROUP_get_seed_len(const EC_GROUP *);
-size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
+/* We don't have types for field specifications and field elements in general.
+ * Otherwise we could declare
+ *     int EC_GROUP_set_curve(EC_GROUP *, .....);
+ */
 int EC_GROUP_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
 int EC_GROUP_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
-int EC_GROUP_set_curve_GF2m(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-int EC_GROUP_get_curve_GF2m(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
-/* returns the number of bits needed to represent a field element */
-int EC_GROUP_get_degree(const EC_GROUP *);
-/* EC_GROUP_check() returns 1 if 'group' defines a valid group, 0 otherwise */
-int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx);
-/* EC_GROUP_check_discriminant() returns 1 if the discriminant of the
- * elliptic curve is not zero, 0 otherwise */
-int EC_GROUP_check_discriminant(const EC_GROUP *, BN_CTX *);
-/* EC_GROUP_cmp() returns 0 if both groups are equal and 1 otherwise */
+/* EC_GROUP_new_GFp() calls EC_GROUP_new() and EC_GROUP_set_GFp()
-int EC_GROUP_cmp(const EC_GROUP *, const EC_GROUP *, BN_CTX *);
-/* EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*()
 * after choosing an appropriate EC_METHOD */
 EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-/* EC_GROUP_new_by_curve_name() creates a EC_GROUP structure
- * specified by a curve name (in form of a NID) */
-EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
-/* handling of internal curves */
-typedef struct { 
-        int nid;
-        const char *comment;
-        } EC_builtin_curve;
-/* EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number 
- * of all available curves or zero if a error occurred. 
- * In case r ist not zero nitems EC_builtin_curve structures 
- * are filled with the data of the first nitems internal groups */
-size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
+int EC_GROUP_set_generator(EC_GROUP *, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor);
-/* EC_POINT functions */
+EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *);
+int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *);
+int EC_GROUP_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *);
 EC_POINT *EC_POINT_new(const EC_GROUP *);
 void EC_POINT_free(EC_POINT *);
 void EC_POINT_clear_free(EC_POINT *);
 int EC_POINT_copy(EC_POINT *, const EC_POINT *);
-EC_POINT *EC_POINT_dup(const EC_POINT *, const EC_GROUP *);
 
 const EC_METHOD *EC_POINT_method_of(const EC_POINT *);
@@ -219,28 +145,11 @@ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
 int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *,
        const BIGNUM *x, int y_bit, BN_CTX *);
-int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *, EC_POINT *,
-        const BIGNUM *x, const BIGNUM *y, BN_CTX *);
-int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *, const EC_POINT *,
-        BIGNUM *x, BIGNUM *y, BN_CTX *);
-int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *, EC_POINT *,
-        const BIGNUM *x, int y_bit, BN_CTX *);
 size_t EC_POINT_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
        unsigned char *buf, size_t len, BN_CTX *);
 int EC_POINT_oct2point(const EC_GROUP *, EC_POINT *,
        const unsigned char *buf, size_t len, BN_CTX *);
-/* other interfaces to point2oct/oct2point: */
-BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *,
-        point_conversion_form_t form, BIGNUM *, BN_CTX *);
-EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *,
-        EC_POINT *, BN_CTX *);
-char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *,
-        point_conversion_form_t form, BN_CTX *);
-EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *,
-        EC_POINT *, BN_CTX *);
 int EC_POINT_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
 int EC_POINT_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
 int EC_POINT_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
@@ -255,112 +164,9 @@ int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
 int EC_POINTs_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, size_t num, const EC_POINT *[], const BIGNUM *[], BN_CTX *);
 int EC_POINT_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, const EC_POINT *, const BIGNUM *, BN_CTX *);
-/* EC_GROUP_precompute_mult() stores multiples of generator for faster point multiplication */
 int EC_GROUP_precompute_mult(EC_GROUP *, BN_CTX *);
-/* EC_GROUP_have_precompute_mult() reports whether such precomputation has been done */
-int EC_GROUP_have_precompute_mult(const EC_GROUP *);
-/* ASN1 stuff */
-/* EC_GROUP_get_basis_type() returns the NID of the basis type
- * used to represent the field elements */
-int EC_GROUP_get_basis_type(const EC_GROUP *);
-int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);
-int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, 
-        unsigned int *k2, unsigned int *k3);
-#define OPENSSL_EC_NAMED_CURVE  0x001
-typedef struct ecpk_parameters_st ECPKPARAMETERS;
-EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len);
-int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out);
-#define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x)
-#define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x)
-#define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \
-                (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x))
-#define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \
-                (unsigned char *)(x))
-#ifndef OPENSSL_NO_BIO
-int     ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
-#endif
-#ifndef OPENSSL_NO_FP_API
-int     ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
-#endif
-/* the EC_KEY stuff */
-typedef struct ec_key_st EC_KEY;
-/* some values for the encoding_flag */
-#define EC_PKEY_NO_PARAMETERS   0x001
-#define EC_PKEY_NO_PUBKEY       0x002
-EC_KEY *EC_KEY_new(void);
-EC_KEY *EC_KEY_new_by_curve_name(int nid);
-void EC_KEY_free(EC_KEY *);
-EC_KEY *EC_KEY_copy(EC_KEY *, const EC_KEY *);
-EC_KEY *EC_KEY_dup(const EC_KEY *);
-int EC_KEY_up_ref(EC_KEY *);
-const EC_GROUP *EC_KEY_get0_group(const EC_KEY *);
-int EC_KEY_set_group(EC_KEY *, const EC_GROUP *);
-const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *);
-int EC_KEY_set_private_key(EC_KEY *, const BIGNUM *);
-const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *);
-int EC_KEY_set_public_key(EC_KEY *, const EC_POINT *);
-unsigned EC_KEY_get_enc_flags(const EC_KEY *);
-void EC_KEY_set_enc_flags(EC_KEY *, unsigned int);
-point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *);
-void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t);
-/* functions to set/get method specific data  */
-void *EC_KEY_get_key_method_data(EC_KEY *, 
-        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
-void EC_KEY_insert_key_method_data(EC_KEY *, void *data,
-        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
-/* wrapper functions for the underlying EC_GROUP object */
-void EC_KEY_set_asn1_flag(EC_KEY *, int);
-int EC_KEY_precompute_mult(EC_KEY *, BN_CTX *ctx);
-/* EC_KEY_generate_key() creates a ec private (public) key */
-int EC_KEY_generate_key(EC_KEY *);
-/* EC_KEY_check_key() */
-int EC_KEY_check_key(const EC_KEY *);
-/* de- and encoding functions for SEC1 ECPrivateKey */
-EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len);
-int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out);
-/* de- and encoding functions for EC parameters */
-EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len);
-int i2d_ECParameters(EC_KEY *a, unsigned char **out);
-/* de- and encoding functions for EC public key
- * (octet string, not DER -- hence 'o2i' and 'i2o') */
-EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len);
-int i2o_ECPublicKey(EC_KEY *a, unsigned char **out);
-#ifndef OPENSSL_NO_BIO
-int     ECParameters_print(BIO *bp, const EC_KEY *x);
-int     EC_KEY_print(BIO *bp, const EC_KEY *x, int off);
-#endif
-#ifndef OPENSSL_NO_FP_API
-int     ECParameters_print_fp(FILE *fp, const EC_KEY *x);
-int     EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off);
-#endif
-#define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x)
-#ifndef __cplusplus
-#if defined(__SUNPRO_C)
-#  if __SUNPRO_C >= 0x520
-# pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)
-#  endif
-# endif
-#endif
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -372,124 +178,51 @@ void ERR_load_EC_strings(void);
 /* Function codes. */
 #define EC_F_COMPUTE_WNAF                                143
-#define EC_F_D2I_ECPARAMETERS                            144
-#define EC_F_D2I_ECPKPARAMETERS                          145
-#define EC_F_D2I_ECPRIVATEKEY                            146
-#define EC_F_ECPARAMETERS_PRINT                          147
-#define EC_F_ECPARAMETERS_PRINT_FP                       148
-#define EC_F_ECPKPARAMETERS_PRINT                        149
-#define EC_F_ECPKPARAMETERS_PRINT_FP                     150
-#define EC_F_ECP_NIST_MOD_192                            203
-#define EC_F_ECP_NIST_MOD_224                            204
-#define EC_F_ECP_NIST_MOD_256                            205
-#define EC_F_ECP_NIST_MOD_521                            206
-#define EC_F_EC_ASN1_GROUP2CURVE                         153
-#define EC_F_EC_ASN1_GROUP2FIELDID                       154
-#define EC_F_EC_ASN1_GROUP2PARAMETERS                    155
-#define EC_F_EC_ASN1_GROUP2PKPARAMETERS                  156
-#define EC_F_EC_ASN1_PARAMETERS2GROUP                    157
-#define EC_F_EC_ASN1_PKPARAMETERS2GROUP                  158
-#define EC_F_EC_EX_DATA_SET_DATA                         211
-#define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY           208
-#define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT     159
-#define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE              195
-#define EC_F_EC_GF2M_SIMPLE_OCT2POINT                    160
-#define EC_F_EC_GF2M_SIMPLE_POINT2OCT                    161
-#define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162
-#define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163
-#define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES   164
 #define EC_F_EC_GFP_MONT_FIELD_DECODE                    133
 #define EC_F_EC_GFP_MONT_FIELD_ENCODE                    134
 #define EC_F_EC_GFP_MONT_FIELD_MUL                       131
-#define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE                209
 #define EC_F_EC_GFP_MONT_FIELD_SQR                       132
-#define EC_F_EC_GFP_MONT_GROUP_SET_CURVE                 189
-#define EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP             135
-#define EC_F_EC_GFP_NIST_FIELD_MUL                       200
-#define EC_F_EC_GFP_NIST_FIELD_SQR                       201
-#define EC_F_EC_GFP_NIST_GROUP_SET_CURVE                 202
-#define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT      165
-#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE               166
 #define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP           100
 #define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR           101
 #define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE                   102
 #define EC_F_EC_GFP_SIMPLE_OCT2POINT                     103
 #define EC_F_EC_GFP_SIMPLE_POINT2OCT                     104
 #define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE            137
-#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES  167
 #define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105
-#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES  168
 #define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128
-#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES    169
 #define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129
-#define EC_F_EC_GROUP_CHECK                              170
-#define EC_F_EC_GROUP_CHECK_DISCRIMINANT                 171
 #define EC_F_EC_GROUP_COPY                               106
 #define EC_F_EC_GROUP_GET0_GENERATOR                     139
 #define EC_F_EC_GROUP_GET_COFACTOR                       140
-#define EC_F_EC_GROUP_GET_CURVE_GF2M                     172
 #define EC_F_EC_GROUP_GET_CURVE_GFP                      130
-#define EC_F_EC_GROUP_GET_DEGREE                         173
 #define EC_F_EC_GROUP_GET_ORDER                          141
-#define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS              193
-#define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS                194
 #define EC_F_EC_GROUP_NEW                                108
-#define EC_F_EC_GROUP_NEW_BY_CURVE_NAME                  174
-#define EC_F_EC_GROUP_NEW_FROM_DATA                      175
 #define EC_F_EC_GROUP_PRECOMPUTE_MULT                    142
-#define EC_F_EC_GROUP_SET_CURVE_GF2M                     176
 #define EC_F_EC_GROUP_SET_CURVE_GFP                      109
 #define EC_F_EC_GROUP_SET_EXTRA_DATA                     110
 #define EC_F_EC_GROUP_SET_GENERATOR                      111
-#define EC_F_EC_KEY_CHECK_KEY                            177
-#define EC_F_EC_KEY_COPY                                 178
-#define EC_F_EC_KEY_GENERATE_KEY                         179
-#define EC_F_EC_KEY_NEW                                  182
-#define EC_F_EC_KEY_PRINT                                180
-#define EC_F_EC_KEY_PRINT_FP                             181
 #define EC_F_EC_POINTS_MAKE_AFFINE                       136
 #define EC_F_EC_POINTS_MUL                               138
 #define EC_F_EC_POINT_ADD                                112
 #define EC_F_EC_POINT_CMP                                113
 #define EC_F_EC_POINT_COPY                               114
 #define EC_F_EC_POINT_DBL                                115
-#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M        183
 #define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP         116
 #define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP    117
-#define EC_F_EC_POINT_INVERT                             210
 #define EC_F_EC_POINT_IS_AT_INFINITY                     118
 #define EC_F_EC_POINT_IS_ON_CURVE                        119
 #define EC_F_EC_POINT_MAKE_AFFINE                        120
-#define EC_F_EC_POINT_MUL                                184
 #define EC_F_EC_POINT_NEW                                121
 #define EC_F_EC_POINT_OCT2POINT                          122
 #define EC_F_EC_POINT_POINT2OCT                          123
-#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M        185
 #define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP         124
-#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M    186
 #define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP     125
 #define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP    126
 #define EC_F_EC_POINT_SET_TO_INFINITY                    127
-#define EC_F_EC_PRE_COMP_DUP                             207
+#define EC_F_GFP_MONT_GROUP_SET_CURVE_GFP                135
-#define EC_F_EC_PRE_COMP_NEW                             196
-#define EC_F_EC_WNAF_MUL                                 187
-#define EC_F_EC_WNAF_PRECOMPUTE_MULT                     188
-#define EC_F_I2D_ECPARAMETERS                            190
-#define EC_F_I2D_ECPKPARAMETERS                          191
-#define EC_F_I2D_ECPRIVATEKEY                            192
-#define EC_F_I2O_ECPUBLICKEY                             151
-#define EC_F_O2I_ECPUBLICKEY                             152
 /* Reason codes. */
-#define EC_R_ASN1_ERROR                                  115
-#define EC_R_ASN1_UNKNOWN_FIELD                          116
 #define EC_R_BUFFER_TOO_SMALL                            100
-#define EC_R_D2I_ECPKPARAMETERS_FAILURE                  117
-#define EC_R_DISCRIMINANT_IS_ZERO                        118
-#define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE                119
-#define EC_R_FIELD_TOO_LARGE                             138
-#define EC_R_GROUP2PKPARAMETERS_FAILURE                  120
-#define EC_R_I2D_ECPKPARAMETERS_FAILURE                  121
 #define EC_R_INCOMPATIBLE_OBJECTS                        101
 #define EC_R_INVALID_ARGUMENT                            112
 #define EC_R_INVALID_COMPRESSED_POINT                    110
@@ -497,28 +230,12 @@ void ERR_load_EC_strings(void);
 #define EC_R_INVALID_ENCODING                            102
 #define EC_R_INVALID_FIELD                               103
 #define EC_R_INVALID_FORM                                104
-#define EC_R_INVALID_GROUP_ORDER                         122
-#define EC_R_INVALID_PENTANOMIAL_BASIS                   132
-#define EC_R_INVALID_PRIVATE_KEY                         123
-#define EC_R_INVALID_TRINOMIAL_BASIS                     137
-#define EC_R_MISSING_PARAMETERS                          124
-#define EC_R_MISSING_PRIVATE_KEY                         125
-#define EC_R_NOT_A_NIST_PRIME                            135
-#define EC_R_NOT_A_SUPPORTED_NIST_PRIME                  136
-#define EC_R_NOT_IMPLEMENTED                             126
 #define EC_R_NOT_INITIALIZED                             111
-#define EC_R_NO_FIELD_MOD                                133
-#define EC_R_PASSED_NULL_PARAMETER                       134
-#define EC_R_PKPARAMETERS2GROUP_FAILURE                  127
 #define EC_R_POINT_AT_INFINITY                           106
 #define EC_R_POINT_IS_NOT_ON_CURVE                       107
 #define EC_R_SLOT_FULL                                   108
 #define EC_R_UNDEFINED_GENERATOR                         113
-#define EC_R_UNDEFINED_ORDER                             128
-#define EC_R_UNKNOWN_GROUP                               129
 #define EC_R_UNKNOWN_ORDER                               114
-#define EC_R_UNSUPPORTED_FIELD                           131
-#define EC_R_WRONG_ORDER                                 130
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libcrypto/ec/ec2_smpt.c b/src/lib/libcrypto/ec/ec2_smpt.c
new file mode 100644
index 0000000000..59d52bf663
--- /dev/null
+++ b/src/lib/libcrypto/ec/ec2_smpt.c
@@ -0,0 +1,74 @@
+/* crypto/ec/ec2_smpt.c */
+/* This code was originally written by Douglas Stebila 
+ * <dstebila@student.math.uwaterloo.ca> for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* Calaculates and sets the affine coordinates of an EC_POINT from the given
+ * compressed coordinates.  Uses algorithm 2.3.4 of SEC 1. 
+ * Note that the simple implementation only uses affine coordinates.
+ *
+ * This algorithm is patented by Certicom Corp. under US Patent 6,141,420
+ * (for licensing information, contact licensing@certicom.com).
+ * This function is disabled by default and can be enabled by defining the 
+ * preprocessor macro OPENSSL_EC_BIN_PT_COMP at Configure-time.
+ */
+int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
+        const BIGNUM *x_, int y_bit, BN_CTX *ctx)
+        {
+        ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_DISABLED);
+        return 0;
+        }
diff --git a/src/lib/libcrypto/ec/ec_cvt.c b/src/lib/libcrypto/ec/ec_cvt.c
index d45640bab9..45b0ec33a0 100644
--- a/src/lib/libcrypto/ec/ec_cvt.c
+++ b/src/lib/libcrypto/ec/ec_cvt.c
@@ -1,9 +1,6 @@
 /* crypto/ec/ec_cvt.c */
-/*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -55,21 +52,7 @@
 * Hudson (tjh@cryptsoft.com).
 *
 */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by 
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-#include <openssl/err.h>
 #include "ec_lcl.h"
@@ -77,64 +60,17 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM
        {
        const EC_METHOD *meth;
        EC_GROUP *ret;
-        meth = EC_GFp_nist_method();
        
-        ret = EC_GROUP_new(meth);
+        /* Finally, this will use EC_GFp_nist_method if 'p' is a special
-        if (ret == NULL)
+         * prime with optimized modular arithmetics (for NIST curves)
-                return NULL;
+         */
+        meth = EC_GFp_mont_method();
-        if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx))
-                {
-                unsigned long err;
-                  
-                err = ERR_peek_last_error();
-                if (!(ERR_GET_LIB(err) == ERR_LIB_EC &&
-                        ((ERR_GET_REASON(err) == EC_R_NOT_A_NIST_PRIME) ||
-                         (ERR_GET_REASON(err) == EC_R_NOT_A_SUPPORTED_NIST_PRIME))))
-                        {
-                        /* real error */
-                        
-                        EC_GROUP_clear_free(ret);
-                        return NULL;
-                        }
-                        
-                
-                /* not an actual error, we just cannot use EC_GFp_nist_method */
-                ERR_clear_error();
-                EC_GROUP_clear_free(ret);
-                meth = EC_GFp_mont_method();
-                ret = EC_GROUP_new(meth);
-                if (ret == NULL)
-                        return NULL;
-                if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx))
-                        {
-                        EC_GROUP_clear_free(ret);
-                        return NULL;
-                        }
-                }
-        return ret;
-        }
-EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-        {
-        const EC_METHOD *meth;
-        EC_GROUP *ret;
-        
-        meth = EC_GF2m_simple_method();
        
        ret = EC_GROUP_new(meth);
        if (ret == NULL)
                return NULL;
-        if (!EC_GROUP_set_curve_GF2m(ret, p, a, b, ctx))
+        if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx))
                {
                EC_GROUP_clear_free(ret);
                return NULL;
diff --git a/src/lib/libcrypto/ec/ec_err.c b/src/lib/libcrypto/ec/ec_err.c
index d04c895560..5b70f94382 100644
--- a/src/lib/libcrypto/ec/ec_err.c
+++ b/src/lib/libcrypto/ec/ec_err.c
@@ -1,6 +1,6 @@
 /* crypto/ec/ec_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -71,127 +71,54 @@
 static ERR_STRING_DATA EC_str_functs[]=
        {
 {ERR_FUNC(EC_F_COMPUTE_WNAF),   "COMPUTE_WNAF"},
-{ERR_FUNC(EC_F_D2I_ECPARAMETERS),       "d2i_ECParameters"},
-{ERR_FUNC(EC_F_D2I_ECPKPARAMETERS),     "d2i_ECPKParameters"},
-{ERR_FUNC(EC_F_D2I_ECPRIVATEKEY),       "d2i_ECPrivateKey"},
-{ERR_FUNC(EC_F_ECPARAMETERS_PRINT),     "ECParameters_print"},
-{ERR_FUNC(EC_F_ECPARAMETERS_PRINT_FP),  "ECParameters_print_fp"},
-{ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT),   "ECPKParameters_print"},
-{ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT_FP),        "ECPKParameters_print_fp"},
-{ERR_FUNC(EC_F_ECP_NIST_MOD_192),       "ECP_NIST_MOD_192"},
-{ERR_FUNC(EC_F_ECP_NIST_MOD_224),       "ECP_NIST_MOD_224"},
-{ERR_FUNC(EC_F_ECP_NIST_MOD_256),       "ECP_NIST_MOD_256"},
-{ERR_FUNC(EC_F_ECP_NIST_MOD_521),       "ECP_NIST_MOD_521"},
-{ERR_FUNC(EC_F_EC_ASN1_GROUP2CURVE),    "EC_ASN1_GROUP2CURVE"},
-{ERR_FUNC(EC_F_EC_ASN1_GROUP2FIELDID),  "EC_ASN1_GROUP2FIELDID"},
-{ERR_FUNC(EC_F_EC_ASN1_GROUP2PARAMETERS),       "EC_ASN1_GROUP2PARAMETERS"},
-{ERR_FUNC(EC_F_EC_ASN1_GROUP2PKPARAMETERS),     "EC_ASN1_GROUP2PKPARAMETERS"},
-{ERR_FUNC(EC_F_EC_ASN1_PARAMETERS2GROUP),       "EC_ASN1_PARAMETERS2GROUP"},
-{ERR_FUNC(EC_F_EC_ASN1_PKPARAMETERS2GROUP),     "EC_ASN1_PKPARAMETERS2GROUP"},
-{ERR_FUNC(EC_F_EC_EX_DATA_SET_DATA),    "EC_EX_DATA_set_data"},
-{ERR_FUNC(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY),      "EC_GF2M_MONTGOMERY_POINT_MULTIPLY"},
-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT),        "ec_GF2m_simple_group_check_discriminant"},
-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE), "ec_GF2m_simple_group_set_curve"},
-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_OCT2POINT),       "ec_GF2m_simple_oct2point"},
-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT2OCT),       "ec_GF2m_simple_point2oct"},
-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES),    "ec_GF2m_simple_point_get_affine_coordinates"},
-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES),    "ec_GF2m_simple_point_set_affine_coordinates"},
-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES),      "ec_GF2m_simple_set_compressed_coordinates"},
 {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_DECODE),       "ec_GFp_mont_field_decode"},
 {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_ENCODE),       "ec_GFp_mont_field_encode"},
 {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_MUL),  "ec_GFp_mont_field_mul"},
-{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE),   "ec_GFp_mont_field_set_to_one"},
 {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR),  "ec_GFp_mont_field_sqr"},
-{ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE),    "ec_GFp_mont_group_set_curve"},
+{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP),      "ec_GFp_simple_group_set_curve_GFp"},
-{ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP),        "EC_GFP_MONT_GROUP_SET_CURVE_GFP"},
+{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR),      "ec_GFp_simple_group_set_generator"},
-{ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_MUL),  "ec_GFp_nist_field_mul"},
-{ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_SQR),  "ec_GFp_nist_field_sqr"},
-{ERR_FUNC(EC_F_EC_GFP_NIST_GROUP_SET_CURVE),    "ec_GFp_nist_group_set_curve"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT), "ec_GFp_simple_group_check_discriminant"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE),  "ec_GFp_simple_group_set_curve"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP),      "EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR),      "EC_GFP_SIMPLE_GROUP_SET_GENERATOR"},
 {ERR_FUNC(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE),      "ec_GFp_simple_make_affine"},
 {ERR_FUNC(EC_F_EC_GFP_SIMPLE_OCT2POINT),        "ec_GFp_simple_oct2point"},
 {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT2OCT),        "ec_GFp_simple_point2oct"},
 {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE),       "ec_GFp_simple_points_make_affine"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES),     "ec_GFp_simple_point_get_affine_coordinates"},
+{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP), "ec_GFp_simple_point_get_affine_coordinates_GFp"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP), "EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP"},
+{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP), "ec_GFp_simple_point_set_affine_coordinates_GFp"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES),     "ec_GFp_simple_point_set_affine_coordinates"},
+{ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP),   "ec_GFp_simple_set_compressed_coordinates_GFp"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP), "EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES),       "ec_GFp_simple_set_compressed_coordinates"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP),   "EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP"},
-{ERR_FUNC(EC_F_EC_GROUP_CHECK), "EC_GROUP_check"},
-{ERR_FUNC(EC_F_EC_GROUP_CHECK_DISCRIMINANT),    "EC_GROUP_check_discriminant"},
 {ERR_FUNC(EC_F_EC_GROUP_COPY),  "EC_GROUP_copy"},
 {ERR_FUNC(EC_F_EC_GROUP_GET0_GENERATOR),        "EC_GROUP_get0_generator"},
 {ERR_FUNC(EC_F_EC_GROUP_GET_COFACTOR),  "EC_GROUP_get_cofactor"},
-{ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GF2M),        "EC_GROUP_get_curve_GF2m"},
 {ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GFP), "EC_GROUP_get_curve_GFp"},
-{ERR_FUNC(EC_F_EC_GROUP_GET_DEGREE),    "EC_GROUP_get_degree"},
 {ERR_FUNC(EC_F_EC_GROUP_GET_ORDER),     "EC_GROUP_get_order"},
-{ERR_FUNC(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS), "EC_GROUP_get_pentanomial_basis"},
-{ERR_FUNC(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS),   "EC_GROUP_get_trinomial_basis"},
 {ERR_FUNC(EC_F_EC_GROUP_NEW),   "EC_GROUP_new"},
-{ERR_FUNC(EC_F_EC_GROUP_NEW_BY_CURVE_NAME),     "EC_GROUP_new_by_curve_name"},
-{ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_DATA), "EC_GROUP_NEW_FROM_DATA"},
 {ERR_FUNC(EC_F_EC_GROUP_PRECOMPUTE_MULT),       "EC_GROUP_precompute_mult"},
-{ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GF2M),        "EC_GROUP_set_curve_GF2m"},
 {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP), "EC_GROUP_set_curve_GFp"},
-{ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA),        "EC_GROUP_SET_EXTRA_DATA"},
+{ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA),        "EC_GROUP_set_extra_data"},
 {ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR), "EC_GROUP_set_generator"},
-{ERR_FUNC(EC_F_EC_KEY_CHECK_KEY),       "EC_KEY_check_key"},
-{ERR_FUNC(EC_F_EC_KEY_COPY),    "EC_KEY_copy"},
-{ERR_FUNC(EC_F_EC_KEY_GENERATE_KEY),    "EC_KEY_generate_key"},
-{ERR_FUNC(EC_F_EC_KEY_NEW),     "EC_KEY_new"},
-{ERR_FUNC(EC_F_EC_KEY_PRINT),   "EC_KEY_print"},
-{ERR_FUNC(EC_F_EC_KEY_PRINT_FP),        "EC_KEY_print_fp"},
 {ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE),  "EC_POINTs_make_affine"},
 {ERR_FUNC(EC_F_EC_POINTS_MUL),  "EC_POINTs_mul"},
 {ERR_FUNC(EC_F_EC_POINT_ADD),   "EC_POINT_add"},
 {ERR_FUNC(EC_F_EC_POINT_CMP),   "EC_POINT_cmp"},
 {ERR_FUNC(EC_F_EC_POINT_COPY),  "EC_POINT_copy"},
 {ERR_FUNC(EC_F_EC_POINT_DBL),   "EC_POINT_dbl"},
-{ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M),   "EC_POINT_get_affine_coordinates_GF2m"},
 {ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP),    "EC_POINT_get_affine_coordinates_GFp"},
 {ERR_FUNC(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP),       "EC_POINT_get_Jprojective_coordinates_GFp"},
-{ERR_FUNC(EC_F_EC_POINT_INVERT),        "EC_POINT_invert"},
 {ERR_FUNC(EC_F_EC_POINT_IS_AT_INFINITY),        "EC_POINT_is_at_infinity"},
 {ERR_FUNC(EC_F_EC_POINT_IS_ON_CURVE),   "EC_POINT_is_on_curve"},
 {ERR_FUNC(EC_F_EC_POINT_MAKE_AFFINE),   "EC_POINT_make_affine"},
-{ERR_FUNC(EC_F_EC_POINT_MUL),   "EC_POINT_mul"},
 {ERR_FUNC(EC_F_EC_POINT_NEW),   "EC_POINT_new"},
 {ERR_FUNC(EC_F_EC_POINT_OCT2POINT),     "EC_POINT_oct2point"},
 {ERR_FUNC(EC_F_EC_POINT_POINT2OCT),     "EC_POINT_point2oct"},
-{ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M),   "EC_POINT_set_affine_coordinates_GF2m"},
 {ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP),    "EC_POINT_set_affine_coordinates_GFp"},
-{ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M),       "EC_POINT_set_compressed_coordinates_GF2m"},
 {ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP),        "EC_POINT_set_compressed_coordinates_GFp"},
 {ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP),       "EC_POINT_set_Jprojective_coordinates_GFp"},
 {ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY),       "EC_POINT_set_to_infinity"},
-{ERR_FUNC(EC_F_EC_PRE_COMP_DUP),        "EC_PRE_COMP_DUP"},
+{ERR_FUNC(EC_F_GFP_MONT_GROUP_SET_CURVE_GFP),   "GFP_MONT_GROUP_SET_CURVE_GFP"},
-{ERR_FUNC(EC_F_EC_PRE_COMP_NEW),        "EC_PRE_COMP_NEW"},
-{ERR_FUNC(EC_F_EC_WNAF_MUL),    "ec_wNAF_mul"},
-{ERR_FUNC(EC_F_EC_WNAF_PRECOMPUTE_MULT),        "ec_wNAF_precompute_mult"},
-{ERR_FUNC(EC_F_I2D_ECPARAMETERS),       "i2d_ECParameters"},
-{ERR_FUNC(EC_F_I2D_ECPKPARAMETERS),     "i2d_ECPKParameters"},
-{ERR_FUNC(EC_F_I2D_ECPRIVATEKEY),       "i2d_ECPrivateKey"},
-{ERR_FUNC(EC_F_I2O_ECPUBLICKEY),        "i2o_ECPublicKey"},
-{ERR_FUNC(EC_F_O2I_ECPUBLICKEY),        "o2i_ECPublicKey"},
 {0,NULL}
        };
 static ERR_STRING_DATA EC_str_reasons[]=
        {
-{ERR_REASON(EC_R_ASN1_ERROR)             ,"asn1 error"},
-{ERR_REASON(EC_R_ASN1_UNKNOWN_FIELD)     ,"asn1 unknown field"},
 {ERR_REASON(EC_R_BUFFER_TOO_SMALL)       ,"buffer too small"},
-{ERR_REASON(EC_R_D2I_ECPKPARAMETERS_FAILURE),"d2i ecpkparameters failure"},
-{ERR_REASON(EC_R_DISCRIMINANT_IS_ZERO)   ,"discriminant is zero"},
-{ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),"ec group new by name failure"},
-{ERR_REASON(EC_R_FIELD_TOO_LARGE)        ,"field too large"},
-{ERR_REASON(EC_R_GROUP2PKPARAMETERS_FAILURE),"group2pkparameters failure"},
-{ERR_REASON(EC_R_I2D_ECPKPARAMETERS_FAILURE),"i2d ecpkparameters failure"},
 {ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS)   ,"incompatible objects"},
 {ERR_REASON(EC_R_INVALID_ARGUMENT)       ,"invalid argument"},
 {ERR_REASON(EC_R_INVALID_COMPRESSED_POINT),"invalid compressed point"},
@@ -199,28 +126,12 @@ static ERR_STRING_DATA EC_str_reasons[]=
 {ERR_REASON(EC_R_INVALID_ENCODING)       ,"invalid encoding"},
 {ERR_REASON(EC_R_INVALID_FIELD)          ,"invalid field"},
 {ERR_REASON(EC_R_INVALID_FORM)           ,"invalid form"},
-{ERR_REASON(EC_R_INVALID_GROUP_ORDER)    ,"invalid group order"},
-{ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS),"invalid pentanomial basis"},
-{ERR_REASON(EC_R_INVALID_PRIVATE_KEY)    ,"invalid private key"},
-{ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS),"invalid trinomial basis"},
-{ERR_REASON(EC_R_MISSING_PARAMETERS)     ,"missing parameters"},
-{ERR_REASON(EC_R_MISSING_PRIVATE_KEY)    ,"missing private key"},
-{ERR_REASON(EC_R_NOT_A_NIST_PRIME)       ,"not a NIST prime"},
-{ERR_REASON(EC_R_NOT_A_SUPPORTED_NIST_PRIME),"not a supported NIST prime"},
-{ERR_REASON(EC_R_NOT_IMPLEMENTED)        ,"not implemented"},
 {ERR_REASON(EC_R_NOT_INITIALIZED)        ,"not initialized"},
-{ERR_REASON(EC_R_NO_FIELD_MOD)           ,"no field mod"},
-{ERR_REASON(EC_R_PASSED_NULL_PARAMETER)  ,"passed null parameter"},
-{ERR_REASON(EC_R_PKPARAMETERS2GROUP_FAILURE),"pkparameters2group failure"},
 {ERR_REASON(EC_R_POINT_AT_INFINITY)      ,"point at infinity"},
 {ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE)  ,"point is not on curve"},
 {ERR_REASON(EC_R_SLOT_FULL)              ,"slot full"},
 {ERR_REASON(EC_R_UNDEFINED_GENERATOR)    ,"undefined generator"},
-{ERR_REASON(EC_R_UNDEFINED_ORDER)        ,"undefined order"},
-{ERR_REASON(EC_R_UNKNOWN_GROUP)          ,"unknown group"},
 {ERR_REASON(EC_R_UNKNOWN_ORDER)          ,"unknown order"},
-{ERR_REASON(EC_R_UNSUPPORTED_FIELD)      ,"unsupported field"},
-{ERR_REASON(EC_R_WRONG_ORDER)            ,"wrong order"},
 {0,NULL}
        };
@@ -228,12 +139,15 @@ static ERR_STRING_DATA EC_str_reasons[]=
 void ERR_load_EC_strings(void)
        {
-#ifndef OPENSSL_NO_ERR
+        static int init=1;
-        if (ERR_func_error_string(EC_str_functs[0].error) == NULL)
+        if (init)
                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
                ERR_load_strings(0,EC_str_functs);
                ERR_load_strings(0,EC_str_reasons);
-                }
 #endif
+                }
        }
diff --git a/src/lib/libcrypto/ec/ec_lcl.h b/src/lib/libcrypto/ec/ec_lcl.h
index fdd7aa2755..cc4cf27755 100644
--- a/src/lib/libcrypto/ec/ec_lcl.h
+++ b/src/lib/libcrypto/ec/ec_lcl.h
@@ -1,9 +1,6 @@
 /* crypto/ec/ec_lcl.h */
-/*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
 /* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -55,56 +52,35 @@
 * Hudson (tjh@cryptsoft.com).
 *
 */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by 
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by 
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
 #include <stdlib.h>
-#include <openssl/obj_mac.h>
 #include <openssl/ec.h>
-#include <openssl/bn.h>
-#if defined(__SUNPRO_C)
-# if __SUNPRO_C >= 0x520
-# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)
-# endif
-#endif
 /* Structure details are not part of the exported interface,
 * so all this may change in future versions. */
 struct ec_method_st {
-        /* used by EC_METHOD_get_field_type: */
-        int field_type; /* a NID */
        /* used by EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_copy: */
        int (*group_init)(EC_GROUP *);
        void (*group_finish)(EC_GROUP *);
        void (*group_clear_finish)(EC_GROUP *);
        int (*group_copy)(EC_GROUP *, const EC_GROUP *);
-        /* used by EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, */
+        /* used by EC_GROUP_set_curve_GFp and EC_GROUP_get_curve_GFp: */
-        /* EC_GROUP_set_curve_GF2m, and EC_GROUP_get_curve_GF2m: */
+        int (*group_set_curve_GFp)(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-        int (*group_set_curve)(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+        int (*group_get_curve_GFp)(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
-        int (*group_get_curve)(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
-        /* used by EC_GROUP_get_degree: */
+        /* used by EC_GROUP_set_generator, EC_GROUP_get0_generator,
-        int (*group_get_degree)(const EC_GROUP *);
+         * EC_GROUP_get_order, EC_GROUP_get_cofactor:
+         */
-        /* used by EC_GROUP_check: */
+        int (*group_set_generator)(EC_GROUP *, const EC_POINT *generator,
-        int (*group_check_discriminant)(const EC_GROUP *, BN_CTX *);
+                const BIGNUM *order, const BIGNUM *cofactor);
+        EC_POINT *(*group_get0_generator)(const EC_GROUP *);
+        int (*group_get_order)(const EC_GROUP *, BIGNUM *order, BN_CTX *);
+        int (*group_get_cofactor)(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *);
        /* used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy: */
        int (*point_init)(EC_POINT *);
@@ -113,22 +89,20 @@ struct ec_method_st {
        int (*point_copy)(EC_POINT *, const EC_POINT *);
        /* used by EC_POINT_set_to_infinity,
-         * EC_POINT_set_Jprojective_coordinates_GFp,
+         * EC_POINT_set_Jprojective_coordinates_GFp, EC_POINT_get_Jprojective_coordinates_GFp,
-         * EC_POINT_get_Jprojective_coordinates_GFp,
+         * EC_POINT_set_affine_coordinates_GFp, EC_POINT_get_affine_coordinates_GFp,
-         * EC_POINT_set_affine_coordinates_GFp,     ..._GF2m,
+         * EC_POINT_set_compressed_coordinates_GFp:
-         * EC_POINT_get_affine_coordinates_GFp,     ..._GF2m,
-         * EC_POINT_set_compressed_coordinates_GFp, ..._GF2m:
         */
        int (*point_set_to_infinity)(const EC_GROUP *, EC_POINT *);
        int (*point_set_Jprojective_coordinates_GFp)(const EC_GROUP *, EC_POINT *,
                const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
        int (*point_get_Jprojective_coordinates_GFp)(const EC_GROUP *, const EC_POINT *,
                BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
-        int (*point_set_affine_coordinates)(const EC_GROUP *, EC_POINT *,
+        int (*point_set_affine_coordinates_GFp)(const EC_GROUP *, EC_POINT *,
                const BIGNUM *x, const BIGNUM *y, BN_CTX *);
-        int (*point_get_affine_coordinates)(const EC_GROUP *, const EC_POINT *,
+        int (*point_get_affine_coordinates_GFp)(const EC_GROUP *, const EC_POINT *,
                BIGNUM *x, BIGNUM *y, BN_CTX *);
-        int (*point_set_compressed_coordinates)(const EC_GROUP *, EC_POINT *,
+        int (*point_set_compressed_coordinates_GFp)(const EC_GROUP *, EC_POINT *,
                const BIGNUM *x, int y_bit, BN_CTX *);
        /* used by EC_POINT_point2oct, EC_POINT_oct2point: */
@@ -151,65 +125,34 @@ struct ec_method_st {
        int (*make_affine)(const EC_GROUP *, EC_POINT *, BN_CTX *);
        int (*points_make_affine)(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
-        /* used by EC_POINTs_mul, EC_POINT_mul, EC_POINT_precompute_mult, EC_POINT_have_precompute_mult
-         * (default implementations are used if the 'mul' pointer is 0): */
-        int (*mul)(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
-                size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
-        int (*precompute_mult)(EC_GROUP *group, BN_CTX *);
-        int (*have_precompute_mult)(const EC_GROUP *group);
        /* internal functions */
-        /* 'field_mul', 'field_sqr', and 'field_div' can be used by 'add' and 'dbl' so that
+        /* 'field_mul' and 'field_sqr' can be used by 'add' and 'dbl' so that
         * the same implementations of point operations can be used with different
         * optimized implementations of expensive field operations: */
        int (*field_mul)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
        int (*field_sqr)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
-        int (*field_div)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
        int (*field_encode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. to Montgomery */
        int (*field_decode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. from Montgomery */
        int (*field_set_to_one)(const EC_GROUP *, BIGNUM *r, BN_CTX *);
 } /* EC_METHOD */;
-typedef struct ec_extra_data_st {
-        struct ec_extra_data_st *next;
-        void *data;
-        void *(*dup_func)(void *);
-        void (*free_func)(void *);
-        void (*clear_free_func)(void *);
-} EC_EXTRA_DATA; /* used in EC_GROUP */
 struct ec_group_st {
        const EC_METHOD *meth;
-        EC_POINT *generator; /* optional */
+        void *extra_data;
-        BIGNUM order, cofactor;
+        void *(*extra_data_dup_func)(void *);
+        void (*extra_data_free_func)(void *);
-        int curve_name;/* optional NID for named curve */
+        void (*extra_data_clear_free_func)(void *);
-        int asn1_flag; /* flag to control the asn1 encoding */
-        point_conversion_form_t asn1_form;
-        unsigned char *seed; /* optional seed for parameters (appears in ASN1) */
-        size_t seed_len;
-        EC_EXTRA_DATA *extra_data; /* linked list */
+        /* All members except 'meth' and 'extra_data...' are handled by
+         * the method functions, even if they appear generic */
-        /* The following members are handled by the method functions,
-         * even if they appear generic */
        
        BIGNUM field; /* Field specification.
-                       * For curves over GF(p), this is the modulus;
+                       * For curves over GF(p), this is the modulus. */
-                       * for curves over GF(2^m), this is the 
-                       * irreducible polynomial defining the field.
-                       */
-        unsigned int poly[5]; /* Field specification for curves over GF(2^m).
-                               * The irreducible f(t) is then of the form:
-                               *     t^poly[0] + t^poly[1] + ... + t^poly[k]
-                               * where m = poly[0] > poly[1] > ... > poly[k] = 0.
-                               */
        BIGNUM a, b; /* Curve coefficients.
                      * (Here the assumption is that BIGNUMs can be used
@@ -217,49 +160,29 @@ struct ec_group_st {
                      * For characteristic  > 3,  the curve is defined
                      * by a Weierstrass equation of the form
                      *     y^2 = x^3 + a*x + b.
-                      * For characteristic  2,  the curve is defined by
-                      * an equation of the form
-                      *     y^2 + x*y = x^3 + a*x^2 + b.
                      */
        int a_is_minus3; /* enable optimized point arithmetics for special case */
+        EC_POINT *generator; /* optional */
+        BIGNUM order, cofactor;
        void *field_data1; /* method-specific (e.g., Montgomery structure) */
        void *field_data2; /* method-specific */
-        int (*field_mod_func)(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); /* method-specific */
 } /* EC_GROUP */;
-struct ec_key_st {
-        int version;
-        EC_GROUP *group;
-        EC_POINT *pub_key;
-        BIGNUM   *priv_key;
-        unsigned int enc_flag;
-        point_conversion_form_t conv_form;
-        int     references;
+/* Basically a 'mixin' for extra data, but available for EC_GROUPs only
-        EC_EXTRA_DATA *method_data;
-} /* EC_KEY */;
-/* Basically a 'mixin' for extra data, but available for EC_GROUPs/EC_KEYs only
 * (with visibility limited to 'package' level for now).
 * We use the function pointers as index for retrieval; this obviates
 * global ex_data-style index tables.
- */
+ * (Currently, we have one slot only, but is is possible to extend this
-int EC_EX_DATA_set_data(EC_EXTRA_DATA **, void *data,
+ * if necessary.) */
-        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
+int EC_GROUP_set_extra_data(EC_GROUP *, void *extra_data, void *(*extra_data_dup_func)(void *),
-void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *,
+        void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *));
-        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
+void *EC_GROUP_get_extra_data(const EC_GROUP *, void *(*extra_data_dup_func)(void *),
-void EC_EX_DATA_free_data(EC_EXTRA_DATA **,
+        void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *));
-        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
+void EC_GROUP_free_extra_data(EC_GROUP *);
-void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **,
+void EC_GROUP_clear_free_extra_data(EC_GROUP *);
-        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
-void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **);
-void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **);
@@ -278,23 +201,18 @@ struct ec_point_st {
-/* method functions in ec_mult.c
- * (ec_lib.c uses these as defaults if group->method->mul is 0) */
-int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
-        size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
-int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *);
-int ec_wNAF_have_precompute_mult(const EC_GROUP *group);
 /* method functions in ecp_smpl.c */
 int ec_GFp_simple_group_init(EC_GROUP *);
 void ec_GFp_simple_group_finish(EC_GROUP *);
 void ec_GFp_simple_group_clear_finish(EC_GROUP *);
 int ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *);
-int ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int ec_GFp_simple_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-int ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
+int ec_GFp_simple_group_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
-int ec_GFp_simple_group_get_degree(const EC_GROUP *);
+int ec_GFp_simple_group_set_generator(EC_GROUP *, const EC_POINT *generator,
-int ec_GFp_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *);
+        const BIGNUM *order, const BIGNUM *cofactor);
+EC_POINT *ec_GFp_simple_group_get0_generator(const EC_GROUP *);
+int ec_GFp_simple_group_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *);
+int ec_GFp_simple_group_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *);
 int ec_GFp_simple_point_init(EC_POINT *);
 void ec_GFp_simple_point_finish(EC_POINT *);
 void ec_GFp_simple_point_clear_finish(EC_POINT *);
@@ -304,11 +222,11 @@ int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *,
        const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
 int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
        BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
-int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *,
+int ec_GFp_simple_point_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *,
        const BIGNUM *x, const BIGNUM *y, BN_CTX *);
-int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *, const EC_POINT *,
+int ec_GFp_simple_point_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
        BIGNUM *x, BIGNUM *y, BN_CTX *);
-int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *,
+int ec_GFp_simple_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *,
        const BIGNUM *x, int y_bit, BN_CTX *);
 size_t ec_GFp_simple_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
        unsigned char *buf, size_t len, BN_CTX *);
@@ -328,7 +246,7 @@ int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX
 /* method functions in ecp_mont.c */
 int ec_GFp_mont_group_init(EC_GROUP *);
-int ec_GFp_mont_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int ec_GFp_mont_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
 void ec_GFp_mont_group_finish(EC_GROUP *);
 void ec_GFp_mont_group_clear_finish(EC_GROUP *);
 int ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *);
@@ -339,52 +257,21 @@ int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CT
 int ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *);
+/* method functions in ecp_recp.c */
+int ec_GFp_recp_group_init(EC_GROUP *);
+int ec_GFp_recp_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+void ec_GFp_recp_group_finish(EC_GROUP *);
+void ec_GFp_recp_group_clear_finish(EC_GROUP *);
+int ec_GFp_recp_group_copy(EC_GROUP *, const EC_GROUP *);
+int ec_GFp_recp_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int ec_GFp_recp_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
 /* method functions in ecp_nist.c */
-int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src);
+int ec_GFp_nist_group_init(EC_GROUP *);
-int ec_GFp_nist_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int ec_GFp_nist_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+void ec_GFp_nist_group_finish(EC_GROUP *);
+void ec_GFp_nist_group_clear_finish(EC_GROUP *);
+int ec_GFp_nist_group_copy(EC_GROUP *, const EC_GROUP *);
 int ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
 int ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
-/* method functions in ec2_smpl.c */
-int ec_GF2m_simple_group_init(EC_GROUP *);
-void ec_GF2m_simple_group_finish(EC_GROUP *);
-void ec_GF2m_simple_group_clear_finish(EC_GROUP *);
-int ec_GF2m_simple_group_copy(EC_GROUP *, const EC_GROUP *);
-int ec_GF2m_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-int ec_GF2m_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
-int ec_GF2m_simple_group_get_degree(const EC_GROUP *);
-int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *);
-int ec_GF2m_simple_point_init(EC_POINT *);
-void ec_GF2m_simple_point_finish(EC_POINT *);
-void ec_GF2m_simple_point_clear_finish(EC_POINT *);
-int ec_GF2m_simple_point_copy(EC_POINT *, const EC_POINT *);
-int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);
-int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *,
-        const BIGNUM *x, const BIGNUM *y, BN_CTX *);
-int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *, const EC_POINT *,
-        BIGNUM *x, BIGNUM *y, BN_CTX *);
-int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *,
-        const BIGNUM *x, int y_bit, BN_CTX *);
-size_t ec_GF2m_simple_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
-        unsigned char *buf, size_t len, BN_CTX *);
-int ec_GF2m_simple_oct2point(const EC_GROUP *, EC_POINT *,
-        const unsigned char *buf, size_t len, BN_CTX *);
-int ec_GF2m_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
-int ec_GF2m_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
-int ec_GF2m_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
-int ec_GF2m_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);
-int ec_GF2m_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
-int ec_GF2m_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
-int ec_GF2m_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
-int ec_GF2m_simple_points_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
-int ec_GF2m_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-int ec_GF2m_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
-int ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
-/* method functions in ec2_mult.c */
-int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
-        size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
-int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
-int ec_GF2m_have_precompute_mult(const EC_GROUP *group);
diff --git a/src/lib/libcrypto/ec/ec_lib.c b/src/lib/libcrypto/ec/ec_lib.c
index 5af84376c6..deb522060f 100644
--- a/src/lib/libcrypto/ec/ec_lib.c
+++ b/src/lib/libcrypto/ec/ec_lib.c
@@ -1,9 +1,6 @@
 /* crypto/ec/ec_lib.c */
-/*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
 /* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -55,11 +52,6 @@
 * Hudson (tjh@cryptsoft.com).
 *
 */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Binary polynomial ECC support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
 #include <string.h>
@@ -98,18 +90,10 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
        ret->meth = meth;
        ret->extra_data = NULL;
+        ret->extra_data_dup_func = 0;
-        ret->generator = NULL;
+        ret->extra_data_free_func = 0;
-        BN_init(&ret->order);
+        ret->extra_data_clear_free_func = 0;
-        BN_init(&ret->cofactor);
+        
-        ret->curve_name = 0;    
-        ret->asn1_flag  = 0;
-        ret->asn1_form  = POINT_CONVERSION_UNCOMPRESSED;
-        ret->seed = NULL;
-        ret->seed_len = 0;
        if (!meth->group_init(ret))
                {
                OPENSSL_free(ret);
@@ -127,15 +111,7 @@ void EC_GROUP_free(EC_GROUP *group)
        if (group->meth->group_finish != 0)
                group->meth->group_finish(group);
-        EC_EX_DATA_free_all_data(&group->extra_data);
+        EC_GROUP_free_extra_data(group);
-        if (group->generator != NULL)
-                EC_POINT_free(group->generator);
-        BN_free(&group->order);
-        BN_free(&group->cofactor);
-        if (group->seed)
-                OPENSSL_free(group->seed);
        OPENSSL_free(group);
        }
@@ -147,21 +123,10 @@ void EC_GROUP_clear_free(EC_GROUP *group)
        if (group->meth->group_clear_finish != 0)
                group->meth->group_clear_finish(group);
-        else if (group->meth->group_finish != 0)
+        else if (group->meth != NULL && group->meth->group_finish != 0)
                group->meth->group_finish(group);
-        EC_EX_DATA_clear_free_all_data(&group->extra_data);
+        EC_GROUP_clear_free_extra_data(group);
-        if (group->generator != NULL)
-                EC_POINT_clear_free(group->generator);
-        BN_clear_free(&group->order);
-        BN_clear_free(&group->cofactor);
-        if (group->seed)
-                {
-                OPENSSL_cleanse(group->seed, group->seed_len);
-                OPENSSL_free(group->seed);
-                }
        OPENSSL_cleanse(group, sizeof *group);
        OPENSSL_free(group);
@@ -170,8 +135,6 @@ void EC_GROUP_clear_free(EC_GROUP *group)
 int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
        {
-        EC_EXTRA_DATA *d;
        if (dest->meth->group_copy == 0)
                {
                ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
@@ -185,507 +148,161 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
        if (dest == src)
                return 1;
        
-        EC_EX_DATA_free_all_data(&dest->extra_data);
+        EC_GROUP_clear_free_extra_data(dest);
+        if (src->extra_data_dup_func)
-        for (d = src->extra_data; d != NULL; d = d->next)
                {
-                void *t = d->dup_func(d->data);
+                if (src->extra_data != NULL)
-                
-                if (t == NULL)
-                        return 0;
-                if (!EC_EX_DATA_set_data(&dest->extra_data, t, d->dup_func, d->free_func, d->clear_free_func))
-                        return 0;
-                }
-        if (src->generator != NULL)
-                {
-                if (dest->generator == NULL)
-                        {
-                        dest->generator = EC_POINT_new(dest);
-                        if (dest->generator == NULL) return 0;
-                        }
-                if (!EC_POINT_copy(dest->generator, src->generator)) return 0;
-                }
-        else
-                {
-                /* src->generator == NULL */
-                if (dest->generator != NULL)
                        {
-                        EC_POINT_clear_free(dest->generator);
+                        dest->extra_data = src->extra_data_dup_func(src->extra_data);
-                        dest->generator = NULL;
+                        if (dest->extra_data == NULL)
+                                return 0;
                        }
-                }
-        if (!BN_copy(&dest->order, &src->order)) return 0;
-        if (!BN_copy(&dest->cofactor, &src->cofactor)) return 0;
-        dest->curve_name = src->curve_name;
+                dest->extra_data_dup_func = src->extra_data_dup_func;
-        dest->asn1_flag  = src->asn1_flag;
+                dest->extra_data_free_func = src->extra_data_free_func;
-        dest->asn1_form  = src->asn1_form;
+                dest->extra_data_clear_free_func = src->extra_data_clear_free_func;
-        if (src->seed)
-                {
-                if (dest->seed)
-                        OPENSSL_free(dest->seed);
-                dest->seed = OPENSSL_malloc(src->seed_len);
-                if (dest->seed == NULL)
-                        return 0;
-                if (!memcpy(dest->seed, src->seed, src->seed_len))
-                        return 0;
-                dest->seed_len = src->seed_len;
-                }
-        else
-                {
-                if (dest->seed)
-                        OPENSSL_free(dest->seed);
-                dest->seed = NULL;
-                dest->seed_len = 0;
                }
-        
        return dest->meth->group_copy(dest, src);
        }
-EC_GROUP *EC_GROUP_dup(const EC_GROUP *a)
-        {
-        EC_GROUP *t = NULL;
-        int ok = 0;
-        if (a == NULL) return NULL;
-        if ((t = EC_GROUP_new(a->meth)) == NULL) return(NULL);
-        if (!EC_GROUP_copy(t, a)) goto err;
-        ok = 1;
-  err:  
-        if (!ok)
-                {
-                if (t) EC_GROUP_free(t);
-                return NULL;
-                }
-        else return t;
-        }
 const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group)
        {
        return group->meth;
        }
-int EC_METHOD_get_field_type(const EC_METHOD *meth)
-        {
-        return meth->field_type;
-        }
-int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor)
-        {
-        if (generator == NULL)
-                {
-                ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER);
-                return 0   ;
-                }
-        if (group->generator == NULL)
-                {
-                group->generator = EC_POINT_new(group);
-                if (group->generator == NULL) return 0;
-                }
-        if (!EC_POINT_copy(group->generator, generator)) return 0;
-        if (order != NULL)
-                { if (!BN_copy(&group->order, order)) return 0; }       
-        else
-                BN_zero(&group->order);
-        if (cofactor != NULL)
-                { if (!BN_copy(&group->cofactor, cofactor)) return 0; } 
-        else
-                BN_zero(&group->cofactor);
-        return 1;
-        }
-const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group)
-        {
-        return group->generator;
-        }
-int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
-        {
-        if (!BN_copy(order, &group->order))
-                return 0;
-        return !BN_is_zero(order);
-        }
-int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx)
-        {
-        if (!BN_copy(cofactor, &group->cofactor))
-                return 0;
-        return !BN_is_zero(&group->cofactor);
-        }
-void EC_GROUP_set_curve_name(EC_GROUP *group, int nid)
-        {
-        group->curve_name = nid;
-        }
-int EC_GROUP_get_curve_name(const EC_GROUP *group)
-        {
-        return group->curve_name;
-        }
-void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag)
-        {
-        group->asn1_flag = flag;
-        }
-int EC_GROUP_get_asn1_flag(const EC_GROUP *group)
-        {
-        return group->asn1_flag;
-        }
-void EC_GROUP_set_point_conversion_form(EC_GROUP *group, 
-                                        point_conversion_form_t form)
-        {
-        group->asn1_form = form;
-        }
-point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *group)
-        {
-        return group->asn1_form;
-        }
-size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len)
-        {
-        if (group->seed)
-                {
-                OPENSSL_free(group->seed);
-                group->seed = NULL;
-                group->seed_len = 0;
-                }
-        if (!len || !p)
-                return 1;
-        if ((group->seed = OPENSSL_malloc(len)) == NULL)
-                return 0;
-        memcpy(group->seed, p, len);
-        group->seed_len = len;
-        return len;
-        }
-unsigned char *EC_GROUP_get0_seed(const EC_GROUP *group)
-        {
-        return group->seed;
-        }
-size_t EC_GROUP_get_seed_len(const EC_GROUP *group)
-        {
-        return group->seed_len;
-        }
 int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
        {
-        if (group->meth->group_set_curve == 0)
+        if (group->meth->group_set_curve_GFp == 0)
                {
                ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                return 0;
                }
-        return group->meth->group_set_curve(group, p, a, b, ctx);
+        return group->meth->group_set_curve_GFp(group, p, a, b, ctx);
        }
 int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
        {
-        if (group->meth->group_get_curve == 0)
+        if (group->meth->group_get_curve_GFp == 0)
                {
                ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                return 0;
                }
-        return group->meth->group_get_curve(group, p, a, b, ctx);
+        return group->meth->group_get_curve_GFp(group, p, a, b, ctx);
        }
-int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor)
        {
-        if (group->meth->group_set_curve == 0)
+        if (group->meth->group_set_generator == 0)
                {
-                ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                return 0;
                }
-        return group->meth->group_set_curve(group, p, a, b, ctx);
+        return group->meth->group_set_generator(group, generator, order, cofactor);
        }
-int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
+EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group)
        {
-        if (group->meth->group_get_curve == 0)
+        if (group->meth->group_get0_generator == 0)
                {
-                ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerr(EC_F_EC_GROUP_GET0_GENERATOR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                return 0;
                }
-        return group->meth->group_get_curve(group, p, a, b, ctx);
+        return group->meth->group_get0_generator(group);
        }
-int EC_GROUP_get_degree(const EC_GROUP *group)
+int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
        {
-        if (group->meth->group_get_degree == 0)
+        if (group->meth->group_get_order == 0)
                {
-                ECerr(EC_F_EC_GROUP_GET_DEGREE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerr(EC_F_EC_GROUP_GET_ORDER, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                return 0;
                }
-        return group->meth->group_get_degree(group);
+        return group->meth->group_get_order(group, order, ctx);
        }
-int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
+int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx)
        {
-        if (group->meth->group_check_discriminant == 0)
+        if (group->meth->group_get_cofactor == 0)
                {
-                ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerr(EC_F_EC_GROUP_GET_COFACTOR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                return 0;
                }
-        return group->meth->group_check_discriminant(group, ctx);
+        return group->meth->group_get_cofactor(group, cofactor, ctx);
        }
-int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
+/* this has 'package' visibility */
+int EC_GROUP_set_extra_data(EC_GROUP *group, void *extra_data, void *(*extra_data_dup_func)(void *),
+        void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *))
        {
-        int    r = 0;
+        if ((group->extra_data != NULL)
-        BIGNUM *a1, *a2, *a3, *b1, *b2, *b3;
+                || (group->extra_data_dup_func != 0)
-        BN_CTX *ctx_new = NULL;
+                || (group->extra_data_free_func != 0)
+                || (group->extra_data_clear_free_func != 0))
-        /* compare the field types*/
-        if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) !=
-            EC_METHOD_get_field_type(EC_GROUP_method_of(b)))
-                return 1;
-        /* compare the curve name (if present) */
-        if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) &&
-            EC_GROUP_get_curve_name(a) == EC_GROUP_get_curve_name(b))
-                return 0;
-        if (!ctx)
-                ctx_new = ctx = BN_CTX_new();
-        if (!ctx)
-                return -1;
-        
-        BN_CTX_start(ctx);
-        a1 = BN_CTX_get(ctx);
-        a2 = BN_CTX_get(ctx);
-        a3 = BN_CTX_get(ctx);
-        b1 = BN_CTX_get(ctx);
-        b2 = BN_CTX_get(ctx);
-        b3 = BN_CTX_get(ctx);
-        if (!b3)
                {
-                BN_CTX_end(ctx);
+                ECerr(EC_F_EC_GROUP_SET_EXTRA_DATA, EC_R_SLOT_FULL);
-                if (ctx_new)
+                return 0;
-                        BN_CTX_free(ctx);
-                return -1;
-                }
-        /* XXX This approach assumes that the external representation
-         * of curves over the same field type is the same.
-         */
-        if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) ||
-            !b->meth->group_get_curve(b, b1, b2, b3, ctx))
-                r = 1;
-        if (r || BN_cmp(a1, b1) || BN_cmp(a2, b2) || BN_cmp(a3, b3))
-                r = 1;
-        /* XXX EC_POINT_cmp() assumes that the methods are equal */
-        if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a),
-            EC_GROUP_get0_generator(b), ctx))
-                r = 1;
-        if (!r)
-                {
-                /* compare the order and cofactor */
-                if (!EC_GROUP_get_order(a, a1, ctx) ||
-                    !EC_GROUP_get_order(b, b1, ctx) ||
-                    !EC_GROUP_get_cofactor(a, a2, ctx) ||
-                    !EC_GROUP_get_cofactor(b, b2, ctx))
-                        {
-                        BN_CTX_end(ctx);
-                        if (ctx_new)
-                                BN_CTX_free(ctx);
-                        return -1;
-                        }
-                if (BN_cmp(a1, b1) || BN_cmp(a2, b2))
-                        r = 1;
                }
-        BN_CTX_end(ctx);
+        group->extra_data = extra_data;
-        if (ctx_new)
+        group->extra_data_dup_func = extra_data_dup_func;
-                BN_CTX_free(ctx);
+        group->extra_data_free_func = extra_data_free_func;
+        group->extra_data_clear_free_func = extra_data_clear_free_func;
-        return r;
+        return 1;
        }
 /* this has 'package' visibility */
-int EC_EX_DATA_set_data(EC_EXTRA_DATA **ex_data, void *data,
+void *EC_GROUP_get_extra_data(const EC_GROUP *group, void *(*extra_data_dup_func)(void *),
-        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
+        void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *))
        {
-        EC_EXTRA_DATA *d;
+        if ((group->extra_data_dup_func != extra_data_dup_func)
+                || (group->extra_data_free_func != extra_data_free_func)
-        if (ex_data == NULL)
+                || (group->extra_data_clear_free_func != extra_data_clear_free_func))
-                return 0;
-        for (d = *ex_data; d != NULL; d = d->next)
                {
-                if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func)
+#if 0 /* this was an error in 0.9.7, but that does not make a lot of sense */
-                        {
+                ECerr(..._F_EC_GROUP_GET_EXTRA_DATA, ..._R_NO_SUCH_EXTRA_DATA);
-                        ECerr(EC_F_EC_EX_DATA_SET_DATA, EC_R_SLOT_FULL);
+#endif
-                        return 0;
+                return NULL;
-                        }
                }
-        if (data == NULL)
+        return group->extra_data;
-                /* no explicit entry needed */
-                return 1;
-        d = OPENSSL_malloc(sizeof *d);
-        if (d == NULL)
-                return 0;
-        d->data = data;
-        d->dup_func = dup_func;
-        d->free_func = free_func;
-        d->clear_free_func = clear_free_func;
-        d->next = *ex_data;
-        *ex_data = d;
-        return 1;
        }
-/* this has 'package' visibility */
-void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *ex_data,
-        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
-        {
-        const EC_EXTRA_DATA *d;
-        for (d = ex_data; d != NULL; d = d->next)
-                {
-                if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func)
-                        return d->data;
-                }
-        
-        return NULL;
-        }
 /* this has 'package' visibility */
-void EC_EX_DATA_free_data(EC_EXTRA_DATA **ex_data,
+void EC_GROUP_free_extra_data(EC_GROUP *group)
-        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
        {
-        EC_EXTRA_DATA **p;
+        if (group->extra_data_free_func)
+                group->extra_data_free_func(group->extra_data);
-        if (ex_data == NULL)
+        group->extra_data = NULL;
-                return;
+        group->extra_data_dup_func = 0;
+        group->extra_data_free_func = 0;
-        for (p = ex_data; *p != NULL; p = &((*p)->next))
+        group->extra_data_clear_free_func = 0;
-                {
-                if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func)
-                        {
-                        EC_EXTRA_DATA *next = (*p)->next;
-                        (*p)->free_func((*p)->data);
-                        OPENSSL_free(*p);
-                        
-                        *p = next;
-                        return;
-                        }
-                }
        }
-/* this has 'package' visibility */
-void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **ex_data,
-        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
-        {
-        EC_EXTRA_DATA **p;
-        if (ex_data == NULL)
-                return;
-        for (p = ex_data; *p != NULL; p = &((*p)->next))
-                {
-                if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func)
-                        {
-                        EC_EXTRA_DATA *next = (*p)->next;
-                        (*p)->clear_free_func((*p)->data);
-                        OPENSSL_free(*p);
-                        
-                        *p = next;
-                        return;
-                        }
-                }
-        }
 /* this has 'package' visibility */
-void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **ex_data)
+void EC_GROUP_clear_free_extra_data(EC_GROUP *group)
        {
-        EC_EXTRA_DATA *d;
+        if (group->extra_data_clear_free_func)
+                group->extra_data_clear_free_func(group->extra_data);
-        if (ex_data == NULL)
+        else if (group->extra_data_free_func)
-                return;
+                group->extra_data_free_func(group->extra_data);
+        group->extra_data = NULL;
-        d = *ex_data;
+        group->extra_data_dup_func = 0;
-        while (d)
+        group->extra_data_free_func = 0;
-                {
+        group->extra_data_clear_free_func = 0;
-                EC_EXTRA_DATA *next = d->next;
-                
-                d->free_func(d->data);
-                OPENSSL_free(d);
-                
-                d = next;
-                }
-        *ex_data = NULL;
        }
-/* this has 'package' visibility */
-void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **ex_data)
-        {
-        EC_EXTRA_DATA *d;
-        if (ex_data == NULL)
-                return;
-        d = *ex_data;
-        while (d)
-                {
-                EC_EXTRA_DATA *next = d->next;
-                
-                d->clear_free_func(d->data);
-                OPENSSL_free(d);
-                
-                d = next;
-                }
-        *ex_data = NULL;
-        }
 /* functions for EC_POINT objects */
@@ -765,25 +382,6 @@ int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src)
        }
-EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group)
-        {
-        EC_POINT *t;
-        int r;
-        if (a == NULL) return NULL;
-        t = EC_POINT_new(group);
-        if (t == NULL) return(NULL);
-        r = EC_POINT_copy(t, a);
-        if (!r)
-                {
-                EC_POINT_free(t);
-                return NULL;
-                }
-        else return t;
-        }
 const EC_METHOD *EC_POINT_method_of(const EC_POINT *point)
        {
        return point->meth;
@@ -843,7 +441,7 @@ int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POI
 int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
        const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
        {
-        if (group->meth->point_set_affine_coordinates == 0)
+        if (group->meth->point_set_affine_coordinates_GFp == 0)
                {
                ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                return 0;
@@ -853,31 +451,14 @@ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
                ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
                return 0;
                }
-        return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
+        return group->meth->point_set_affine_coordinates_GFp(group, point, x, y, ctx);
-        }
-int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point,
-        const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
-        {
-        if (group->meth->point_set_affine_coordinates == 0)
-                {
-                ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-                }
-        if (group->meth != point->meth)
-                {
-                ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS);
-                return 0;
-                }
-        return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
        }
 int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
        BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
        {
-        if (group->meth->point_get_affine_coordinates == 0)
+        if (group->meth->point_get_affine_coordinates_GFp == 0)
                {
                ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                return 0;
@@ -887,31 +468,14 @@ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *p
                ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
                return 0;
                }
-        return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
+        return group->meth->point_get_affine_coordinates_GFp(group, point, x, y, ctx);
-        }
-int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, const EC_POINT *point,
-        BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
-        {
-        if (group->meth->point_get_affine_coordinates == 0)
-                {
-                ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-                }
-        if (group->meth != point->meth)
-                {
-                ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS);
-                return 0;
-                }
-        return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
        }
 int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
        const BIGNUM *x, int y_bit, BN_CTX *ctx)
        {
-        if (group->meth->point_set_compressed_coordinates == 0)
+        if (group->meth->point_set_compressed_coordinates_GFp == 0)
                {
                ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                return 0;
@@ -921,24 +485,7 @@ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *poi
                ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
                return 0;
                }
-        return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx);
+        return group->meth->point_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx);
-        }
-int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point,
-        const BIGNUM *x, int y_bit, BN_CTX *ctx)
-        {
-        if (group->meth->point_set_compressed_coordinates == 0)
-                {
-                ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-                }
-        if (group->meth != point->meth)
-                {
-                ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS);
-                return 0;
-                }
-        return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx);
        }
@@ -1012,12 +559,12 @@ int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
        {
        if (group->meth->dbl == 0)
                {
-                ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+                ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
                return 0;
                }
        if (group->meth != a->meth)
                {
-                ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS);
+                ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);
                return 0;
                }
        return group->meth->invert(group, a, ctx);
@@ -1107,58 +654,3 @@ int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[],
                }
        return group->meth->points_make_affine(group, num, points, ctx);
        }
-/* Functions for point multiplication.
- *
- * If group->meth->mul is 0, we use the wNAF-based implementations in ec_mult.c;
- * otherwise we dispatch through methods.
- */
-int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
-        size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx)
-        {
-        if (group->meth->mul == 0)
-                /* use default */
-                return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
-        return group->meth->mul(group, r, scalar, num, points, scalars, ctx);
-        }
-int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
-        const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx)
-        {
-        /* just a convenient interface to EC_POINTs_mul() */
-        const EC_POINT *points[1];
-        const BIGNUM *scalars[1];
-        points[0] = point;
-        scalars[0] = p_scalar;
-        return EC_POINTs_mul(group, r, g_scalar, (point != NULL && p_scalar != NULL), points, scalars, ctx);
-        }
-int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
-        {
-        if (group->meth->mul == 0)
-                /* use default */
-                return ec_wNAF_precompute_mult(group, ctx);
-        if (group->meth->precompute_mult != 0)
-                return group->meth->precompute_mult(group, ctx);
-        else
-                return 1; /* nothing to do, so report success */
-        }
-int EC_GROUP_have_precompute_mult(const EC_GROUP *group)
-        {
-        if (group->meth->mul == 0)
-                /* use default */
-                return ec_wNAF_have_precompute_mult(group);
-        if (group->meth->have_precompute_mult != 0)
-                return group->meth->have_precompute_mult(group);
-        else
-                return 0; /* cannot tell whether precomputation has been performed */
-        }
diff --git a/src/lib/libcrypto/ec/ec_mult.c b/src/lib/libcrypto/ec/ec_mult.c
index 2ba173ef36..16822a73cf 100644
--- a/src/lib/libcrypto/ec/ec_mult.c
+++ b/src/lib/libcrypto/ec/ec_mult.c
@@ -1,9 +1,6 @@
 /* crypto/ec/ec_mult.c */
-/*
- * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project.
- */
 /* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -55,161 +52,41 @@
 * Hudson (tjh@cryptsoft.com).
 *
 */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
- * and contributed to the OpenSSL project.
- */
-#include <string.h>
 #include <openssl/err.h>
 #include "ec_lcl.h"
-/*
+/* TODO: optional precomputation of multiples of the generator */
- * This file implements the wNAF-based interleaving multi-exponentation method
- * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#multiexp>);
- * for multiplication with precomputation, we use wNAF splitting
- * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#fastexp>).
- */
-/* structure for precomputed multiples of the generator */
-typedef struct ec_pre_comp_st {
-        const EC_GROUP *group; /* parent EC_GROUP object */
-        size_t blocksize;      /* block size for wNAF splitting */
-        size_t numblocks;      /* max. number of blocks for which we have precomputation */
-        size_t w;              /* window size */
-        EC_POINT **points;     /* array with pre-calculated multiples of generator:
-                                * 'num' pointers to EC_POINT objects followed by a NULL */
-        size_t num;            /* numblocks * 2^(w-1) */
-        int references;
-} EC_PRE_COMP;
- 
-/* functions to manage EC_PRE_COMP within the EC_GROUP extra_data framework */
-static void *ec_pre_comp_dup(void *);
-static void ec_pre_comp_free(void *);
-static void ec_pre_comp_clear_free(void *);
-static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group)
-        {
-        EC_PRE_COMP *ret = NULL;
-        if (!group)
-                return NULL;
-        ret = (EC_PRE_COMP *)OPENSSL_malloc(sizeof(EC_PRE_COMP));
-        if (!ret)
-                {
-                ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
-                return ret;
-                }
-        ret->group = group;
-        ret->blocksize = 8; /* default */
-        ret->numblocks = 0;
-        ret->w = 4; /* default */
-        ret->points = NULL;
-        ret->num = 0;
-        ret->references = 1;
-        return ret;
-        }
-static void *ec_pre_comp_dup(void *src_)
-        {
-        EC_PRE_COMP *src = src_;
-        /* no need to actually copy, these objects never change! */
-        CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP);
-        return src_;
-        }
-static void ec_pre_comp_free(void *pre_)
-        {
-        int i;
-        EC_PRE_COMP *pre = pre_;
-        if (!pre)
-                return;
-        i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
-        if (i > 0)
-                return;
-        if (pre->points)
-                {
-                EC_POINT **p;
-                for (p = pre->points; *p != NULL; p++)
-                        EC_POINT_free(*p);
-                OPENSSL_free(pre->points);
-                }
-        OPENSSL_free(pre);
-        }
-static void ec_pre_comp_clear_free(void *pre_)
-        {
-        int i;
-        EC_PRE_COMP *pre = pre_;
-        if (!pre)
-                return;
-        i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
-        if (i > 0)
-                return;
-        if (pre->points)
-                {
-                EC_POINT **p;
-                for (p = pre->points; *p != NULL; p++)
-                        EC_POINT_clear_free(*p);
-                OPENSSL_cleanse(pre->points, sizeof pre->points);
-                OPENSSL_free(pre->points);
-                }
-        OPENSSL_cleanse(pre, sizeof pre);
-        OPENSSL_free(pre);
-        }
+/*
+ * wNAF-based interleaving multi-exponentation method
+ * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#multiexp>)
+ */
-/* Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
+/* Determine the width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
 * This is an array  r[]  of values that are either zero or odd with an
 * absolute value less than  2^w  satisfying
 *     scalar = \sum_j r[j]*2^j
- * where at most one of any  w+1  consecutive digits is non-zero
+ * where at most one of any  w+1  consecutive digits is non-zero.
- * with the exception that the most significant digit may be only
- * w-1 zeros away from that next non-zero digit.
 */
-static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len)
+static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len, BN_CTX *ctx)
        {
-        int window_val;
+        BIGNUM *c;
        int ok = 0;
        signed char *r = NULL;
        int sign = 1;
        int bit, next_bit, mask;
        size_t len = 0, j;
        
-        if (BN_is_zero(scalar))
+        BN_CTX_start(ctx);
-                {
+        c = BN_CTX_get(ctx);
-                r = OPENSSL_malloc(1);
+        if (c == NULL) goto err;
-                if (!r)
+        
-                        {
-                        ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                r[0] = 0;
-                *ret_len = 1;
-                return r;
-                }
-                
        if (w <= 0 || w > 7) /* 'signed char' can represent integers with absolute values less than 2^7 */
                {
                ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
@@ -219,90 +96,60 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len)
        next_bit = bit << 1; /* at most 256 */
        mask = next_bit - 1; /* at most 255 */
-        if (BN_is_negative(scalar))
+        if (!BN_copy(c, scalar)) goto err;
+        if (c->neg)
                {
                sign = -1;
+                c->neg = 0;
                }
-        len = BN_num_bits(scalar);
+        len = BN_num_bits(c) + 1; /* wNAF may be one digit longer than binary representation */
-        r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer than binary representation
+        r = OPENSSL_malloc(len);
-                                      * (*ret_len will be set to the actual length, i.e. at most
+        if (r == NULL) goto err;
-                                      * BN_num_bits(scalar) + 1) */
-        if (r == NULL)
-                {
-                ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        if (scalar->d == NULL || scalar->top == 0)
-                {
-                ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
-                goto err;
-                }
-        window_val = scalar->d[0] & mask;
        j = 0;
-        while ((window_val != 0) || (j + w + 1 < len)) /* if j+w+1 >= len, window_val will not increase */
+        while (!BN_is_zero(c))
                {
-                int digit = 0;
+                int u = 0;
-                /* 0 <= window_val <= 2^(w+1) */
+                if (BN_is_odd(c)) 
-                if (window_val & 1)
                        {
-                        /* 0 < window_val < 2^(w+1) */
+                        if (c->d == NULL || c->top == 0)
-                        if (window_val & bit)
                                {
-                                digit = window_val - next_bit; /* -2^w < digit < 0 */
+                                ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+                                goto err;
-#if 1 /* modified wNAF */
-                                if (j + w + 1 >= len)
-                                        {
-                                        /* special case for generating modified wNAFs:
-                                         * no new bits will be added into window_val,
-                                         * so using a positive digit here will decrease
-                                         * the total length of the representation */
-                                        
-                                        digit = window_val & (mask >> 1); /* 0 < digit < 2^w */
-                                        }
-#endif
                                }
-                        else
+                        u = c->d[0] & mask;
+                        if (u & bit)
                                {
-                                digit = window_val; /* 0 < digit < 2^w */
+                                u -= next_bit;
+                                /* u < 0 */
+                                if (!BN_add_word(c, -u)) goto err;
                                }
-                        
+                        else
-                        if (digit <= -bit || digit >= bit || !(digit & 1))
                                {
-                                ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+                                /* u > 0 */
-                                goto err;
+                                if (!BN_sub_word(c, u)) goto err;
                                }
-                        window_val -= digit;
+                        if (u <= -bit || u >= bit || !(u & 1) || c->neg)
-                        /* now window_val is 0 or 2^(w+1) in standard wNAF generation;
-                         * for modified window NAFs, it may also be 2^w
-                         */
-                        if (window_val != 0 && window_val != next_bit && window_val != bit)
                                {
                                ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
                                goto err;
                                }
                        }
-                r[j++] = sign * digit;
+                r[j++] = sign * u;
+                
-                window_val >>= 1;
+                if (BN_is_odd(c))
-                window_val += bit * BN_is_bit_set(scalar, j + w);
-                if (window_val > next_bit)
                        {
                        ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
                        goto err;
                        }
+                if (!BN_rshift1(c, c)) goto err;
                }
-        if (j > len + 1)
+        if (j > len)
                {
                ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
                goto err;
@@ -311,6 +158,7 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len)
        ok = 1;
 err:
+        BN_CTX_end(ctx);
        if (!ok)
                {
                OPENSSL_free(r);
@@ -333,7 +181,7 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len)
                  (b) >=  300 ? 4 : \
                  (b) >=   70 ? 3 : \
                  (b) >=   20 ? 2 : \
-                  1))
+                   1))
 /* Compute
 *      \sum scalars[i]*points[i],
@@ -341,15 +189,13 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len)
 *      scalar*generator
 * in the addition if scalar != NULL
 */
-int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
        size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx)
        {
        BN_CTX *new_ctx = NULL;
-        const EC_POINT *generator = NULL;
+        EC_POINT *generator = NULL;
        EC_POINT *tmp = NULL;
        size_t totalnum;
-        size_t blocksize = 0, numblocks = 0; /* for wNAF splitting */
-        size_t pre_points_per_block = 0;
        size_t i, j;
        int k;
        int r_is_inverted = 0;
@@ -361,15 +207,12 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
        size_t num_val;
        EC_POINT **val = NULL; /* precomputation */
        EC_POINT **v;
-        EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' or 'pre_comp->points' */
+        EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' */
-        const EC_PRE_COMP *pre_comp = NULL;
-        int num_scalar = 0; /* flag: will be set to 1 if 'scalar' must be treated like other scalars,
-                             * i.e. precomputation is not available */
        int ret = 0;
        
        if (group->meth != r->meth)
                {
-                ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);
+                ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
                return 0;
                }
@@ -378,226 +221,59 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                return EC_POINT_set_to_infinity(group, r);
                }
-        for (i = 0; i < num; i++)
-                {
-                if (group->meth != points[i]->meth)
-                        {
-                        ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);
-                        return 0;
-                        }
-                }
-        if (ctx == NULL)
-                {
-                ctx = new_ctx = BN_CTX_new();
-                if (ctx == NULL)
-                        goto err;
-                }
        if (scalar != NULL)
                {
                generator = EC_GROUP_get0_generator(group);
                if (generator == NULL)
                        {
-                        ECerr(EC_F_EC_WNAF_MUL, EC_R_UNDEFINED_GENERATOR);
+                        ECerr(EC_F_EC_POINTS_MUL, EC_R_UNDEFINED_GENERATOR);
-                        goto err;
+                        return 0;
-                        }
-                
-                /* look if we can use precomputed multiples of generator */
-                pre_comp = EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free);
-                if (pre_comp && pre_comp->numblocks && (EC_POINT_cmp(group, generator, pre_comp->points[0], ctx) == 0))
-                        {
-                        blocksize = pre_comp->blocksize;
-                        /* determine maximum number of blocks that wNAF splitting may yield
-                         * (NB: maximum wNAF length is bit length plus one) */
-                        numblocks = (BN_num_bits(scalar) / blocksize) + 1;
-                        /* we cannot use more blocks than we have precomputation for */
-                        if (numblocks > pre_comp->numblocks)
-                                numblocks = pre_comp->numblocks;
-                        pre_points_per_block = 1u << (pre_comp->w - 1);
-                        /* check that pre_comp looks sane */
-                        if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block))
-                                {
-                                ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
-                                goto err;
-                                }
                        }
-                else
+                }
+        
+        for (i = 0; i < num; i++)
+                {
+                if (group->meth != points[i]->meth)
                        {
-                        /* can't use precomputation */
+                        ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
-                        pre_comp = NULL;
+                        return 0;
-                        numblocks = 1;
-                        num_scalar = 1; /* treat 'scalar' like 'num'-th element of 'scalars' */
                        }
                }
-        
-        totalnum = num + numblocks;
-        wsize    = OPENSSL_malloc(totalnum * sizeof wsize[0]);
+        totalnum = num + (scalar != NULL);
+        wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]);
        wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]);
-        wNAF     = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space for pivot */
+        wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]);
-        val_sub  = OPENSSL_malloc(totalnum * sizeof val_sub[0]);
+        if (wNAF != NULL)
-                 
-        if (!wsize || !wNAF_len || !wNAF || !val_sub)
                {
-                ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
+                wNAF[0] = NULL; /* preliminary pivot */
-                goto err;
                }
+        if (wsize == NULL || wNAF_len == NULL || wNAF == NULL) goto err;
-        wNAF[0] = NULL; /* preliminary pivot */
+        /* num_val := total number of points to precompute */
-        /* num_val will be the total number of temporarily precomputed points */
        num_val = 0;
+        for (i = 0; i < totalnum; i++)
-        for (i = 0; i < num + num_scalar; i++)
                {
                size_t bits;
                bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar);
                wsize[i] = EC_window_bits_for_scalar_size(bits);
                num_val += 1u << (wsize[i] - 1);
-                wNAF[i + 1] = NULL; /* make sure we always have a pivot */
-                wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i]);
-                if (wNAF[i] == NULL)
-                        goto err;
-                if (wNAF_len[i] > max_len)
-                        max_len = wNAF_len[i];
-                }
-        if (numblocks)
-                {
-                /* we go here iff scalar != NULL */
-                
-                if (pre_comp == NULL)
-                        {
-                        if (num_scalar != 1)
-                                {
-                                ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
-                                goto err;
-                                }
-                        /* we have already generated a wNAF for 'scalar' */
-                        }
-                else
-                        {
-                        signed char *tmp_wNAF = NULL;
-                        size_t tmp_len = 0;
-                        
-                        if (num_scalar != 0)
-                                {
-                                ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
-                                goto err;
-                                }
-                        /* use the window size for which we have precomputation */
-                        wsize[num] = pre_comp->w;
-                        tmp_wNAF = compute_wNAF(scalar, wsize[num], &tmp_len);
-                        if (!tmp_wNAF)
-                                goto err;
-                        if (tmp_len <= max_len)
-                                {
-                                /* One of the other wNAFs is at least as long
-                                 * as the wNAF belonging to the generator,
-                                 * so wNAF splitting will not buy us anything. */
-                                numblocks = 1;
-                                totalnum = num + 1; /* don't use wNAF splitting */
-                                wNAF[num] = tmp_wNAF;
-                                wNAF[num + 1] = NULL;
-                                wNAF_len[num] = tmp_len;
-                                if (tmp_len > max_len)
-                                        max_len = tmp_len;
-                                /* pre_comp->points starts with the points that we need here: */
-                                val_sub[num] = pre_comp->points;
-                                }
-                        else
-                                {
-                                /* don't include tmp_wNAF directly into wNAF array
-                                 * - use wNAF splitting and include the blocks */
-                                signed char *pp;
-                                EC_POINT **tmp_points;
-                                
-                                if (tmp_len < numblocks * blocksize)
-                                        {
-                                        /* possibly we can do with fewer blocks than estimated */
-                                        numblocks = (tmp_len + blocksize - 1) / blocksize;
-                                        if (numblocks > pre_comp->numblocks)
-                                                {
-                                                ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
-                                                goto err;
-                                                }
-                                        totalnum = num + numblocks;
-                                        }
-                                
-                                /* split wNAF in 'numblocks' parts */
-                                pp = tmp_wNAF;
-                                tmp_points = pre_comp->points;
-                                for (i = num; i < totalnum; i++)
-                                        {
-                                        if (i < totalnum - 1)
-                                                {
-                                                wNAF_len[i] = blocksize;
-                                                if (tmp_len < blocksize)
-                                                        {
-                                                        ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
-                                                        goto err;
-                                                        }
-                                                tmp_len -= blocksize;
-                                                }
-                                        else
-                                                /* last block gets whatever is left
-                                                 * (this could be more or less than 'blocksize'!) */
-                                                wNAF_len[i] = tmp_len;
-                                        
-                                        wNAF[i + 1] = NULL;
-                                        wNAF[i] = OPENSSL_malloc(wNAF_len[i]);
-                                        if (wNAF[i] == NULL)
-                                                {
-                                                ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
-                                                OPENSSL_free(tmp_wNAF);
-                                                goto err;
-                                                }
-                                        memcpy(wNAF[i], pp, wNAF_len[i]);
-                                        if (wNAF_len[i] > max_len)
-                                                max_len = wNAF_len[i];
-                                        if (*tmp_points == NULL)
-                                                {
-                                                ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
-                                                OPENSSL_free(tmp_wNAF);
-                                                goto err;
-                                                }
-                                        val_sub[i] = tmp_points;
-                                        tmp_points += pre_points_per_block;
-                                        pp += blocksize;
-                                        }
-                                OPENSSL_free(tmp_wNAF);
-                                }
-                        }
                }
-        /* All points we precompute now go into a single array 'val'.
+        /* all precomputed points go into a single array 'val',
-         * 'val_sub[i]' is a pointer to the subarray for the i-th point,
+         * 'val_sub[i]' is a pointer to the subarray for the i-th point */
-         * or to a subarray of 'pre_comp->points' if we already have precomputation. */
        val = OPENSSL_malloc((num_val + 1) * sizeof val[0]);
-        if (val == NULL)
+        if (val == NULL) goto err;
-                {
-                ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
        val[num_val] = NULL; /* pivot element */
+        val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]);
+        if (val_sub == NULL) goto err;
        /* allocate points for precomputation */
        v = val;
-        for (i = 0; i < num + num_scalar; i++)
+        for (i = 0; i < totalnum; i++)
                {
                val_sub[i] = v;
                for (j = 0; j < (1u << (wsize[i] - 1)); j++)
@@ -609,12 +285,19 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                }
        if (!(v == val + num_val))
                {
-                ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                ECerr(EC_F_EC_POINTS_MUL, ERR_R_INTERNAL_ERROR);
                goto err;
                }
-        if (!(tmp = EC_POINT_new(group)))
+        if (ctx == NULL)
-                goto err;
+                {
+                ctx = new_ctx = BN_CTX_new();
+                if (ctx == NULL)
+                        goto err;
+                }
+        
+        tmp = EC_POINT_new(group);
+        if (tmp == NULL) goto err;
        /* prepare precomputed values:
         *    val_sub[i][0] :=     points[i]
@@ -622,7 +305,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
         *    val_sub[i][2] := 5 * points[i]
         *    ...
         */
-        for (i = 0; i < num + num_scalar; i++)
+        for (i = 0; i < totalnum; i++)
                {
                if (i < num)
                        {
@@ -641,11 +324,16 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
                                if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) goto err;
                                }
                        }
+                wNAF[i + 1] = NULL; /* make sure we always have a pivot */
+                wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i], ctx);
+                if (wNAF[i] == NULL) goto err;
+                if (wNAF_len[i] > max_len)
+                        max_len = wNAF_len[i];
                }
 #if 1 /* optional; EC_window_bits_for_scalar_size assumes we do this step */
-        if (!EC_POINTs_make_affine(group, num_val, val, ctx))
+        if (!EC_POINTs_make_affine(group, num_val, val, ctx)) goto err;
-                goto err;
 #endif
        r_is_at_infinity = 1;
@@ -741,198 +429,57 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
        }
-/* ec_wNAF_precompute_mult()
+int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx)
- * creates an EC_PRE_COMP object with preprecomputed multiples of the generator
+        {
- * for use with wNAF splitting as implemented in ec_wNAF_mul().
+        const EC_POINT *points[1];
- * 
+        const BIGNUM *scalars[1];
- * 'pre_comp->points' is an array of multiples of the generator
- * of the following form:
+        points[0] = point;
- * points[0] =     generator;
+        scalars[0] = p_scalar;
- * points[1] = 3 * generator;
- * ...
+        return EC_POINTs_mul(group, r, g_scalar, (point != NULL && p_scalar != NULL), points, scalars, ctx);
- * points[2^(w-1)-1] =     (2^(w-1)-1) * generator;
+        }
- * points[2^(w-1)]   =     2^blocksize * generator;
- * points[2^(w-1)+1] = 3 * 2^blocksize * generator;
- * ...
+int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
- * points[2^(w-1)*(numblocks-1)-1] = (2^(w-1)) *  2^(blocksize*(numblocks-2)) * generator
- * points[2^(w-1)*(numblocks-1)]   =              2^(blocksize*(numblocks-1)) * generator
- * ...
- * points[2^(w-1)*numblocks-1]     = (2^(w-1)) *  2^(blocksize*(numblocks-1)) * generator
- * points[2^(w-1)*numblocks]       = NULL
- */
-int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
        {
        const EC_POINT *generator;
-        EC_POINT *tmp_point = NULL, *base = NULL, **var;
        BN_CTX *new_ctx = NULL;
        BIGNUM *order;
-        size_t i, bits, w, pre_points_per_block, blocksize, numblocks, num;
-        EC_POINT **points = NULL;
-        EC_PRE_COMP *pre_comp;
        int ret = 0;
-        /* if there is an old EC_PRE_COMP object, throw it away */
-        EC_EX_DATA_free_data(&group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free);
-        if ((pre_comp = ec_pre_comp_new(group)) == NULL)
-                return 0;
        generator = EC_GROUP_get0_generator(group);
        if (generator == NULL)
                {
-                ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR);
+                ECerr(EC_F_EC_GROUP_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR);
-                goto err;
+                return 0;
                }
        if (ctx == NULL)
                {
                ctx = new_ctx = BN_CTX_new();
                if (ctx == NULL)
-                        goto err;
+                        return 0;
                }
        
        BN_CTX_start(ctx);
        order = BN_CTX_get(ctx);
        if (order == NULL) goto err;
        
-        if (!EC_GROUP_get_order(group, order, ctx)) goto err;           
+        if (!EC_GROUP_get_order(group, order, ctx)) return 0;
        if (BN_is_zero(order))
                {
-                ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER);
+                ECerr(EC_F_EC_GROUP_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER);
                goto err;
                }
-        bits = BN_num_bits(order);
+        /* TODO */
-        /* The following parameters mean we precompute (approximately)
-         * one point per bit.
-         *
-         * TBD: The combination  8, 4  is perfect for 160 bits; for other
-         * bit lengths, other parameter combinations might provide better
-         * efficiency.
-         */
-        blocksize = 8;
-        w = 4;
-        if (EC_window_bits_for_scalar_size(bits) > w)
-                {
-                /* let's not make the window too small ... */
-                w = EC_window_bits_for_scalar_size(bits);
-                }
-        numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks to use for wNAF splitting */
-        
-        pre_points_per_block = 1u << (w - 1);
-        num = pre_points_per_block * numblocks; /* number of points to compute and store */
-        points = OPENSSL_malloc(sizeof (EC_POINT*)*(num + 1));
-        if (!points)
-                {
-                ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        var = points;
-        var[num] = NULL; /* pivot */
-        for (i = 0; i < num; i++)
-                {
-                if ((var[i] = EC_POINT_new(group)) == NULL)
-                        {
-                        ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                }
-        if (!(tmp_point = EC_POINT_new(group)) || !(base = EC_POINT_new(group)))
-                {
-                ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
-                goto err;
-                }       
-        
-        if (!EC_POINT_copy(base, generator))
-                goto err;
-        
-        /* do the precomputation */
-        for (i = 0; i < numblocks; i++)
-                {
-                size_t j;
-                if (!EC_POINT_dbl(group, tmp_point, base, ctx))
-                        goto err;
-                if (!EC_POINT_copy(*var++, base))
-                        goto err;
-                for (j = 1; j < pre_points_per_block; j++, var++)
-                        {
-                        /* calculate odd multiples of the current base point */
-                        if (!EC_POINT_add(group, *var, tmp_point, *(var - 1), ctx))
-                                goto err;
-                        }
-                if (i < numblocks - 1)
-                        {
-                        /* get the next base (multiply current one by 2^blocksize) */
-                        size_t k;
-                        if (blocksize <= 2)
-                                {
-                                ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_INTERNAL_ERROR);
-                                goto err;
-                                }                               
-                        if (!EC_POINT_dbl(group, base, tmp_point, ctx))
-                                goto err;
-                        for (k = 2; k < blocksize; k++)
-                                {
-                                if (!EC_POINT_dbl(group,base,base,ctx))
-                                        goto err;
-                                }
-                        }
-                }
-        if (!EC_POINTs_make_affine(group, num, points, ctx))
-                goto err;
-        
-        pre_comp->group = group;
-        pre_comp->blocksize = blocksize;
-        pre_comp->numblocks = numblocks;
-        pre_comp->w = w;
-        pre_comp->points = points;
-        points = NULL;
-        pre_comp->num = num;
-        if (!EC_EX_DATA_set_data(&group->extra_data, pre_comp,
-                ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free))
-                goto err;
-        pre_comp = NULL;
        ret = 1;
+        
 err:
-        if (ctx != NULL)
+        BN_CTX_end(ctx);
-                BN_CTX_end(ctx);
        if (new_ctx != NULL)
                BN_CTX_free(new_ctx);
-        if (pre_comp)
-                ec_pre_comp_free(pre_comp);
-        if (points)
-                {
-                EC_POINT **p;
-                for (p = points; *p != NULL; p++)
-                        EC_POINT_free(*p);
-                OPENSSL_free(points);
-                }
-        if (tmp_point)
-                EC_POINT_free(tmp_point);
-        if (base)
-                EC_POINT_free(base);
        return ret;
        }
-int ec_wNAF_have_precompute_mult(const EC_GROUP *group)
-        {
-        if (EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free) != NULL)
-                return 1;
-        else
-                return 0;
-        }
diff --git a/src/lib/libcrypto/ec/ecp_mont.c b/src/lib/libcrypto/ec/ecp_mont.c
index 9fc4a466a5..7b30d4c38a 100644
--- a/src/lib/libcrypto/ec/ecp_mont.c
+++ b/src/lib/libcrypto/ec/ecp_mont.c
@@ -1,7 +1,4 @@
 /* crypto/ec/ecp_mont.c */
-/*
- * Originally written by Bodo Moeller for the OpenSSL project.
- */
 /* ====================================================================
 * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
 *
@@ -55,11 +52,6 @@
 * Hudson (tjh@cryptsoft.com).
 *
 */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
- * and contributed to the OpenSSL project.
- */
 #include <openssl/err.h>
@@ -69,15 +61,16 @@
 const EC_METHOD *EC_GFp_mont_method(void)
        {
        static const EC_METHOD ret = {
-                NID_X9_62_prime_field,
                ec_GFp_mont_group_init,
                ec_GFp_mont_group_finish,
                ec_GFp_mont_group_clear_finish,
                ec_GFp_mont_group_copy,
-                ec_GFp_mont_group_set_curve,
+                ec_GFp_mont_group_set_curve_GFp,
-                ec_GFp_simple_group_get_curve,
+                ec_GFp_simple_group_get_curve_GFp,
-                ec_GFp_simple_group_get_degree,
+                ec_GFp_simple_group_set_generator,
-                ec_GFp_simple_group_check_discriminant,
+                ec_GFp_simple_group_get0_generator,
+                ec_GFp_simple_group_get_order,
+                ec_GFp_simple_group_get_cofactor,
                ec_GFp_simple_point_init,
                ec_GFp_simple_point_finish,
                ec_GFp_simple_point_clear_finish,
@@ -85,9 +78,9 @@ const EC_METHOD *EC_GFp_mont_method(void)
                ec_GFp_simple_point_set_to_infinity,
                ec_GFp_simple_set_Jprojective_coordinates_GFp,
                ec_GFp_simple_get_Jprojective_coordinates_GFp,
-                ec_GFp_simple_point_set_affine_coordinates,
+                ec_GFp_simple_point_set_affine_coordinates_GFp,
-                ec_GFp_simple_point_get_affine_coordinates,
+                ec_GFp_simple_point_get_affine_coordinates_GFp,
-                ec_GFp_simple_set_compressed_coordinates,
+                ec_GFp_simple_set_compressed_coordinates_GFp,
                ec_GFp_simple_point2oct,
                ec_GFp_simple_oct2point,
                ec_GFp_simple_add,
@@ -98,12 +91,8 @@ const EC_METHOD *EC_GFp_mont_method(void)
                ec_GFp_simple_cmp,
                ec_GFp_simple_make_affine,
                ec_GFp_simple_points_make_affine,
-                0 /* mul */,
-                0 /* precompute_mult */,
-                0 /* have_precompute_mult */,   
                ec_GFp_mont_field_mul,
                ec_GFp_mont_field_sqr,
-                0 /* field_div */,
                ec_GFp_mont_field_encode,
                ec_GFp_mont_field_decode,
                ec_GFp_mont_field_set_to_one };
@@ -123,6 +112,66 @@ int ec_GFp_mont_group_init(EC_GROUP *group)
        }
+int ec_GFp_mont_group_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+        {
+        BN_CTX *new_ctx = NULL;
+        BN_MONT_CTX *mont = NULL;
+        BIGNUM *one = NULL;
+        int ret = 0;
+        if (group->field_data1 != NULL)
+                {
+                BN_MONT_CTX_free(group->field_data1);
+                group->field_data1 = NULL;
+                }
+        if (group->field_data2 != NULL)
+                {
+                BN_free(group->field_data2);
+                group->field_data2 = NULL;
+                }
+        
+        if (ctx == NULL)
+                {
+                ctx = new_ctx = BN_CTX_new();
+                if (ctx == NULL)
+                        return 0;
+                }
+        mont = BN_MONT_CTX_new();
+        if (mont == NULL) goto err;
+        if (!BN_MONT_CTX_set(mont, p, ctx))
+                {
+                ECerr(EC_F_GFP_MONT_GROUP_SET_CURVE_GFP, ERR_R_BN_LIB);
+                goto err;
+                }
+        one = BN_new();
+        if (one == NULL) goto err;
+        if (!BN_to_montgomery(one, BN_value_one(), mont, ctx)) goto err;
+        group->field_data1 = mont;
+        mont = NULL;
+        group->field_data2 = one;
+        one = NULL;
+        ret = ec_GFp_simple_group_set_curve_GFp(group, p, a, b, ctx);
+        if (!ret)
+                {
+                BN_MONT_CTX_free(group->field_data1);
+                group->field_data1 = NULL;
+                BN_free(group->field_data2);
+                group->field_data2 = NULL;
+                }
+ err:
+        if (new_ctx != NULL)
+                BN_CTX_free(new_ctx);
+        if (mont != NULL)
+                BN_MONT_CTX_free(mont);
+        return ret;
+        }
 void ec_GFp_mont_group_finish(EC_GROUP *group)
        {
        if (group->field_data1 != NULL)
@@ -194,66 +243,6 @@ int ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src)
        }
-int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-        {
-        BN_CTX *new_ctx = NULL;
-        BN_MONT_CTX *mont = NULL;
-        BIGNUM *one = NULL;
-        int ret = 0;
-        if (group->field_data1 != NULL)
-                {
-                BN_MONT_CTX_free(group->field_data1);
-                group->field_data1 = NULL;
-                }
-        if (group->field_data2 != NULL)
-                {
-                BN_free(group->field_data2);
-                group->field_data2 = NULL;
-                }
-        
-        if (ctx == NULL)
-                {
-                ctx = new_ctx = BN_CTX_new();
-                if (ctx == NULL)
-                        return 0;
-                }
-        mont = BN_MONT_CTX_new();
-        if (mont == NULL) goto err;
-        if (!BN_MONT_CTX_set(mont, p, ctx))
-                {
-                ECerr(EC_F_EC_GFP_MONT_GROUP_SET_CURVE, ERR_R_BN_LIB);
-                goto err;
-                }
-        one = BN_new();
-        if (one == NULL) goto err;
-        if (!BN_to_montgomery(one, BN_value_one(), mont, ctx)) goto err;
-        group->field_data1 = mont;
-        mont = NULL;
-        group->field_data2 = one;
-        one = NULL;
-        ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
-        if (!ret)
-                {
-                BN_MONT_CTX_free(group->field_data1);
-                group->field_data1 = NULL;
-                BN_free(group->field_data2);
-                group->field_data2 = NULL;
-                }
- err:
-        if (new_ctx != NULL)
-                BN_CTX_free(new_ctx);
-        if (mont != NULL)
-                BN_MONT_CTX_free(mont);
-        return ret;
-        }
 int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
        {
        if (group->field_data1 == NULL)
@@ -306,7 +295,7 @@ int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, BN_CTX *ctx)
        {
        if (group->field_data2 == NULL)
                {
-                ECerr(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE, EC_R_NOT_INITIALIZED);
+                ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED);
                return 0;
                }
diff --git a/src/lib/libcrypto/ec/ecp_nist.c b/src/lib/libcrypto/ec/ecp_nist.c
index 71893d5eab..ed07748675 100644
--- a/src/lib/libcrypto/ec/ecp_nist.c
+++ b/src/lib/libcrypto/ec/ecp_nist.c
@@ -1,9 +1,6 @@
 /* crypto/ec/ecp_nist.c */
-/*
- * Written by Nils Larsch for the OpenSSL project.
- */
 /* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -55,30 +52,23 @@
 * Hudson (tjh@cryptsoft.com).
 *
 */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
- * and contributed to the OpenSSL project.
- */
-#include <limits.h>
-#include <openssl/err.h>
-#include <openssl/obj_mac.h>
 #include "ec_lcl.h"
+#if 0
 const EC_METHOD *EC_GFp_nist_method(void)
        {
        static const EC_METHOD ret = {
-                NID_X9_62_prime_field,
+                ec_GFp_nist_group_init,
-                ec_GFp_simple_group_init,
+                ec_GFp_nist_group_finish,
-                ec_GFp_simple_group_finish,
+                ec_GFp_nist_group_clear_finish,
-                ec_GFp_simple_group_clear_finish,
                ec_GFp_nist_group_copy,
-                ec_GFp_nist_group_set_curve,
+                ec_GFp_nist_group_set_curve_GFp,
-                ec_GFp_simple_group_get_curve,
+                ec_GFp_simple_group_get_curve_GFp,
-                ec_GFp_simple_group_get_degree,
+                ec_GFp_simple_group_set_generator,
-                ec_GFp_simple_group_check_discriminant,
+                ec_GFp_simple_group_get0_generator,
+                ec_GFp_simple_group_get_order,
+                ec_GFp_simple_group_get_cofactor,
                ec_GFp_simple_point_init,
                ec_GFp_simple_point_finish,
                ec_GFp_simple_point_clear_finish,
@@ -86,9 +76,9 @@ const EC_METHOD *EC_GFp_nist_method(void)
                ec_GFp_simple_point_set_to_infinity,
                ec_GFp_simple_set_Jprojective_coordinates_GFp,
                ec_GFp_simple_get_Jprojective_coordinates_GFp,
-                ec_GFp_simple_point_set_affine_coordinates,
+                ec_GFp_simple_point_set_affine_coordinates_GFp,
-                ec_GFp_simple_point_get_affine_coordinates,
+                ec_GFp_simple_point_get_affine_coordinates_GFp,
-                ec_GFp_simple_set_compressed_coordinates,
+                ec_GFp_simple_set_compressed_coordinates_GFp,
                ec_GFp_simple_point2oct,
                ec_GFp_simple_oct2point,
                ec_GFp_simple_add,
@@ -99,138 +89,46 @@ const EC_METHOD *EC_GFp_nist_method(void)
                ec_GFp_simple_cmp,
                ec_GFp_simple_make_affine,
                ec_GFp_simple_points_make_affine,
-                0 /* mul */,
-                0 /* precompute_mult */,
-                0 /* have_precompute_mult */,   
                ec_GFp_nist_field_mul,
                ec_GFp_nist_field_sqr,
-                0 /* field_div */,
                0 /* field_encode */,
                0 /* field_decode */,
                0 /* field_set_to_one */ };
        return &ret;
        }
-#if BN_BITS2 == 64
-#define NO_32_BIT_TYPE
 #endif
-int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)
+int ec_GFp_nist_group_init(EC_GROUP *group)
        {
-        dest->field_mod_func = src->field_mod_func;
+        int ok;
-        return ec_GFp_simple_group_copy(dest, src);
+        ok = ec_GFp_simple_group_init(group);
+        group->field_data1 = NULL;
+        return ok;
        }
-int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p,
-        const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-        {
-        int ret = 0;
-        BN_CTX *new_ctx = NULL;
-        BIGNUM *tmp_bn;
-        
-        if (ctx == NULL)
-                if ((ctx = new_ctx = BN_CTX_new()) == NULL) return 0;
-        BN_CTX_start(ctx);
-        if ((tmp_bn = BN_CTX_get(ctx)) == NULL) goto err;
-        if (BN_ucmp(BN_get0_nist_prime_192(), p) == 0)
-                group->field_mod_func = BN_nist_mod_192;
-        else if (BN_ucmp(BN_get0_nist_prime_224(), p) == 0)
-                {
-#ifndef NO_32_BIT_TYPE
-                group->field_mod_func = BN_nist_mod_224;
-#else
-                ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME);
-                goto err;
-#endif
-                }
-        else if (BN_ucmp(BN_get0_nist_prime_256(), p) == 0)
-                {
-#ifndef NO_32_BIT_TYPE
-                group->field_mod_func = BN_nist_mod_256;
-#else
-                ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME);
-                goto err;
-#endif
-                }
-        else if (BN_ucmp(BN_get0_nist_prime_384(), p) == 0)
-                {
-#ifndef NO_32_BIT_TYPE
-                group->field_mod_func = BN_nist_mod_384;
-#else
-                ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME);
-                goto err;
-#endif
-                }
-        else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0)
-                /* this one works in the NO_32_BIT_TYPE case */
-                group->field_mod_func = BN_nist_mod_521;
-        else
-                {
-                ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_NIST_PRIME);
-                goto err;
-                }
-        ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
- err:
-        BN_CTX_end(ctx);
-        if (new_ctx != NULL)
-                BN_CTX_free(new_ctx);
-        return ret;
-        }
+int ec_GFp_nist_group_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+/* TODO */
-int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
-        const BIGNUM *b, BN_CTX *ctx)
-        {
-        int     ret=0;
-        BN_CTX  *ctx_new=NULL;
-        if (!group || !r || !a || !b)
-                {
-                ECerr(EC_F_EC_GFP_NIST_FIELD_MUL, ERR_R_PASSED_NULL_PARAMETER);
-                goto err;
-                }
-        if (!ctx)
-                if ((ctx_new = ctx = BN_CTX_new()) == NULL) goto err;
-        if (!BN_mul(r, a, b, ctx)) goto err;
-        if (!group->field_mod_func(r, r, &group->field, ctx))
-                goto err;
-        ret=1;
-err:
-        if (ctx_new)
-                BN_CTX_free(ctx_new);
-        return ret;
-        }
+void ec_GFp_nist_group_finish(EC_GROUP *group);
+/* TODO */
-int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
-        BN_CTX *ctx)
+void ec_GFp_nist_group_clear_finish(EC_GROUP *group);
-        {
+/* TODO */
-        int     ret=0;
-        BN_CTX  *ctx_new=NULL;
+int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src);
-        if (!group || !r || !a)
+/* TODO */
-                {
-                ECerr(EC_F_EC_GFP_NIST_FIELD_SQR, EC_R_PASSED_NULL_PARAMETER);
-                goto err;
+int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-                }
+/* TODO */
-        if (!ctx)
-                if ((ctx_new = ctx = BN_CTX_new()) == NULL) goto err;
+int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
-        if (!BN_sqr(r, a, ctx)) goto err;
+/* TODO */
-        if (!group->field_mod_func(r, r, &group->field, ctx))
-                goto err;
-        ret=1;
-err:
-        if (ctx_new)
-                BN_CTX_free(ctx_new);
-        return ret;
-        }
diff --git a/src/lib/libcrypto/ec/ecp_recp.c b/src/lib/libcrypto/ec/ecp_recp.c
new file mode 100644
index 0000000000..fec843b5c8
--- /dev/null
+++ b/src/lib/libcrypto/ec/ecp_recp.c
@@ -0,0 +1,133 @@
+/* crypto/ec/ecp_recp.c */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include "ec_lcl.h"
+#if 0
+const EC_METHOD *EC_GFp_recp_method(void)
+        {
+        static const EC_METHOD ret = {
+                ec_GFp_recp_group_init,
+                ec_GFp_recp_group_finish,
+                ec_GFp_recp_group_clear_finish,
+                ec_GFp_recp_group_copy,
+                ec_GFp_recp_group_set_curve_GFp,
+                ec_GFp_simple_group_get_curve_GFp,
+                ec_GFp_simple_group_set_generator,
+                ec_GFp_simple_group_get0_generator,
+                ec_GFp_simple_group_get_order,
+                ec_GFp_simple_group_get_cofactor,
+                ec_GFp_simple_point_init,
+                ec_GFp_simple_point_finish,
+                ec_GFp_simple_point_clear_finish,
+                ec_GFp_simple_point_copy,
+                ec_GFp_simple_point_set_to_infinity,
+                ec_GFp_simple_set_Jprojective_coordinates_GFp,
+                ec_GFp_simple_get_Jprojective_coordinates_GFp,
+                ec_GFp_simple_point_set_affine_coordinates_GFp,
+                ec_GFp_simple_point_get_affine_coordinates_GFp,
+                ec_GFp_simple_set_compressed_coordinates_GFp,
+                ec_GFp_simple_point2oct,
+                ec_GFp_simple_oct2point,
+                ec_GFp_simple_add,
+                ec_GFp_simple_dbl,
+                ec_GFp_simple_invert,
+                ec_GFp_simple_is_at_infinity,
+                ec_GFp_simple_is_on_curve,
+                ec_GFp_simple_cmp,
+                ec_GFp_simple_make_affine,
+                ec_GFp_simple_points_make_affine,
+                ec_GFp_recp_field_mul,
+                ec_GFp_recp_field_sqr,
+                0 /* field_encode */,
+                0 /* field_decode */,
+                0 /* field_set_to_one */ };
+        return &ret;
+        }
+#endif
+int ec_GFp_recp_group_init(EC_GROUP *group)
+        {
+        int ok;
+        ok = ec_GFp_simple_group_init(group);
+        group->field_data1 = NULL;
+        return ok;
+        }
+int ec_GFp_recp_group_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+/* TODO */
+void ec_GFp_recp_group_finish(EC_GROUP *group);
+/* TODO */
+void ec_GFp_recp_group_clear_finish(EC_GROUP *group);
+/* TODO */
+int ec_GFp_recp_group_copy(EC_GROUP *dest, const EC_GROUP *src);
+/* TODO */
+int ec_GFp_recp_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+/* TODO */
+int ec_GFp_recp_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
+/* TODO */
diff --git a/src/lib/libcrypto/ec/ecp_smpl.c b/src/lib/libcrypto/ec/ecp_smpl.c
index 4d26f8bdf6..e9a51fb87a 100644
--- a/src/lib/libcrypto/ec/ecp_smpl.c
+++ b/src/lib/libcrypto/ec/ecp_smpl.c
@@ -1,10 +1,8 @@
 /* crypto/ec/ecp_smpl.c */
 /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
- * for the OpenSSL project. 
+ * for the OpenSSL project. */
- * Includes code written by Bodo Moeller for the OpenSSL project.
-*/
 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -56,29 +54,25 @@
 * Hudson (tjh@cryptsoft.com).
 *
 */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions of this software developed by SUN MICROSYSTEMS, INC.,
- * and contributed to the OpenSSL project.
- */
 #include <openssl/err.h>
-#include <openssl/symhacks.h>
 #include "ec_lcl.h"
 const EC_METHOD *EC_GFp_simple_method(void)
        {
        static const EC_METHOD ret = {
-                NID_X9_62_prime_field,
                ec_GFp_simple_group_init,
                ec_GFp_simple_group_finish,
                ec_GFp_simple_group_clear_finish,
                ec_GFp_simple_group_copy,
-                ec_GFp_simple_group_set_curve,
+                ec_GFp_simple_group_set_curve_GFp,
-                ec_GFp_simple_group_get_curve,
+                ec_GFp_simple_group_get_curve_GFp,
-                ec_GFp_simple_group_get_degree,
+                ec_GFp_simple_group_set_generator,
-                ec_GFp_simple_group_check_discriminant,
+                ec_GFp_simple_group_get0_generator,
+                ec_GFp_simple_group_get_order,
+                ec_GFp_simple_group_get_cofactor,
                ec_GFp_simple_point_init,
                ec_GFp_simple_point_finish,
                ec_GFp_simple_point_clear_finish,
@@ -86,9 +80,9 @@ const EC_METHOD *EC_GFp_simple_method(void)
                ec_GFp_simple_point_set_to_infinity,
                ec_GFp_simple_set_Jprojective_coordinates_GFp,
                ec_GFp_simple_get_Jprojective_coordinates_GFp,
-                ec_GFp_simple_point_set_affine_coordinates,
+                ec_GFp_simple_point_set_affine_coordinates_GFp,
-                ec_GFp_simple_point_get_affine_coordinates,
+                ec_GFp_simple_point_get_affine_coordinates_GFp,
-                ec_GFp_simple_set_compressed_coordinates,
+                ec_GFp_simple_set_compressed_coordinates_GFp,
                ec_GFp_simple_point2oct,
                ec_GFp_simple_oct2point,
                ec_GFp_simple_add,
@@ -99,12 +93,8 @@ const EC_METHOD *EC_GFp_simple_method(void)
                ec_GFp_simple_cmp,
                ec_GFp_simple_make_affine,
                ec_GFp_simple_points_make_affine,
-                0 /* mul */,
-                0 /* precompute_mult */,
-                0 /* have_precompute_mult */,   
                ec_GFp_simple_field_mul,
                ec_GFp_simple_field_sqr,
-                0 /* field_div */,
                0 /* field_encode */,
                0 /* field_decode */,
                0 /* field_set_to_one */ };
@@ -113,26 +103,15 @@ const EC_METHOD *EC_GFp_simple_method(void)
        }
-/* Most method functions in this file are designed to work with
- * non-trivial representations of field elements if necessary
- * (see ecp_mont.c): while standard modular addition and subtraction
- * are used, the field_mul and field_sqr methods will be used for
- * multiplication, and field_encode and field_decode (if defined)
- * will be used for converting between representations.
- * Functions ec_GFp_simple_points_make_affine() and
- * ec_GFp_simple_point_get_affine_coordinates() specifically assume
- * that if a non-trivial representation is used, it is a Montgomery
- * representation (i.e. 'encoding' means multiplying by some factor R).
- */
 int ec_GFp_simple_group_init(EC_GROUP *group)
        {
        BN_init(&group->field);
        BN_init(&group->a);
        BN_init(&group->b);
        group->a_is_minus3 = 0;
+        group->generator = NULL;
+        BN_init(&group->order);
+        BN_init(&group->cofactor);
        return 1;
        }
@@ -142,6 +121,10 @@ void ec_GFp_simple_group_finish(EC_GROUP *group)
        BN_free(&group->field);
        BN_free(&group->a);
        BN_free(&group->b);
+        if (group->generator != NULL)
+                EC_POINT_free(group->generator);
+        BN_free(&group->order);
+        BN_free(&group->cofactor);
        }
@@ -150,6 +133,13 @@ void ec_GFp_simple_group_clear_finish(EC_GROUP *group)
        BN_clear_free(&group->field);
        BN_clear_free(&group->a);
        BN_clear_free(&group->b);
+        if (group->generator != NULL)
+                {
+                EC_POINT_clear_free(group->generator);
+                group->generator = NULL;
+                }
+        BN_clear_free(&group->order);
+        BN_clear_free(&group->cofactor);
        }
@@ -161,11 +151,33 @@ int ec_GFp_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
        dest->a_is_minus3 = src->a_is_minus3;
+        if (src->generator != NULL)
+                {
+                if (dest->generator == NULL)
+                        {
+                        dest->generator = EC_POINT_new(dest);
+                        if (dest->generator == NULL) return 0;
+                        }
+                if (!EC_POINT_copy(dest->generator, src->generator)) return 0;
+                }
+        else
+                {
+                /* src->generator == NULL */
+                if (dest->generator != NULL)
+                        {
+                        EC_POINT_clear_free(dest->generator);
+                        dest->generator = NULL;
+                        }
+                }
+        if (!BN_copy(&dest->order, &src->order)) return 0;
+        if (!BN_copy(&dest->cofactor, &src->cofactor)) return 0;
        return 1;
        }
-int ec_GFp_simple_group_set_curve(EC_GROUP *group,
+int ec_GFp_simple_group_set_curve_GFp(EC_GROUP *group,
        const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
        {
        int ret = 0;
@@ -175,7 +187,7 @@ int ec_GFp_simple_group_set_curve(EC_GROUP *group,
        /* p must be a prime > 3 */
        if (BN_num_bits(p) <= 2 || !BN_is_odd(p))
                {
-                ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_INVALID_FIELD);
+                ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP, EC_R_INVALID_FIELD);
                return 0;
                }
@@ -192,7 +204,7 @@ int ec_GFp_simple_group_set_curve(EC_GROUP *group,
        /* group->field */
        if (!BN_copy(&group->field, p)) goto err;
-        BN_set_negative(&group->field, 0);
+        group->field.neg = 0;
        /* group->a */
        if (!BN_nnmod(tmp_a, a, p, ctx)) goto err;
@@ -220,7 +232,7 @@ int ec_GFp_simple_group_set_curve(EC_GROUP *group,
        }
-int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
+int ec_GFp_simple_group_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
        {
        int ret = 0;
        BN_CTX *new_ctx = NULL;
@@ -271,76 +283,58 @@ int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, B
        }
-int ec_GFp_simple_group_get_degree(const EC_GROUP *group)
-        {
-        return BN_num_bits(&group->field);
-        }
-int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
+int ec_GFp_simple_group_set_generator(EC_GROUP *group, const EC_POINT *generator,
+        const BIGNUM *order, const BIGNUM *cofactor)
        {
-        int ret = 0;
+        if (generator == NULL)
-        BIGNUM *a,*b,*order,*tmp_1,*tmp_2;
-        const BIGNUM *p = &group->field;
-        BN_CTX *new_ctx = NULL;
-        if (ctx == NULL)
                {
-                ctx = new_ctx = BN_CTX_new();
+                ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER);
-                if (ctx == NULL)
+                return 0   ;
-                        {
-                        ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT, ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
                }
-        BN_CTX_start(ctx);
-        a = BN_CTX_get(ctx);
-        b = BN_CTX_get(ctx);
-        tmp_1 = BN_CTX_get(ctx);
-        tmp_2 = BN_CTX_get(ctx);
-        order = BN_CTX_get(ctx);
-        if (order == NULL) goto err;
-        if (group->meth->field_decode)
+        if (group->generator == NULL)
                {
-                if (!group->meth->field_decode(group, a, &group->a, ctx)) goto err;
+                group->generator = EC_POINT_new(group);
-                if (!group->meth->field_decode(group, b, &group->b, ctx)) goto err;
+                if (group->generator == NULL) return 0;
                }
+        if (!EC_POINT_copy(group->generator, generator)) return 0;
+        if (order != NULL)
+                { if (!BN_copy(&group->order, order)) return 0; }       
        else
-                {
+                { if (!BN_zero(&group->order)) return 0; }      
-                if (!BN_copy(a, &group->a)) goto err;
-                if (!BN_copy(b, &group->b)) goto err;
-                }
-        
-        /* check the discriminant:
-         * y^2 = x^3 + a*x + b is an elliptic curve <=> 4*a^3 + 27*b^2 != 0 (mod p) 
-         * 0 =< a, b < p */
-        if (BN_is_zero(a))
-                {
-                if (BN_is_zero(b)) goto err;
-                }
-        else if (!BN_is_zero(b))
-                {
-                if (!BN_mod_sqr(tmp_1, a, p, ctx)) goto err;
-                if (!BN_mod_mul(tmp_2, tmp_1, a, p, ctx)) goto err;
-                if (!BN_lshift(tmp_1, tmp_2, 2)) goto err;
-                /* tmp_1 = 4*a^3 */
-                if (!BN_mod_sqr(tmp_2, b, p, ctx)) goto err;
+        if (cofactor != NULL)
-                if (!BN_mul_word(tmp_2, 27)) goto err;
+                { if (!BN_copy(&group->cofactor, cofactor)) return 0; } 
-                /* tmp_2 = 27*b^2 */
+        else
+                { if (!BN_zero(&group->cofactor)) return 0; }   
-                if (!BN_mod_add(a, tmp_1, tmp_2, p, ctx)) goto err;
+        return 1;
-                if (BN_is_zero(a)) goto err;
+        }
-                }
-        ret = 1;
-err:
-        if (ctx != NULL)
+EC_POINT *ec_GFp_simple_group_get0_generator(const EC_GROUP *group)
-                BN_CTX_end(ctx);
+        {
-        if (new_ctx != NULL)
+        return group->generator;
-                BN_CTX_free(new_ctx);
+        }
-        return ret;
+int ec_GFp_simple_group_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
+        {
+        if (!BN_copy(order, &group->order))
+                return 0;
+        return !BN_is_zero(&group->order);
+        }
+int ec_GFp_simple_group_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx)
+        {
+        if (!BN_copy(cofactor, &group->cofactor))
+                return 0;
+        return !BN_is_zero(&group->cofactor);
        }
@@ -386,8 +380,7 @@ int ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src)
 int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
        {
        point->Z_is_one = 0;
-        BN_zero(&point->Z);
+        return (BN_zero(&point->Z));
-        return 1;
        }
@@ -504,13 +497,13 @@ int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const E
        }
-int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point,
+int ec_GFp_simple_point_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
        const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
        {
        if (x == NULL || y == NULL)
                {
                /* unlike for projective coordinates, we do not tolerate this */
-                ECerr(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES, ERR_R_PASSED_NULL_PARAMETER);
+                ECerr(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP, ERR_R_PASSED_NULL_PARAMETER);
                return 0;
                }
@@ -518,17 +511,17 @@ int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *group, EC_POINT *
        }
-int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point,
+int ec_GFp_simple_point_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
        BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
        {
        BN_CTX *new_ctx = NULL;
-        BIGNUM *Z, *Z_1, *Z_2, *Z_3;
+        BIGNUM *X, *Y, *Z, *Z_1, *Z_2, *Z_3;
-        const BIGNUM *Z_;
+        const BIGNUM *X_, *Y_, *Z_;
        int ret = 0;
        if (EC_POINT_is_at_infinity(group, point))
                {
-                ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, EC_R_POINT_AT_INFINITY);
+                ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_POINT_AT_INFINITY);
                return 0;
                }
@@ -540,6 +533,8 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_P
                }
        BN_CTX_start(ctx);
+        X = BN_CTX_get(ctx);
+        Y = BN_CTX_get(ctx);
        Z = BN_CTX_get(ctx);
        Z_1 = BN_CTX_get(ctx);
        Z_2 = BN_CTX_get(ctx);
@@ -550,44 +545,34 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_P
        
        if (group->meth->field_decode)
                {
+                if (!group->meth->field_decode(group, X, &point->X, ctx)) goto err;
+                if (!group->meth->field_decode(group, Y, &point->Y, ctx)) goto err;
                if (!group->meth->field_decode(group, Z, &point->Z, ctx)) goto err;
-                Z_ = Z;
+                X_ = X; Y_ = Y; Z_ = Z;
                }
        else
                {
+                X_ = &point->X;
+                Y_ = &point->Y;
                Z_ = &point->Z;
                }
        
        if (BN_is_one(Z_))
                {
-                if (group->meth->field_decode)
+                if (x != NULL)
                        {
-                        if (x != NULL)
+                        if (!BN_copy(x, X_)) goto err;
-                                {
-                                if (!group->meth->field_decode(group, x, &point->X, ctx)) goto err;
-                                }
-                        if (y != NULL)
-                                {
-                                if (!group->meth->field_decode(group, y, &point->Y, ctx)) goto err;
-                                }
                        }
-                else
+                if (y != NULL)
                        {
-                        if (x != NULL)
+                        if (!BN_copy(y, Y_)) goto err;
-                                {
-                                if (!BN_copy(x, &point->X)) goto err;
-                                }
-                        if (y != NULL)
-                                {
-                                if (!BN_copy(y, &point->Y)) goto err;
-                                }
                        }
                }
        else
                {
                if (!BN_mod_inverse(Z_1, Z_, &group->field, ctx))
                        {
-                        ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, ERR_R_BN_LIB);
+                        ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP, ERR_R_BN_LIB);
                        goto err;
                        }
                
@@ -603,8 +588,15 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_P
        
                if (x != NULL)
                        {
-                        /* in the Montgomery case, field_mul will cancel out Montgomery factor in X: */
+                        if (group->meth->field_encode == 0)
-                        if (!group->meth->field_mul(group, x, &point->X, Z_2, ctx)) goto err;
+                                {
+                                /* field_mul works on standard representation */
+                                if (!group->meth->field_mul(group, x, X_, Z_2, ctx)) goto err;
+                                }
+                        else
+                                {
+                                if (!BN_mod_mul(x, X_, Z_2, &group->field, ctx)) goto err;
+                                }
                        }
                if (y != NULL)
@@ -613,14 +605,14 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_P
                                {
                                /* field_mul works on standard representation */
                                if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) goto err;
+                                if (!group->meth->field_mul(group, y, Y_, Z_3, ctx)) goto err;
+                                
                                }
                        else
                                {
                                if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx)) goto err;
+                                if (!BN_mod_mul(y, Y_, Z_3, &group->field, ctx)) goto err;
                                }
-                        /* in the Montgomery case, field_mul will cancel out Montgomery factor in Y: */
-                        if (!group->meth->field_mul(group, y, &point->Y, Z_3, ctx)) goto err;
                        }
                }
@@ -634,16 +626,13 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_P
        }
-int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
+int ec_GFp_simple_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
        const BIGNUM *x_, int y_bit, BN_CTX *ctx)
        {
        BN_CTX *new_ctx = NULL;
        BIGNUM *tmp1, *tmp2, *x, *y;
        int ret = 0;
-        /* clear error queue*/
-        ERR_clear_error();
        if (ctx == NULL)
                {
                ctx = new_ctx = BN_CTX_new();
@@ -715,17 +704,19 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *po
        
        if (!BN_mod_sqrt(y, tmp1, &group->field, ctx))
                {
-                unsigned long err = ERR_peek_last_error();
+                unsigned long err = ERR_peek_error();
                
                if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE)
                        {
-                        ERR_clear_error();
+                        (void)ERR_get_error();
-                        ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT);
+                        ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, EC_R_INVALID_COMPRESSED_POINT);
                        }
                else
-                        ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_BN_LIB);
+                        ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, ERR_R_BN_LIB);
                goto err;
                }
+        /* If tmp1 is not a square (i.e. there is no point on the curve with
+         * our x), then y now is a nonsense value too */
        if (y_bit != BN_is_odd(y))
                {
@@ -737,17 +728,16 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *po
                        if (kron == -2) goto err;
                        if (kron == 1)
-                                ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSION_BIT);
+                                ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, EC_R_INVALID_COMPRESSION_BIT);
                        else
-                                /* BN_mod_sqrt() should have cought this error (not a square) */
+                                ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, EC_R_INVALID_COMPRESSED_POINT);
-                                ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT);
                        goto err;
                        }
                if (!BN_usub(y, &group->field, y)) goto err;
                }
        if (y_bit != BN_is_odd(y))
                {
-                ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_INTERNAL_ERROR);
+                ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, ERR_R_INTERNAL_ERROR);
                goto err;
                }
@@ -1098,7 +1088,7 @@ int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, con
                else
                        {
                        /* a is the inverse of b */
-                        BN_zero(&r->Z);
+                        if (!BN_zero(&r->Z)) goto end;
                        r->Z_is_one = 0;
                        ret = 1;
                        goto end;
@@ -1174,7 +1164,7 @@ int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_
        
        if (EC_POINT_is_at_infinity(group, a))
                {
-                BN_zero(&r->Z);
+                if (!BN_zero(&r->Z)) return 0;
                r->Z_is_one = 0;
                return 1;
                }
@@ -1302,7 +1292,7 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_C
        int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
        const BIGNUM *p;
        BN_CTX *new_ctx = NULL;
-        BIGNUM *rh, *tmp, *Z4, *Z6;
+        BIGNUM *rh, *tmp1, *tmp2, *Z4, *Z6;
        int ret = -1;
        if (EC_POINT_is_at_infinity(group, point))
@@ -1321,7 +1311,8 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_C
        BN_CTX_start(ctx);
        rh = BN_CTX_get(ctx);
-        tmp = BN_CTX_get(ctx);
+        tmp1 = BN_CTX_get(ctx);
+        tmp2 = BN_CTX_get(ctx);
        Z4 = BN_CTX_get(ctx);
        Z6 = BN_CTX_get(ctx);
        if (Z6 == NULL) goto err;
@@ -1335,49 +1326,59 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_C
         * To test this, we add up the right-hand side in 'rh'.
         */
-        /* rh := X^2 */
+        /* rh := X^3 */
        if (!field_sqr(group, rh, &point->X, ctx)) goto err;
+        if (!field_mul(group, rh, rh, &point->X, ctx)) goto err;
        if (!point->Z_is_one)
                {
-                if (!field_sqr(group, tmp, &point->Z, ctx)) goto err;
+                if (!field_sqr(group, tmp1, &point->Z, ctx)) goto err;
-                if (!field_sqr(group, Z4, tmp, ctx)) goto err;
+                if (!field_sqr(group, Z4, tmp1, ctx)) goto err;
-                if (!field_mul(group, Z6, Z4, tmp, ctx)) goto err;
+                if (!field_mul(group, Z6, Z4, tmp1, ctx)) goto err;
-                /* rh := (rh + a*Z^4)*X */
+                /* rh := rh + a*X*Z^4 */
+                if (!field_mul(group, tmp1, &point->X, Z4, ctx)) goto err;
                if (group->a_is_minus3)
                        {
-                        if (!BN_mod_lshift1_quick(tmp, Z4, p)) goto err;
+                        if (!BN_mod_lshift1_quick(tmp2, tmp1, p)) goto err;
-                        if (!BN_mod_add_quick(tmp, tmp, Z4, p)) goto err;
+                        if (!BN_mod_add_quick(tmp2, tmp2, tmp1, p)) goto err;
-                        if (!BN_mod_sub_quick(rh, rh, tmp, p)) goto err;
+                        if (!BN_mod_sub_quick(rh, rh, tmp2, p)) goto err;
-                        if (!field_mul(group, rh, rh, &point->X, ctx)) goto err;
                        }
                else
                        {
-                        if (!field_mul(group, tmp, Z4, &group->a, ctx)) goto err;
+                        if (!field_mul(group, tmp2, tmp1, &group->a, ctx)) goto err;
-                        if (!BN_mod_add_quick(rh, rh, tmp, p)) goto err;
+                        if (!BN_mod_add_quick(rh, rh, tmp2, p)) goto err;
-                        if (!field_mul(group, rh, rh, &point->X, ctx)) goto err;
                        }
                /* rh := rh + b*Z^6 */
-                if (!field_mul(group, tmp, &group->b, Z6, ctx)) goto err;
+                if (!field_mul(group, tmp1, &group->b, Z6, ctx)) goto err;
-                if (!BN_mod_add_quick(rh, rh, tmp, p)) goto err;
+                if (!BN_mod_add_quick(rh, rh, tmp1, p)) goto err;
                }
        else
                {
                /* point->Z_is_one */
-                /* rh := (rh + a)*X */
+                /* rh := rh + a*X */
-                if (!BN_mod_add_quick(rh, rh, &group->a, p)) goto err;
+                if (group->a_is_minus3)
-                if (!field_mul(group, rh, rh, &point->X, ctx)) goto err;
+                        {
+                        if (!BN_mod_lshift1_quick(tmp2, &point->X, p)) goto err;
+                        if (!BN_mod_add_quick(tmp2, tmp2, &point->X, p)) goto err;
+                        if (!BN_mod_sub_quick(rh, rh, tmp2, p)) goto err;
+                        }
+                else
+                        {
+                        if (!field_mul(group, tmp2, &point->X, &group->a, ctx)) goto err;
+                        if (!BN_mod_add_quick(rh, rh, tmp2, p)) goto err;
+                        }
                /* rh := rh + b */
                if (!BN_mod_add_quick(rh, rh, &group->b, p)) goto err;
                }
        /* 'lh' := Y^2 */
-        if (!field_sqr(group, tmp, &point->Y, ctx)) goto err;
+        if (!field_sqr(group, tmp1, &point->Y, ctx)) goto err;
-        ret = (0 == BN_ucmp(tmp, rh));
+        ret = (0 == BN_cmp(tmp1, rh));
 err:
        BN_CTX_end(ctx);
diff --git a/src/lib/libcrypto/ec/ectest.c b/src/lib/libcrypto/ec/ectest.c
new file mode 100644
index 0000000000..fcf969f3cf
--- /dev/null
+++ b/src/lib/libcrypto/ec/ectest.c
@@ -0,0 +1,643 @@
+/* crypto/ec/ectest.c */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#ifdef FLAT_INC
+#include "e_os.h"
+#else
+#include "../e_os.h"
+#endif
+#include <string.h>
+#include <time.h>
+#ifdef OPENSSL_NO_EC
+int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); return 0; }
+#else
+#include <openssl/ec.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/err.h>
+#define ABORT do { \
+        fflush(stdout); \
+        fprintf(stderr, "%s:%d: ABORT\n", __FILE__, __LINE__); \
+        ERR_print_errors_fp(stderr); \
+        EXIT(1); \
+} while (0)
+#if 0
+static void timings(EC_GROUP *group, int multi, BN_CTX *ctx)
+        {
+        clock_t clck;
+        int i, j;
+        BIGNUM *s, *s0;
+        EC_POINT *P;
+                
+        s = BN_new();
+        s0 = BN_new();
+        if (s == NULL || s0 == NULL) ABORT;
+        if (!EC_GROUP_get_curve_GFp(group, s, NULL, NULL, ctx)) ABORT;
+        fprintf(stdout, "Timings for %d bit prime, ", (int)BN_num_bits(s));
+        if (!EC_GROUP_get_order(group, s, ctx)) ABORT;
+        fprintf(stdout, "%d bit scalars ", (int)BN_num_bits(s));
+        fflush(stdout);
+        P = EC_POINT_new(group);
+        if (P == NULL) ABORT;
+        EC_POINT_copy(P, EC_GROUP_get0_generator(group));
+        clck = clock();
+        for (i = 0; i < 10; i++)
+                {
+                if (!BN_pseudo_rand(s, BN_num_bits(s), 0, 0)) ABORT;
+                if (multi)
+                        {
+                        if (!BN_pseudo_rand(s0, BN_num_bits(s), 0, 0)) ABORT;
+                        }
+                for (j = 0; j < 10; j++)
+                        {
+                        if (!EC_POINT_mul(group, P, s, multi ? P : NULL, multi ? s0 : NULL, ctx)) ABORT;
+                        }
+                fprintf(stdout, ".");
+                fflush(stdout);
+                }
+        fprintf(stdout, "\n");
+        
+        clck = clock() - clck;
+#ifdef CLOCKS_PER_SEC
+        /* "To determine the time in seconds, the value returned
+         * by the clock function should be divided by the value
+         * of the macro CLOCKS_PER_SEC."
+         *                                       -- ISO/IEC 9899 */
+#       define UNIT "s"
+#else
+        /* "`CLOCKS_PER_SEC' undeclared (first use this function)"
+         *                            -- cc on NeXTstep/OpenStep */
+#       define UNIT "units"
+#       define CLOCKS_PER_SEC 1
+#endif
+        fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j,
+                multi ? "s*P+t*Q operations" : "point multiplications",
+                (double)clck/CLOCKS_PER_SEC);
+        fprintf(stdout, "average: %.4f " UNIT "\n", (double)clck/(CLOCKS_PER_SEC*i*j));
+        EC_POINT_free(P);
+        BN_free(s);
+        BN_free(s0);
+        }
+#endif
+int main(int argc, char *argv[])
+        {       
+        BN_CTX *ctx = NULL;
+        BIGNUM *p, *a, *b;
+        EC_GROUP *group;
+        EC_GROUP *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL;
+        EC_POINT *P, *Q, *R;
+        BIGNUM *x, *y, *z;
+        unsigned char buf[100];
+        size_t i, len;
+        int k;
+        
+        /* enable memory leak checking unless explicitly disabled */
+        if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
+                {
+                CRYPTO_malloc_debug_init();
+                CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+                }
+        else
+                {
+                /* OPENSSL_DEBUG_MEMORY=off */
+                CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+                }
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+        ERR_load_crypto_strings();
+#if 1 /* optional */
+        ctx = BN_CTX_new();
+        if (!ctx) ABORT;
+#endif
+        p = BN_new();
+        a = BN_new();
+        b = BN_new();
+        if (!p || !a || !b) ABORT;
+        if (!BN_hex2bn(&p, "17")) ABORT;
+        if (!BN_hex2bn(&a, "1")) ABORT;
+        if (!BN_hex2bn(&b, "1")) ABORT;
+        
+        group = EC_GROUP_new(EC_GFp_mont_method()); /* applications should use EC_GROUP_new_curve_GFp
+                                                     * so that the library gets to choose the EC_METHOD */
+        if (!group) ABORT;
+        if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+        {
+                EC_GROUP *tmp;
+                tmp = EC_GROUP_new(EC_GROUP_method_of(group));
+                if (!tmp) ABORT;
+                if (!EC_GROUP_copy(tmp, group)) ABORT;
+                EC_GROUP_free(group);
+                group = tmp;
+        }
+        
+        if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) ABORT;
+        fprintf(stdout, "Curve defined by Weierstrass equation\n     y^2 = x^3 + a*x + b  (mod 0x");
+        BN_print_fp(stdout, p);
+        fprintf(stdout, ")\n     a = 0x");
+        BN_print_fp(stdout, a);
+        fprintf(stdout, "\n     b = 0x");
+        BN_print_fp(stdout, b);
+        fprintf(stdout, "\n");
+        P = EC_POINT_new(group);
+        Q = EC_POINT_new(group);
+        R = EC_POINT_new(group);
+        if (!P || !Q || !R) ABORT;
+        
+        if (!EC_POINT_set_to_infinity(group, P)) ABORT;
+        if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+        buf[0] = 0;
+        if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) ABORT;
+        if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;
+        if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+        x = BN_new();
+        y = BN_new();
+        z = BN_new();
+        if (!x || !y || !z) ABORT;
+        if (!BN_hex2bn(&x, "D")) ABORT;
+        if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) ABORT;
+        if (!EC_POINT_is_on_curve(group, Q, ctx))
+                {
+                if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) ABORT;
+                fprintf(stderr, "Point is not on curve: x = 0x");
+                BN_print_fp(stderr, x);
+                fprintf(stderr, ", y = 0x");
+                BN_print_fp(stderr, y);
+                fprintf(stderr, "\n");
+                ABORT;
+                }
+        fprintf(stdout, "A cyclic subgroup:\n");
+        k = 100;
+        do
+                {
+                if (k-- == 0) ABORT;
+                if (EC_POINT_is_at_infinity(group, P))
+                        fprintf(stdout, "     point at infinity\n");
+                else
+                        {
+                        if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+                        fprintf(stdout, "     x = 0x");
+                        BN_print_fp(stdout, x);
+                        fprintf(stdout, ", y = 0x");
+                        BN_print_fp(stdout, y);
+                        fprintf(stdout, "\n");
+                        }
+                
+                if (!EC_POINT_copy(R, P)) ABORT;
+                if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;
+#if 0 /* optional */
+                {
+                        EC_POINT *points[3];
+                
+                        points[0] = R;
+                        points[1] = Q;
+                        points[2] = P;
+                        if (!EC_POINTs_make_affine(group, 2, points, ctx)) ABORT;
+                }
+#endif
+                }
+        while (!EC_POINT_is_at_infinity(group, P));
+        if (!EC_POINT_add(group, P, Q, R, ctx)) ABORT;
+        if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+        len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof buf, ctx);
+        if (len == 0) ABORT;
+        if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
+        if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
+        fprintf(stdout, "Generator as octect string, compressed form:\n     ");
+        for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
+        
+        len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx);
+        if (len == 0) ABORT;
+        if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
+        if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
+        fprintf(stdout, "\nGenerator as octect string, uncompressed form:\n     ");
+        for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
+        
+        len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx);
+        if (len == 0) ABORT;
+        if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
+        if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
+        fprintf(stdout, "\nGenerator as octect string, hybrid form:\n     ");
+        for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
+        
+        if (!EC_POINT_get_Jprojective_coordinates_GFp(group, R, x, y, z, ctx)) ABORT;
+        fprintf(stdout, "\nA representation of the inverse of that generator in\nJacobian projective coordinates:\n     X = 0x");
+        BN_print_fp(stdout, x);
+        fprintf(stdout, ", Y = 0x");
+        BN_print_fp(stdout, y);
+        fprintf(stdout, ", Z = 0x");
+        BN_print_fp(stdout, z);
+        fprintf(stdout, "\n");
+        if (!EC_POINT_invert(group, P, ctx)) ABORT;
+        if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
+        /* Curve P-192 (FIPS PUB 186-2, App. 6) */
+        
+        if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")) ABORT;
+        if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT;
+        if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC")) ABORT;
+        if (!BN_hex2bn(&b, "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1")) ABORT;
+        if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+        if (!BN_hex2bn(&x, "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012")) ABORT;
+        if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
+        if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+        if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) ABORT;
+        if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+        if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+        fprintf(stdout, "\nNIST curve P-192 -- Generator:\n     x = 0x");
+        BN_print_fp(stdout, x);
+        fprintf(stdout, "\n     y = 0x");
+        BN_print_fp(stdout, y);
+        fprintf(stdout, "\n");
+        /* G_y value taken from the standard: */
+        if (!BN_hex2bn(&z, "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811")) ABORT;
+        if (0 != BN_cmp(y, z)) ABORT;
+        
+        fprintf(stdout, "verify group order ...");
+        fflush(stdout);
+        if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
+        if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
+        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+        fprintf(stdout, ".");
+        fflush(stdout);
+        if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
+        if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
+        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+        fprintf(stdout, " ok\n");
+        if (!(P_192 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+        if (!EC_GROUP_copy(P_192, group)) ABORT;
+        /* Curve P-224 (FIPS PUB 186-2, App. 6) */
+        
+        if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001")) ABORT;
+        if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT;
+        if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) ABORT;
+        if (!BN_hex2bn(&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4")) ABORT;
+        if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+        if (!BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21")) ABORT;
+        if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT;
+        if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+        if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) ABORT;
+        if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+        if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+        fprintf(stdout, "\nNIST curve P-224 -- Generator:\n     x = 0x");
+        BN_print_fp(stdout, x);
+        fprintf(stdout, "\n     y = 0x");
+        BN_print_fp(stdout, y);
+        fprintf(stdout, "\n");
+        /* G_y value taken from the standard: */
+        if (!BN_hex2bn(&z, "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34")) ABORT;
+        if (0 != BN_cmp(y, z)) ABORT;
+        
+        fprintf(stdout, "verify group order ...");
+        fflush(stdout);
+        if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
+        if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
+        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+        fprintf(stdout, ".");
+        fflush(stdout);
+        if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
+        if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
+        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+        fprintf(stdout, " ok\n");
+        if (!(P_224 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+        if (!EC_GROUP_copy(P_224, group)) ABORT;
+        /* Curve P-256 (FIPS PUB 186-2, App. 6) */
+        
+        if (!BN_hex2bn(&p, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF")) ABORT;
+        if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT;
+        if (!BN_hex2bn(&a, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC")) ABORT;
+        if (!BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B")) ABORT;
+        if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+        if (!BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296")) ABORT;
+        if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
+        if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+        if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
+                "84F3B9CAC2FC632551")) ABORT;
+        if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+        if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+        fprintf(stdout, "\nNIST curve P-256 -- Generator:\n     x = 0x");
+        BN_print_fp(stdout, x);
+        fprintf(stdout, "\n     y = 0x");
+        BN_print_fp(stdout, y);
+        fprintf(stdout, "\n");
+        /* G_y value taken from the standard: */
+        if (!BN_hex2bn(&z, "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5")) ABORT;
+        if (0 != BN_cmp(y, z)) ABORT;
+        
+        fprintf(stdout, "verify group order ...");
+        fflush(stdout);
+        if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
+        if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
+        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+        fprintf(stdout, ".");
+        fflush(stdout);
+        if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
+        if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
+        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+        fprintf(stdout, " ok\n");
+        if (!(P_256 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+        if (!EC_GROUP_copy(P_256, group)) ABORT;
+        /* Curve P-384 (FIPS PUB 186-2, App. 6) */
+        
+        if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF")) ABORT;
+        if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT;
+        if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC")) ABORT;
+        if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141"
+                "120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF")) ABORT;
+        if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+        if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B"
+                "9859F741E082542A385502F25DBF55296C3A545E3872760AB7")) ABORT;
+        if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
+        if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+        if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) ABORT;
+        if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+        if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+        fprintf(stdout, "\nNIST curve P-384 -- Generator:\n     x = 0x");
+        BN_print_fp(stdout, x);
+        fprintf(stdout, "\n     y = 0x");
+        BN_print_fp(stdout, y);
+        fprintf(stdout, "\n");
+        /* G_y value taken from the standard: */
+        if (!BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A14"
+                "7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F")) ABORT;
+        if (0 != BN_cmp(y, z)) ABORT;
+        
+        fprintf(stdout, "verify group order ...");
+        fflush(stdout);
+        if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
+        if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
+        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+        fprintf(stdout, ".");
+        fflush(stdout);
+        if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
+        if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
+        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+        fprintf(stdout, " ok\n");
+        if (!(P_384 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+        if (!EC_GROUP_copy(P_384, group)) ABORT;
+        /* Curve P-521 (FIPS PUB 186-2, App. 6) */
+        
+        if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                "FFFFFFFFFFFFFFFFFFFFFFFFFFFF")) ABORT;
+        if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT;
+        if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                "FFFFFFFFFFFFFFFFFFFFFFFFFFFC")) ABORT;
+        if (!BN_hex2bn(&b, "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B"
+                "315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573"
+                "DF883D2C34F1EF451FD46B503F00")) ABORT;
+        if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+        if (!BN_hex2bn(&x, "C6858E06B70404E9CD9E3ECB662395B4429C648139053F"
+                "B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B"
+                "3C1856A429BF97E7E31C2E5BD66")) ABORT;
+        if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT;
+        if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+        if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+                "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
+                "C9B8899C47AEBB6FB71E91386409")) ABORT;
+        if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+        if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+        fprintf(stdout, "\nNIST curve P-521 -- Generator:\n     x = 0x");
+        BN_print_fp(stdout, x);
+        fprintf(stdout, "\n     y = 0x");
+        BN_print_fp(stdout, y);
+        fprintf(stdout, "\n");
+        /* G_y value taken from the standard: */
+        if (!BN_hex2bn(&z, "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579"
+                "B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C"
+                "7086A272C24088BE94769FD16650")) ABORT;
+        if (0 != BN_cmp(y, z)) ABORT;
+        
+        fprintf(stdout, "verify group order ...");
+        fflush(stdout);
+        if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
+        if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
+        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+        fprintf(stdout, ".");
+        fflush(stdout);
+        if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
+        if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
+        if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+        fprintf(stdout, " ok\n");
+        if (!(P_521 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+        if (!EC_GROUP_copy(P_521, group)) ABORT;
+        /* more tests using the last curve */
+        if (!EC_POINT_copy(Q, P)) ABORT;
+        if (EC_POINT_is_at_infinity(group, Q)) ABORT;
+        if (!EC_POINT_dbl(group, P, P, ctx)) ABORT;
+        if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+        if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
+        if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT;
+        if (!EC_POINT_add(group, R, R, Q, ctx)) ABORT;
+        if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */
+        {
+                const EC_POINT *points[3];
+                const BIGNUM *scalars[3];
+        
+                if (EC_POINT_is_at_infinity(group, Q)) ABORT;
+                points[0] = Q;
+                points[1] = Q;
+                points[2] = Q;
+                if (!BN_add(y, z, BN_value_one())) ABORT;
+                if (BN_is_odd(y)) ABORT;
+                if (!BN_rshift1(y, y)) ABORT;
+                scalars[0] = y; /* (group order + 1)/2,  so  y*Q + y*Q = Q */
+                scalars[1] = y;
+                fprintf(stdout, "combined multiplication ...");
+                fflush(stdout);
+                /* z is still the group order */
+                if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
+                if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) ABORT;
+                if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
+                if (0 != EC_POINT_cmp(group, R, Q, ctx)) ABORT;
+                fprintf(stdout, ".");
+                fflush(stdout);
+                if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT;
+                if (!BN_add(z, z, y)) ABORT;
+                z->neg = 1;
+                scalars[0] = y;
+                scalars[1] = z; /* z = -(order + y) */
+                if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
+                if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+                fprintf(stdout, ".");
+                fflush(stdout);
+                if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT;
+                if (!BN_add(z, x, y)) ABORT;
+                z->neg = 1;
+                scalars[0] = x;
+                scalars[1] = y;
+                scalars[2] = z; /* z = -(x+y) */
+                if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx)) ABORT;
+                if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+                fprintf(stdout, " ok\n\n");
+        }
+#if 0
+        timings(P_192, 0, ctx);
+        timings(P_192, 1, ctx);
+        timings(P_224, 0, ctx);
+        timings(P_224, 1, ctx);
+        timings(P_256, 0, ctx);
+        timings(P_256, 1, ctx);
+        timings(P_384, 0, ctx);
+        timings(P_384, 1, ctx);
+        timings(P_521, 0, ctx);
+        timings(P_521, 1, ctx);
+#endif
+        if (ctx)
+                BN_CTX_free(ctx);
+        BN_free(p); BN_free(a); BN_free(b);
+        EC_GROUP_free(group);
+        EC_POINT_free(P);
+        EC_POINT_free(Q);
+        EC_POINT_free(R);
+        BN_free(x); BN_free(y); BN_free(z);
+        if (P_192) EC_GROUP_free(P_192);
+        if (P_224) EC_GROUP_free(P_224);
+        if (P_256) EC_GROUP_free(P_256);
+        if (P_384) EC_GROUP_free(P_384);
+        if (P_521) EC_GROUP_free(P_521);
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE_cleanup();
+#endif
+        CRYPTO_cleanup_all_ex_data();
+        ERR_free_strings();
+        ERR_remove_state(0);
+        CRYPTO_mem_leaks_fp(stderr);
+        
+        return 0;
+        }
+#endif
diff --git a/src/lib/libcrypto/ecdh/Makefile b/src/lib/libcrypto/ecdh/Makefile
new file mode 100644
index 0000000000..95aa69fea5
--- /dev/null
+++ b/src/lib/libcrypto/ecdh/Makefile
@@ -0,0 +1,111 @@
+#
+# crypto/ecdh/Makefile
+#
+DIR=    ecdh
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g -Wall
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=ecdhtest.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= ech_lib.c ech_ossl.c ech_key.c ech_err.c
+LIBOBJ= ech_lib.o ech_ossl.o ech_key.o ech_err.o
+SRC= $(LIBSRC)
+EXHEADER= ecdh.h
+HEADER= ech_locl.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+ech_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ech_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ech_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ech_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ech_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ech_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ech_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ech_err.o: ech_err.c
+ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ech_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ech_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ech_key.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h
+ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ech_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ech_key.o: ../../include/openssl/symhacks.h ech_key.c ech_locl.h
+ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ech_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ech_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ech_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+ech_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ech_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ech_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ech_lib.o: ../../include/openssl/symhacks.h ech_lib.c ech_locl.h
+ech_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
+ech_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ech_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ech_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ech_ossl.o: ../../include/openssl/ecdh.h ../../include/openssl/err.h
+ech_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ech_ossl.o: ../../include/openssl/opensslconf.h
+ech_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ech_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ech_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ech_ossl.o: ../cryptlib.h ech_locl.h ech_ossl.c
diff --git a/src/lib/libcrypto/ecdh/ecdhtest.c b/src/lib/libcrypto/ecdh/ecdhtest.c
new file mode 100644
index 0000000000..1575006b51
--- /dev/null
+++ b/src/lib/libcrypto/ecdh/ecdhtest.c
@@ -0,0 +1,368 @@
+/* crypto/ecdh/ecdhtest.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "../e_os.h"
+#include <openssl/opensslconf.h>        /* for OPENSSL_NO_ECDH */
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+#include <openssl/err.h>
+#ifdef OPENSSL_NO_ECDH
+int main(int argc, char *argv[])
+{
+    printf("No ECDH support\n");
+    return(0);
+}
+#else
+#include <openssl/ec.h>
+#include <openssl/ecdh.h>
+#ifdef OPENSSL_SYS_WIN16
+#define MS_CALLBACK     _far _loadds
+#else
+#define MS_CALLBACK
+#endif
+#if 0
+static void MS_CALLBACK cb(int p, int n, void *arg);
+#endif
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+static const int KDF1_SHA1_len = 20;
+static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
+        {
+#ifndef OPENSSL_NO_SHA
+        if (*outlen < SHA_DIGEST_LENGTH)
+                return NULL;
+        else
+                *outlen = SHA_DIGEST_LENGTH;
+        return SHA1(in, inlen, out);
+#else
+        return NULL;
+#endif
+        }
+static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out)
+        {
+        EC_KEY *a=NULL;
+        EC_KEY *b=NULL;
+        BIGNUM *x_a=NULL, *y_a=NULL,
+               *x_b=NULL, *y_b=NULL;
+        char buf[12];
+        unsigned char *abuf=NULL,*bbuf=NULL;
+        int i,alen,blen,aout,bout,ret=0;
+        const EC_GROUP *group;
+        a = EC_KEY_new_by_curve_name(nid);
+        b = EC_KEY_new_by_curve_name(nid);
+        if (a == NULL || b == NULL)
+                goto err;
+        group = EC_KEY_get0_group(a);
+        if ((x_a=BN_new()) == NULL) goto err;
+        if ((y_a=BN_new()) == NULL) goto err;
+        if ((x_b=BN_new()) == NULL) goto err;
+        if ((y_b=BN_new()) == NULL) goto err;
+        BIO_puts(out,"Testing key generation with ");
+        BIO_puts(out,text);
+#ifdef NOISY
+        BIO_puts(out,"\n");
+#else
+        (void)BIO_flush(out);
+#endif
+        if (!EC_KEY_generate_key(a)) goto err;
+        
+        if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) 
+                {
+                if (!EC_POINT_get_affine_coordinates_GFp(group,
+                        EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;
+                }
+        else
+                {
+                if (!EC_POINT_get_affine_coordinates_GF2m(group,
+                        EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;
+                }
+#ifdef NOISY
+        BIO_puts(out,"  pri 1=");
+        BN_print(out,a->priv_key);
+        BIO_puts(out,"\n  pub 1=");
+        BN_print(out,x_a);
+        BIO_puts(out,",");
+        BN_print(out,y_a);
+        BIO_puts(out,"\n");
+#else
+        BIO_printf(out," .");
+        (void)BIO_flush(out);
+#endif
+        if (!EC_KEY_generate_key(b)) goto err;
+        if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) 
+                {
+                if (!EC_POINT_get_affine_coordinates_GFp(group, 
+                        EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;
+                }
+        else
+                {
+                if (!EC_POINT_get_affine_coordinates_GF2m(group, 
+                        EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;
+                }
+#ifdef NOISY
+        BIO_puts(out,"  pri 2=");
+        BN_print(out,b->priv_key);
+        BIO_puts(out,"\n  pub 2=");
+        BN_print(out,x_b);
+        BIO_puts(out,",");
+        BN_print(out,y_b);
+        BIO_puts(out,"\n");
+#else
+        BIO_printf(out,".");
+        (void)BIO_flush(out);
+#endif
+        alen=KDF1_SHA1_len;
+        abuf=(unsigned char *)OPENSSL_malloc(alen);
+        aout=ECDH_compute_key(abuf,alen,EC_KEY_get0_public_key(b),a,KDF1_SHA1);
+#ifdef NOISY
+        BIO_puts(out,"  key1 =");
+        for (i=0; i<aout; i++)
+                {
+                sprintf(buf,"%02X",abuf[i]);
+                BIO_puts(out,buf);
+                }
+        BIO_puts(out,"\n");
+#else
+        BIO_printf(out,".");
+        (void)BIO_flush(out);
+#endif
+        blen=KDF1_SHA1_len;
+        bbuf=(unsigned char *)OPENSSL_malloc(blen);
+        bout=ECDH_compute_key(bbuf,blen,EC_KEY_get0_public_key(a),b,KDF1_SHA1);
+#ifdef NOISY
+        BIO_puts(out,"  key2 =");
+        for (i=0; i<bout; i++)
+                {
+                sprintf(buf,"%02X",bbuf[i]);
+                BIO_puts(out,buf);
+                }
+        BIO_puts(out,"\n");
+#else
+        BIO_printf(out,".");
+        (void)BIO_flush(out);
+#endif
+        if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))
+                {
+#ifndef NOISY
+                BIO_printf(out, " failed\n\n");
+                BIO_printf(out, "key a:\n");
+                BIO_printf(out, "private key: ");
+                BN_print(out, EC_KEY_get0_private_key(a));
+                BIO_printf(out, "\n");
+                BIO_printf(out, "public key (x,y): ");
+                BN_print(out, x_a);
+                BIO_printf(out, ",");
+                BN_print(out, y_a);
+                BIO_printf(out, "\nkey b:\n");
+                BIO_printf(out, "private key: ");
+                BN_print(out, EC_KEY_get0_private_key(b));
+                BIO_printf(out, "\n");
+                BIO_printf(out, "public key (x,y): ");
+                BN_print(out, x_b);
+                BIO_printf(out, ",");
+                BN_print(out, y_b);
+                BIO_printf(out, "\n");
+                BIO_printf(out, "generated key a: ");
+                for (i=0; i<bout; i++)
+                        {
+                        sprintf(buf, "%02X", bbuf[i]);
+                        BIO_puts(out, buf);
+                        }
+                BIO_printf(out, "\n");
+                BIO_printf(out, "generated key b: ");
+                for (i=0; i<aout; i++)
+                        {
+                        sprintf(buf, "%02X", abuf[i]);
+                        BIO_puts(out,buf);
+                        }
+                BIO_printf(out, "\n");
+#endif
+                fprintf(stderr,"Error in ECDH routines\n");
+                ret=0;
+                }
+        else
+                {
+#ifndef NOISY
+                BIO_printf(out, " ok\n");
+#endif
+                ret=1;
+                }
+err:
+        ERR_print_errors_fp(stderr);
+        if (abuf != NULL) OPENSSL_free(abuf);
+        if (bbuf != NULL) OPENSSL_free(bbuf);
+        if (x_a) BN_free(x_a);
+        if (y_a) BN_free(y_a);
+        if (x_b) BN_free(x_b);
+        if (y_b) BN_free(y_b);
+        if (b) EC_KEY_free(b);
+        if (a) EC_KEY_free(a);
+        return(ret);
+        }
+int main(int argc, char *argv[])
+        {
+        BN_CTX *ctx=NULL;
+        int ret=1;
+        BIO *out;
+        CRYPTO_malloc_debug_init();
+        CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+#ifdef OPENSSL_SYS_WIN32
+        CRYPTO_malloc_init();
+#endif
+        RAND_seed(rnd_seed, sizeof rnd_seed);
+        out=BIO_new(BIO_s_file());
+        if (out == NULL) EXIT(1);
+        BIO_set_fp(out,stdout,BIO_NOCLOSE);
+        if ((ctx=BN_CTX_new()) == NULL) goto err;
+        /* NIST PRIME CURVES TESTS */
+        if (!test_ecdh_curve(NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out)) goto err;
+        /* NIST BINARY CURVES TESTS */
+        if (!test_ecdh_curve(NID_sect163k1, "NIST Binary-Curve K-163", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_sect163r2, "NIST Binary-Curve B-163", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_sect233k1, "NIST Binary-Curve K-233", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_sect233r1, "NIST Binary-Curve B-233", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_sect283k1, "NIST Binary-Curve K-283", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_sect283r1, "NIST Binary-Curve B-283", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_sect409k1, "NIST Binary-Curve K-409", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_sect409r1, "NIST Binary-Curve B-409", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_sect571k1, "NIST Binary-Curve K-571", ctx, out)) goto err;
+        if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out)) goto err;
+        ret = 0;
+err:
+        ERR_print_errors_fp(stderr);
+        if (ctx) BN_CTX_free(ctx);
+        BIO_free(out);
+        CRYPTO_cleanup_all_ex_data();
+        ERR_remove_state(0);
+        CRYPTO_mem_leaks_fp(stderr);
+        EXIT(ret);
+        return(ret);
+        }
+#if 0
+static void MS_CALLBACK cb(int p, int n, void *arg)
+        {
+        char c='*';
+        if (p == 0) c='.';
+        if (p == 1) c='+';
+        if (p == 2) c='*';
+        if (p == 3) c='\n';
+        BIO_write((BIO *)arg,&c,1);
+        (void)BIO_flush((BIO *)arg);
+#ifdef LINT
+        p=n;
+#endif
+        }
+#endif
+#endif
diff --git a/src/lib/libcrypto/ecdh/ech_ossl.c b/src/lib/libcrypto/ecdh/ech_ossl.c
new file mode 100644
index 0000000000..2a40ff12df
--- /dev/null
+++ b/src/lib/libcrypto/ecdh/ech_ossl.c
@@ -0,0 +1,213 @@
+/* crypto/ecdh/ech_ossl.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <string.h>
+#include <limits.h>
+#include "cryptlib.h"
+#include "ech_locl.h"
+#include <openssl/err.h>
+#include <openssl/sha.h>
+#include <openssl/obj_mac.h>
+#include <openssl/bn.h>
+static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key,
+        EC_KEY *ecdh, 
+        void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
+static ECDH_METHOD openssl_ecdh_meth = {
+        "OpenSSL ECDH method",
+        ecdh_compute_key,
+#if 0
+        NULL, /* init     */
+        NULL, /* finish   */
+#endif
+        0,    /* flags    */
+        NULL  /* app_data */
+};
+const ECDH_METHOD *ECDH_OpenSSL(void)
+        {
+        return &openssl_ecdh_meth;
+        }
+/* This implementation is based on the following primitives in the IEEE 1363 standard:
+ *  - ECKAS-DH1
+ *  - ECSVDP-DH
+ * Finally an optional KDF is applied.
+ */
+static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
+        EC_KEY *ecdh,
+        void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))
+        {
+        BN_CTX *ctx;
+        EC_POINT *tmp=NULL;
+        BIGNUM *x=NULL, *y=NULL;
+        const BIGNUM *priv_key;
+        const EC_GROUP* group;
+        int ret= -1;
+        size_t buflen, len;
+        unsigned char *buf=NULL;
+        if (outlen > INT_MAX)
+                {
+                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); /* sort of, anyway */
+                return -1;
+                }
+        if ((ctx = BN_CTX_new()) == NULL) goto err;
+        BN_CTX_start(ctx);
+        x = BN_CTX_get(ctx);
+        y = BN_CTX_get(ctx);
+        
+        priv_key = EC_KEY_get0_private_key(ecdh);
+        if (priv_key == NULL)
+                {
+                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE);
+                goto err;
+                }
+        group = EC_KEY_get0_group(ecdh);
+        if ((tmp=EC_POINT_new(group)) == NULL)
+                {
+                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) 
+                {
+                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
+                goto err;
+                }
+                
+        if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) 
+                {
+                if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx)) 
+                        {
+                        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
+                        goto err;
+                        }
+                }
+        else
+                {
+                if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, ctx)) 
+                        {
+                        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
+                        goto err;
+                        }
+                }
+        buflen = (EC_GROUP_get_degree(group) + 7)/8;
+        len = BN_num_bytes(x);
+        if (len > buflen)
+                {
+                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_INTERNAL_ERROR);
+                goto err;
+                }
+        if ((buf = OPENSSL_malloc(buflen)) == NULL)
+                {
+                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        
+        memset(buf, 0, buflen - len);
+        if (len != (size_t)BN_bn2bin(x, buf + buflen - len))
+                {
+                ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
+                goto err;
+                }
+        if (KDF != 0)
+                {
+                if (KDF(buf, buflen, out, &outlen) == NULL)
+                        {
+                        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_KDF_FAILED);
+                        goto err;
+                        }
+                ret = outlen;
+                }
+        else
+                {
+                /* no KDF, just copy as much as we can */
+                if (outlen > buflen)
+                        outlen = buflen;
+                memcpy(out, buf, outlen);
+                ret = outlen;
+                }
+        
+err:
+        if (tmp) EC_POINT_free(tmp);
+        if (ctx) BN_CTX_end(ctx);
+        if (ctx) BN_CTX_free(ctx);
+        if (buf) OPENSSL_free(buf);
+        return(ret);
+        }
diff --git a/src/lib/libcrypto/ecdsa/Makefile b/src/lib/libcrypto/ecdsa/Makefile
new file mode 100644
index 0000000000..16a93cd3ae
--- /dev/null
+++ b/src/lib/libcrypto/ecdsa/Makefile
@@ -0,0 +1,125 @@
+#
+# crypto/ecdsa/Makefile
+#
+DIR=    ecdsa
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g -Wall
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=ecdsatest.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= ecs_lib.c ecs_asn1.c ecs_ossl.c ecs_sign.c ecs_vrf.c ecs_err.c
+LIBOBJ= ecs_lib.o ecs_asn1.o ecs_ossl.o ecs_sign.o ecs_vrf.o ecs_err.o
+SRC= $(LIBSRC)
+EXHEADER= ecdsa.h
+HEADER= ecs_locl.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+ecs_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+ecs_asn1.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+ecs_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecs_asn1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+ecs_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ecs_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecs_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecs_asn1.o: ../../include/openssl/symhacks.h ecs_asn1.c ecs_locl.h
+ecs_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecs_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ecs_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
+ecs_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ecs_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ecs_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ecs_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecs_err.o: ecs_err.c
+ecs_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ecs_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecs_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+ecs_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ecs_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ecs_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ecs_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecs_lib.o: ecs_lib.c ecs_locl.h
+ecs_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecs_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ecs_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecs_ossl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+ecs_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ecs_ossl.o: ../../include/openssl/opensslconf.h
+ecs_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecs_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecs_ossl.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_ossl.c
+ecs_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecs_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ecs_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
+ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h
+ecs_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecs_sign.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_sign.c
+ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h
+ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/opensslconf.h
+ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecs_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecs_vrf.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_vrf.c
diff --git a/src/lib/libcrypto/ecdsa/ecdsatest.c b/src/lib/libcrypto/ecdsa/ecdsatest.c
new file mode 100644
index 0000000000..b07e31252b
--- /dev/null
+++ b/src/lib/libcrypto/ecdsa/ecdsatest.c
@@ -0,0 +1,500 @@
+/* crypto/ecdsa/ecdsatest.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by 
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by 
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_ECDSA is defined */
+#ifdef OPENSSL_NO_ECDSA
+int main(int argc, char * argv[])
+        {
+        puts("Elliptic curves are disabled.");
+        return 0;
+        }
+#else
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/ecdsa.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/err.h>
+#include <openssl/rand.h>
+static const char rnd_seed[] = "string to make the random number generator "
+        "think it has entropy";
+/* declaration of the test functions */
+int x9_62_tests(BIO *);
+int x9_62_test_internal(BIO *out, int nid, const char *r, const char *s);
+int test_builtin(BIO *);
+/* functions to change the RAND_METHOD */
+int change_rand(void);
+int restore_rand(void);
+int fbytes(unsigned char *buf, int num);
+RAND_METHOD     fake_rand;
+const RAND_METHOD *old_rand;
+int change_rand(void)
+        {
+        /* save old rand method */
+        if ((old_rand = RAND_get_rand_method()) == NULL)
+                return 0;
+        fake_rand.seed    = old_rand->seed;
+        fake_rand.cleanup = old_rand->cleanup;
+        fake_rand.add     = old_rand->add;
+        fake_rand.status  = old_rand->status;
+        /* use own random function */
+        fake_rand.bytes      = fbytes;
+        fake_rand.pseudorand = old_rand->bytes;
+        /* set new RAND_METHOD */
+        if (!RAND_set_rand_method(&fake_rand))
+                return 0;
+        return 1;
+        }
+int restore_rand(void)
+        {
+        if (!RAND_set_rand_method(old_rand))
+                return 0;
+        else
+                return 1;
+        }
+static int fbytes_counter = 0;
+static const char *numbers[8] = {
+        "651056770906015076056810763456358567190100156695615665659",
+        "6140507067065001063065065565667405560006161556565665656654",
+        "8763001015071075675010661307616710783570106710677817767166"
+        "71676178726717",
+        "7000000175690566466555057817571571075705015757757057795755"
+        "55657156756655",
+        "1275552191113212300012030439187146164646146646466749494799",
+        "1542725565216523985789236956265265265235675811949404040041",
+        "1456427555219115346513212300075341203043918714616464614664"
+        "64667494947990",
+        "1712787255652165239672857892369562652652652356758119494040"
+        "40041670216363"};
+int fbytes(unsigned char *buf, int num)
+        {
+        int     ret;
+        BIGNUM  *tmp = NULL;
+        if (fbytes_counter >= 8)
+                return 0;
+        tmp = BN_new();
+        if (!tmp)
+                return 0;
+        if (!BN_dec2bn(&tmp, numbers[fbytes_counter]))
+                {
+                BN_free(tmp);
+                return 0;
+                }
+        fbytes_counter ++;
+        ret = BN_bn2bin(tmp, buf);      
+        if (ret == 0 || ret != num)
+                ret = 0;
+        else
+                ret = 1;
+        if (tmp)
+                BN_free(tmp);
+        return ret;
+        }
+/* some tests from the X9.62 draft */
+int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in)
+        {
+        int     ret = 0;
+        const char message[] = "abc";
+        unsigned char digest[20];
+        unsigned int  dgst_len = 0;
+        EVP_MD_CTX md_ctx;
+        EC_KEY    *key = NULL;
+        ECDSA_SIG *signature = NULL;
+        BIGNUM    *r = NULL, *s = NULL;
+        EVP_MD_CTX_init(&md_ctx);
+        /* get the message digest */
+        EVP_DigestInit(&md_ctx, EVP_ecdsa());
+        EVP_DigestUpdate(&md_ctx, (const void*)message, 3);
+        EVP_DigestFinal(&md_ctx, digest, &dgst_len);
+        BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid));
+        /* create the key */
+        if ((key = EC_KEY_new_by_curve_name(nid)) == NULL)
+                goto x962_int_err;
+        if (!EC_KEY_generate_key(key))
+                goto x962_int_err;
+        BIO_printf(out, ".");
+        (void)BIO_flush(out);
+        /* create the signature */
+        signature = ECDSA_do_sign(digest, 20, key);
+        if (signature == NULL)
+                goto x962_int_err;
+        BIO_printf(out, ".");
+        (void)BIO_flush(out);
+        /* compare the created signature with the expected signature */
+        if ((r = BN_new()) == NULL || (s = BN_new()) == NULL)
+                goto x962_int_err;
+        if (!BN_dec2bn(&r, r_in) ||
+            !BN_dec2bn(&s, s_in))
+                goto x962_int_err;
+        if (BN_cmp(signature->r ,r) || BN_cmp(signature->s, s))
+                goto x962_int_err;
+        BIO_printf(out, ".");
+        (void)BIO_flush(out);
+        /* verify the signature */
+        if (ECDSA_do_verify(digest, 20, signature, key) != 1)
+                goto x962_int_err;
+        BIO_printf(out, ".");
+        (void)BIO_flush(out);
+        BIO_printf(out, " ok\n");
+        ret = 1;
+x962_int_err:
+        if (!ret)
+                BIO_printf(out, " failed\n");
+        if (key)
+                EC_KEY_free(key);
+        if (signature)
+                ECDSA_SIG_free(signature);
+        if (r)
+                BN_free(r);
+        if (s)
+                BN_free(s);
+        EVP_MD_CTX_cleanup(&md_ctx);
+        return ret;
+        }
+int x9_62_tests(BIO *out)
+        {
+        int ret = 0;
+        BIO_printf(out, "some tests from X9.62:\n");
+        /* set own rand method */
+        if (!change_rand())
+                goto x962_err;
+        if (!x9_62_test_internal(out, NID_X9_62_prime192v1,
+                "3342403536405981729393488334694600415596881826869351677613",
+                "5735822328888155254683894997897571951568553642892029982342"))
+                goto x962_err;
+        if (!x9_62_test_internal(out, NID_X9_62_prime239v1,
+                "3086361431751678114926225473006680188549593787585317781474"
+                "62058306432176",
+                "3238135532097973577080787768312505059318910517550078427819"
+                "78505179448783"))
+                goto x962_err;
+        if (!x9_62_test_internal(out, NID_X9_62_c2tnb191v1,
+                "87194383164871543355722284926904419997237591535066528048",
+                "308992691965804947361541664549085895292153777025772063598"))
+                goto x962_err;
+        if (!x9_62_test_internal(out, NID_X9_62_c2tnb239v1,
+                "2159633321041961198501834003903461262881815148684178964245"
+                "5876922391552",
+                "1970303740007316867383349976549972270528498040721988191026"
+                "49413465737174"))
+                goto x962_err;
+        ret = 1;
+x962_err:
+        if (!restore_rand())
+                ret = 0;
+        return ret;
+        }
+int test_builtin(BIO *out)
+        {
+        EC_builtin_curve *curves = NULL;
+        size_t          crv_len = 0, n = 0;
+        EC_KEY          *eckey = NULL, *wrong_eckey = NULL;
+        EC_GROUP        *group;
+        unsigned char   digest[20], wrong_digest[20];
+        unsigned char   *signature = NULL; 
+        unsigned int    sig_len;
+        int             nid, ret =  0;
+        
+        /* fill digest values with some random data */
+        if (!RAND_pseudo_bytes(digest, 20) ||
+            !RAND_pseudo_bytes(wrong_digest, 20))
+                {
+                BIO_printf(out, "ERROR: unable to get random data\n");
+                goto builtin_err;
+                }
+        /* create and verify a ecdsa signature with every availble curve
+         * (with ) */
+        BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() "
+                "with some internal curves:\n");
+        /* get a list of all internal curves */
+        crv_len = EC_get_builtin_curves(NULL, 0);
+        curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
+        if (curves == NULL)
+                {
+                BIO_printf(out, "malloc error\n");
+                goto builtin_err;
+                }
+        
+        if (!EC_get_builtin_curves(curves, crv_len))
+                {
+                BIO_printf(out, "unable to get internal curves\n");
+                goto builtin_err;
+                }
+        /* now create and verify a signature for every curve */
+        for (n = 0; n < crv_len; n++)
+                {
+                unsigned char dirt, offset;
+                nid = curves[n].nid;
+                if (nid == NID_ipsec4)
+                        continue;
+                /* create new ecdsa key (== EC_KEY) */
+                if ((eckey = EC_KEY_new()) == NULL)
+                        goto builtin_err;
+                group = EC_GROUP_new_by_curve_name(nid);
+                if (group == NULL)
+                        goto builtin_err;
+                if (EC_KEY_set_group(eckey, group) == 0)
+                        goto builtin_err;
+                EC_GROUP_free(group);
+                if (EC_GROUP_get_degree(EC_KEY_get0_group(eckey)) < 160)
+                        /* drop the curve */ 
+                        {
+                        EC_KEY_free(eckey);
+                        eckey = NULL;
+                        continue;
+                        }
+                BIO_printf(out, "%s: ", OBJ_nid2sn(nid));
+                /* create key */
+                if (!EC_KEY_generate_key(eckey))
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+                /* create second key */
+                if ((wrong_eckey = EC_KEY_new()) == NULL)
+                        goto builtin_err;
+                group = EC_GROUP_new_by_curve_name(nid);
+                if (group == NULL)
+                        goto builtin_err;
+                if (EC_KEY_set_group(wrong_eckey, group) == 0)
+                        goto builtin_err;
+                EC_GROUP_free(group);
+                if (!EC_KEY_generate_key(wrong_eckey))
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+                BIO_printf(out, ".");
+                (void)BIO_flush(out);
+                /* check key */
+                if (!EC_KEY_check_key(eckey))
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+                BIO_printf(out, ".");
+                (void)BIO_flush(out);
+                /* create signature */
+                sig_len = ECDSA_size(eckey);
+                if ((signature = OPENSSL_malloc(sig_len)) == NULL)
+                        goto builtin_err;
+                if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey))
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+                BIO_printf(out, ".");
+                (void)BIO_flush(out);
+                /* verify signature */
+                if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1)
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+                BIO_printf(out, ".");
+                (void)BIO_flush(out);
+                /* verify signature with the wrong key */
+                if (ECDSA_verify(0, digest, 20, signature, sig_len, 
+                        wrong_eckey) == 1)
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+                BIO_printf(out, ".");
+                (void)BIO_flush(out);
+                /* wrong digest */
+                if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len,
+                        eckey) == 1)
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+                BIO_printf(out, ".");
+                (void)BIO_flush(out);
+                /* modify a single byte of the signature */
+                offset = signature[10] % sig_len;
+                dirt   = signature[11];
+                signature[offset] ^= dirt ? dirt : 1; 
+                if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1)
+                        {
+                        BIO_printf(out, " failed\n");
+                        goto builtin_err;
+                        }
+                BIO_printf(out, ".");
+                (void)BIO_flush(out);
+                
+                BIO_printf(out, " ok\n");
+                /* cleanup */
+                OPENSSL_free(signature);
+                signature = NULL;
+                EC_KEY_free(eckey);
+                eckey = NULL;
+                EC_KEY_free(wrong_eckey);
+                wrong_eckey = NULL;
+                }
+        ret = 1;        
+builtin_err:
+        if (eckey)
+                EC_KEY_free(eckey);
+        if (wrong_eckey)
+                EC_KEY_free(wrong_eckey);
+        if (signature)
+                OPENSSL_free(signature);
+        if (curves)
+                OPENSSL_free(curves);
+        return ret;
+        }
+int main(void)
+        {
+        int     ret = 1;
+        BIO     *out;
+        out = BIO_new_fp(stdout, BIO_NOCLOSE);
+        
+        /* enable memory leak checking unless explicitly disabled */
+        if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && 
+                (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
+                {
+                CRYPTO_malloc_debug_init();
+                CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+                }
+        else
+                {
+                /* OPENSSL_DEBUG_MEMORY=off */
+                CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+                }
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+        ERR_load_crypto_strings();
+        /* initialize the prng */
+        RAND_seed(rnd_seed, sizeof(rnd_seed));
+        /* the tests */
+        if (!x9_62_tests(out))  goto err;
+        if (!test_builtin(out)) goto err;
+        
+        ret = 0;
+err:    
+        if (ret)        
+                BIO_printf(out, "\nECDSA test failed\n");
+        else 
+                BIO_printf(out, "\nECDSA test passed\n");
+        if (ret)
+                ERR_print_errors(out);
+        CRYPTO_cleanup_all_ex_data();
+        ERR_remove_state(0);
+        ERR_free_strings();
+        CRYPTO_mem_leaks(out);
+        if (out != NULL)
+                BIO_free(out);
+        return ret;
+        }       
+#endif
diff --git a/src/lib/libcrypto/engine/Makefile b/src/lib/libcrypto/engine/Makefile
new file mode 100644
index 0000000000..13f211a0ae
--- /dev/null
+++ b/src/lib/libcrypto/engine/Makefile
@@ -0,0 +1,288 @@
+#
+# OpenSSL/crypto/engine/Makefile
+#
+DIR=    engine
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST= enginetest.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \
+        eng_table.c eng_pkey.c eng_fat.c eng_all.c \
+        tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \
+        tb_cipher.c tb_digest.c \
+        eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c eng_padlock.c
+LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
+        eng_table.o eng_pkey.o eng_fat.o eng_all.o \
+        tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \
+        tb_cipher.o tb_digest.o \
+        eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o eng_padlock.o
+SRC= $(LIBSRC)
+EXHEADER= engine.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+eng_all.o: ../../e_os.h ../../include/openssl/bio.h
+eng_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_all.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+eng_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_all.o: ../cryptlib.h eng_all.c eng_int.h
+eng_cnf.o: ../../e_os.h ../../include/openssl/bio.h
+eng_cnf.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+eng_cnf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+eng_cnf.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_cnf.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_cnf.c eng_int.h
+eng_cryptodev.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+eng_cryptodev.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/obj_mac.h
+eng_cryptodev.o: ../../include/openssl/objects.h
+eng_cryptodev.o: ../../include/openssl/opensslconf.h
+eng_cryptodev.o: ../../include/openssl/opensslv.h
+eng_cryptodev.o: ../../include/openssl/ossl_typ.h
+eng_cryptodev.o: ../../include/openssl/safestack.h
+eng_cryptodev.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_cryptodev.o: eng_cryptodev.c
+eng_ctrl.o: ../../e_os.h ../../include/openssl/bio.h
+eng_ctrl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_ctrl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_ctrl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_ctrl.o: ../../include/openssl/opensslconf.h
+eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_ctrl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_ctrl.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_ctrl.c eng_int.h
+eng_dyn.o: ../../e_os.h ../../include/openssl/bio.h
+eng_dyn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_dyn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+eng_dyn.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_dyn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_dyn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_dyn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_dyn.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_dyn.c eng_int.h
+eng_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+eng_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_err.o: eng_err.c
+eng_fat.o: ../../e_os.h ../../include/openssl/bio.h
+eng_fat.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+eng_fat.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+eng_fat.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_fat.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_fat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_fat.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_fat.c eng_int.h
+eng_init.o: ../../e_os.h ../../include/openssl/bio.h
+eng_init.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_init.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_init.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_init.o: ../../include/openssl/opensslconf.h
+eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_init.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_init.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_init.c eng_int.h
+eng_lib.o: ../../e_os.h ../../include/openssl/bio.h
+eng_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+eng_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h eng_lib.c
+eng_list.o: ../../e_os.h ../../include/openssl/bio.h
+eng_list.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_list.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_list.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_list.o: ../../include/openssl/opensslconf.h
+eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_list.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_list.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h eng_list.c
+eng_openssl.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_openssl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+eng_openssl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+eng_openssl.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+eng_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+eng_openssl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+eng_openssl.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_openssl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+eng_openssl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_openssl.o: ../../include/openssl/opensslconf.h
+eng_openssl.o: ../../include/openssl/opensslv.h
+eng_openssl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+eng_openssl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+eng_openssl.o: ../../include/openssl/rand.h ../../include/openssl/rc4.h
+eng_openssl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_openssl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+eng_openssl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+eng_openssl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_openssl.c
+eng_padlock.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+eng_padlock.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+eng_padlock.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+eng_padlock.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_padlock.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+eng_padlock.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_padlock.o: ../../include/openssl/opensslconf.h
+eng_padlock.o: ../../include/openssl/opensslv.h
+eng_padlock.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+eng_padlock.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_padlock.o: ../../include/openssl/symhacks.h eng_padlock.c
+eng_pkey.o: ../../e_os.h ../../include/openssl/bio.h
+eng_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_pkey.o: ../../include/openssl/opensslconf.h
+eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_pkey.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h eng_pkey.c
+eng_table.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_table.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+eng_table.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_table.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+eng_table.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_table.o: ../../include/openssl/opensslconf.h
+eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_table.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_table.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h
+eng_table.o: eng_table.c
+tb_cipher.o: ../../e_os.h ../../include/openssl/bio.h
+tb_cipher.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+tb_cipher.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+tb_cipher.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+tb_cipher.o: ../../include/openssl/opensslconf.h
+tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_cipher.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tb_cipher.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h
+tb_cipher.o: tb_cipher.c
+tb_dh.o: ../../e_os.h ../../include/openssl/bio.h
+tb_dh.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+tb_dh.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+tb_dh.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+tb_dh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+tb_dh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+tb_dh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_dh.o: ../cryptlib.h eng_int.h tb_dh.c
+tb_digest.o: ../../e_os.h ../../include/openssl/bio.h
+tb_digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+tb_digest.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+tb_digest.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+tb_digest.o: ../../include/openssl/opensslconf.h
+tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_digest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tb_digest.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h
+tb_digest.o: tb_digest.c
+tb_dsa.o: ../../e_os.h ../../include/openssl/bio.h
+tb_dsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+tb_dsa.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+tb_dsa.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+tb_dsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+tb_dsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_dsa.o: ../cryptlib.h eng_int.h tb_dsa.c
+tb_ecdh.o: ../../e_os.h ../../include/openssl/bio.h
+tb_ecdh.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+tb_ecdh.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+tb_ecdh.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+tb_ecdh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+tb_ecdh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+tb_ecdh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_ecdh.o: ../cryptlib.h eng_int.h tb_ecdh.c
+tb_ecdsa.o: ../../e_os.h ../../include/openssl/bio.h
+tb_ecdsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+tb_ecdsa.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+tb_ecdsa.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+tb_ecdsa.o: ../../include/openssl/opensslconf.h
+tb_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_ecdsa.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tb_ecdsa.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h tb_ecdsa.c
+tb_rand.o: ../../e_os.h ../../include/openssl/bio.h
+tb_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+tb_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+tb_rand.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+tb_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+tb_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+tb_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_rand.o: ../cryptlib.h eng_int.h tb_rand.c
+tb_rsa.o: ../../e_os.h ../../include/openssl/bio.h
+tb_rsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+tb_rsa.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+tb_rsa.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+tb_rsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+tb_rsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+tb_rsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_rsa.o: ../cryptlib.h eng_int.h tb_rsa.c
+tb_store.o: ../../e_os.h ../../include/openssl/bio.h
+tb_store.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+tb_store.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+tb_store.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+tb_store.o: ../../include/openssl/opensslconf.h
+tb_store.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_store.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tb_store.o: ../../include/openssl/symhacks.h ../cryptlib.h eng_int.h tb_store.c
diff --git a/src/lib/libcrypto/engine/Makefile.ssl b/src/lib/libcrypto/engine/Makefile.ssl
new file mode 100644
index 0000000000..30a4446ff9
--- /dev/null
+++ b/src/lib/libcrypto/engine/Makefile.ssl
@@ -0,0 +1,538 @@
+#
+# OpenSSL/crypto/engine/Makefile
+#
+DIR=    engine
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST= enginetest.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \
+        eng_table.c eng_pkey.c eng_fat.c eng_all.c \
+        tb_rsa.c tb_dsa.c tb_dh.c tb_rand.c tb_cipher.c tb_digest.c \
+        eng_openssl.c eng_dyn.c eng_cnf.c \
+        hw_atalla.c hw_cswift.c hw_ncipher.c hw_nuron.c hw_ubsec.c \
+        hw_cryptodev.c hw_aep.c hw_sureware.c hw_4758_cca.c
+LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
+        eng_table.o eng_pkey.o eng_fat.o eng_all.o \
+        tb_rsa.o tb_dsa.o tb_dh.o tb_rand.o tb_cipher.o tb_digest.o \
+        eng_openssl.o eng_dyn.o eng_cnf.o \
+        hw_atalla.o hw_cswift.o hw_ncipher.o hw_nuron.o hw_ubsec.o \
+        hw_cryptodev.o hw_aep.o hw_sureware.o hw_4758_cca.o
+SRC= $(LIBSRC)
+EXHEADER= engine.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+errors:
+        $(PERL) $(TOP)/util/mkerr.pl -conf hw.ec \
+                -nostatic -staticloader -write hw_*.c
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+eng_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_all.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+eng_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_all.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+eng_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_all.o: ../../include/openssl/ui.h eng_all.c eng_int.h
+eng_cnf.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_cnf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_cnf.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+eng_cnf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+eng_cnf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+eng_cnf.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_cnf.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_cnf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_cnf.o: ../cryptlib.h eng_cnf.c
+eng_ctrl.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_ctrl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_ctrl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_ctrl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_ctrl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_ctrl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_ctrl.o: ../../include/openssl/opensslconf.h
+eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_ctrl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_ctrl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_ctrl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_ctrl.o: ../cryptlib.h eng_ctrl.c eng_int.h
+eng_dyn.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_dyn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_dyn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_dyn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_dyn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+eng_dyn.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_dyn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_dyn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_dyn.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_dyn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_dyn.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_dyn.o: ../cryptlib.h eng_dyn.c eng_int.h
+eng_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+eng_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+eng_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_err.o: ../../include/openssl/ui.h eng_err.c
+eng_fat.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_fat.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_fat.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+eng_fat.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+eng_fat.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+eng_fat.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_fat.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_fat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_fat.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_fat.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_fat.o: ../cryptlib.h eng_fat.c eng_int.h
+eng_init.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_init.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_init.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_init.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_init.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_init.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_init.o: ../../include/openssl/opensslconf.h
+eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_init.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_init.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_init.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_init.o: ../cryptlib.h eng_init.c eng_int.h
+eng_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+eng_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_lib.o: ../../include/openssl/ui.h ../cryptlib.h eng_int.h eng_lib.c
+eng_list.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_list.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_list.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_list.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_list.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_list.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_list.o: ../../include/openssl/opensslconf.h
+eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_list.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_list.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_list.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_list.o: ../cryptlib.h eng_int.h eng_list.c
+eng_openssl.o: ../../e_os.h ../../include/openssl/aes.h
+eng_openssl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_openssl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+eng_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+eng_openssl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+eng_openssl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+eng_openssl.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+eng_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_openssl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+eng_openssl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+eng_openssl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+eng_openssl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+eng_openssl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_openssl.o: ../../include/openssl/opensslconf.h
+eng_openssl.o: ../../include/openssl/opensslv.h
+eng_openssl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+eng_openssl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+eng_openssl.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+eng_openssl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+eng_openssl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+eng_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_openssl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_openssl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+eng_openssl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+eng_openssl.o: ../cryptlib.h eng_openssl.c
+eng_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+eng_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_pkey.o: ../../include/openssl/opensslconf.h
+eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_pkey.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_pkey.o: ../cryptlib.h eng_int.h eng_pkey.c
+eng_table.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+eng_table.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+eng_table.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+eng_table.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+eng_table.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+eng_table.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_table.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+eng_table.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+eng_table.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+eng_table.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+eng_table.o: ../../include/openssl/objects.h
+eng_table.o: ../../include/openssl/opensslconf.h
+eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_table.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+eng_table.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+eng_table.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+eng_table.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_table.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_table.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+eng_table.o: eng_int.h eng_table.c
+hw_4758_cca.o: ../../e_os.h ../../include/openssl/aes.h
+hw_4758_cca.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_4758_cca.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_4758_cca.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_4758_cca.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_4758_cca.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+hw_4758_cca.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+hw_4758_cca.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_4758_cca.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_4758_cca.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_4758_cca.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_4758_cca.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_4758_cca.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_4758_cca.o: ../../include/openssl/opensslconf.h
+hw_4758_cca.o: ../../include/openssl/opensslv.h
+hw_4758_cca.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+hw_4758_cca.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+hw_4758_cca.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+hw_4758_cca.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+hw_4758_cca.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+hw_4758_cca.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hw_4758_cca.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+hw_4758_cca.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+hw_4758_cca.o: ../cryptlib.h hw_4758_cca.c hw_4758_cca_err.c hw_4758_cca_err.h
+hw_4758_cca.o: vendor_defns/hw_4758_cca.h
+hw_aep.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_aep.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+hw_aep.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+hw_aep.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+hw_aep.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_aep.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+hw_aep.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+hw_aep.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+hw_aep.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_aep.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hw_aep.o: ../../include/openssl/ui.h hw_aep.c hw_aep_err.c hw_aep_err.h
+hw_aep.o: vendor_defns/aep.h
+hw_atalla.o: ../../e_os.h ../../include/openssl/asn1.h
+hw_atalla.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+hw_atalla.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+hw_atalla.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_atalla.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+hw_atalla.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_atalla.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+hw_atalla.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_atalla.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+hw_atalla.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hw_atalla.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_atalla.o: ../cryptlib.h hw_atalla.c hw_atalla_err.c hw_atalla_err.h
+hw_atalla.o: vendor_defns/atalla.h
+hw_cryptodev.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+hw_cryptodev.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+hw_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+hw_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_cryptodev.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+hw_cryptodev.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+hw_cryptodev.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_cryptodev.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+hw_cryptodev.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+hw_cryptodev.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+hw_cryptodev.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+hw_cryptodev.o: ../../include/openssl/objects.h
+hw_cryptodev.o: ../../include/openssl/opensslconf.h
+hw_cryptodev.o: ../../include/openssl/opensslv.h
+hw_cryptodev.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+hw_cryptodev.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+hw_cryptodev.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+hw_cryptodev.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_cryptodev.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+hw_cryptodev.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_cryptodev.o: ../../include/openssl/ui_compat.h hw_cryptodev.c
+hw_cswift.o: ../../e_os.h ../../include/openssl/asn1.h
+hw_cswift.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+hw_cswift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+hw_cswift.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_cswift.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+hw_cswift.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_cswift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+hw_cswift.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_cswift.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+hw_cswift.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hw_cswift.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_cswift.o: ../cryptlib.h hw_cswift.c hw_cswift_err.c hw_cswift_err.h
+hw_cswift.o: vendor_defns/cswift.h
+hw_ncipher.o: ../../e_os.h ../../include/openssl/aes.h
+hw_ncipher.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_ncipher.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_ncipher.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_ncipher.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_ncipher.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+hw_ncipher.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+hw_ncipher.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_ncipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_ncipher.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_ncipher.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_ncipher.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_ncipher.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_ncipher.o: ../../include/openssl/opensslconf.h
+hw_ncipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_ncipher.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+hw_ncipher.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+hw_ncipher.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+hw_ncipher.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+hw_ncipher.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+hw_ncipher.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+hw_ncipher.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_ncipher.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+hw_ncipher.o: ../../include/openssl/x509_vfy.h ../cryptlib.h hw_ncipher.c
+hw_ncipher.o: hw_ncipher_err.c hw_ncipher_err.h vendor_defns/hwcryptohook.h
+hw_nuron.o: ../../e_os.h ../../include/openssl/asn1.h
+hw_nuron.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+hw_nuron.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+hw_nuron.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_nuron.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+hw_nuron.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_nuron.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+hw_nuron.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_nuron.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+hw_nuron.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hw_nuron.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_nuron.o: ../cryptlib.h hw_nuron.c hw_nuron_err.c hw_nuron_err.h
+hw_sureware.o: ../../e_os.h ../../include/openssl/aes.h
+hw_sureware.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hw_sureware.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+hw_sureware.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+hw_sureware.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+hw_sureware.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+hw_sureware.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+hw_sureware.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+hw_sureware.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+hw_sureware.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hw_sureware.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hw_sureware.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hw_sureware.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hw_sureware.o: ../../include/openssl/opensslconf.h
+hw_sureware.o: ../../include/openssl/opensslv.h
+hw_sureware.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+hw_sureware.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+hw_sureware.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+hw_sureware.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+hw_sureware.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+hw_sureware.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+hw_sureware.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hw_sureware.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+hw_sureware.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+hw_sureware.o: ../cryptlib.h eng_int.h engine.h hw_sureware.c hw_sureware_err.c
+hw_sureware.o: hw_sureware_err.h vendor_defns/sureware.h
+hw_ubsec.o: ../../e_os.h ../../include/openssl/asn1.h
+hw_ubsec.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+hw_ubsec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+hw_ubsec.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hw_ubsec.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+hw_ubsec.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+hw_ubsec.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+hw_ubsec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hw_ubsec.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+hw_ubsec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hw_ubsec.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+hw_ubsec.o: ../cryptlib.h hw_ubsec.c hw_ubsec_err.c hw_ubsec_err.h
+hw_ubsec.o: vendor_defns/hw_ubsec.h
+tb_cipher.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_cipher.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_cipher.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_cipher.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_cipher.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_cipher.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_cipher.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_cipher.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_cipher.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_cipher.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_cipher.o: ../../include/openssl/objects.h
+tb_cipher.o: ../../include/openssl/opensslconf.h
+tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_cipher.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_cipher.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_cipher.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_cipher.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_cipher.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_cipher.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_cipher.o: eng_int.h tb_cipher.c
+tb_dh.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_dh.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_dh.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_dh.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_dh.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_dh.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_dh.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_dh.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_dh.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_dh.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_dh.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_dh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_dh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_dh.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_dh.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_dh.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_dh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_dh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_dh.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h eng_int.h
+tb_dh.o: tb_dh.c
+tb_digest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_digest.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_digest.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_digest.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_digest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_digest.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_digest.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_digest.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_digest.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_digest.o: ../../include/openssl/objects.h
+tb_digest.o: ../../include/openssl/opensslconf.h
+tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_digest.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_digest.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_digest.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_digest.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_digest.o: eng_int.h tb_digest.c
+tb_dsa.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_dsa.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_dsa.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_dsa.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_dsa.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_dsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_dsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_dsa.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_dsa.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_dsa.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_dsa.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_dsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_dsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_dsa.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_dsa.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_dsa.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_dsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_dsa.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_dsa.o: eng_int.h tb_dsa.c
+tb_rand.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_rand.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_rand.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_rand.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_rand.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_rand.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_rand.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_rand.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_rand.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_rand.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_rand.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_rand.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_rand.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_rand.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_rand.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_rand.o: eng_int.h tb_rand.c
+tb_rsa.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_rsa.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_rsa.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_rsa.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_rsa.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_rsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_rsa.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+tb_rsa.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+tb_rsa.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+tb_rsa.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+tb_rsa.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+tb_rsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tb_rsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_rsa.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_rsa.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_rsa.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_rsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_rsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_rsa.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_rsa.o: eng_int.h tb_rsa.c
diff --git a/src/lib/libcrypto/engine/eng_all.c b/src/lib/libcrypto/engine/eng_all.c
index 8599046717..0f6992a40d 100644
--- a/src/lib/libcrypto/engine/eng_all.c
+++ b/src/lib/libcrypto/engine/eng_all.c
@@ -56,7 +56,8 @@
 *
 */
-#include "cryptlib.h"
+#include <openssl/err.h>
+#include <openssl/engine.h>
 #include "eng_int.h"
 void ENGINE_load_builtin_engines(void)
@@ -68,42 +69,32 @@ void ENGINE_load_builtin_engines(void)
 #if 0
        ENGINE_load_openssl();
 #endif
-#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
-        ENGINE_load_padlock();
-#endif
        ENGINE_load_dynamic();
-#ifndef OPENSSL_NO_STATIC_ENGINE
 #ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_4758_CCA
-        ENGINE_load_4758cca();
-#endif
-#ifndef OPENSSL_NO_HW_AEP
-        ENGINE_load_aep();
-#endif
-#ifndef OPENSSL_NO_HW_ATALLA
-        ENGINE_load_atalla();
-#endif
 #ifndef OPENSSL_NO_HW_CSWIFT
        ENGINE_load_cswift();
 #endif
 #ifndef OPENSSL_NO_HW_NCIPHER
        ENGINE_load_chil();
 #endif
+#ifndef OPENSSL_NO_HW_ATALLA
+        ENGINE_load_atalla();
+#endif
 #ifndef OPENSSL_NO_HW_NURON
        ENGINE_load_nuron();
 #endif
-#ifndef OPENSSL_NO_HW_SUREWARE
-        ENGINE_load_sureware();
-#endif
 #ifndef OPENSSL_NO_HW_UBSEC
        ENGINE_load_ubsec();
 #endif
+#ifndef OPENSSL_NO_HW_AEP
+        ENGINE_load_aep();
 #endif
-#if !defined(OPENSSL_NO_GMP) && !defined(OPENSSL_NO_HW_GMP)
+#ifndef OPENSSL_NO_HW_SUREWARE
-        ENGINE_load_gmp();
+        ENGINE_load_sureware();
 #endif
+#ifndef OPENSSL_NO_HW_4758_CCA
+        ENGINE_load_4758cca();
 #endif
-#ifndef OPENSSL_NO_HW
 #if defined(__OpenBSD__) || defined(__FreeBSD__)
        ENGINE_load_cryptodev();
 #endif
diff --git a/src/lib/libcrypto/engine/eng_cnf.c b/src/lib/libcrypto/engine/eng_cnf.c
index a97e01e619..4225760af1 100644
--- a/src/lib/libcrypto/engine/eng_cnf.c
+++ b/src/lib/libcrypto/engine/eng_cnf.c
@@ -56,8 +56,11 @@
 *
 */
-#include "eng_int.h"
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
 #include <openssl/conf.h>
+#include <openssl/engine.h>
 /* #define ENGINE_CONF_DEBUG */
@@ -207,7 +210,7 @@ static int int_engine_module_init(CONF_IMODULE *md, const CONF *cnf)
        if (!elist)
                {
-                ENGINEerr(ENGINE_F_INT_ENGINE_MODULE_INIT, ENGINE_R_ENGINES_SECTION_ERROR);
+                ENGINEerr(ENGINE_F_ENGINE_MODULE_INIT, ENGINE_R_ENGINES_SECTION_ERROR);
                return 0;
                }
diff --git a/src/lib/libcrypto/engine/eng_cryptodev.c b/src/lib/libcrypto/engine/eng_cryptodev.c
new file mode 100644
index 0000000000..ab38cd52f0
--- /dev/null
+++ b/src/lib/libcrypto/engine/eng_cryptodev.c
@@ -0,0 +1,1133 @@
+/*
+ * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
+ * Copyright (c) 2002 Theo de Raadt
+ * Copyright (c) 2002 Markus Friedl
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+#include <openssl/objects.h>
+#include <openssl/engine.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#if (defined(__unix__) || defined(unix)) && !defined(USG) && \
+        (defined(OpenBSD) || defined(__FreeBSD_version))
+#include <sys/param.h>
+# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
+#  define HAVE_CRYPTODEV
+# endif
+# if (OpenBSD >= 200110)
+#  define HAVE_SYSLOG_R
+# endif
+#endif
+#ifndef HAVE_CRYPTODEV
+void
+ENGINE_load_cryptodev(void)
+{
+        /* This is a NOP on platforms without /dev/crypto */
+        return;
+}
+#else 
+ 
+#include <sys/types.h>
+#include <crypto/cryptodev.h>
+#include <sys/ioctl.h>
+#include <errno.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <stdarg.h>
+#include <syslog.h>
+#include <errno.h>
+#include <string.h>
+struct dev_crypto_state {
+        struct session_op d_sess;
+        int d_fd;
+};
+static u_int32_t cryptodev_asymfeat = 0;
+static int get_asym_dev_crypto(void);
+static int open_dev_crypto(void);
+static int get_dev_crypto(void);
+static int cryptodev_max_iv(int cipher);
+static int cryptodev_key_length_valid(int cipher, int len);
+static int cipher_nid_to_cryptodev(int nid);
+static int get_cryptodev_ciphers(const int **cnids);
+static int get_cryptodev_digests(const int **cnids);
+static int cryptodev_usable_ciphers(const int **nids);
+static int cryptodev_usable_digests(const int **nids);
+static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+    const unsigned char *in, unsigned int inl);
+static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+    const unsigned char *iv, int enc);
+static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
+static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+    const int **nids, int nid);
+static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+    const int **nids, int nid);
+static int bn2crparam(const BIGNUM *a, struct crparam *crp);
+static int crparam2bn(struct crparam *crp, BIGNUM *a);
+static void zapparams(struct crypt_kop *kop);
+static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
+    int slen, BIGNUM *s);
+static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
+    RSA *rsa);
+static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
+static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
+    BN_CTX *ctx, BN_MONT_CTX *mont);
+static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst,
+    int dlen, DSA *dsa);
+static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
+    DSA_SIG *sig, DSA *dsa);
+static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+    BN_MONT_CTX *m_ctx);
+static int cryptodev_dh_compute_key(unsigned char *key,
+    const BIGNUM *pub_key, DH *dh);
+static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
+    void (*f)());
+void ENGINE_load_cryptodev(void);
+static const ENGINE_CMD_DEFN cryptodev_defns[] = {
+        { 0, NULL, NULL, 0 }
+};
+static struct {
+        int     id;
+        int     nid;
+        int     ivmax;
+        int     keylen;
+} ciphers[] = {
+        { CRYPTO_DES_CBC,               NID_des_cbc,            8,       8, },
+        { CRYPTO_3DES_CBC,              NID_des_ede3_cbc,       8,      24, },
+        { CRYPTO_AES_CBC,               NID_aes_128_cbc,        16,     16, },
+        { CRYPTO_BLF_CBC,               NID_bf_cbc,             8,      16, },
+        { CRYPTO_CAST_CBC,              NID_cast5_cbc,          8,      16, },
+        { CRYPTO_SKIPJACK_CBC,          NID_undef,              0,       0, },
+        { 0,                            NID_undef,              0,       0, },
+};
+static struct {
+        int     id;
+        int     nid;
+} digests[] = {
+        { CRYPTO_SHA1_HMAC,             NID_hmacWithSHA1,       },
+        { CRYPTO_RIPEMD160_HMAC,        NID_ripemd160,          },
+        { CRYPTO_MD5_KPDK,              NID_undef,              },
+        { CRYPTO_SHA1_KPDK,             NID_undef,              },
+        { CRYPTO_MD5,                   NID_md5,                },
+        { CRYPTO_SHA1,                  NID_undef,              },
+        { 0,                            NID_undef,              },
+};
+/*
+ * Return a fd if /dev/crypto seems usable, 0 otherwise.
+ */
+static int
+open_dev_crypto(void)
+{
+        static int fd = -1;
+        if (fd == -1) {
+                if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
+                        return (-1);
+                /* close on exec */
+                if (fcntl(fd, F_SETFD, 1) == -1) {
+                        close(fd);
+                        fd = -1;
+                        return (-1);
+                }
+        }
+        return (fd);
+}
+static int
+get_dev_crypto(void)
+{
+        int fd, retfd;
+        if ((fd = open_dev_crypto()) == -1)
+                return (-1);
+        if (ioctl(fd, CRIOGET, &retfd) == -1)
+                return (-1);
+        /* close on exec */
+        if (fcntl(retfd, F_SETFD, 1) == -1) {
+                close(retfd);
+                return (-1);
+        }
+        return (retfd);
+}
+/* Caching version for asym operations */
+static int
+get_asym_dev_crypto(void)
+{
+        static int fd = -1;
+        if (fd == -1)
+                fd = get_dev_crypto();
+        return fd;
+}
+/*
+ * XXXX this needs to be set for each alg - and determined from
+ * a running card.
+ */
+static int
+cryptodev_max_iv(int cipher)
+{
+        int i;
+        for (i = 0; ciphers[i].id; i++)
+                if (ciphers[i].id == cipher)
+                        return (ciphers[i].ivmax);
+        return (0);
+}
+/*
+ * XXXX this needs to be set for each alg - and determined from
+ * a running card. For now, fake it out - but most of these
+ * for real devices should return 1 for the supported key
+ * sizes the device can handle.
+ */
+static int
+cryptodev_key_length_valid(int cipher, int len)
+{
+        int i;
+        for (i = 0; ciphers[i].id; i++)
+                if (ciphers[i].id == cipher)
+                        return (ciphers[i].keylen == len);
+        return (0);
+}
+/* convert libcrypto nids to cryptodev */
+static int
+cipher_nid_to_cryptodev(int nid)
+{
+        int i;
+        for (i = 0; ciphers[i].id; i++)
+                if (ciphers[i].nid == nid)
+                        return (ciphers[i].id);
+        return (0);
+}
+/*
+ * Find out what ciphers /dev/crypto will let us have a session for.
+ * XXX note, that some of these openssl doesn't deal with yet!
+ * returning them here is harmless, as long as we return NULL
+ * when asked for a handler in the cryptodev_engine_ciphers routine
+ */
+static int
+get_cryptodev_ciphers(const int **cnids)
+{
+        static int nids[CRYPTO_ALGORITHM_MAX];
+        struct session_op sess;
+        int fd, i, count = 0;
+        if ((fd = get_dev_crypto()) < 0) {
+                *cnids = NULL;
+                return (0);
+        }
+        memset(&sess, 0, sizeof(sess));
+        sess.key = (caddr_t)"123456781234567812345678";
+        for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+                if (ciphers[i].nid == NID_undef)
+                        continue;
+                sess.cipher = ciphers[i].id;
+                sess.keylen = ciphers[i].keylen;
+                sess.mac = 0;
+                if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+                    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+                        nids[count++] = ciphers[i].nid;
+        }
+        close(fd);
+        if (count > 0)
+                *cnids = nids;
+        else
+                *cnids = NULL;
+        return (count);
+}
+/*
+ * Find out what digests /dev/crypto will let us have a session for.
+ * XXX note, that some of these openssl doesn't deal with yet!
+ * returning them here is harmless, as long as we return NULL
+ * when asked for a handler in the cryptodev_engine_digests routine
+ */
+static int
+get_cryptodev_digests(const int **cnids)
+{
+        static int nids[CRYPTO_ALGORITHM_MAX];
+        struct session_op sess;
+        int fd, i, count = 0;
+        if ((fd = get_dev_crypto()) < 0) {
+                *cnids = NULL;
+                return (0);
+        }
+        memset(&sess, 0, sizeof(sess));
+        for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+                if (digests[i].nid == NID_undef)
+                        continue;
+                sess.mac = digests[i].id;
+                sess.cipher = 0;
+                if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+                    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+                        nids[count++] = digests[i].nid;
+        }
+        close(fd);
+        if (count > 0)
+                *cnids = nids;
+        else
+                *cnids = NULL;
+        return (count);
+}
+/*
+ * Find the useable ciphers|digests from dev/crypto - this is the first
+ * thing called by the engine init crud which determines what it
+ * can use for ciphers from this engine. We want to return
+ * only what we can do, anythine else is handled by software.
+ *
+ * If we can't initialize the device to do anything useful for
+ * any reason, we want to return a NULL array, and 0 length,
+ * which forces everything to be done is software. By putting
+ * the initalization of the device in here, we ensure we can
+ * use this engine as the default, and if for whatever reason
+ * /dev/crypto won't do what we want it will just be done in
+ * software
+ *
+ * This can (should) be greatly expanded to perhaps take into
+ * account speed of the device, and what we want to do.
+ * (although the disabling of particular alg's could be controlled
+ * by the device driver with sysctl's.) - this is where we
+ * want most of the decisions made about what we actually want
+ * to use from /dev/crypto.
+ */
+static int
+cryptodev_usable_ciphers(const int **nids)
+{
+        return (get_cryptodev_ciphers(nids));
+}
+static int
+cryptodev_usable_digests(const int **nids)
+{
+        /*
+         * XXXX just disable all digests for now, because it sucks.
+         * we need a better way to decide this - i.e. I may not
+         * want digests on slow cards like hifn on fast machines,
+         * but might want them on slow or loaded machines, etc.
+         * will also want them when using crypto cards that don't
+         * suck moose gonads - would be nice to be able to decide something
+         * as reasonable default without having hackery that's card dependent.
+         * of course, the default should probably be just do everything,
+         * with perhaps a sysctl to turn algoritms off (or have them off
+         * by default) on cards that generally suck like the hifn.
+         */
+        *nids = NULL;
+        return (0);
+}
+static int
+cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+    const unsigned char *in, unsigned int inl)
+{
+        struct crypt_op cryp;
+        struct dev_crypto_state *state = ctx->cipher_data;
+        struct session_op *sess = &state->d_sess;
+        void *iiv;
+        unsigned char save_iv[EVP_MAX_IV_LENGTH];
+        if (state->d_fd < 0)
+                return (0);
+        if (!inl)
+                return (1);
+        if ((inl % ctx->cipher->block_size) != 0)
+                return (0);
+        memset(&cryp, 0, sizeof(cryp));
+        cryp.ses = sess->ses;
+        cryp.flags = 0;
+        cryp.len = inl;
+        cryp.src = (caddr_t) in;
+        cryp.dst = (caddr_t) out;
+        cryp.mac = 0;
+        cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+        if (ctx->cipher->iv_len) {
+                cryp.iv = (caddr_t) ctx->iv;
+                if (!ctx->encrypt) {
+                        iiv = (void *) in + inl - ctx->cipher->iv_len;
+                        memcpy(save_iv, iiv, ctx->cipher->iv_len);
+                }
+        } else
+                cryp.iv = NULL;
+        if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
+                /* XXX need better errror handling
+                 * this can fail for a number of different reasons.
+                 */
+                return (0);
+        }
+        if (ctx->cipher->iv_len) {
+                if (ctx->encrypt)
+                        iiv = (void *) out + inl - ctx->cipher->iv_len;
+                else
+                        iiv = save_iv;
+                memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
+        }
+        return (1);
+}
+static int
+cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+    const unsigned char *iv, int enc)
+{
+        struct dev_crypto_state *state = ctx->cipher_data;
+        struct session_op *sess = &state->d_sess;
+        int cipher;
+        if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef)
+                return (0);
+        if (ctx->cipher->iv_len > cryptodev_max_iv(cipher))
+                return (0);
+        if (!cryptodev_key_length_valid(cipher, ctx->key_len))
+                return (0);
+        memset(sess, 0, sizeof(struct session_op));
+        if ((state->d_fd = get_dev_crypto()) < 0)
+                return (0);
+        sess->key = (unsigned char *)key;
+        sess->keylen = ctx->key_len;
+        sess->cipher = cipher;
+        if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
+                close(state->d_fd);
+                state->d_fd = -1;
+                return (0);
+        }
+        return (1);
+}
+/*
+ * free anything we allocated earlier when initting a
+ * session, and close the session.
+ */
+static int
+cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
+{
+        int ret = 0;
+        struct dev_crypto_state *state = ctx->cipher_data;
+        struct session_op *sess = &state->d_sess;
+        if (state->d_fd < 0)
+                return (0);
+        /* XXX if this ioctl fails, someting's wrong. the invoker
+         * may have called us with a bogus ctx, or we could
+         * have a device that for whatever reason just doesn't
+         * want to play ball - it's not clear what's right
+         * here - should this be an error? should it just
+         * increase a counter, hmm. For right now, we return
+         * 0 - I don't believe that to be "right". we could
+         * call the gorpy openssl lib error handlers that
+         * print messages to users of the library. hmm..
+         */
+        if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
+                ret = 0;
+        } else {
+                ret = 1;
+        }
+        close(state->d_fd);
+        state->d_fd = -1;
+        return (ret);
+}
+/*
+ * libcrypto EVP stuff - this is how we get wired to EVP so the engine
+ * gets called when libcrypto requests a cipher NID.
+ */
+/* DES CBC EVP */
+const EVP_CIPHER cryptodev_des_cbc = {
+        NID_des_cbc,
+        8, 8, 8,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+/* 3DES CBC EVP */
+const EVP_CIPHER cryptodev_3des_cbc = {
+        NID_des_ede3_cbc,
+        8, 24, 8,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+const EVP_CIPHER cryptodev_bf_cbc = {
+        NID_bf_cbc,
+        8, 16, 8,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+const EVP_CIPHER cryptodev_cast_cbc = {
+        NID_cast5_cbc,
+        8, 16, 8,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+const EVP_CIPHER cryptodev_aes_cbc = {
+        NID_aes_128_cbc,
+        16, 16, 16,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+/*
+ * Registered by the ENGINE when used to find out how to deal with
+ * a particular NID in the ENGINE. this says what we'll do at the
+ * top level - note, that list is restricted by what we answer with
+ */
+static int
+cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+    const int **nids, int nid)
+{
+        if (!cipher)
+                return (cryptodev_usable_ciphers(nids));
+        switch (nid) {
+        case NID_des_ede3_cbc:
+                *cipher = &cryptodev_3des_cbc;
+                break;
+        case NID_des_cbc:
+                *cipher = &cryptodev_des_cbc;
+                break;
+        case NID_bf_cbc:
+                *cipher = &cryptodev_bf_cbc;
+                break;
+        case NID_cast5_cbc:
+                *cipher = &cryptodev_cast_cbc;
+                break;
+        case NID_aes_128_cbc:
+                *cipher = &cryptodev_aes_cbc;
+                break;
+        default:
+                *cipher = NULL;
+                break;
+        }
+        return (*cipher != NULL);
+}
+static int
+cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+    const int **nids, int nid)
+{
+        if (!digest)
+                return (cryptodev_usable_digests(nids));
+        switch (nid) {
+        case NID_md5:
+                *digest = NULL; /* need to make a clean md5 critter */
+                break;
+        default:
+                *digest = NULL;
+                break;
+        }
+        return (*digest != NULL);
+}
+/*
+ * Convert a BIGNUM to the representation that /dev/crypto needs.
+ * Upon completion of use, the caller is responsible for freeing
+ * crp->crp_p.
+ */
+static int
+bn2crparam(const BIGNUM *a, struct crparam *crp)
+{
+        int i, j, k;
+        ssize_t words, bytes, bits;
+        u_char *b;
+        crp->crp_p = NULL;
+        crp->crp_nbits = 0;
+        bits = BN_num_bits(a);
+        bytes = (bits + 7) / 8;
+        b = malloc(bytes);
+        if (b == NULL)
+                return (1);
+        crp->crp_p = b;
+        crp->crp_nbits = bits;
+        for (i = 0, j = 0; i < a->top; i++) {
+                for (k = 0; k < BN_BITS2 / 8; k++) {
+                        if ((j + k) >= bytes)
+                                return (0);
+                        b[j + k] = a->d[i] >> (k * 8);
+                }
+                j += BN_BITS2 / 8;
+        }
+        return (0);
+}
+/* Convert a /dev/crypto parameter to a BIGNUM */
+static int
+crparam2bn(struct crparam *crp, BIGNUM *a)
+{
+        u_int8_t *pd;
+        int i, bytes;
+        bytes = (crp->crp_nbits + 7) / 8;
+        if (bytes == 0)
+                return (-1);
+        if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
+                return (-1);
+        for (i = 0; i < bytes; i++)
+                pd[i] = crp->crp_p[bytes - i - 1];
+        BN_bin2bn(pd, bytes, a);
+        free(pd);
+        return (0);
+}
+static void
+zapparams(struct crypt_kop *kop)
+{
+        int i;
+        for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) {
+                if (kop->crk_param[i].crp_p)
+                        free(kop->crk_param[i].crp_p);
+                kop->crk_param[i].crp_p = NULL;
+                kop->crk_param[i].crp_nbits = 0;
+        }
+}
+static int
+cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
+{
+        int fd, ret = -1;
+        if ((fd = get_asym_dev_crypto()) < 0)
+                return (ret);
+        if (r) {
+                kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
+                kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
+                kop->crk_oparams++;
+        }
+        if (s) {
+                kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
+                kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
+                kop->crk_oparams++;
+        }
+        if (ioctl(fd, CIOCKEY, kop) == 0) {
+                if (r)
+                        crparam2bn(&kop->crk_param[kop->crk_iparams], r);
+                if (s)
+                        crparam2bn(&kop->crk_param[kop->crk_iparams+1], s);
+                ret = 0;
+        }
+        return (ret);
+}
+static int
+cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+        struct crypt_kop kop;
+        int ret = 1;
+        /* Currently, we know we can do mod exp iff we can do any
+         * asymmetric operations at all.
+         */
+        if (cryptodev_asymfeat == 0) {
+                ret = BN_mod_exp(r, a, p, m, ctx);
+                return (ret);
+        }
+        memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_MOD_EXP;
+        /* inputs: a^p % m */
+        if (bn2crparam(a, &kop.crk_param[0]))
+                goto err;
+        if (bn2crparam(p, &kop.crk_param[1]))
+                goto err;
+        if (bn2crparam(m, &kop.crk_param[2]))
+                goto err;
+        kop.crk_iparams = 3;
+        if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL) == -1) {
+                const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+                ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
+        }
+err:
+        zapparams(&kop);
+        return (ret);
+}
+static int
+cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+{
+        int r;
+        BN_CTX *ctx;
+        ctx = BN_CTX_new();
+        r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
+        BN_CTX_free(ctx);
+        return (r);
+}
+static int
+cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+{
+        struct crypt_kop kop;
+        int ret = 1;
+        if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+                /* XXX 0 means failure?? */
+                return (0);
+        }
+        memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_MOD_EXP_CRT;
+        /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
+        if (bn2crparam(rsa->p, &kop.crk_param[0]))
+                goto err;
+        if (bn2crparam(rsa->q, &kop.crk_param[1]))
+                goto err;
+        if (bn2crparam(I, &kop.crk_param[2]))
+                goto err;
+        if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
+                goto err;
+        if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
+                goto err;
+        if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
+                goto err;
+        kop.crk_iparams = 6;
+        if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) {
+                const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+                ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
+        }
+err:
+        zapparams(&kop);
+        return (ret);
+}
+static RSA_METHOD cryptodev_rsa = {
+        "cryptodev RSA method",
+        NULL,                           /* rsa_pub_enc */
+        NULL,                           /* rsa_pub_dec */
+        NULL,                           /* rsa_priv_enc */
+        NULL,                           /* rsa_priv_dec */
+        NULL,
+        NULL,
+        NULL,                           /* init */
+        NULL,                           /* finish */
+        0,                              /* flags */
+        NULL,                           /* app_data */
+        NULL,                           /* rsa_sign */
+        NULL                            /* rsa_verify */
+};
+static int
+cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+        return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+}
+static int
+cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
+    BN_CTX *ctx, BN_MONT_CTX *mont)
+{
+        BIGNUM t2;
+        int ret = 0;
+        BN_init(&t2);
+        /* v = ( g^u1 * y^u2 mod p ) mod q */
+        /* let t1 = g ^ u1 mod p */
+        ret = 0;
+        if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
+                goto err;
+        /* let t2 = y ^ u2 mod p */
+        if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
+                goto err;
+        /* let u1 = t1 * t2 mod p */
+        if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
+                goto err;
+        BN_copy(t1,u1);
+        ret = 1;
+err:
+        BN_free(&t2);
+        return(ret);
+}
+static DSA_SIG *
+cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+{
+        struct crypt_kop kop;
+        BIGNUM *r = NULL, *s = NULL;
+        DSA_SIG *dsaret = NULL;
+        if ((r = BN_new()) == NULL)
+                goto err;
+        if ((s = BN_new()) == NULL) {
+                BN_free(r);
+                goto err;
+        }
+        memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_DSA_SIGN;
+        /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+        kop.crk_param[0].crp_p = (caddr_t)dgst;
+        kop.crk_param[0].crp_nbits = dlen * 8;
+        if (bn2crparam(dsa->p, &kop.crk_param[1]))
+                goto err;
+        if (bn2crparam(dsa->q, &kop.crk_param[2]))
+                goto err;
+        if (bn2crparam(dsa->g, &kop.crk_param[3]))
+                goto err;
+        if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
+                goto err;
+        kop.crk_iparams = 5;
+        if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
+            BN_num_bytes(dsa->q), s) == 0) {
+                dsaret = DSA_SIG_new();
+                dsaret->r = r;
+                dsaret->s = s;
+        } else {
+                const DSA_METHOD *meth = DSA_OpenSSL();
+                BN_free(r);
+                BN_free(s);
+                dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
+        }
+err:
+        kop.crk_param[0].crp_p = NULL;
+        zapparams(&kop);
+        return (dsaret);
+}
+static int
+cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
+    DSA_SIG *sig, DSA *dsa)
+{
+        struct crypt_kop kop;
+        int dsaret = 1;
+        memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_DSA_VERIFY;
+        /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
+        kop.crk_param[0].crp_p = (caddr_t)dgst;
+        kop.crk_param[0].crp_nbits = dlen * 8;
+        if (bn2crparam(dsa->p, &kop.crk_param[1]))
+                goto err;
+        if (bn2crparam(dsa->q, &kop.crk_param[2]))
+                goto err;
+        if (bn2crparam(dsa->g, &kop.crk_param[3]))
+                goto err;
+        if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
+                goto err;
+        if (bn2crparam(sig->r, &kop.crk_param[5]))
+                goto err;
+        if (bn2crparam(sig->s, &kop.crk_param[6]))
+                goto err;
+        kop.crk_iparams = 7;
+        if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
+                dsaret = kop.crk_status;
+        } else {
+                const DSA_METHOD *meth = DSA_OpenSSL();
+                dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
+        }
+err:
+        kop.crk_param[0].crp_p = NULL;
+        zapparams(&kop);
+        return (dsaret);
+}
+static DSA_METHOD cryptodev_dsa = {
+        "cryptodev DSA method",
+        NULL,
+        NULL,                           /* dsa_sign_setup */
+        NULL,
+        NULL,                           /* dsa_mod_exp */
+        NULL,
+        NULL,                           /* init */
+        NULL,                           /* finish */
+        0,      /* flags */
+        NULL    /* app_data */
+};
+static int
+cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+    BN_MONT_CTX *m_ctx)
+{
+        return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+}
+static int
+cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+{
+        struct crypt_kop kop;
+        int dhret = 1;
+        int fd, keylen;
+        if ((fd = get_asym_dev_crypto()) < 0) {
+                const DH_METHOD *meth = DH_OpenSSL();
+                return ((meth->compute_key)(key, pub_key, dh));
+        }
+        keylen = BN_num_bits(dh->p);
+        memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_DH_COMPUTE_KEY;
+        /* inputs: dh->priv_key pub_key dh->p key */
+        if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
+                goto err;
+        if (bn2crparam(pub_key, &kop.crk_param[1]))
+                goto err;
+        if (bn2crparam(dh->p, &kop.crk_param[2]))
+                goto err;
+        kop.crk_iparams = 3;
+        kop.crk_param[3].crp_p = key;
+        kop.crk_param[3].crp_nbits = keylen * 8;
+        kop.crk_oparams = 1;
+        if (ioctl(fd, CIOCKEY, &kop) == -1) {
+                const DH_METHOD *meth = DH_OpenSSL();
+                dhret = (meth->compute_key)(key, pub_key, dh);
+        }
+err:
+        kop.crk_param[3].crp_p = NULL;
+        zapparams(&kop);
+        return (dhret);
+}
+static DH_METHOD cryptodev_dh = {
+        "cryptodev DH method",
+        NULL,                           /* cryptodev_dh_generate_key */
+        NULL,
+        NULL,
+        NULL,
+        NULL,
+        0,      /* flags */
+        NULL    /* app_data */
+};
+/*
+ * ctrl right now is just a wrapper that doesn't do much
+ * but I expect we'll want some options soon.
+ */
+static int
+cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+{
+#ifdef HAVE_SYSLOG_R
+        struct syslog_data sd = SYSLOG_DATA_INIT;
+#endif
+        switch (cmd) {
+        default:
+#ifdef HAVE_SYSLOG_R
+                syslog_r(LOG_ERR, &sd,
+                    "cryptodev_ctrl: unknown command %d", cmd);
+#else
+                syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
+#endif
+                break;
+        }
+        return (1);
+}
+void
+ENGINE_load_cryptodev(void)
+{
+        ENGINE *engine = ENGINE_new();
+        int fd;
+        if (engine == NULL)
+                return;
+        if ((fd = get_dev_crypto()) < 0) {
+                ENGINE_free(engine);
+                return;
+        }
+        /*
+         * find out what asymmetric crypto algorithms we support
+         */
+        if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
+                close(fd);
+                ENGINE_free(engine);
+                return;
+        }
+        close(fd);
+        if (!ENGINE_set_id(engine, "cryptodev") ||
+            !ENGINE_set_name(engine, "BSD cryptodev engine") ||
+            !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
+            !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
+            !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
+            !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
+                ENGINE_free(engine);
+                return;
+        }
+        if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
+                const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
+                cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
+                cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
+                cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
+                cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
+                cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
+                cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
+                if (cryptodev_asymfeat & CRF_MOD_EXP) {
+                        cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
+                        if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
+                                cryptodev_rsa.rsa_mod_exp =
+                                    cryptodev_rsa_mod_exp;
+                        else
+                                cryptodev_rsa.rsa_mod_exp =
+                                    cryptodev_rsa_nocrt_mod_exp;
+                }
+        }
+        if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
+                const DSA_METHOD *meth = DSA_OpenSSL();
+                memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
+                if (cryptodev_asymfeat & CRF_DSA_SIGN)
+                        cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
+                if (cryptodev_asymfeat & CRF_MOD_EXP) {
+                        cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
+                        cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
+                }
+                if (cryptodev_asymfeat & CRF_DSA_VERIFY)
+                        cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
+        }
+        if (ENGINE_set_DH(engine, &cryptodev_dh)){
+                const DH_METHOD *dh_meth = DH_OpenSSL();
+                cryptodev_dh.generate_key = dh_meth->generate_key;
+                cryptodev_dh.compute_key = dh_meth->compute_key;
+                cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
+                if (cryptodev_asymfeat & CRF_MOD_EXP) {
+                        cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
+                        if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
+                                cryptodev_dh.compute_key =
+                                    cryptodev_dh_compute_key;
+                }
+        }
+        ENGINE_add(engine);
+        ENGINE_free(engine);
+        ERR_clear_error();
+}
+#endif /* HAVE_CRYPTODEV */
diff --git a/src/lib/libcrypto/engine/eng_ctrl.c b/src/lib/libcrypto/engine/eng_ctrl.c
index 95b6b455aa..412c73fb0f 100644
--- a/src/lib/libcrypto/engine/eng_ctrl.c
+++ b/src/lib/libcrypto/engine/eng_ctrl.c
@@ -53,7 +53,10 @@
 *
 */
+#include <openssl/crypto.h>
+#include "cryptlib.h"
 #include "eng_int.h"
+#include <openssl/engine.h>
 /* When querying a ENGINE-specific control command's 'description', this string
 * is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. */
@@ -100,8 +103,7 @@ static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num)
        return -1;
        }
-static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p,
+static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)())
-                           void (*f)(void))
        {
        int idx;
        char *s = (char *)p;
@@ -179,7 +181,7 @@ static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p,
        return -1;
        }
-int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
        {
        int ctrl_exists, ref_exists;
        if(e == NULL)
@@ -249,13 +251,13 @@ int ENGINE_cmd_is_executable(ENGINE *e, int cmd)
        }
 int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
-        long i, void *p, void (*f)(void), int cmd_optional)
+        long i, void *p, void (*f)(), int cmd_optional)
        {
        int num;
        if((e == NULL) || (cmd_name == NULL))
                {
-                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD,
+                ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
                        ERR_R_PASSED_NULL_PARAMETER);
                return 0;
                }
diff --git a/src/lib/libcrypto/engine/eng_dyn.c b/src/lib/libcrypto/engine/eng_dyn.c
index acb30c34d8..4139a16e76 100644
--- a/src/lib/libcrypto/engine/eng_dyn.c
+++ b/src/lib/libcrypto/engine/eng_dyn.c
@@ -57,7 +57,11 @@
 */
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
 #include "eng_int.h"
+#include <openssl/engine.h>
 #include <openssl/dso.h>
 /* Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE loader
@@ -66,7 +70,7 @@
 /* Our ENGINE handlers */
 static int dynamic_init(ENGINE *e);
 static int dynamic_finish(ENGINE *e);
-static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
+static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
 /* Predeclare our context type */
 typedef struct st_dynamic_data_ctx dynamic_data_ctx;
 /* The implementation for the important control command */
@@ -76,9 +80,7 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx);
 #define DYNAMIC_CMD_NO_VCHECK           (ENGINE_CMD_BASE + 1)
 #define DYNAMIC_CMD_ID                  (ENGINE_CMD_BASE + 2)
 #define DYNAMIC_CMD_LIST_ADD            (ENGINE_CMD_BASE + 3)
-#define DYNAMIC_CMD_DIR_LOAD            (ENGINE_CMD_BASE + 4)
+#define DYNAMIC_CMD_LOAD                (ENGINE_CMD_BASE + 4)
-#define DYNAMIC_CMD_DIR_ADD             (ENGINE_CMD_BASE + 5)
-#define DYNAMIC_CMD_LOAD                (ENGINE_CMD_BASE + 6)
 /* The constants used when creating the ENGINE */
 static const char *engine_dynamic_id = "dynamic";
@@ -100,14 +102,6 @@ static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = {
                "LIST_ADD",
                "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)",
                ENGINE_CMD_FLAG_NUMERIC},
-        {DYNAMIC_CMD_DIR_LOAD,
-                "DIR_LOAD",
-                "Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)",
-                ENGINE_CMD_FLAG_NUMERIC},
-        {DYNAMIC_CMD_DIR_ADD,
-                "DIR_ADD",
-                "Adds a directory from which ENGINEs can be loaded",
-                ENGINE_CMD_FLAG_STRING},
        {DYNAMIC_CMD_LOAD,
                "LOAD",
                "Load up the ENGINE specified by other settings",
@@ -142,18 +136,12 @@ struct st_dynamic_data_ctx
        const char *DYNAMIC_F1;
        /* The symbol name for the "initialise ENGINE structure" function */
        const char *DYNAMIC_F2;
-        /* Whether to never use 'dirs', use 'dirs' as a fallback, or only use
-         * 'dirs' for loading. Default is to use 'dirs' as a fallback. */
-        int dir_load;
-        /* A stack of directories from which ENGINEs could be loaded */
-        STACK *dirs;
        };
 /* This is the "ex_data" index we obtain and reserve for use with our context
 * structure. */
 static int dynamic_ex_data_idx = -1;
-static void int_free_str(void *s) { OPENSSL_free(s); }
 /* Because our ex_data element may or may not get allocated depending on whether
 * a "first-use" occurs before the ENGINE is freed, we have a memory leak
 * problem to solve. We can't declare a "new" handler for the ex_data as we
@@ -173,8 +161,6 @@ static void dynamic_data_ctx_free_func(void *parent, void *ptr,
                        OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME);
                if(ctx->engine_id)
                        OPENSSL_free((void*)ctx->engine_id);
-                if(ctx->dirs)
-                        sk_pop_free(ctx->dirs, int_free_str);
                OPENSSL_free(ctx);
                }
        }
@@ -189,7 +175,7 @@ static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
        c = OPENSSL_malloc(sizeof(dynamic_data_ctx));
        if(!c)
                {
-                ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX,ERR_R_MALLOC_FAILURE);
+                ENGINEerr(ENGINE_F_SET_DATA_CTX,ERR_R_MALLOC_FAILURE);
                return 0;
                }
        memset(c, 0, sizeof(dynamic_data_ctx));
@@ -202,14 +188,6 @@ static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
        c->list_add_value = 0;
        c->DYNAMIC_F1 = "v_check";
        c->DYNAMIC_F2 = "bind_engine";
-        c->dir_load = 1;
-        c->dirs = sk_new_null();
-        if(!c->dirs)
-                {
-                ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX,ERR_R_MALLOC_FAILURE);
-                OPENSSL_free(c);
-                return 0;
-                }
        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
        if((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e,
                                dynamic_ex_data_idx)) == NULL)
@@ -312,7 +290,7 @@ static int dynamic_finish(ENGINE *e)
        return 0;
        }
-static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
+static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
        {
        dynamic_data_ctx *ctx = dynamic_get_data_ctx(e);
        int initialised;
@@ -368,34 +346,6 @@ static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
                return 1;
        case DYNAMIC_CMD_LOAD:
                return dynamic_load(e, ctx);
-        case DYNAMIC_CMD_DIR_LOAD:
-                if((i < 0) || (i > 2))
-                        {
-                        ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
-                                ENGINE_R_INVALID_ARGUMENT);
-                        return 0;
-                        }
-                ctx->dir_load = (int)i;
-                return 1;
-        case DYNAMIC_CMD_DIR_ADD:
-                /* a NULL 'p' or a string of zero-length is the same thing */
-                if(!p || (strlen((const char *)p) < 1))
-                        {
-                        ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
-                                ENGINE_R_INVALID_ARGUMENT);
-                        return 0;
-                        }
-                {
-                char *tmp_str = BUF_strdup(p);
-                if(!tmp_str)
-                        {
-                        ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
-                                ERR_R_MALLOC_FAILURE);
-                        return 0;
-                        }
-                sk_insert(ctx->dirs, tmp_str, -1);
-                }
-                return 1;
        default:
                break;
                }
@@ -403,53 +353,16 @@ static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
        return 0;
        }
-static int int_load(dynamic_data_ctx *ctx)
-        {
-        int num, loop;
-        /* Unless told not to, try a direct load */
-        if((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso,
-                                ctx->DYNAMIC_LIBNAME, NULL, 0)) != NULL)
-                return 1;
-        /* If we're not allowed to use 'dirs' or we have none, fail */
-        if(!ctx->dir_load || ((num = sk_num(ctx->dirs)) < 1))
-                return 0;
-        for(loop = 0; loop < num; loop++)
-                {
-                const char *s = sk_value(ctx->dirs, loop);
-                char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s);
-                if(!merge)
-                        return 0;
-                if(DSO_load(ctx->dynamic_dso, merge, NULL, 0))
-                        {
-                        /* Found what we're looking for */
-                        OPENSSL_free(merge);
-                        return 1;
-                        }
-                OPENSSL_free(merge);
-                }
-        return 0;
-        }
 static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
        {
        ENGINE cpy;
        dynamic_fns fns;
-        if(!ctx->dynamic_dso)
+        if(!ctx->DYNAMIC_LIBNAME || ((ctx->dynamic_dso = DSO_load(NULL,
-                ctx->dynamic_dso = DSO_new();
+                                ctx->DYNAMIC_LIBNAME, NULL, 0)) == NULL))
-        if(!ctx->DYNAMIC_LIBNAME)
-                {
-                if(!ctx->engine_id)
-                        return 0;
-                ctx->DYNAMIC_LIBNAME =
-                        DSO_convert_filename(ctx->dynamic_dso, ctx->engine_id);
-                }
-        if(!int_load(ctx))
                {
                ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
                        ENGINE_R_DSO_NOT_FOUND);
-                DSO_free(ctx->dynamic_dso);
-                ctx->dynamic_dso = NULL;
                return 0;
                }
        /* We have to find a bind function otherwise it'll always end badly */
@@ -496,7 +409,6 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
         * engine.h, much of this would be simplified if each area of code
         * provided its own "summary" structure of all related callbacks. It
         * would also increase opaqueness. */
-        fns.static_state = ENGINE_get_static_state();
        fns.err_fns = ERR_get_implementation();
        fns.ex_data_fns = CRYPTO_get_ex_data_implementation();
        CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb,
diff --git a/src/lib/libcrypto/engine/eng_err.c b/src/lib/libcrypto/engine/eng_err.c
index 369f2e22d3..fdc0e7be0f 100644
--- a/src/lib/libcrypto/engine/eng_err.c
+++ b/src/lib/libcrypto/engine/eng_err.c
@@ -73,7 +73,6 @@ static ERR_STRING_DATA ENGINE_str_functs[]=
 {ERR_FUNC(ENGINE_F_DYNAMIC_CTRL),       "DYNAMIC_CTRL"},
 {ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX),       "DYNAMIC_GET_DATA_CTX"},
 {ERR_FUNC(ENGINE_F_DYNAMIC_LOAD),       "DYNAMIC_LOAD"},
-{ERR_FUNC(ENGINE_F_DYNAMIC_SET_DATA_CTX),       "DYNAMIC_SET_DATA_CTX"},
 {ERR_FUNC(ENGINE_F_ENGINE_ADD), "ENGINE_add"},
 {ERR_FUNC(ENGINE_F_ENGINE_BY_ID),       "ENGINE_by_id"},
 {ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE),   "ENGINE_cmd_is_executable"},
@@ -81,7 +80,7 @@ static ERR_STRING_DATA ENGINE_str_functs[]=
 {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD),    "ENGINE_ctrl_cmd"},
 {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING),     "ENGINE_ctrl_cmd_string"},
 {ERR_FUNC(ENGINE_F_ENGINE_FINISH),      "ENGINE_finish"},
-{ERR_FUNC(ENGINE_F_ENGINE_FREE_UTIL),   "ENGINE_FREE_UTIL"},
+{ERR_FUNC(ENGINE_F_ENGINE_FREE),        "ENGINE_free"},
 {ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER),  "ENGINE_get_cipher"},
 {ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE),    "ENGINE_GET_DEFAULT_TYPE"},
 {ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST),  "ENGINE_get_digest"},
@@ -92,6 +91,7 @@ static ERR_STRING_DATA ENGINE_str_functs[]=
 {ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"},
 {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY),    "ENGINE_load_private_key"},
 {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY),     "ENGINE_load_public_key"},
+{ERR_FUNC(ENGINE_F_ENGINE_MODULE_INIT), "ENGINE_MODULE_INIT"},
 {ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"},
 {ERR_FUNC(ENGINE_F_ENGINE_REMOVE),      "ENGINE_remove"},
 {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING),  "ENGINE_set_default_string"},
@@ -100,12 +100,11 @@ static ERR_STRING_DATA ENGINE_str_functs[]=
 {ERR_FUNC(ENGINE_F_ENGINE_SET_NAME),    "ENGINE_set_name"},
 {ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER),      "ENGINE_TABLE_REGISTER"},
 {ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY),  "ENGINE_UNLOAD_KEY"},
-{ERR_FUNC(ENGINE_F_ENGINE_UNLOCKED_FINISH),     "ENGINE_UNLOCKED_FINISH"},
 {ERR_FUNC(ENGINE_F_ENGINE_UP_REF),      "ENGINE_up_ref"},
 {ERR_FUNC(ENGINE_F_INT_CTRL_HELPER),    "INT_CTRL_HELPER"},
 {ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE),       "INT_ENGINE_CONFIGURE"},
-{ERR_FUNC(ENGINE_F_INT_ENGINE_MODULE_INIT),     "INT_ENGINE_MODULE_INIT"},
 {ERR_FUNC(ENGINE_F_LOG_MESSAGE),        "LOG_MESSAGE"},
+{ERR_FUNC(ENGINE_F_SET_DATA_CTX),       "SET_DATA_CTX"},
 {0,NULL}
        };
@@ -157,12 +156,15 @@ static ERR_STRING_DATA ENGINE_str_reasons[]=
 void ERR_load_ENGINE_strings(void)
        {
-#ifndef OPENSSL_NO_ERR
+        static int init=1;
-        if (ERR_func_error_string(ENGINE_str_functs[0].error) == NULL)
+        if (init)
                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
                ERR_load_strings(0,ENGINE_str_functs);
                ERR_load_strings(0,ENGINE_str_reasons);
-                }
 #endif
+                }
        }
diff --git a/src/lib/libcrypto/engine/eng_fat.c b/src/lib/libcrypto/engine/eng_fat.c
index 27c1662f62..7ccf7022ee 100644
--- a/src/lib/libcrypto/engine/eng_fat.c
+++ b/src/lib/libcrypto/engine/eng_fat.c
@@ -52,13 +52,11 @@
 * Hudson (tjh@cryptsoft.com).
 *
 */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
+#include <openssl/crypto.h>
+#include "cryptlib.h"
 #include "eng_int.h"
+#include <openssl/engine.h>
 #include <openssl/conf.h>
 int ENGINE_set_default(ENGINE *e, unsigned int flags)
@@ -79,14 +77,6 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags)
        if((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e))
                return 0;
 #endif
-#ifndef OPENSSL_NO_ECDH
-        if((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e))
-                return 0;
-#endif
-#ifndef OPENSSL_NO_ECDSA
-        if((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e))
-                return 0;
-#endif
        if((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e))
                return 0;
        return 1;
@@ -103,10 +93,6 @@ static int int_def_cb(const char *alg, int len, void *arg)
                *pflags |= ENGINE_METHOD_RSA;
        else if (!strncmp(alg, "DSA", len))
                *pflags |= ENGINE_METHOD_DSA;
-        else if (!strncmp(alg, "ECDH", len))
-                *pflags |= ENGINE_METHOD_ECDH;
-        else if (!strncmp(alg, "ECDSA", len))
-                *pflags |= ENGINE_METHOD_ECDSA;
        else if (!strncmp(alg, "DH", len))
                *pflags |= ENGINE_METHOD_DH;
        else if (!strncmp(alg, "RAND", len))
@@ -147,12 +133,6 @@ int ENGINE_register_complete(ENGINE *e)
 #ifndef OPENSSL_NO_DH
        ENGINE_register_DH(e);
 #endif
-#ifndef OPENSSL_NO_ECDH
-        ENGINE_register_ECDH(e);
-#endif
-#ifndef OPENSSL_NO_ECDSA
-        ENGINE_register_ECDSA(e);
-#endif
        ENGINE_register_RAND(e);
        return 1;
        }
diff --git a/src/lib/libcrypto/engine/eng_init.c b/src/lib/libcrypto/engine/eng_init.c
index 7633cf5f1d..170c1791b3 100644
--- a/src/lib/libcrypto/engine/eng_init.c
+++ b/src/lib/libcrypto/engine/eng_init.c
@@ -53,7 +53,10 @@
 *
 */
+#include <openssl/crypto.h>
+#include "cryptlib.h"
 #include "eng_int.h"
+#include <openssl/engine.h>
 /* Initialise a engine type for use (or up its functional reference count
 * if it's already in use). This version is only used internally. */
@@ -111,7 +114,7 @@ int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers)
        /* Release the structural reference too */
        if(!engine_free_util(e, 0))
                {
-                ENGINEerr(ENGINE_F_ENGINE_UNLOCKED_FINISH,ENGINE_R_FINISH_FAILED);
+                ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED);
                return 0;
                }
        return to_return;
diff --git a/src/lib/libcrypto/engine/eng_int.h b/src/lib/libcrypto/engine/eng_int.h
index a5b1edebf4..38335f99cd 100644
--- a/src/lib/libcrypto/engine/eng_int.h
+++ b/src/lib/libcrypto/engine/eng_int.h
@@ -55,16 +55,10 @@
 * Hudson (tjh@cryptsoft.com).
 *
 */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
 #ifndef HEADER_ENGINE_INT_H
 #define HEADER_ENGINE_INT_H
-#include "cryptlib.h"
 /* Take public definitions from engine.h */
 #include <openssl/engine.h>
@@ -152,10 +146,7 @@ struct engine_st
        const RSA_METHOD *rsa_meth;
        const DSA_METHOD *dsa_meth;
        const DH_METHOD *dh_meth;
-        const ECDH_METHOD *ecdh_meth;
-        const ECDSA_METHOD *ecdsa_meth;
        const RAND_METHOD *rand_meth;
-        const STORE_METHOD *store_meth;
        /* Cipher handling is via this callback */
        ENGINE_CIPHERS_PTR ciphers;
        /* Digest handling is via this callback */
diff --git a/src/lib/libcrypto/engine/eng_lib.c b/src/lib/libcrypto/engine/eng_lib.c
index 5815b867f4..a66d0f08af 100644
--- a/src/lib/libcrypto/engine/eng_lib.c
+++ b/src/lib/libcrypto/engine/eng_lib.c
@@ -56,8 +56,11 @@
 *
 */
+#include <openssl/crypto.h>
+#include "cryptlib.h"
 #include "eng_int.h"
-#include <openssl/rand.h>
+#include <openssl/rand.h> /* FIXME: This shouldn't be needed */
+#include <openssl/engine.h>
 /* The "new"/"free" stuff first */
@@ -89,7 +92,6 @@ void engine_set_all_null(ENGINE *e)
        e->dsa_meth = NULL;
        e->dh_meth = NULL;
        e->rand_meth = NULL;
-        e->store_meth = NULL;
        e->ciphers = NULL;
        e->digests = NULL;
        e->destroy = NULL;
@@ -108,7 +110,7 @@ int engine_free_util(ENGINE *e, int locked)
        if(e == NULL)
                {
-                ENGINEerr(ENGINE_F_ENGINE_FREE_UTIL,
+                ENGINEerr(ENGINE_F_ENGINE_FREE,
                        ERR_R_PASSED_NULL_PARAMETER);
                return 0;
                }
@@ -317,13 +319,3 @@ const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e)
        {
        return e->cmd_defns;
        }
-/* eng_lib.o is pretty much linked into anything that touches ENGINE already, so
- * put the "static_state" hack here. */
-static int internal_static_hack = 0;
-void *ENGINE_get_static_state(void)
-        {
-        return &internal_static_hack;
-        }
diff --git a/src/lib/libcrypto/engine/eng_list.c b/src/lib/libcrypto/engine/eng_list.c
index bd511944ba..1cc3217f4c 100644
--- a/src/lib/libcrypto/engine/eng_list.c
+++ b/src/lib/libcrypto/engine/eng_list.c
@@ -55,13 +55,11 @@
 * Hudson (tjh@cryptsoft.com).
 *
 */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
+#include <openssl/crypto.h>
+#include "cryptlib.h"
 #include "eng_int.h"
+#include <openssl/engine.h>
 /* The linked-list of pointers to engine types. engine_list_head
 * incorporates an implicit structural reference but engine_list_tail
@@ -326,14 +324,7 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src)
 #ifndef OPENSSL_NO_DH
        dest->dh_meth = src->dh_meth;
 #endif
-#ifndef OPENSSL_NO_ECDH
-        dest->ecdh_meth = src->ecdh_meth;
-#endif
-#ifndef OPENSSL_NO_ECDSA
-        dest->ecdsa_meth = src->ecdsa_meth;
-#endif
        dest->rand_meth = src->rand_meth;
-        dest->store_meth = src->store_meth;
        dest->ciphers = src->ciphers;
        dest->digests = src->digests;
        dest->destroy = src->destroy;
@@ -349,7 +340,6 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src)
 ENGINE *ENGINE_by_id(const char *id)
        {
        ENGINE *iterator;
-        char *load_dir = NULL;
        if(id == NULL)
                {
                ENGINEerr(ENGINE_F_ENGINE_BY_ID,
@@ -383,7 +373,6 @@ ENGINE *ENGINE_by_id(const char *id)
                        }
                }
        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-#if 0
        if(iterator == NULL)
                {
                ENGINEerr(ENGINE_F_ENGINE_BY_ID,
@@ -391,32 +380,6 @@ ENGINE *ENGINE_by_id(const char *id)
                ERR_add_error_data(2, "id=", id);
                }
        return iterator;
-#else
-        /* EEK! Experimental code starts */
-        if(iterator) return iterator;
-        /* Prevent infinite recusrion if we're looking for the dynamic engine. */
-        if (strcmp(id, "dynamic"))
-                {
-#ifdef OPENSSL_SYS_VMS
-                if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
-#else
-                if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
-#endif
-                iterator = ENGINE_by_id("dynamic");
-                if(!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
-                                !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||
-                                !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD",
-                                        load_dir, 0) ||
-                                !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0))
-                                goto notfound;
-                return iterator;
-                }
-notfound:
-        ENGINEerr(ENGINE_F_ENGINE_BY_ID,ENGINE_R_NO_SUCH_ENGINE);
-        ERR_add_error_data(2, "id=", id);
-        return NULL;
-        /* EEK! Experimental code ends */
-#endif
        }
 int ENGINE_up_ref(ENGINE *e)
diff --git a/src/lib/libcrypto/engine/eng_openssl.c b/src/lib/libcrypto/engine/eng_openssl.c
index 7c139ae2ef..54579eea2e 100644
--- a/src/lib/libcrypto/engine/eng_openssl.c
+++ b/src/lib/libcrypto/engine/eng_openssl.c
@@ -55,11 +55,6 @@
 * Hudson (tjh@cryptsoft.com).
 *
 */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
 #include <stdio.h>
@@ -69,16 +64,6 @@
 #include <openssl/dso.h>
 #include <openssl/pem.h>
 #include <openssl/evp.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
 /* This testing gunk is implemented (and explained) lower down. It also assumes
 * the application explicitly calls "ENGINE_load_openssl()" because this is no
@@ -140,12 +125,6 @@ static int bind_helper(ENGINE *e)
 #ifndef OPENSSL_NO_DSA
                        || !ENGINE_set_DSA(e, DSA_get_default_method())
 #endif
-#ifndef OPENSSL_NO_ECDH
-                        || !ENGINE_set_ECDH(e, ECDH_OpenSSL())
-#endif
-#ifndef OPENSSL_NO_ECDSA
-                        || !ENGINE_set_ECDSA(e, ECDSA_OpenSSL())
-#endif
 #ifndef OPENSSL_NO_DH
                        || !ENGINE_set_DH(e, DH_get_default_method())
 #endif
@@ -257,7 +236,6 @@ static const EVP_CIPHER test_r4_cipher=
        sizeof(TEST_RC4_KEY),
        NULL,
        NULL,
-        NULL,
        NULL
        };
 static const EVP_CIPHER test_r4_40_cipher=
@@ -271,7 +249,6 @@ static const EVP_CIPHER test_r4_40_cipher=
        sizeof(TEST_RC4_KEY),
        NULL, 
        NULL,
-        NULL,
        NULL
        };
 static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
@@ -313,7 +290,7 @@ static int test_sha1_init(EVP_MD_CTX *ctx)
 #endif
        return SHA1_Init(ctx->md_data);
        }
-static int test_sha1_update(EVP_MD_CTX *ctx,const void *data,size_t count)
+static int test_sha1_update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
        {
 #ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
        fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
diff --git a/src/lib/libcrypto/engine/eng_pkey.c b/src/lib/libcrypto/engine/eng_pkey.c
index bc8b21abec..8c69171511 100644
--- a/src/lib/libcrypto/engine/eng_pkey.c
+++ b/src/lib/libcrypto/engine/eng_pkey.c
@@ -53,7 +53,10 @@
 *
 */
+#include <openssl/crypto.h>
+#include "cryptlib.h"
 #include "eng_int.h"
+#include <openssl/engine.h>
 /* Basic get/set stuff */
diff --git a/src/lib/libcrypto/engine/eng_table.c b/src/lib/libcrypto/engine/eng_table.c
index 8879a267d1..c69a84a8bf 100644
--- a/src/lib/libcrypto/engine/eng_table.c
+++ b/src/lib/libcrypto/engine/eng_table.c
@@ -52,31 +52,49 @@
 *
 */
-#include "cryptlib.h"
 #include <openssl/evp.h>
-#include <openssl/lhash.h>
+#include <openssl/engine.h>
 #include "eng_int.h"
+/* This is the type of item in the 'implementation' table. Each 'nid' hashes to
+ * a (potentially NULL) ENGINE_PILE structure which contains a stack of ENGINE*
+ * pointers. These pointers aren't references, because they're inserted and
+ * removed during ENGINE creation and ENGINE destruction. They point to ENGINEs
+ * that *exist* (ie. have a structural reference count greater than zero) rather
+ * than ENGINEs that are *functional*. Each pointer in those stacks are to
+ * ENGINEs that implements the algorithm corresponding to each 'nid'. */
 /* The type of the items in the table */
 typedef struct st_engine_pile
        {
-        /* The 'nid' of this algorithm/mode */
+        /* The 'nid' of the algorithm/mode this ENGINE_PILE structure represents
+         * */
        int nid;
-        /* ENGINEs that implement this algorithm/mode. */
+        /* A stack of ENGINE pointers for ENGINEs that support this
+         * algorithm/mode. In the event that 'funct' is NULL, the first entry in
+         * this stack that initialises will be set as 'funct' and assumed as the
+         * default for operations of this type. */
        STACK_OF(ENGINE) *sk;
        /* The default ENGINE to perform this algorithm/mode. */
        ENGINE *funct;
-        /* Zero if 'sk' is newer than the cached 'funct', non-zero otherwise */
+        /* This value optimises engine_table_select(). If it is called it sets
+         * this value to 1. Any changes to this ENGINE_PILE resets it to zero.
+         * As such, no ENGINE_init() thrashing is done unless ENGINEs
+         * continually register (and/or unregister). */
        int uptodate;
        } ENGINE_PILE;
-/* The type exposed in eng_int.h */
+/* The type of the hash table of ENGINE_PILE structures such that each are
+ * unique and keyed by the 'nid' value. */
 struct st_engine_table
        {
        LHASH piles;
        }; /* ENGINE_TABLE */
-/* Global flags (ENGINE_TABLE_FLAG_***). */
+/* This value stores global options controlling behaviour of (mostly) the
+ * engine_table_select() function. It's a bitmask of flag values of the form
+ * ENGINE_TABLE_FLAG_*** (as defined in engine.h) and is controlled by the
+ * ENGINE_[get|set]_table_flags() function. */
 static unsigned int table_flags = 0;
 /* API function manipulating 'table_flags' */
@@ -103,8 +121,10 @@ static IMPLEMENT_LHASH_COMP_FN(engine_pile_cmp, const ENGINE_PILE *)
 static int int_table_check(ENGINE_TABLE **t, int create)
        {
        LHASH *lh;
-        if(*t) return 1;
+        if(*t)
-        if(!create) return 0;
+                return 1;
+        if(!create)
+                return 0;
        if((lh = lh_new(LHASH_HASH_FN(engine_pile_hash),
                        LHASH_COMP_FN(engine_pile_cmp))) == NULL)
                return 0;
@@ -134,7 +154,8 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
                if(!fnd)
                        {
                        fnd = OPENSSL_malloc(sizeof(ENGINE_PILE));
-                        if(!fnd) goto end;
+                        if(!fnd)
+                                goto end;
                        fnd->uptodate = 1;
                        fnd->nid = *nids;
                        fnd->sk = sk_ENGINE_new_null();
@@ -143,11 +164,11 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
                                OPENSSL_free(fnd);
                                goto end;
                                }
-                        fnd->funct = NULL;
+                        fnd->funct= NULL;
                        lh_insert(&(*table)->piles, fnd);
                        }
                /* A registration shouldn't add duplciate entries */
-                (void)sk_ENGINE_delete_ptr(fnd->sk, e);
+                sk_ENGINE_delete_ptr(fnd->sk, e);
                /* if 'setdefault', this ENGINE goes to the head of the list */
                if(!sk_ENGINE_push(fnd->sk, e))
                        goto end;
@@ -164,7 +185,6 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
                        if(fnd->funct)
                                engine_unlocked_finish(fnd->funct, 0);
                        fnd->funct = e;
-                        fnd->uptodate = 1;
                        }
                nids++;
                }
@@ -179,7 +199,8 @@ static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e)
        /* Iterate the 'c->sk' stack removing any occurance of 'e' */
        while((n = sk_ENGINE_find(pile->sk, e)) >= 0)
                {
-                (void)sk_ENGINE_delete(pile->sk, n);
+                sk_ENGINE_delete(pile->sk, n);
+                /* "touch" this ENGINE_CIPHER */
                pile->uptodate = 0;
                }
        if(pile->funct == e)
@@ -218,7 +239,9 @@ void engine_table_cleanup(ENGINE_TABLE **table)
        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
        }
-/* return a functional reference for a given 'nid' */
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given cipher 'nid' */
 #ifndef ENGINE_TABLE_DEBUG
 ENGINE *engine_table_select(ENGINE_TABLE **table, int nid)
 #else
@@ -229,21 +252,25 @@ ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, in
        ENGINE_PILE tmplate, *fnd=NULL;
        int initres, loop = 0;
+        /* If 'engine_ciphers' is NULL, then it's absolutely *sure* that no
+         * ENGINEs have registered any implementations! */
        if(!(*table))
                {
 #ifdef ENGINE_TABLE_DEBUG
-                fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, nothing "
+                fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no "
-                        "registered!\n", f, l, nid);
+                        "registered for anything!\n", f, l, nid);
 #endif
                return NULL;
                }
        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
        /* Check again inside the lock otherwise we could race against cleanup
         * operations. But don't worry about a fprintf(stderr). */
-        if(!int_table_check(table, 0)) goto end;
+        if(!int_table_check(table, 0))
+                goto end;
        tmplate.nid = nid;
        fnd = lh_retrieve(&(*table)->piles, &tmplate);
-        if(!fnd) goto end;
+        if(!fnd)
+                goto end;
        if(fnd->funct && engine_unlocked_init(fnd->funct))
                {
 #ifdef ENGINE_TABLE_DEBUG
@@ -269,19 +296,34 @@ trynext:
 #endif
                goto end;
                }
-        /* Try to initialise the ENGINE? */
+#if 0
+        /* Don't need to get a reference if we hold the lock. If the locking has
+         * to change in future, that would be different ... */
+        ret->struct_ref++; engine_ref_debug(ret, 0, 1)
+#endif
+        /* Try and initialise the ENGINE if it's already functional *or* if the
+         * ENGINE_TABLE_FLAG_NOINIT flag is not set. */
        if((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT))
                initres = engine_unlocked_init(ret);
        else
                initres = 0;
+#if 0
+        /* Release the structural reference */
+        ret->struct_ref--; engine_ref_debug(ret, 0, -1);
+#endif
        if(initres)
                {
-                /* Update 'funct' */
+                /* If we didn't have a default (functional reference) for this
+                 * 'nid' (or we had one but for whatever reason we're now
+                 * initialising a different one), use this opportunity to set
+                 * 'funct'. */
                if((fnd->funct != ret) && engine_unlocked_init(ret))
                        {
                        /* If there was a previous default we release it. */
                        if(fnd->funct)
                                engine_unlocked_finish(fnd->funct, 0);
+                        /* We got an extra functional reference for the
+                         * per-'nid' default */
                        fnd->funct = ret;
 #ifdef ENGINE_TABLE_DEBUG
                        fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, "
@@ -296,9 +338,13 @@ trynext:
                }
        goto trynext;
 end:
-        /* If it failed, it is unlikely to succeed again until some future
+        /* Whatever happened - we should "untouch" our uptodate file seeing as
-         * registrations have taken place. In all cases, we cache. */
+         * we have tried our best to find a functional reference for 'nid'. If
-        if(fnd) fnd->uptodate = 1;
+         * it failed, it is unlikely to succeed again until some future
+         * registrations (or unregistrations) have taken place that affect that
+         * 'nid'. */
+        if(fnd)
+                fnd->uptodate = 1;
 #ifdef ENGINE_TABLE_DEBUG
        if(ret)
                fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
diff --git a/src/lib/libcrypto/engine/engine.h b/src/lib/libcrypto/engine/engine.h
index 3ec59338ff..900f75ce8d 100644
--- a/src/lib/libcrypto/engine/engine.h
+++ b/src/lib/libcrypto/engine/engine.h
@@ -3,7 +3,7 @@
 * project 2000.
 */
 /* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -55,11 +55,6 @@
 * Hudson (tjh@cryptsoft.com).
 *
 */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
 #ifndef HEADER_ENGINE_H
 #define HEADER_ENGINE_H
@@ -70,7 +65,7 @@
 #error ENGINE is disabled.
 #endif
-#ifndef OPENSSL_NO_DEPRECATED
+#include <openssl/ossl_typ.h>
 #include <openssl/bn.h>
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
@@ -81,36 +76,34 @@
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
-#ifndef OPENSSL_NO_ECDH
-#include <openssl/ecdh.h>
-#endif
-#ifndef OPENSSL_NO_ECDSA
-#include <openssl/ecdsa.h>
-#endif
 #include <openssl/rand.h>
-#include <openssl/store.h>
 #include <openssl/ui.h>
-#include <openssl/err.h>
-#endif
-#include <openssl/ossl_typ.h>
 #include <openssl/symhacks.h>
+#include <openssl/err.h>
 #ifdef  __cplusplus
 extern "C" {
 #endif
+/* Fixups for missing algorithms */
+#ifdef OPENSSL_NO_RSA
+typedef void RSA_METHOD;
+#endif
+#ifdef OPENSSL_NO_DSA
+typedef void DSA_METHOD;
+#endif
+#ifdef OPENSSL_NO_DH
+typedef void DH_METHOD;
+#endif
 /* These flags are used to control combinations of algorithm (methods)
 * by bitwise "OR"ing. */
 #define ENGINE_METHOD_RSA               (unsigned int)0x0001
 #define ENGINE_METHOD_DSA               (unsigned int)0x0002
 #define ENGINE_METHOD_DH                (unsigned int)0x0004
 #define ENGINE_METHOD_RAND              (unsigned int)0x0008
-#define ENGINE_METHOD_ECDH              (unsigned int)0x0010
-#define ENGINE_METHOD_ECDSA             (unsigned int)0x0020
 #define ENGINE_METHOD_CIPHERS           (unsigned int)0x0040
 #define ENGINE_METHOD_DIGESTS           (unsigned int)0x0080
-#define ENGINE_METHOD_STORE             (unsigned int)0x0100
 /* Obvious all-or-nothing cases. */
 #define ENGINE_METHOD_ALL               (unsigned int)0xFFFF
 #define ENGINE_METHOD_NONE              (unsigned int)0x0000
@@ -180,15 +173,9 @@ extern "C" {
                                                     handles/connections etc. */
 #define ENGINE_CTRL_SET_USER_INTERFACE          4 /* Alternative to callback */
 #define ENGINE_CTRL_SET_CALLBACK_DATA           5 /* User-specific data, used
-                                                     when calling the password
+                                                     when calling the password
-                                                     callback and the user
+                                                     callback and the user
-                                                     interface */
+                                                     interface */
-#define ENGINE_CTRL_LOAD_CONFIGURATION          6 /* Load a configuration, given
-                                                     a string that represents a
-                                                     file name or so */
-#define ENGINE_CTRL_LOAD_SECTION                7 /* Load data from a given
-                                                     section in the already loaded
-                                                     configuration */
 /* These control commands allow an application to deal with an arbitrary engine
 * in a dynamic way. Warn: Negative return values indicate errors FOR THESE
@@ -235,7 +222,7 @@ extern "C" {
 /* ENGINE implementations should start the numbering of their own control
 * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */
-#define ENGINE_CMD_BASE                         200
+#define ENGINE_CMD_BASE         200
 /* NB: These 2 nCipher "chil" control commands are deprecated, and their
 * functionality is now available through ENGINE-specific control commands
@@ -270,11 +257,11 @@ typedef struct ENGINE_CMD_DEFN_st
        } ENGINE_CMD_DEFN;
 /* Generic function pointer */
-typedef int (*ENGINE_GEN_FUNC_PTR)(void);
+typedef int (*ENGINE_GEN_FUNC_PTR)();
 /* Generic function pointer taking no arguments */
 typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *);
 /* Specific control function pointer */
-typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)(void));
+typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)());
 /* Generic load_key function pointer */
 typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
        UI_METHOD *ui_method, void *callback_data);
@@ -318,21 +305,15 @@ ENGINE *ENGINE_by_id(const char *id);
 /* Add all the built-in engines. */
 void ENGINE_load_openssl(void);
 void ENGINE_load_dynamic(void);
-#ifndef OPENSSL_NO_STATIC_ENGINE
-void ENGINE_load_4758cca(void);
-void ENGINE_load_aep(void);
-void ENGINE_load_atalla(void);
-void ENGINE_load_chil(void);
 void ENGINE_load_cswift(void);
-#ifndef OPENSSL_NO_GMP
+void ENGINE_load_chil(void);
-void ENGINE_load_gmp(void);
+void ENGINE_load_atalla(void);
-#endif
 void ENGINE_load_nuron(void);
-void ENGINE_load_sureware(void);
 void ENGINE_load_ubsec(void);
-#endif
+void ENGINE_load_aep(void);
+void ENGINE_load_sureware(void);
+void ENGINE_load_4758cca(void);
 void ENGINE_load_cryptodev(void);
-void ENGINE_load_padlock(void);
 void ENGINE_load_builtin_engines(void);
 /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
@@ -356,14 +337,6 @@ int ENGINE_register_DSA(ENGINE *e);
 void ENGINE_unregister_DSA(ENGINE *e);
 void ENGINE_register_all_DSA(void);
-int ENGINE_register_ECDH(ENGINE *e);
-void ENGINE_unregister_ECDH(ENGINE *e);
-void ENGINE_register_all_ECDH(void);
-int ENGINE_register_ECDSA(ENGINE *e);
-void ENGINE_unregister_ECDSA(ENGINE *e);
-void ENGINE_register_all_ECDSA(void);
 int ENGINE_register_DH(ENGINE *e);
 void ENGINE_unregister_DH(ENGINE *e);
 void ENGINE_register_all_DH(void);
@@ -372,10 +345,6 @@ int ENGINE_register_RAND(ENGINE *e);
 void ENGINE_unregister_RAND(ENGINE *e);
 void ENGINE_register_all_RAND(void);
-int ENGINE_register_STORE(ENGINE *e);
-void ENGINE_unregister_STORE(ENGINE *e);
-void ENGINE_register_all_STORE(void);
 int ENGINE_register_ciphers(ENGINE *e);
 void ENGINE_unregister_ciphers(ENGINE *e);
 void ENGINE_register_all_ciphers(void);
@@ -398,7 +367,7 @@ int ENGINE_register_all_complete(void);
 * reference to an engine, but many control commands may require the engine be
 * functional. The caller should be aware of trying commands that require an
 * operational ENGINE, and only use functional references in such situations. */
-int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
 /* This function tests if an ENGINE-specific command is usable as a "setting".
 * Eg. in an application's config file that gets processed through
@@ -411,7 +380,7 @@ int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
 * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to
 * use the cmd_name and cmd_optional. */
 int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
-        long i, void *p, void (*f)(void), int cmd_optional);
+        long i, void *p, void (*f)(), int cmd_optional);
 /* This function passes a command-name and argument to an ENGINE. The cmd_name
 * is converted to a command number and the control command is called using
@@ -448,11 +417,8 @@ int ENGINE_set_id(ENGINE *e, const char *id);
 int ENGINE_set_name(ENGINE *e, const char *name);
 int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
 int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
-int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth);
-int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth);
 int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
 int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
-int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth);
 int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
 int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
 int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
@@ -463,11 +429,11 @@ int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
 int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
 int ENGINE_set_flags(ENGINE *e, int flags);
 int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
-/* These functions allow control over any per-structure ENGINE data. */
+/* These functions (and the "get" function lower down) allow control over any
+ * per-structure ENGINE data. */
 int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
                CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
-void *ENGINE_get_ex_data(const ENGINE *e, int idx);
 /* This function cleans up anything that needs it. Eg. the ENGINE_add() function
 * automatically ensures the list cleanup function is registered to be called
@@ -483,11 +449,8 @@ const char *ENGINE_get_id(const ENGINE *e);
 const char *ENGINE_get_name(const ENGINE *e);
 const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
 const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
-const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e);
-const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e);
 const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
 const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
-const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e);
 ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
 ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
 ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
@@ -500,6 +463,7 @@ const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
 const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
 const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
 int ENGINE_get_flags(const ENGINE *e);
+void *ENGINE_get_ex_data(const ENGINE *e, int idx);
 /* FUNCTIONAL functions. These functions deal with ENGINE structures
 * that have (or will) be initialised for use. Broadly speaking, the
@@ -537,8 +501,6 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
 ENGINE *ENGINE_get_default_RSA(void);
 /* Same for the other "methods" */
 ENGINE *ENGINE_get_default_DSA(void);
-ENGINE *ENGINE_get_default_ECDH(void);
-ENGINE *ENGINE_get_default_ECDSA(void);
 ENGINE *ENGINE_get_default_DH(void);
 ENGINE *ENGINE_get_default_RAND(void);
 /* These functions can be used to get a functional reference to perform
@@ -554,8 +516,6 @@ int ENGINE_set_default_RSA(ENGINE *e);
 int ENGINE_set_default_string(ENGINE *e, const char *def_list);
 /* Same for the other "methods" */
 int ENGINE_set_default_DSA(ENGINE *e);
-int ENGINE_set_default_ECDH(ENGINE *e);
-int ENGINE_set_default_ECDSA(ENGINE *e);
 int ENGINE_set_default_DH(ENGINE *e);
 int ENGINE_set_default_RAND(ENGINE *e);
 int ENGINE_set_default_ciphers(ENGINE *e);
@@ -578,20 +538,17 @@ void ENGINE_add_conf_module(void);
 /**************************/
 /* Binary/behaviour compatibility levels */
-#define OSSL_DYNAMIC_VERSION            (unsigned long)0x00020000
+#define OSSL_DYNAMIC_VERSION            (unsigned long)0x00010200
 /* Binary versions older than this are too old for us (whether we're a loader or
 * a loadee) */
-#define OSSL_DYNAMIC_OLDEST             (unsigned long)0x00020000
+#define OSSL_DYNAMIC_OLDEST             (unsigned long)0x00010200
 /* When compiling an ENGINE entirely as an external shared library, loadable by
 * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure
 * type provides the calling application's (or library's) error functionality
 * and memory management function pointers to the loaded library. These should
 * be used/set in the loaded library code so that the loading application's
- * 'state' will be used/changed in all operations. The 'static_state' pointer
+ * 'state' will be used/changed in all operations. */
- * allows the loaded library to know if it shares the same static data as the
- * calling application (or library), and thus whether these callbacks need to be
- * set or not. */
 typedef void *(*dyn_MEM_malloc_cb)(size_t);
 typedef void *(*dyn_MEM_realloc_cb)(void *, size_t);
 typedef void (*dyn_MEM_free_cb)(void *);
@@ -619,7 +576,6 @@ typedef struct st_dynamic_LOCK_fns {
        } dynamic_LOCK_fns;
 /* The top-level structure */
 typedef struct st_dynamic_fns {
-        void                                    *static_state;
        const ERR_FNS                           *err_fns;
        const CRYPTO_EX_DATA_IMPL               *ex_data_fns;
        dynamic_MEM_fns                         mem_fns;
@@ -637,7 +593,7 @@ typedef struct st_dynamic_fns {
 * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */
 typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version);
 #define IMPLEMENT_DYNAMIC_CHECK_FN() \
-        OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \
+        unsigned long v_check(unsigned long v) { \
                if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
                return 0; }
@@ -659,35 +615,24 @@ typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version);
 typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
                                const dynamic_fns *fns);
 #define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
-        OPENSSL_EXPORT \
        int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
-                if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \
+                if (ERR_get_implementation() != fns->err_fns) \
-                if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
+                        { \
-                        fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
+                        if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
-                        return 0; \
+                                fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
-                CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
+                                return 0; \
-                CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
+                        CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
-                CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
+                        CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
-                CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
+                        CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
-                CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
+                        CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
-                if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
+                        CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
-                        return 0; \
+                        if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
-                if(!ERR_set_implementation(fns->err_fns)) return 0; \
+                                return 0; \
-        skip_cbs: \
+                        if(!ERR_set_implementation(fns->err_fns)) return 0; \
+                        } \
                if(!fn(e,id)) return 0; \
                return 1; }
-/* If the loading application (or library) and the loaded ENGINE library share
- * the same static data (eg. they're both dynamically linked to the same
- * libcrypto.so) we need a way to avoid trying to set system callbacks - this
- * would fail, and for the same reason that it's unnecessary to try. If the
- * loaded ENGINE has (or gets from through the loader) its own copy of the
- * libcrypto static data, we will need to set the callbacks. The easiest way to
- * detect this is to have a function that returns a pointer to some static data
- * and let the loading application and loaded ENGINE compare their respective
- * values. */
-void *ENGINE_get_static_state(void);
 #if defined(__OpenBSD__) || defined(__FreeBSD__)
 void ENGINE_setup_bsd_cryptodev(void);
 #endif
@@ -704,7 +649,6 @@ void ERR_load_ENGINE_strings(void);
 #define ENGINE_F_DYNAMIC_CTRL                            180
 #define ENGINE_F_DYNAMIC_GET_DATA_CTX                    181
 #define ENGINE_F_DYNAMIC_LOAD                            182
-#define ENGINE_F_DYNAMIC_SET_DATA_CTX                    183
 #define ENGINE_F_ENGINE_ADD                              105
 #define ENGINE_F_ENGINE_BY_ID                            106
 #define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE                170
@@ -712,7 +656,7 @@ void ERR_load_ENGINE_strings(void);
 #define ENGINE_F_ENGINE_CTRL_CMD                         178
 #define ENGINE_F_ENGINE_CTRL_CMD_STRING                  171
 #define ENGINE_F_ENGINE_FINISH                           107
-#define ENGINE_F_ENGINE_FREE_UTIL                        108
+#define ENGINE_F_ENGINE_FREE                             108
 #define ENGINE_F_ENGINE_GET_CIPHER                       185
 #define ENGINE_F_ENGINE_GET_DEFAULT_TYPE                 177
 #define ENGINE_F_ENGINE_GET_DIGEST                       186
@@ -723,6 +667,7 @@ void ERR_load_ENGINE_strings(void);
 #define ENGINE_F_ENGINE_LIST_REMOVE                      121
 #define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY                 150
 #define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY                  151
+#define ENGINE_F_ENGINE_MODULE_INIT                      187
 #define ENGINE_F_ENGINE_NEW                              122
 #define ENGINE_F_ENGINE_REMOVE                           123
 #define ENGINE_F_ENGINE_SET_DEFAULT_STRING               189
@@ -731,12 +676,11 @@ void ERR_load_ENGINE_strings(void);
 #define ENGINE_F_ENGINE_SET_NAME                         130
 #define ENGINE_F_ENGINE_TABLE_REGISTER                   184
 #define ENGINE_F_ENGINE_UNLOAD_KEY                       152
-#define ENGINE_F_ENGINE_UNLOCKED_FINISH                  191
 #define ENGINE_F_ENGINE_UP_REF                           190
 #define ENGINE_F_INT_CTRL_HELPER                         172
 #define ENGINE_F_INT_ENGINE_CONFIGURE                    188
-#define ENGINE_F_INT_ENGINE_MODULE_INIT                  187
 #define ENGINE_F_LOG_MESSAGE                             141
+#define ENGINE_F_SET_DATA_CTX                            183
 /* Reason codes. */
 #define ENGINE_R_ALREADY_LOADED                          100
diff --git a/src/lib/libcrypto/engine/enginetest.c b/src/lib/libcrypto/engine/enginetest.c
new file mode 100644
index 0000000000..c2d0297392
--- /dev/null
+++ b/src/lib/libcrypto/engine/enginetest.c
@@ -0,0 +1,283 @@
+/* crypto/engine/enginetest.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <string.h>
+#ifdef OPENSSL_NO_ENGINE
+int main(int argc, char *argv[])
+{
+    printf("No ENGINE support\n");
+    return(0);
+}
+#else
+#include <openssl/e_os2.h>
+#include <openssl/buffer.h>
+#include <openssl/crypto.h>
+#include <openssl/engine.h>
+#include <openssl/err.h>
+static void display_engine_list()
+        {
+        ENGINE *h;
+        int loop;
+        h = ENGINE_get_first();
+        loop = 0;
+        printf("listing available engine types\n");
+        while(h)
+                {
+                printf("engine %i, id = \"%s\", name = \"%s\"\n",
+                        loop++, ENGINE_get_id(h), ENGINE_get_name(h));
+                h = ENGINE_get_next(h);
+                }
+        printf("end of list\n");
+        /* ENGINE_get_first() increases the struct_ref counter, so we 
+           must call ENGINE_free() to decrease it again */
+        ENGINE_free(h);
+        }
+int main(int argc, char *argv[])
+        {
+        ENGINE *block[512];
+        char buf[256];
+        const char *id, *name;
+        ENGINE *ptr;
+        int loop;
+        int to_return = 1;
+        ENGINE *new_h1 = NULL;
+        ENGINE *new_h2 = NULL;
+        ENGINE *new_h3 = NULL;
+        ENGINE *new_h4 = NULL;
+        /* enable memory leak checking unless explicitly disabled */
+        if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
+                {
+                CRYPTO_malloc_debug_init();
+                CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+                }
+        else
+                {
+                /* OPENSSL_DEBUG_MEMORY=off */
+                CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+                }
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+        ERR_load_crypto_strings();
+        memset(block, 0, 512 * sizeof(ENGINE *));
+        if(((new_h1 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h1, "test_id0") ||
+                        !ENGINE_set_name(new_h1, "First test item") ||
+                        ((new_h2 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h2, "test_id1") ||
+                        !ENGINE_set_name(new_h2, "Second test item") ||
+                        ((new_h3 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h3, "test_id2") ||
+                        !ENGINE_set_name(new_h3, "Third test item") ||
+                        ((new_h4 = ENGINE_new()) == NULL) ||
+                        !ENGINE_set_id(new_h4, "test_id3") ||
+                        !ENGINE_set_name(new_h4, "Fourth test item"))
+                {
+                printf("Couldn't set up test ENGINE structures\n");
+                goto end;
+                }
+        printf("\nenginetest beginning\n\n");
+        display_engine_list();
+        if(!ENGINE_add(new_h1))
+                {
+                printf("Add failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        ptr = ENGINE_get_first();
+        if(!ENGINE_remove(ptr))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        if (ptr)
+                ENGINE_free(ptr);
+        display_engine_list();
+        if(!ENGINE_add(new_h3) || !ENGINE_add(new_h2))
+                {
+                printf("Add failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(!ENGINE_remove(new_h2))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(!ENGINE_add(new_h4))
+                {
+                printf("Add failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(ENGINE_add(new_h3))
+                {
+                printf("Add *should* have failed but didn't!\n");
+                goto end;
+                }
+        else
+                printf("Add that should fail did.\n");
+        ERR_clear_error();
+        if(ENGINE_remove(new_h2))
+                {
+                printf("Remove *should* have failed but didn't!\n");
+                goto end;
+                }
+        else
+                printf("Remove that should fail did.\n");
+        ERR_clear_error();
+        if(!ENGINE_remove(new_h3))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        if(!ENGINE_remove(new_h4))
+                {
+                printf("Remove failed!\n");
+                goto end;
+                }
+        display_engine_list();
+        /* Depending on whether there's any hardware support compiled
+         * in, this remove may be destined to fail. */
+        ptr = ENGINE_get_first();
+        if(ptr)
+                if(!ENGINE_remove(ptr))
+                        printf("Remove failed!i - probably no hardware "
+                                "support present.\n");
+        if (ptr)
+                ENGINE_free(ptr);
+        display_engine_list();
+        if(!ENGINE_add(new_h1) || !ENGINE_remove(new_h1))
+                {
+                printf("Couldn't add and remove to an empty list!\n");
+                goto end;
+                }
+        else
+                printf("Successfully added and removed to an empty list!\n");
+        printf("About to beef up the engine-type list\n");
+        for(loop = 0; loop < 512; loop++)
+                {
+                sprintf(buf, "id%i", loop);
+                id = BUF_strdup(buf);
+                sprintf(buf, "Fake engine type %i", loop);
+                name = BUF_strdup(buf);
+                if(((block[loop] = ENGINE_new()) == NULL) ||
+                                !ENGINE_set_id(block[loop], id) ||
+                                !ENGINE_set_name(block[loop], name))
+                        {
+                        printf("Couldn't create block of ENGINE structures.\n"
+                                "I'll probably also core-dump now, damn.\n");
+                        goto end;
+                        }
+                }
+        for(loop = 0; loop < 512; loop++)
+                {
+                if(!ENGINE_add(block[loop]))
+                        {
+                        printf("\nAdding stopped at %i, (%s,%s)\n",
+                                loop, ENGINE_get_id(block[loop]),
+                                ENGINE_get_name(block[loop]));
+                        goto cleanup_loop;
+                        }
+                else
+                        printf("."); fflush(stdout);
+                }
+cleanup_loop:
+        printf("\nAbout to empty the engine-type list\n");
+        while((ptr = ENGINE_get_first()) != NULL)
+                {
+                if(!ENGINE_remove(ptr))
+                        {
+                        printf("\nRemove failed!\n");
+                        goto end;
+                        }
+                ENGINE_free(ptr);
+                printf("."); fflush(stdout);
+                }
+        for(loop = 0; loop < 512; loop++)
+                {
+                OPENSSL_free((void *)ENGINE_get_id(block[loop]));
+                OPENSSL_free((void *)ENGINE_get_name(block[loop]));
+                }
+        printf("\nTests completed happily\n");
+        to_return = 0;
+end:
+        if(to_return)
+                ERR_print_errors_fp(stderr);
+        if(new_h1) ENGINE_free(new_h1);
+        if(new_h2) ENGINE_free(new_h2);
+        if(new_h3) ENGINE_free(new_h3);
+        if(new_h4) ENGINE_free(new_h4);
+        for(loop = 0; loop < 512; loop++)
+                if(block[loop])
+                        ENGINE_free(block[loop]);
+        ENGINE_cleanup();
+        CRYPTO_cleanup_all_ex_data();
+        ERR_free_strings();
+        ERR_remove_state(0);
+        CRYPTO_mem_leaks_fp(stderr);
+        return to_return;
+        }
+#endif
diff --git a/src/lib/libcrypto/engine/hw.ec b/src/lib/libcrypto/engine/hw.ec
new file mode 100644
index 0000000000..5481a43918
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw.ec
@@ -0,0 +1,8 @@
+L AEPHK         hw_aep_err.h                    hw_aep_err.c
+L ATALLA        hw_atalla_err.h                 hw_atalla_err.c
+L CSWIFT        hw_cswift_err.h                 hw_cswift_err.c
+L HWCRHK        hw_ncipher_err.h                hw_ncipher_err.c
+L NURON         hw_nuron_err.h                  hw_nuron_err.c
+L SUREWARE      hw_sureware_err.h               hw_sureware_err.c
+L UBSEC         hw_ubsec_err.h                  hw_ubsec_err.c
+L CCA4758       hw_4758_cca_err.h               hw_4758_cca_err.c
diff --git a/src/lib/libcrypto/engine/hw_4758_cca.c b/src/lib/libcrypto/engine/hw_4758_cca.c
new file mode 100644
index 0000000000..4f5ae8a46d
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_4758_cca.c
@@ -0,0 +1,969 @@
+/* Author: Maurice Gittens <maurice@gittens.nl>                       */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <openssl/crypto.h>
+/* #include <openssl/pem.h> */
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/engine.h>
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_4758_CCA
+#ifdef FLAT_INC
+#include "hw_4758_cca.h"
+#else
+#include "vendor_defns/hw_4758_cca.h"
+#endif
+#include "hw_4758_cca_err.c"
+static int ibm_4758_cca_destroy(ENGINE *e);
+static int ibm_4758_cca_init(ENGINE *e);
+static int ibm_4758_cca_finish(ENGINE *e);
+static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+/* rsa functions */
+/*---------------*/
+#ifndef OPENSSL_NO_RSA
+static int cca_rsa_pub_enc(int flen, const unsigned char *from,
+                unsigned char *to, RSA *rsa,int padding);
+static int cca_rsa_priv_dec(int flen, const unsigned char *from,
+                unsigned char *to, RSA *rsa,int padding);
+static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
+                unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
+static int cca_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
+                unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
+/* utility functions */
+/*-----------------------*/
+static EVP_PKEY *ibm_4758_load_privkey(ENGINE*, const char*,
+                UI_METHOD *ui_method, void *callback_data);
+static EVP_PKEY *ibm_4758_load_pubkey(ENGINE*, const char*,
+                UI_METHOD *ui_method, void *callback_data);
+static int getModulusAndExponent(const unsigned char *token, long *exponentLength,
+                unsigned char *exponent, long *modulusLength,
+                long *modulusFieldLength, unsigned char *modulus);
+#endif
+/* RAND number functions */
+/*-----------------------*/
+static int cca_get_random_bytes(unsigned char*, int );
+static int cca_random_status(void);
+static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+                int idx,long argl, void *argp);
+/* Function pointers for CCA verbs */
+/*---------------------------------*/
+#ifndef OPENSSL_NO_RSA
+static F_KEYRECORDREAD keyRecordRead;
+static F_DIGITALSIGNATUREGENERATE digitalSignatureGenerate;
+static F_DIGITALSIGNATUREVERIFY digitalSignatureVerify;
+static F_PUBLICKEYEXTRACT publicKeyExtract;
+static F_PKAENCRYPT pkaEncrypt;
+static F_PKADECRYPT pkaDecrypt;
+#endif
+static F_RANDOMNUMBERGENERATE randomNumberGenerate;
+/* static variables */
+/*------------------*/
+static const char *CCA4758_LIB_NAME = NULL;
+static const char *get_CCA4758_LIB_NAME(void)
+        {
+        if(CCA4758_LIB_NAME)
+                return CCA4758_LIB_NAME;
+        return CCA_LIB_NAME;
+        }
+static void free_CCA4758_LIB_NAME(void)
+        {
+        if(CCA4758_LIB_NAME)
+                OPENSSL_free((void*)CCA4758_LIB_NAME);
+        CCA4758_LIB_NAME = NULL;
+        }
+static long set_CCA4758_LIB_NAME(const char *name)
+        {
+        free_CCA4758_LIB_NAME();
+        return (((CCA4758_LIB_NAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+        }
+#ifndef OPENSSL_NO_RSA
+static const char* n_keyRecordRead = CSNDKRR;
+static const char* n_digitalSignatureGenerate = CSNDDSG;
+static const char* n_digitalSignatureVerify = CSNDDSV;
+static const char* n_publicKeyExtract = CSNDPKX;
+static const char* n_pkaEncrypt = CSNDPKE;
+static const char* n_pkaDecrypt = CSNDPKD;
+#endif
+static const char* n_randomNumberGenerate = CSNBRNG;
+static int hndidx = -1;
+static DSO *dso = NULL;
+/* openssl engine initialization structures */
+/*------------------------------------------*/
+#define CCA4758_CMD_SO_PATH             ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN    cca4758_cmd_defns[] = {
+        {CCA4758_CMD_SO_PATH,
+                "SO_PATH",
+                "Specifies the path to the '4758cca' shared library",
+                ENGINE_CMD_FLAG_STRING},
+        {0, NULL, NULL, 0}
+        };
+#ifndef OPENSSL_NO_RSA
+static RSA_METHOD ibm_4758_cca_rsa =
+        {
+        "IBM 4758 CCA RSA method",
+        cca_rsa_pub_enc,
+        NULL,
+        NULL,
+        cca_rsa_priv_dec,
+        NULL, /*rsa_mod_exp,*/
+        NULL, /*mod_exp_mont,*/
+        NULL, /* init */
+        NULL, /* finish */
+        RSA_FLAG_SIGN_VER,        /* flags */
+        NULL, /* app_data */
+        cca_rsa_sign, /* rsa_sign */
+        cca_rsa_verify  /* rsa_verify */
+        };
+#endif
+static RAND_METHOD ibm_4758_cca_rand =
+        {
+        /* "IBM 4758 RAND method", */
+        NULL, /* seed */
+        cca_get_random_bytes, /* get random bytes from the card */
+        NULL, /* cleanup */
+        NULL, /* add */
+        cca_get_random_bytes, /* pseudo rand */
+        cca_random_status, /* status */
+        };
+static const char *engine_4758_cca_id = "4758cca";
+static const char *engine_4758_cca_name = "IBM 4758 CCA hardware engine support";
+/* engine implementation */
+/*-----------------------*/
+static int bind_helper(ENGINE *e)
+        {
+        if(!ENGINE_set_id(e, engine_4758_cca_id) ||
+                        !ENGINE_set_name(e, engine_4758_cca_name) ||
+#ifndef OPENSSL_NO_RSA
+                        !ENGINE_set_RSA(e, &ibm_4758_cca_rsa) ||
+#endif
+                        !ENGINE_set_RAND(e, &ibm_4758_cca_rand) ||
+                        !ENGINE_set_destroy_function(e, ibm_4758_cca_destroy) ||
+                        !ENGINE_set_init_function(e, ibm_4758_cca_init) ||
+                        !ENGINE_set_finish_function(e, ibm_4758_cca_finish) ||
+                        !ENGINE_set_ctrl_function(e, ibm_4758_cca_ctrl) ||
+                        !ENGINE_set_load_privkey_function(e, ibm_4758_load_privkey) ||
+                        !ENGINE_set_load_pubkey_function(e, ibm_4758_load_pubkey) ||
+                        !ENGINE_set_cmd_defns(e, cca4758_cmd_defns))
+                return 0;
+        /* Ensure the error handling is set up */
+        ERR_load_CCA4758_strings();
+        return 1;
+        }
+#ifndef ENGINE_DYNAMIC_SUPPORT
+static ENGINE *engine_4758_cca(void)
+        {
+        ENGINE *ret = ENGINE_new();
+        if(!ret)
+                return NULL;
+        if(!bind_helper(ret))
+                {
+                ENGINE_free(ret);
+                return NULL;
+                }
+        return ret;
+        }
+void ENGINE_load_4758cca(void)
+        {
+        ENGINE *e_4758 = engine_4758_cca();
+        if (!e_4758) return;
+        ENGINE_add(e_4758);
+        ENGINE_free(e_4758);
+        ERR_clear_error();   
+        }
+#endif
+static int ibm_4758_cca_destroy(ENGINE *e)
+        {
+        ERR_unload_CCA4758_strings();
+        free_CCA4758_LIB_NAME();
+        return 1;
+        }
+static int ibm_4758_cca_init(ENGINE *e)
+        {
+        if(dso)
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_ALREADY_LOADED);
+                goto err;
+                }
+        dso = DSO_load(NULL, get_CCA4758_LIB_NAME(), NULL, 0);
+        if(!dso)
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);
+                goto err;
+                }
+#ifndef OPENSSL_NO_RSA
+        if(!(keyRecordRead = (F_KEYRECORDREAD)
+                                DSO_bind_func(dso, n_keyRecordRead)) ||
+                        !(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)
+                                DSO_bind_func(dso, n_randomNumberGenerate)) ||
+                        !(digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)
+                                DSO_bind_func(dso, n_digitalSignatureGenerate)) ||
+                        !(digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)
+                                DSO_bind_func(dso, n_digitalSignatureVerify)) ||
+                        !(publicKeyExtract = (F_PUBLICKEYEXTRACT)
+                                DSO_bind_func(dso, n_publicKeyExtract)) ||
+                        !(pkaEncrypt = (F_PKAENCRYPT)
+                                DSO_bind_func(dso, n_pkaEncrypt)) ||
+                        !(pkaDecrypt = (F_PKADECRYPT)
+                                DSO_bind_func(dso, n_pkaDecrypt)))
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);
+                goto err;
+                }
+#else
+        if(!(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)
+                                DSO_bind_func(dso, n_randomNumberGenerate)))
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);
+                goto err;
+                }
+#endif
+        hndidx = RSA_get_ex_new_index(0, "IBM 4758 CCA RSA key handle",
+                NULL, NULL, cca_ex_free);
+        return 1;
+err:
+        if(dso)
+                DSO_free(dso);
+        dso = NULL;
+        keyRecordRead = (F_KEYRECORDREAD)0;
+        randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
+        digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0;
+        digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
+        publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
+        pkaEncrypt = (F_PKAENCRYPT)0;
+        pkaDecrypt = (F_PKADECRYPT)0;
+        return 0;
+        }
+static int ibm_4758_cca_finish(ENGINE *e)
+        {
+        free_CCA4758_LIB_NAME();
+        if(!dso)
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH,
+                                CCA4758_R_NOT_LOADED);
+                return 0;
+                }
+        if(!DSO_free(dso))
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH,
+                                CCA4758_R_UNIT_FAILURE);
+                return 0;
+                }
+        dso = NULL;
+        keyRecordRead = (F_KEYRECORDREAD)0;
+        randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
+        digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0;
+        digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
+        publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
+        pkaEncrypt = (F_PKAENCRYPT)0;
+        pkaDecrypt = (F_PKADECRYPT)0;
+        return 1;
+        }
+static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+        {
+        int initialised = ((dso == NULL) ? 0 : 1);
+        switch(cmd)
+                {
+        case CCA4758_CMD_SO_PATH:
+                if(p == NULL)
+                        {
+                        CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
+                                        ERR_R_PASSED_NULL_PARAMETER);
+                        return 0;
+                        }
+                if(initialised)
+                        {
+                        CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
+                                        CCA4758_R_ALREADY_LOADED);
+                        return 0;
+                        }
+                return set_CCA4758_LIB_NAME((const char *)p);
+        default:
+                break;
+                }
+        CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
+                        CCA4758_R_COMMAND_NOT_IMPLEMENTED);
+        return 0;
+        }
+#ifndef OPENSSL_NO_RSA
+#define MAX_CCA_PKA_TOKEN_SIZE 2500
+static EVP_PKEY *ibm_4758_load_privkey(ENGINE* e, const char* key_id,
+                        UI_METHOD *ui_method, void *callback_data)
+        {
+        RSA *rtmp = NULL;
+        EVP_PKEY *res = NULL;
+        unsigned char* keyToken = NULL;
+        unsigned char pubKeyToken[MAX_CCA_PKA_TOKEN_SIZE];
+        long pubKeyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
+        long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
+        long returnCode;
+        long reasonCode;
+        long exitDataLength = 0;
+        long ruleArrayLength = 0;
+        unsigned char exitData[8];
+        unsigned char ruleArray[8];
+        unsigned char keyLabel[64];
+        long keyLabelLength = strlen(key_id);
+        unsigned char modulus[256];
+        long modulusFieldLength = sizeof(modulus);
+        long modulusLength = 0;
+        unsigned char exponent[256];
+        long exponentLength = sizeof(exponent);
+        if (keyLabelLength > sizeof(keyLabel))
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+                CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+                return NULL;
+                }
+        memset(keyLabel,' ', sizeof(keyLabel));
+        memcpy(keyLabel, key_id, keyLabelLength);
+        keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
+        if (!keyToken)
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+                                ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        keyRecordRead(&returnCode, &reasonCode, &exitDataLength,
+                exitData, &ruleArrayLength, ruleArray, keyLabel,
+                &keyTokenLength, keyToken+sizeof(long));
+        if (returnCode)
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+                        CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
+                goto err;
+                }
+        publicKeyExtract(&returnCode, &reasonCode, &exitDataLength,
+                exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
+                keyToken+sizeof(long), &pubKeyTokenLength, pubKeyToken);
+        if (returnCode)
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+                        CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
+                goto err;
+                }
+        if (!getModulusAndExponent(pubKeyToken, &exponentLength,
+                        exponent, &modulusLength, &modulusFieldLength,
+                        modulus))
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+                        CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
+                goto err;
+                }
+        (*(long*)keyToken) = keyTokenLength;
+        rtmp = RSA_new_method(e);
+        RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
+        rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
+        rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
+        rtmp->flags |= RSA_FLAG_EXT_PKEY;
+        res = EVP_PKEY_new();
+        EVP_PKEY_assign_RSA(res, rtmp);
+        return res;
+err:
+        if (keyToken)
+                OPENSSL_free(keyToken);
+        if (res)
+                EVP_PKEY_free(res);
+        if (rtmp)
+                RSA_free(rtmp);
+        return NULL;
+        }
+static EVP_PKEY *ibm_4758_load_pubkey(ENGINE* e, const char* key_id,
+                        UI_METHOD *ui_method, void *callback_data)
+        {
+        RSA *rtmp = NULL;
+        EVP_PKEY *res = NULL;
+        unsigned char* keyToken = NULL;
+        long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
+        long returnCode;
+        long reasonCode;
+        long exitDataLength = 0;
+        long ruleArrayLength = 0;
+        unsigned char exitData[8];
+        unsigned char ruleArray[8];
+        unsigned char keyLabel[64];
+        long keyLabelLength = strlen(key_id);
+        unsigned char modulus[512];
+        long modulusFieldLength = sizeof(modulus);
+        long modulusLength = 0;
+        unsigned char exponent[512];
+        long exponentLength = sizeof(exponent);
+        if (keyLabelLength > sizeof(keyLabel))
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+                        CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+                return NULL;
+                }
+        memset(keyLabel,' ', sizeof(keyLabel));
+        memcpy(keyLabel, key_id, keyLabelLength);
+        keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
+        if (!keyToken)
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PUBKEY,
+                                ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        keyRecordRead(&returnCode, &reasonCode, &exitDataLength, exitData,
+                &ruleArrayLength, ruleArray, keyLabel, &keyTokenLength,
+                keyToken+sizeof(long));
+        if (returnCode)
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+                                ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        if (!getModulusAndExponent(keyToken+sizeof(long), &exponentLength,
+                        exponent, &modulusLength, &modulusFieldLength, modulus))
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+                        CCA4758_R_FAILED_LOADING_PUBLIC_KEY);
+                goto err;
+                }
+        (*(long*)keyToken) = keyTokenLength;
+        rtmp = RSA_new_method(e);
+        RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
+        rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
+        rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
+        rtmp->flags |= RSA_FLAG_EXT_PKEY;
+        res = EVP_PKEY_new();
+        EVP_PKEY_assign_RSA(res, rtmp);
+        return res;
+err:
+        if (keyToken)
+                OPENSSL_free(keyToken);
+        if (res)
+                EVP_PKEY_free(res);
+        if (rtmp)
+                RSA_free(rtmp);
+        return NULL;
+        }
+static int cca_rsa_pub_enc(int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa,int padding)
+        {
+        long returnCode;
+        long reasonCode;
+        long lflen = flen;
+        long exitDataLength = 0;
+        unsigned char exitData[8];
+        long ruleArrayLength = 1;
+        unsigned char ruleArray[8] = "PKCS-1.2";
+        long dataStructureLength = 0;
+        unsigned char dataStructure[8];
+        long outputLength = RSA_size(rsa);
+        long keyTokenLength;
+        unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
+        keyTokenLength = *(long*)keyToken;
+        keyToken+=sizeof(long);
+        pkaEncrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
+                &ruleArrayLength, ruleArray, &lflen, (unsigned char*)from,
+                &dataStructureLength, dataStructure, &keyTokenLength,
+                keyToken, &outputLength, to);
+        if (returnCode || reasonCode)
+                return -(returnCode << 16 | reasonCode);
+        return outputLength;
+        }
+static int cca_rsa_priv_dec(int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa,int padding)
+        {
+        long returnCode;
+        long reasonCode;
+        long lflen = flen;
+        long exitDataLength = 0;
+        unsigned char exitData[8];
+        long ruleArrayLength = 1;
+        unsigned char ruleArray[8] = "PKCS-1.2";
+        long dataStructureLength = 0;
+        unsigned char dataStructure[8];
+        long outputLength = RSA_size(rsa);
+        long keyTokenLength;
+        unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
+        keyTokenLength = *(long*)keyToken;
+        keyToken+=sizeof(long);
+        pkaDecrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
+                &ruleArrayLength, ruleArray, &lflen, (unsigned char*)from,
+                &dataStructureLength, dataStructure, &keyTokenLength,
+                keyToken, &outputLength, to);
+        return (returnCode | reasonCode) ? 0 : 1;
+        }
+#define SSL_SIG_LEN 36
+static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
+                unsigned char *sigbuf, unsigned int siglen, const RSA *rsa)
+        {
+        long returnCode;
+        long reasonCode;
+        long lsiglen = siglen;
+        long exitDataLength = 0;
+        unsigned char exitData[8];
+        long ruleArrayLength = 1;
+        unsigned char ruleArray[8] = "PKCS-1.1";
+        long keyTokenLength;
+        unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
+        long length = SSL_SIG_LEN;
+        long keyLength ;
+        unsigned char *hashBuffer = NULL;
+        X509_SIG sig;
+        ASN1_TYPE parameter;
+        X509_ALGOR algorithm;
+        ASN1_OCTET_STRING digest;
+        keyTokenLength = *(long*)keyToken;
+        keyToken+=sizeof(long);
+        if (type == NID_md5 || type == NID_sha1)
+                {
+                sig.algor = &algorithm;
+                algorithm.algorithm = OBJ_nid2obj(type);
+                if (!algorithm.algorithm)
+                        {
+                        CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+                                CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
+                        return 0;
+                        }
+                if (!algorithm.algorithm->length)
+                        {
+                        CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+                                CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
+                        return 0;
+                        }
+                parameter.type = V_ASN1_NULL;
+                parameter.value.ptr = NULL;
+                algorithm.parameter = &parameter;
+                sig.digest = &digest;
+                sig.digest->data = (unsigned char*)m;
+                sig.digest->length = m_len;
+                length = i2d_X509_SIG(&sig, NULL);
+                }
+        keyLength = RSA_size(rsa);
+        if (length - RSA_PKCS1_PADDING > keyLength)
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+                        CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+                return 0;
+                }
+        switch (type)
+                {
+                case NID_md5_sha1 :
+                        if (m_len != SSL_SIG_LEN)
+                                {
+                                CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+                                CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+                                return 0;
+                                }
+                        hashBuffer = (unsigned char *)m;
+                        length = m_len;
+                        break;
+                case NID_md5 :
+                        {
+                        unsigned char *ptr;
+                        ptr = hashBuffer = OPENSSL_malloc(
+                                        (unsigned int)keyLength+1);
+                        if (!hashBuffer)
+                                {
+                                CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+                                                ERR_R_MALLOC_FAILURE);
+                                return 0;
+                                }
+                        i2d_X509_SIG(&sig, &ptr);
+                        }
+                        break;
+                case NID_sha1 :
+                        {
+                        unsigned char *ptr;
+                        ptr = hashBuffer = OPENSSL_malloc(
+                                        (unsigned int)keyLength+1);
+                        if (!hashBuffer)
+                                {
+                                CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+                                                ERR_R_MALLOC_FAILURE);
+                                return 0;
+                                }
+                        i2d_X509_SIG(&sig, &ptr);
+                        }
+                        break;
+                default:
+                        return 0;
+                }
+        digitalSignatureVerify(&returnCode, &reasonCode, &exitDataLength,
+                exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
+                keyToken, &length, hashBuffer, &lsiglen, sigbuf);
+        if (type == NID_sha1 || type == NID_md5)
+                {
+                OPENSSL_cleanse(hashBuffer, keyLength+1);
+                OPENSSL_free(hashBuffer);
+                }
+        return ((returnCode || reasonCode) ? 0 : 1);
+        }
+#define SSL_SIG_LEN 36
+static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
+                unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
+        {
+        long returnCode;
+        long reasonCode;
+        long exitDataLength = 0;
+        unsigned char exitData[8];
+        long ruleArrayLength = 1;
+        unsigned char ruleArray[8] = "PKCS-1.1";
+        long outputLength=256;
+        long outputBitLength;
+        long keyTokenLength;
+        unsigned char *hashBuffer = NULL;
+        unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
+        long length = SSL_SIG_LEN;
+        long keyLength ;
+        X509_SIG sig;
+        ASN1_TYPE parameter;
+        X509_ALGOR algorithm;
+        ASN1_OCTET_STRING digest;
+        keyTokenLength = *(long*)keyToken;
+        keyToken+=sizeof(long);
+        if (type == NID_md5 || type == NID_sha1)
+                {
+                sig.algor = &algorithm;
+                algorithm.algorithm = OBJ_nid2obj(type);
+                if (!algorithm.algorithm)
+                        {
+                        CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN,
+                                CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
+                        return 0;
+                        }
+                if (!algorithm.algorithm->length)
+                        {
+                        CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN,
+                                CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
+                        return 0;
+                        }
+                parameter.type = V_ASN1_NULL;
+                parameter.value.ptr = NULL;
+                algorithm.parameter = &parameter;
+                sig.digest = &digest;
+                sig.digest->data = (unsigned char*)m;
+                sig.digest->length = m_len;
+                length = i2d_X509_SIG(&sig, NULL);
+                }
+        keyLength = RSA_size(rsa);
+        if (length - RSA_PKCS1_PADDING > keyLength)
+                {
+                CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN,
+                        CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+                return 0;
+                }
+        switch (type)
+                {
+                case NID_md5_sha1 :
+                        if (m_len != SSL_SIG_LEN)
+                                {
+                                CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN,
+                                CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+                                return 0;
+                                }
+                        hashBuffer = (unsigned char*)m;
+                        length = m_len;
+                        break;
+                case NID_md5 :
+                        {
+                        unsigned char *ptr;
+                        ptr = hashBuffer = OPENSSL_malloc(
+                                        (unsigned int)keyLength+1);
+                        if (!hashBuffer)
+                                {
+                                CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+                                                ERR_R_MALLOC_FAILURE);
+                                return 0;
+                                }
+                        i2d_X509_SIG(&sig, &ptr);
+                        }
+                        break;
+                case NID_sha1 :
+                        {
+                        unsigned char *ptr;
+                        ptr = hashBuffer = OPENSSL_malloc(
+                                        (unsigned int)keyLength+1);
+                        if (!hashBuffer)
+                                {
+                                CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+                                                ERR_R_MALLOC_FAILURE);
+                                return 0;
+                                }
+                        i2d_X509_SIG(&sig, &ptr);
+                        }
+                        break;
+                default:
+                        return 0;
+                }
+        digitalSignatureGenerate(&returnCode, &reasonCode, &exitDataLength,
+                exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
+                keyToken, &length, hashBuffer, &outputLength, &outputBitLength,
+                sigret);
+        if (type == NID_sha1 || type == NID_md5)
+                {
+                OPENSSL_cleanse(hashBuffer, keyLength+1);
+                OPENSSL_free(hashBuffer);
+                }
+        *siglen = outputLength;
+        return ((returnCode || reasonCode) ? 0 : 1);
+        }
+static int getModulusAndExponent(const unsigned char*token, long *exponentLength,
+                unsigned char *exponent, long *modulusLength, long *modulusFieldLength,
+                unsigned char *modulus)
+        {
+        unsigned long len;
+        if (*token++ != (char)0x1E) /* internal PKA token? */
+                return 0;
+        if (*token++) /* token version must be zero */
+                return 0;
+        len = *token++;
+        len = len << 8;
+        len |= (unsigned char)*token++;
+        token += 4; /* skip reserved bytes */
+        if (*token++ == (char)0x04)
+                {
+                if (*token++) /* token version must be zero */
+                        return 0;
+                len = *token++;
+                len = len << 8;
+                len |= (unsigned char)*token++;
+                token+=2; /* skip reserved section */
+                len = *token++;
+                len = len << 8;
+                len |= (unsigned char)*token++;
+                *exponentLength = len;
+                len = *token++;
+                len = len << 8;
+                len |= (unsigned char)*token++;
+                *modulusLength = len;
+                len = *token++;
+                len = len << 8;
+                len |= (unsigned char)*token++;
+                *modulusFieldLength = len;
+                memcpy(exponent, token, *exponentLength);
+                token+= *exponentLength;
+                memcpy(modulus, token, *modulusFieldLength);
+                return 1;
+                }
+        return 0;
+        }
+#endif /* OPENSSL_NO_RSA */
+static int cca_random_status(void)
+        {
+        return 1;
+        }
+static int cca_get_random_bytes(unsigned char* buf, int num)
+        {
+        long ret_code;
+        long reason_code;
+        long exit_data_length;
+        unsigned char exit_data[4];
+        unsigned char form[] = "RANDOM  ";
+        unsigned char rand_buf[8];
+        while(num >= sizeof(rand_buf))
+                {
+                randomNumberGenerate(&ret_code, &reason_code, &exit_data_length,
+                        exit_data, form, rand_buf);
+                if (ret_code)
+                        return 0;
+                num -= sizeof(rand_buf);
+                memcpy(buf, rand_buf, sizeof(rand_buf));
+                buf += sizeof(rand_buf);
+                }
+        if (num)
+                {
+                randomNumberGenerate(&ret_code, &reason_code, NULL, NULL,
+                        form, rand_buf);
+                if (ret_code)
+                        return 0;
+                memcpy(buf, rand_buf, num);
+                }
+        return 1;
+        }
+static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx,
+                long argl, void *argp)
+        {
+        if (item)
+                OPENSSL_free(item);
+        }
+/* Goo to handle building as a dynamic engine */
+#ifdef ENGINE_DYNAMIC_SUPPORT 
+static int bind_fn(ENGINE *e, const char *id)
+        {
+        if(id && (strcmp(id, engine_4758_cca_id) != 0))
+                return 0;
+        if(!bind_helper(e))
+                return 0;
+        return 1;
+        }       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+#endif /* !OPENSSL_NO_HW_4758_CCA */
+#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_4758_cca_err.c b/src/lib/libcrypto/engine/hw_4758_cca_err.c
new file mode 100644
index 0000000000..7ea5c63707
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_4758_cca_err.c
@@ -0,0 +1,149 @@
+/* hw_4758_cca_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_4758_cca_err.h"
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA CCA4758_str_functs[]=
+        {
+{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_CTRL,0),     "IBM_4758_CCA_CTRL"},
+{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_FINISH,0),   "IBM_4758_CCA_FINISH"},
+{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_INIT,0),     "IBM_4758_CCA_INIT"},
+{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,0),     "IBM_4758_CCA_LOAD_PRIVKEY"},
+{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_LOAD_PUBKEY,0),      "IBM_4758_CCA_LOAD_PUBKEY"},
+{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_SIGN,0),     "IBM_4758_CCA_SIGN"},
+{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_VERIFY,0),   "IBM_4758_CCA_VERIFY"},
+{0,NULL}
+        };
+static ERR_STRING_DATA CCA4758_str_reasons[]=
+        {
+{CCA4758_R_ALREADY_LOADED                ,"already loaded"},
+{CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD       ,"asn1 oid unknown for md"},
+{CCA4758_R_COMMAND_NOT_IMPLEMENTED       ,"command not implemented"},
+{CCA4758_R_DSO_FAILURE                   ,"dso failure"},
+{CCA4758_R_FAILED_LOADING_PRIVATE_KEY    ,"failed loading private key"},
+{CCA4758_R_FAILED_LOADING_PUBLIC_KEY     ,"failed loading public key"},
+{CCA4758_R_NOT_LOADED                    ,"not loaded"},
+{CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL   ,"size too large or too small"},
+{CCA4758_R_UNIT_FAILURE                  ,"unit failure"},
+{CCA4758_R_UNKNOWN_ALGORITHM_TYPE        ,"unknown algorithm type"},
+{0,NULL}
+        };
+#endif
+#ifdef CCA4758_LIB_NAME
+static ERR_STRING_DATA CCA4758_lib_name[]=
+        {
+{0      ,CCA4758_LIB_NAME},
+{0,NULL}
+        };
+#endif
+static int CCA4758_lib_error_code=0;
+static int CCA4758_error_init=1;
+static void ERR_load_CCA4758_strings(void)
+        {
+        if (CCA4758_lib_error_code == 0)
+                CCA4758_lib_error_code=ERR_get_next_error_library();
+        if (CCA4758_error_init)
+                {
+                CCA4758_error_init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(CCA4758_lib_error_code,CCA4758_str_functs);
+                ERR_load_strings(CCA4758_lib_error_code,CCA4758_str_reasons);
+#endif
+#ifdef CCA4758_LIB_NAME
+                CCA4758_lib_name->error = ERR_PACK(CCA4758_lib_error_code,0,0);
+                ERR_load_strings(0,CCA4758_lib_name);
+#endif
+                }
+        }
+static void ERR_unload_CCA4758_strings(void)
+        {
+        if (CCA4758_error_init == 0)
+                {
+#ifndef OPENSSL_NO_ERR
+                ERR_unload_strings(CCA4758_lib_error_code,CCA4758_str_functs);
+                ERR_unload_strings(CCA4758_lib_error_code,CCA4758_str_reasons);
+#endif
+#ifdef CCA4758_LIB_NAME
+                ERR_unload_strings(0,CCA4758_lib_name);
+#endif
+                CCA4758_error_init=1;
+                }
+        }
+static void ERR_CCA4758_error(int function, int reason, char *file, int line)
+        {
+        if (CCA4758_lib_error_code == 0)
+                CCA4758_lib_error_code=ERR_get_next_error_library();
+        ERR_PUT_error(CCA4758_lib_error_code,function,reason,file,line);
+        }
diff --git a/src/lib/libcrypto/engine/hw_4758_cca_err.h b/src/lib/libcrypto/engine/hw_4758_cca_err.h
new file mode 100644
index 0000000000..2fc563ab11
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_4758_cca_err.h
@@ -0,0 +1,93 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_CCA4758_ERR_H
+#define HEADER_CCA4758_ERR_H
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_CCA4758_strings(void);
+static void ERR_unload_CCA4758_strings(void);
+static void ERR_CCA4758_error(int function, int reason, char *file, int line);
+#define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__)
+/* Error codes for the CCA4758 functions. */
+/* Function codes. */
+#define CCA4758_F_IBM_4758_CCA_CTRL                      100
+#define CCA4758_F_IBM_4758_CCA_FINISH                    101
+#define CCA4758_F_IBM_4758_CCA_INIT                      102
+#define CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY              103
+#define CCA4758_F_IBM_4758_CCA_LOAD_PUBKEY               104
+#define CCA4758_F_IBM_4758_CCA_SIGN                      105
+#define CCA4758_F_IBM_4758_CCA_VERIFY                    106
+/* Reason codes. */
+#define CCA4758_R_ALREADY_LOADED                         100
+#define CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD                101
+#define CCA4758_R_COMMAND_NOT_IMPLEMENTED                102
+#define CCA4758_R_DSO_FAILURE                            103
+#define CCA4758_R_FAILED_LOADING_PRIVATE_KEY             104
+#define CCA4758_R_FAILED_LOADING_PUBLIC_KEY              105
+#define CCA4758_R_NOT_LOADED                             106
+#define CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL            107
+#define CCA4758_R_UNIT_FAILURE                           108
+#define CCA4758_R_UNKNOWN_ALGORITHM_TYPE                 109
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/engine/hw_aep.c b/src/lib/libcrypto/engine/hw_aep.c
new file mode 100644
index 0000000000..5f1772ea99
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_aep.c
@@ -0,0 +1,1120 @@
+/* crypto/engine/hw_aep.c */
+/*
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <openssl/bn.h>
+#include <string.h>
+#include <openssl/e_os2.h>
+#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
+#include <sys/types.h>
+#include <unistd.h>
+#else
+#include <process.h>
+typedef int pid_t;
+#endif
+#include <openssl/crypto.h>
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+#include <openssl/buffer.h>
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_AEP
+#ifdef FLAT_INC
+#include "aep.h"
+#else
+#include "vendor_defns/aep.h"
+#endif
+#define AEP_LIB_NAME "aep engine"
+#define FAIL_TO_SW 0x10101010
+#include "hw_aep_err.c"
+static int aep_init(ENGINE *e);
+static int aep_finish(ENGINE *e);
+static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+static int aep_destroy(ENGINE *e);
+static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR hConnection);
+static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection);
+static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection);
+static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use);
+/* BIGNUM stuff */
+static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+        const BIGNUM *m, BN_CTX *ctx);
+static AEP_RV aep_mod_exp_crt(BIGNUM *r,const  BIGNUM *a, const BIGNUM *p,
+        const BIGNUM *q, const BIGNUM *dmp1,const BIGNUM *dmq1,
+        const BIGNUM *iqmp, BN_CTX *ctx);
+/* RSA stuff */
+#ifndef OPENSSL_NO_RSA
+static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+#endif
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+/* DSA stuff */
+#ifndef OPENSSL_NO_DSA
+static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+        BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+        BN_CTX *ctx, BN_MONT_CTX *in_mont);
+static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+        const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+        BN_MONT_CTX *m_ctx);
+#endif
+/* DH stuff */
+/* This function is aliased to mod_exp (with the DH and mont dropped). */
+#ifndef OPENSSL_NO_DH
+static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+        const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#endif
+/* rand stuff   */
+#ifdef AEPRAND
+static int aep_rand(unsigned char *buf, int num);
+static int aep_rand_status(void);
+#endif
+/* Bignum conversion stuff */
+static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize);
+static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
+        unsigned char* AEP_BigNum);
+static AEP_RV ConvertAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize,
+        unsigned char* AEP_BigNum);
+/* The definitions for control commands specific to this engine */
+#define AEP_CMD_SO_PATH         ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN aep_cmd_defns[] =
+        {
+        { AEP_CMD_SO_PATH,
+          "SO_PATH",
+          "Specifies the path to the 'aep' shared library",
+          ENGINE_CMD_FLAG_STRING
+        },
+        {0, NULL, NULL, 0}
+        };
+#ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD aep_rsa =
+        {
+        "Aep RSA method",
+        NULL,                /*rsa_pub_encrypt*/
+        NULL,                /*rsa_pub_decrypt*/
+        NULL,                /*rsa_priv_encrypt*/
+        NULL,                /*rsa_priv_encrypt*/
+        aep_rsa_mod_exp,     /*rsa_mod_exp*/
+        aep_mod_exp_mont,    /*bn_mod_exp*/
+        NULL,                /*init*/
+        NULL,                /*finish*/
+        0,                   /*flags*/
+        NULL,                /*app_data*/
+        NULL,                /*rsa_sign*/
+        NULL                 /*rsa_verify*/
+        };
+#endif
+#ifndef OPENSSL_NO_DSA
+/* Our internal DSA_METHOD that we provide pointers to */
+static DSA_METHOD aep_dsa =
+        {
+        "Aep DSA method",
+        NULL,                /* dsa_do_sign */
+        NULL,                /* dsa_sign_setup */
+        NULL,                /* dsa_do_verify */
+        aep_dsa_mod_exp,     /* dsa_mod_exp */
+        aep_mod_exp_dsa,     /* bn_mod_exp */
+        NULL,                /* init */
+        NULL,                /* finish */
+        0,                   /* flags */
+        NULL                 /* app_data */
+        };
+#endif
+#ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD aep_dh =
+        {
+        "Aep DH method",
+        NULL,
+        NULL,
+        aep_mod_exp_dh,
+        NULL,
+        NULL,
+        0,
+        NULL
+        };
+#endif
+#ifdef AEPRAND
+/* our internal RAND_method that we provide pointers to  */
+static RAND_METHOD aep_random =
+        {
+        /*"AEP RAND method", */
+        NULL,
+        aep_rand,
+        NULL,
+        NULL,
+        aep_rand,
+        aep_rand_status,
+        };
+#endif
+/*Define an array of structures to hold connections*/
+static AEP_CONNECTION_ENTRY aep_app_conn_table[MAX_PROCESS_CONNECTIONS];
+/*Used to determine if this is a new process*/
+static pid_t    recorded_pid = 0;
+#ifdef AEPRAND
+static AEP_U8   rand_block[RAND_BLK_SIZE];
+static AEP_U32  rand_block_bytes = 0;
+#endif
+/* Constants used when creating the ENGINE */
+static const char *engine_aep_id = "aep";
+static const char *engine_aep_name = "Aep hardware engine support";
+static int max_key_len = 2176;
+/* This internal function is used by ENGINE_aep() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_aep(ENGINE *e)
+        {
+#ifndef OPENSSL_NO_RSA
+        const RSA_METHOD  *meth1;
+#endif
+#ifndef OPENSSL_NO_DSA
+        const DSA_METHOD  *meth2;
+#endif
+#ifndef OPENSSL_NO_DH
+        const DH_METHOD   *meth3;
+#endif
+        if(!ENGINE_set_id(e, engine_aep_id) ||
+                !ENGINE_set_name(e, engine_aep_name) ||
+#ifndef OPENSSL_NO_RSA
+                !ENGINE_set_RSA(e, &aep_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DSA
+                !ENGINE_set_DSA(e, &aep_dsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
+                !ENGINE_set_DH(e, &aep_dh) ||
+#endif
+#ifdef AEPRAND
+                !ENGINE_set_RAND(e, &aep_random) ||
+#endif
+                !ENGINE_set_init_function(e, aep_init) ||
+                !ENGINE_set_destroy_function(e, aep_destroy) ||
+                !ENGINE_set_finish_function(e, aep_finish) ||
+                !ENGINE_set_ctrl_function(e, aep_ctrl) ||
+                !ENGINE_set_cmd_defns(e, aep_cmd_defns))
+                return 0;
+#ifndef OPENSSL_NO_RSA
+        /* We know that the "PKCS1_SSLeay()" functions hook properly
+         * to the aep-specific mod_exp and mod_exp_crt so we use
+         * those functions. NB: We don't use ENGINE_openssl() or
+         * anything "more generic" because something like the RSAref
+         * code may not hook properly, and if you own one of these
+         * cards then you have the right to do RSA operations on it
+         * anyway! */
+        meth1 = RSA_PKCS1_SSLeay();
+        aep_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+        aep_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+        aep_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+        aep_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+#endif
+#ifndef OPENSSL_NO_DSA
+        /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
+         * bits. */
+        meth2 = DSA_OpenSSL();
+        aep_dsa.dsa_do_sign    = meth2->dsa_do_sign;
+        aep_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
+        aep_dsa.dsa_do_verify  = meth2->dsa_do_verify;
+        aep_dsa = *DSA_get_default_method(); 
+        aep_dsa.dsa_mod_exp = aep_dsa_mod_exp; 
+        aep_dsa.bn_mod_exp = aep_mod_exp_dsa;
+#endif
+#ifndef OPENSSL_NO_DH
+        /* Much the same for Diffie-Hellman */
+        meth3 = DH_OpenSSL();
+        aep_dh.generate_key = meth3->generate_key;
+        aep_dh.compute_key  = meth3->compute_key;
+        aep_dh.bn_mod_exp   = meth3->bn_mod_exp;
+#endif
+        /* Ensure the aep error handling is set up */
+        ERR_load_AEPHK_strings();
+        return 1;
+}
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_helper(ENGINE *e, const char *id)
+        {
+        if(id && (strcmp(id, engine_aep_id) != 0))
+                return 0;
+        if(!bind_aep(e))
+                return 0;
+        return 1;
+        }       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+#else
+static ENGINE *engine_aep(void)
+        {
+        ENGINE *ret = ENGINE_new();
+        if(!ret)
+                return NULL;
+        if(!bind_aep(ret))
+                {
+                ENGINE_free(ret);
+                return NULL;
+                }
+        return ret;
+        }
+void ENGINE_load_aep(void)
+        {
+        /* Copied from eng_[openssl|dyn].c */
+        ENGINE *toadd = engine_aep();
+        if(!toadd) return;
+        ENGINE_add(toadd);
+        ENGINE_free(toadd);
+        ERR_clear_error();
+        }
+#endif
+/* This is a process-global DSO handle used for loading and unloading
+ * the Aep library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *aep_dso = NULL;
+/* These are the static string constants for the DSO file name and the function
+ * symbol names to bind to. 
+*/
+static const char *AEP_LIBNAME = NULL;
+static const char *get_AEP_LIBNAME(void)
+        {
+        if(AEP_LIBNAME)
+                return AEP_LIBNAME;
+        return "aep";
+        }
+static void free_AEP_LIBNAME(void)
+        {
+        if(AEP_LIBNAME)
+                OPENSSL_free((void*)AEP_LIBNAME);
+        AEP_LIBNAME = NULL;
+        }
+static long set_AEP_LIBNAME(const char *name)
+        {
+        free_AEP_LIBNAME();
+        return ((AEP_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
+        }
+static const char *AEP_F1    = "AEP_ModExp";
+static const char *AEP_F2    = "AEP_ModExpCrt";
+#ifdef AEPRAND
+static const char *AEP_F3    = "AEP_GenRandom";
+#endif
+static const char *AEP_F4    = "AEP_Finalize";
+static const char *AEP_F5    = "AEP_Initialize";
+static const char *AEP_F6    = "AEP_OpenConnection";
+static const char *AEP_F7    = "AEP_SetBNCallBacks";
+static const char *AEP_F8    = "AEP_CloseConnection";
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+static t_AEP_OpenConnection    *p_AEP_OpenConnection  = NULL;
+static t_AEP_CloseConnection   *p_AEP_CloseConnection = NULL;
+static t_AEP_ModExp            *p_AEP_ModExp          = NULL;
+static t_AEP_ModExpCrt         *p_AEP_ModExpCrt       = NULL;
+#ifdef AEPRAND
+static t_AEP_GenRandom         *p_AEP_GenRandom       = NULL;
+#endif
+static t_AEP_Initialize        *p_AEP_Initialize      = NULL;
+static t_AEP_Finalize          *p_AEP_Finalize        = NULL;
+static t_AEP_SetBNCallBacks    *p_AEP_SetBNCallBacks  = NULL;
+/* (de)initialisation functions. */
+static int aep_init(ENGINE *e)
+        {
+        t_AEP_ModExp          *p1;
+        t_AEP_ModExpCrt       *p2;
+#ifdef AEPRAND
+        t_AEP_GenRandom       *p3;
+#endif
+        t_AEP_Finalize        *p4;
+        t_AEP_Initialize      *p5;
+        t_AEP_OpenConnection  *p6;
+        t_AEP_SetBNCallBacks  *p7;
+        t_AEP_CloseConnection *p8;
+        int to_return = 0;
+ 
+        if(aep_dso != NULL)
+                {
+                AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_ALREADY_LOADED);
+                goto err;
+                }
+        /* Attempt to load libaep.so. */
+        aep_dso = DSO_load(NULL, get_AEP_LIBNAME(), NULL, 0);
+  
+        if(aep_dso == NULL)
+                {
+                AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_NOT_LOADED);
+                goto err;
+                }
+        if(     !(p1 = (t_AEP_ModExp *)     DSO_bind_func( aep_dso,AEP_F1))  ||
+                !(p2 = (t_AEP_ModExpCrt*)   DSO_bind_func( aep_dso,AEP_F2))  ||
+#ifdef AEPRAND
+                !(p3 = (t_AEP_GenRandom*)   DSO_bind_func( aep_dso,AEP_F3))  ||
+#endif
+                !(p4 = (t_AEP_Finalize*)    DSO_bind_func( aep_dso,AEP_F4))  ||
+                !(p5 = (t_AEP_Initialize*)  DSO_bind_func( aep_dso,AEP_F5))  ||
+                !(p6 = (t_AEP_OpenConnection*) DSO_bind_func( aep_dso,AEP_F6))  ||
+                !(p7 = (t_AEP_SetBNCallBacks*) DSO_bind_func( aep_dso,AEP_F7))  ||
+                !(p8 = (t_AEP_CloseConnection*) DSO_bind_func( aep_dso,AEP_F8)))
+                {
+                AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_NOT_LOADED);
+                goto err;
+                }
+        /* Copy the pointers */
+  
+        p_AEP_ModExp           = p1;
+        p_AEP_ModExpCrt        = p2;
+#ifdef AEPRAND
+        p_AEP_GenRandom        = p3;
+#endif
+        p_AEP_Finalize         = p4;
+        p_AEP_Initialize       = p5;
+        p_AEP_OpenConnection   = p6;
+        p_AEP_SetBNCallBacks   = p7;
+        p_AEP_CloseConnection  = p8;
+ 
+        to_return = 1;
+ 
+        return to_return;
+ err: 
+        if(aep_dso)
+                DSO_free(aep_dso);
+        aep_dso = NULL;
+                
+        p_AEP_OpenConnection    = NULL;
+        p_AEP_ModExp            = NULL;
+        p_AEP_ModExpCrt         = NULL;
+#ifdef AEPRAND
+        p_AEP_GenRandom         = NULL;
+#endif
+        p_AEP_Initialize        = NULL;
+        p_AEP_Finalize          = NULL;
+        p_AEP_SetBNCallBacks    = NULL;
+        p_AEP_CloseConnection   = NULL;
+        return to_return;
+        }
+/* Destructor (complements the "ENGINE_aep()" constructor) */
+static int aep_destroy(ENGINE *e)
+        {
+        free_AEP_LIBNAME();
+        ERR_unload_AEPHK_strings();
+        return 1;
+        }
+static int aep_finish(ENGINE *e)
+        {
+        int to_return = 0, in_use;
+        AEP_RV rv;
+        if(aep_dso == NULL)
+                {
+                AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_NOT_LOADED);
+                goto err;
+                }
+        rv = aep_close_all_connections(0, &in_use);
+        if (rv != AEP_R_OK)
+                {
+                AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_CLOSE_HANDLES_FAILED);
+                goto err;
+                }
+        if (in_use)
+                {
+                AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_CONNECTIONS_IN_USE);
+                goto err;
+                }
+        rv = p_AEP_Finalize();
+        if (rv != AEP_R_OK)
+                {
+                AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_FINALIZE_FAILED);
+                goto err;
+                }
+        if(!DSO_free(aep_dso))
+                {
+                AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_UNIT_FAILURE);
+                goto err;
+                }
+        aep_dso = NULL;
+        p_AEP_CloseConnection   = NULL;
+        p_AEP_OpenConnection    = NULL;
+        p_AEP_ModExp            = NULL;
+        p_AEP_ModExpCrt         = NULL;
+#ifdef AEPRAND
+        p_AEP_GenRandom         = NULL;
+#endif
+        p_AEP_Initialize        = NULL;
+        p_AEP_Finalize          = NULL;
+        p_AEP_SetBNCallBacks    = NULL;
+        to_return = 1;
+ err:
+        return to_return;
+        }
+static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+        {
+        int initialised = ((aep_dso == NULL) ? 0 : 1);
+        switch(cmd)
+                {
+        case AEP_CMD_SO_PATH:
+                if(p == NULL)
+                        {
+                        AEPHKerr(AEPHK_F_AEP_CTRL,
+                                ERR_R_PASSED_NULL_PARAMETER);
+                        return 0;
+                        }
+                if(initialised)
+                        {
+                        AEPHKerr(AEPHK_F_AEP_CTRL,
+                                AEPHK_R_ALREADY_LOADED);
+                        return 0;
+                        }
+                return set_AEP_LIBNAME((const char*)p);
+        default:
+                break;
+                }
+        AEPHKerr(AEPHK_F_AEP_CTRL,AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+        return 0;
+        }
+static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+        const BIGNUM *m, BN_CTX *ctx)
+        {
+        int to_return = 0;
+        int     r_len = 0;
+        AEP_CONNECTION_HNDL hConnection;
+        AEP_RV rv;
+        
+        r_len = BN_num_bits(m);
+        /* Perform in software if modulus is too large for hardware. */
+        if (r_len > max_key_len){
+                AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+                return BN_mod_exp(r, a, p, m, ctx);
+        } 
+        /*Grab a connection from the pool*/
+        rv = aep_get_connection(&hConnection);
+        if (rv != AEP_R_OK)
+                {     
+                AEPHKerr(AEPHK_F_AEP_MOD_EXP,AEPHK_R_GET_HANDLE_FAILED);
+                return BN_mod_exp(r, a, p, m, ctx);
+                }
+        /*To the card with the mod exp*/
+        rv = p_AEP_ModExp(hConnection,(void*)a, (void*)p,(void*)m, (void*)r,NULL);
+        if (rv !=  AEP_R_OK)
+                {
+                AEPHKerr(AEPHK_F_AEP_MOD_EXP,AEPHK_R_MOD_EXP_FAILED);
+                rv = aep_close_connection(hConnection);
+                return BN_mod_exp(r, a, p, m, ctx);
+                }
+        /*Return the connection to the pool*/
+        rv = aep_return_connection(hConnection);
+        if (rv != AEP_R_OK)
+                {
+                AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_RETURN_CONNECTION_FAILED); 
+                goto err;
+                }
+        to_return = 1;
+ err:
+        return to_return;
+        }
+        
+static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+        const BIGNUM *q, const BIGNUM *dmp1,
+        const BIGNUM *dmq1,const BIGNUM *iqmp, BN_CTX *ctx)
+        {
+        AEP_RV rv = AEP_R_OK;
+        AEP_CONNECTION_HNDL hConnection;
+        /*Grab a connection from the pool*/
+        rv = aep_get_connection(&hConnection);
+        if (rv != AEP_R_OK)
+                {
+                AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT,AEPHK_R_GET_HANDLE_FAILED);
+                return FAIL_TO_SW;
+                }
+        /*To the card with the mod exp*/
+        rv = p_AEP_ModExpCrt(hConnection,(void*)a, (void*)p, (void*)q, (void*)dmp1,(void*)dmq1,
+                (void*)iqmp,(void*)r,NULL);
+        if (rv != AEP_R_OK)
+                {
+                AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT,AEPHK_R_MOD_EXP_CRT_FAILED);
+                rv = aep_close_connection(hConnection);
+                return FAIL_TO_SW;
+                }
+        /*Return the connection to the pool*/
+        rv = aep_return_connection(hConnection);
+        if (rv != AEP_R_OK)
+                {
+                AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_RETURN_CONNECTION_FAILED); 
+                goto err;
+                }
+ 
+ err:
+        return rv;
+        }
+        
+#ifdef AEPRAND
+static int aep_rand(unsigned char *buf,int len )
+        {
+        AEP_RV rv = AEP_R_OK;
+        AEP_CONNECTION_HNDL hConnection;
+        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+        /*Can the request be serviced with what's already in the buffer?*/
+        if (len <= rand_block_bytes)
+                {
+                memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
+                rand_block_bytes -= len;
+                CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+                }
+        else
+                /*If not the get another block of random bytes*/
+                {
+                CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+                rv = aep_get_connection(&hConnection);
+                if (rv !=  AEP_R_OK)
+                        { 
+                        AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_HANDLE_FAILED);             
+                        goto err_nounlock;
+                        }
+                if (len > RAND_BLK_SIZE)
+                        {
+                        rv = p_AEP_GenRandom(hConnection, len, 2, buf, NULL);
+                        if (rv !=  AEP_R_OK)
+                                {  
+                                AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_RANDOM_FAILED); 
+                                goto err_nounlock;
+                                }
+                        }
+                else
+                        {
+                        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+                        rv = p_AEP_GenRandom(hConnection, RAND_BLK_SIZE, 2, &rand_block[0], NULL);
+                        if (rv !=  AEP_R_OK)
+                                {       
+                                AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_RANDOM_FAILED); 
+              
+                                goto err;
+                                }
+                        rand_block_bytes = RAND_BLK_SIZE;
+                        memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
+                        rand_block_bytes -= len;
+                        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+                        }
+                rv = aep_return_connection(hConnection);
+                if (rv != AEP_R_OK)
+                        {
+                        AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_RETURN_CONNECTION_FAILED); 
+          
+                        goto err_nounlock;
+                        }
+                }
+  
+        return 1;
+ err:
+        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+ err_nounlock:
+        return 0;
+        }
+        
+static int aep_rand_status(void)
+{
+        return 1;
+}
+#endif
+#ifndef OPENSSL_NO_RSA
+static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+        {
+        BN_CTX *ctx = NULL;
+        int to_return = 0;
+        AEP_RV rv = AEP_R_OK;
+        if ((ctx = BN_CTX_new()) == NULL)
+                goto err;
+        if (!aep_dso)
+                {
+                AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP,AEPHK_R_NOT_LOADED);
+                goto err;
+                }
+        /*See if we have all the necessary bits for a crt*/
+        if (rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp)
+                {
+                rv =  aep_mod_exp_crt(r0,I,rsa->p,rsa->q, rsa->dmp1,rsa->dmq1,rsa->iqmp,ctx);
+                if (rv == FAIL_TO_SW){
+                        const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+                        to_return = (*meth->rsa_mod_exp)(r0, I, rsa);
+                        goto err;
+                }
+                else if (rv != AEP_R_OK)
+                        goto err;
+                }
+        else
+                {
+                if (!rsa->d || !rsa->n)
+                        {
+                        AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP,AEPHK_R_MISSING_KEY_COMPONENTS);
+                        goto err;
+                        }
+ 
+                rv = aep_mod_exp(r0,I,rsa->d,rsa->n,ctx);
+                if  (rv != AEP_R_OK)
+                        goto err;
+        
+                }
+        to_return = 1;
+ err:
+        if(ctx)
+                BN_CTX_free(ctx);
+        return to_return;
+}
+#endif
+#ifndef OPENSSL_NO_DSA
+static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+        BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+        BN_CTX *ctx, BN_MONT_CTX *in_mont)
+        {
+        BIGNUM t;
+        int to_return = 0;
+        BN_init(&t);
+        /* let rr = a1 ^ p1 mod m */
+        if (!aep_mod_exp(rr,a1,p1,m,ctx)) goto end;
+        /* let t = a2 ^ p2 mod m */
+        if (!aep_mod_exp(&t,a2,p2,m,ctx)) goto end;
+        /* let rr = rr * t mod m */
+        if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
+        to_return = 1;
+ end: 
+        BN_free(&t);
+        return to_return;
+        }
+static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+        const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+        BN_MONT_CTX *m_ctx)
+        {  
+        return aep_mod_exp(r, a, p, m, ctx); 
+        }
+#endif
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+        {
+        return aep_mod_exp(r, a, p, m, ctx);
+        }
+#ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+        const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+        BN_MONT_CTX *m_ctx)
+        {
+        return aep_mod_exp(r, a, p, m, ctx);
+        }
+#endif
+static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection)
+        {
+        int count;
+        AEP_RV rv = AEP_R_OK;
+        /*Get the current process id*/
+        pid_t curr_pid;
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        curr_pid = getpid();
+        /*Check if this is the first time this is being called from the current
+          process*/
+        if (recorded_pid != curr_pid)
+                {
+                /*Remember our pid so we can check if we're in a new process*/
+                recorded_pid = curr_pid;
+                /*Call Finalize to make sure we have not inherited some data
+                  from a parent process*/
+                p_AEP_Finalize();
+     
+                /*Initialise the AEP API*/
+                rv = p_AEP_Initialize(NULL);
+                if (rv != AEP_R_OK)
+                        {
+                        AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_INIT_FAILURE);
+                        recorded_pid = 0;
+                        goto end;
+                        }
+                /*Set the AEP big num call back functions*/
+                rv = p_AEP_SetBNCallBacks(&GetBigNumSize, &MakeAEPBigNum,
+                        &ConvertAEPBigNum);
+                if (rv != AEP_R_OK)
+                        {
+                        AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_SETBNCALLBACK_FAILURE);
+                        recorded_pid = 0;
+                        goto end;
+                        }
+#ifdef AEPRAND
+                /*Reset the rand byte count*/
+                rand_block_bytes = 0;
+#endif
+                /*Init the structures*/
+                for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
+                        {
+                        aep_app_conn_table[count].conn_state = NotConnected;
+                        aep_app_conn_table[count].conn_hndl  = 0;
+                        }
+                /*Open a connection*/
+                rv = p_AEP_OpenConnection(phConnection);
+                if (rv != AEP_R_OK)
+                        {
+                        AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_UNIT_FAILURE);
+                        recorded_pid = 0;
+                        goto end;
+                        }
+                aep_app_conn_table[0].conn_state = InUse;
+                aep_app_conn_table[0].conn_hndl = *phConnection;
+                goto end;
+                }
+        /*Check the existing connections to see if we can find a free one*/
+        for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
+                {
+                if (aep_app_conn_table[count].conn_state == Connected)
+                        {
+                        aep_app_conn_table[count].conn_state = InUse;
+                        *phConnection = aep_app_conn_table[count].conn_hndl;
+                        goto end;
+                        }
+                }
+        /*If no connections available, we're going to have to try
+          to open a new one*/
+        for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
+                {
+                if (aep_app_conn_table[count].conn_state == NotConnected)
+                        {
+                        /*Open a connection*/
+                        rv = p_AEP_OpenConnection(phConnection);
+                        if (rv != AEP_R_OK)
+                                {             
+                                AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_UNIT_FAILURE);
+                                goto end;
+                                }
+                        aep_app_conn_table[count].conn_state = InUse;
+                        aep_app_conn_table[count].conn_hndl = *phConnection;
+                        goto end;
+                        }
+                }
+        rv = AEP_R_GENERAL_ERROR;
+ end:
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        return rv;
+        }
+static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection)
+        {
+        int count;
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        /*Find the connection item that matches this connection handle*/
+        for(count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
+                {
+                if (aep_app_conn_table[count].conn_hndl == hConnection)
+                        {
+                        aep_app_conn_table[count].conn_state = Connected;
+                        break;
+                        }
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        return AEP_R_OK;
+        }
+static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection)
+        {
+        int count;
+        AEP_RV rv = AEP_R_OK;
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        /*Find the connection item that matches this connection handle*/
+        for(count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
+                {
+                if (aep_app_conn_table[count].conn_hndl == hConnection)
+                        {
+                        rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
+                        if (rv != AEP_R_OK)
+                                goto end;
+                        aep_app_conn_table[count].conn_state = NotConnected;
+                        aep_app_conn_table[count].conn_hndl  = 0;
+                        break;
+                        }
+                }
+ end:
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        return rv;
+        }
+static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use)
+        {
+        int count;
+        AEP_RV rv = AEP_R_OK;
+        *in_use = 0;
+        if (use_engine_lock) CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
+                {
+                switch (aep_app_conn_table[count].conn_state)
+                        {
+                case Connected:
+                        rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
+                        if (rv != AEP_R_OK)
+                                goto end;
+                        aep_app_conn_table[count].conn_state = NotConnected;
+                        aep_app_conn_table[count].conn_hndl  = 0;
+                        break;
+                case InUse:
+                        (*in_use)++;
+                        break;
+                case NotConnected:
+                        break;
+                        }
+                }
+ end:
+        if (use_engine_lock) CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        return rv;
+        }
+/*BigNum call back functions, used to convert OpenSSL bignums into AEP bignums.
+  Note only 32bit Openssl build support*/
+static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize)
+        {
+        BIGNUM* bn;
+        /*Cast the ArbBigNum pointer to our BIGNUM struct*/
+        bn = (BIGNUM*) ArbBigNum;
+#ifdef SIXTY_FOUR_BIT_LONG
+        *BigNumSize = bn->top << 3;
+#else
+        /*Size of the bignum in bytes is equal to the bn->top (no of 32 bit
+          words) multiplies by 4*/
+        *BigNumSize = bn->top << 2;
+#endif
+        return AEP_R_OK;
+        }
+static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
+        unsigned char* AEP_BigNum)
+        {
+        BIGNUM* bn;
+#ifndef SIXTY_FOUR_BIT_LONG
+        unsigned char* buf;
+        int i;
+#endif
+        /*Cast the ArbBigNum pointer to our BIGNUM struct*/
+        bn = (BIGNUM*) ArbBigNum;
+#ifdef SIXTY_FOUR_BIT_LONG
+        memcpy(AEP_BigNum, bn->d, BigNumSize);
+#else
+        /*Must copy data into a (monotone) least significant byte first format
+          performing endian conversion if necessary*/
+        for(i=0;i<bn->top;i++)
+                {
+                buf = (unsigned char*)&bn->d[i];
+                *((AEP_U32*)AEP_BigNum) = (AEP_U32)
+                        ((unsigned) buf[1] << 8 | buf[0]) |
+                        ((unsigned) buf[3] << 8 | buf[2])  << 16;
+                AEP_BigNum += 4;
+                }
+#endif
+        return AEP_R_OK;
+        }
+/*Turn an AEP Big Num back to a user big num*/
+static AEP_RV ConvertAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize,
+        unsigned char* AEP_BigNum)
+        {
+        BIGNUM* bn;
+#ifndef SIXTY_FOUR_BIT_LONG
+        int i;
+#endif
+        bn = (BIGNUM*)ArbBigNum;
+        /*Expand the result bn so that it can hold our big num.
+          Size is in bits*/
+        bn_expand(bn, (int)(BigNumSize << 3));
+#ifdef SIXTY_FOUR_BIT_LONG
+        bn->top = BigNumSize >> 3;
+        
+        if((BigNumSize & 7) != 0)
+                bn->top++;
+        memset(bn->d, 0, bn->top << 3); 
+        memcpy(bn->d, AEP_BigNum, BigNumSize);
+#else
+        bn->top = BigNumSize >> 2;
+ 
+        for(i=0;i<bn->top;i++)
+                {
+                bn->d[i] = (AEP_U32)
+                        ((unsigned) AEP_BigNum[3] << 8 | AEP_BigNum[2]) << 16 |
+                        ((unsigned) AEP_BigNum[1] << 8 | AEP_BigNum[0]);
+                AEP_BigNum += 4;
+                }
+#endif
+        return AEP_R_OK;
+}       
+        
+#endif /* !OPENSSL_NO_HW_AEP */
+#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_aep_err.c b/src/lib/libcrypto/engine/hw_aep_err.c
new file mode 100644
index 0000000000..092f532946
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_aep_err.c
@@ -0,0 +1,157 @@
+/* hw_aep_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_aep_err.h"
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA AEPHK_str_functs[]=
+        {
+{ERR_PACK(0,AEPHK_F_AEP_CTRL,0),        "AEP_CTRL"},
+{ERR_PACK(0,AEPHK_F_AEP_FINISH,0),      "AEP_FINISH"},
+{ERR_PACK(0,AEPHK_F_AEP_GET_CONNECTION,0),      "AEP_GET_CONNECTION"},
+{ERR_PACK(0,AEPHK_F_AEP_INIT,0),        "AEP_INIT"},
+{ERR_PACK(0,AEPHK_F_AEP_MOD_EXP,0),     "AEP_MOD_EXP"},
+{ERR_PACK(0,AEPHK_F_AEP_MOD_EXP_CRT,0), "AEP_MOD_EXP_CRT"},
+{ERR_PACK(0,AEPHK_F_AEP_RAND,0),        "AEP_RAND"},
+{ERR_PACK(0,AEPHK_F_AEP_RSA_MOD_EXP,0), "AEP_RSA_MOD_EXP"},
+{0,NULL}
+        };
+static ERR_STRING_DATA AEPHK_str_reasons[]=
+        {
+{AEPHK_R_ALREADY_LOADED                  ,"already loaded"},
+{AEPHK_R_CLOSE_HANDLES_FAILED            ,"close handles failed"},
+{AEPHK_R_CONNECTIONS_IN_USE              ,"connections in use"},
+{AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED    ,"ctrl command not implemented"},
+{AEPHK_R_FINALIZE_FAILED                 ,"finalize failed"},
+{AEPHK_R_GET_HANDLE_FAILED               ,"get handle failed"},
+{AEPHK_R_GET_RANDOM_FAILED               ,"get random failed"},
+{AEPHK_R_INIT_FAILURE                    ,"init failure"},
+{AEPHK_R_MISSING_KEY_COMPONENTS          ,"missing key components"},
+{AEPHK_R_MOD_EXP_CRT_FAILED              ,"mod exp crt failed"},
+{AEPHK_R_MOD_EXP_FAILED                  ,"mod exp failed"},
+{AEPHK_R_NOT_LOADED                      ,"not loaded"},
+{AEPHK_R_OK                              ,"ok"},
+{AEPHK_R_RETURN_CONNECTION_FAILED        ,"return connection failed"},
+{AEPHK_R_SETBNCALLBACK_FAILURE           ,"setbncallback failure"},
+{AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL     ,"size too large or too small"},
+{AEPHK_R_UNIT_FAILURE                    ,"unit failure"},
+{0,NULL}
+        };
+#endif
+#ifdef AEPHK_LIB_NAME
+static ERR_STRING_DATA AEPHK_lib_name[]=
+        {
+{0      ,AEPHK_LIB_NAME},
+{0,NULL}
+        };
+#endif
+static int AEPHK_lib_error_code=0;
+static int AEPHK_error_init=1;
+static void ERR_load_AEPHK_strings(void)
+        {
+        if (AEPHK_lib_error_code == 0)
+                AEPHK_lib_error_code=ERR_get_next_error_library();
+        if (AEPHK_error_init)
+                {
+                AEPHK_error_init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(AEPHK_lib_error_code,AEPHK_str_functs);
+                ERR_load_strings(AEPHK_lib_error_code,AEPHK_str_reasons);
+#endif
+#ifdef AEPHK_LIB_NAME
+                AEPHK_lib_name->error = ERR_PACK(AEPHK_lib_error_code,0,0);
+                ERR_load_strings(0,AEPHK_lib_name);
+#endif
+                }
+        }
+static void ERR_unload_AEPHK_strings(void)
+        {
+        if (AEPHK_error_init == 0)
+                {
+#ifndef OPENSSL_NO_ERR
+                ERR_unload_strings(AEPHK_lib_error_code,AEPHK_str_functs);
+                ERR_unload_strings(AEPHK_lib_error_code,AEPHK_str_reasons);
+#endif
+#ifdef AEPHK_LIB_NAME
+                ERR_unload_strings(0,AEPHK_lib_name);
+#endif
+                AEPHK_error_init=1;
+                }
+        }
+static void ERR_AEPHK_error(int function, int reason, char *file, int line)
+        {
+        if (AEPHK_lib_error_code == 0)
+                AEPHK_lib_error_code=ERR_get_next_error_library();
+        ERR_PUT_error(AEPHK_lib_error_code,function,reason,file,line);
+        }
diff --git a/src/lib/libcrypto/engine/hw_aep_err.h b/src/lib/libcrypto/engine/hw_aep_err.h
new file mode 100644
index 0000000000..8fe4cf921f
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_aep_err.h
@@ -0,0 +1,101 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_AEPHK_ERR_H
+#define HEADER_AEPHK_ERR_H
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_AEPHK_strings(void);
+static void ERR_unload_AEPHK_strings(void);
+static void ERR_AEPHK_error(int function, int reason, char *file, int line);
+#define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),__FILE__,__LINE__)
+/* Error codes for the AEPHK functions. */
+/* Function codes. */
+#define AEPHK_F_AEP_CTRL                                 100
+#define AEPHK_F_AEP_FINISH                               101
+#define AEPHK_F_AEP_GET_CONNECTION                       102
+#define AEPHK_F_AEP_INIT                                 103
+#define AEPHK_F_AEP_MOD_EXP                              104
+#define AEPHK_F_AEP_MOD_EXP_CRT                          105
+#define AEPHK_F_AEP_RAND                                 106
+#define AEPHK_F_AEP_RSA_MOD_EXP                          107
+/* Reason codes. */
+#define AEPHK_R_ALREADY_LOADED                           100
+#define AEPHK_R_CLOSE_HANDLES_FAILED                     101
+#define AEPHK_R_CONNECTIONS_IN_USE                       102
+#define AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED             103
+#define AEPHK_R_FINALIZE_FAILED                          104
+#define AEPHK_R_GET_HANDLE_FAILED                        105
+#define AEPHK_R_GET_RANDOM_FAILED                        106
+#define AEPHK_R_INIT_FAILURE                             107
+#define AEPHK_R_MISSING_KEY_COMPONENTS                   108
+#define AEPHK_R_MOD_EXP_CRT_FAILED                       109
+#define AEPHK_R_MOD_EXP_FAILED                           110
+#define AEPHK_R_NOT_LOADED                               111
+#define AEPHK_R_OK                                       112
+#define AEPHK_R_RETURN_CONNECTION_FAILED                 113
+#define AEPHK_R_SETBNCALLBACK_FAILURE                    114
+#define AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL              116
+#define AEPHK_R_UNIT_FAILURE                             115
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/engine/hw_atalla.c b/src/lib/libcrypto/engine/hw_atalla.c
new file mode 100644
index 0000000000..2b8342bbdd
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_atalla.c
@@ -0,0 +1,595 @@
+/* crypto/engine/hw_atalla.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_ATALLA
+#ifdef FLAT_INC
+#include "atalla.h"
+#else
+#include "vendor_defns/atalla.h"
+#endif
+#define ATALLA_LIB_NAME "atalla engine"
+#include "hw_atalla_err.c"
+static int atalla_destroy(ENGINE *e);
+static int atalla_init(ENGINE *e);
+static int atalla_finish(ENGINE *e);
+static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+/* BIGNUM stuff */
+static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx);
+#ifndef OPENSSL_NO_RSA
+/* RSA stuff */
+static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+#endif
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#ifndef OPENSSL_NO_DSA
+/* DSA stuff */
+static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+                BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+                BN_CTX *ctx, BN_MONT_CTX *in_mont);
+static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                BN_MONT_CTX *m_ctx);
+#endif
+#ifndef OPENSSL_NO_DH
+/* DH stuff */
+/* This function is alised to mod_exp (with the DH and mont dropped). */
+static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
+                const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#endif
+/* The definitions for control commands specific to this engine */
+#define ATALLA_CMD_SO_PATH              ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN atalla_cmd_defns[] = {
+        {ATALLA_CMD_SO_PATH,
+                "SO_PATH",
+                "Specifies the path to the 'atasi' shared library",
+                ENGINE_CMD_FLAG_STRING},
+        {0, NULL, NULL, 0}
+        };
+#ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD atalla_rsa =
+        {
+        "Atalla RSA method",
+        NULL,
+        NULL,
+        NULL,
+        NULL,
+        atalla_rsa_mod_exp,
+        atalla_mod_exp_mont,
+        NULL,
+        NULL,
+        0,
+        NULL,
+        NULL,
+        NULL
+        };
+#endif
+#ifndef OPENSSL_NO_DSA
+/* Our internal DSA_METHOD that we provide pointers to */
+static DSA_METHOD atalla_dsa =
+        {
+        "Atalla DSA method",
+        NULL, /* dsa_do_sign */
+        NULL, /* dsa_sign_setup */
+        NULL, /* dsa_do_verify */
+        atalla_dsa_mod_exp, /* dsa_mod_exp */
+        atalla_mod_exp_dsa, /* bn_mod_exp */
+        NULL, /* init */
+        NULL, /* finish */
+        0, /* flags */
+        NULL /* app_data */
+        };
+#endif
+#ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD atalla_dh =
+        {
+        "Atalla DH method",
+        NULL,
+        NULL,
+        atalla_mod_exp_dh,
+        NULL,
+        NULL,
+        0,
+        NULL
+        };
+#endif
+/* Constants used when creating the ENGINE */
+static const char *engine_atalla_id = "atalla";
+static const char *engine_atalla_name = "Atalla hardware engine support";
+/* This internal function is used by ENGINE_atalla() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_helper(ENGINE *e)
+        {
+#ifndef OPENSSL_NO_RSA
+        const RSA_METHOD *meth1;
+#endif
+#ifndef OPENSSL_NO_DSA
+        const DSA_METHOD *meth2;
+#endif
+#ifndef OPENSSL_NO_DH
+        const DH_METHOD *meth3;
+#endif
+        if(!ENGINE_set_id(e, engine_atalla_id) ||
+                        !ENGINE_set_name(e, engine_atalla_name) ||
+#ifndef OPENSSL_NO_RSA
+                        !ENGINE_set_RSA(e, &atalla_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DSA
+                        !ENGINE_set_DSA(e, &atalla_dsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
+                        !ENGINE_set_DH(e, &atalla_dh) ||
+#endif
+                        !ENGINE_set_destroy_function(e, atalla_destroy) ||
+                        !ENGINE_set_init_function(e, atalla_init) ||
+                        !ENGINE_set_finish_function(e, atalla_finish) ||
+                        !ENGINE_set_ctrl_function(e, atalla_ctrl) ||
+                        !ENGINE_set_cmd_defns(e, atalla_cmd_defns))
+                return 0;
+#ifndef OPENSSL_NO_RSA
+        /* We know that the "PKCS1_SSLeay()" functions hook properly
+         * to the atalla-specific mod_exp and mod_exp_crt so we use
+         * those functions. NB: We don't use ENGINE_openssl() or
+         * anything "more generic" because something like the RSAref
+         * code may not hook properly, and if you own one of these
+         * cards then you have the right to do RSA operations on it
+         * anyway! */ 
+        meth1 = RSA_PKCS1_SSLeay();
+        atalla_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+        atalla_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+        atalla_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+        atalla_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+#endif
+#ifndef OPENSSL_NO_DSA
+        /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
+         * bits. */
+        meth2 = DSA_OpenSSL();
+        atalla_dsa.dsa_do_sign = meth2->dsa_do_sign;
+        atalla_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
+        atalla_dsa.dsa_do_verify = meth2->dsa_do_verify;
+#endif
+#ifndef OPENSSL_NO_DH
+        /* Much the same for Diffie-Hellman */
+        meth3 = DH_OpenSSL();
+        atalla_dh.generate_key = meth3->generate_key;
+        atalla_dh.compute_key = meth3->compute_key;
+#endif
+        /* Ensure the atalla error handling is set up */
+        ERR_load_ATALLA_strings();
+        return 1;
+        }
+#ifndef ENGINE_DYNAMIC_SUPPORT
+static ENGINE *engine_atalla(void)
+        {
+        ENGINE *ret = ENGINE_new();
+        if(!ret)
+                return NULL;
+        if(!bind_helper(ret))
+                {
+                ENGINE_free(ret);
+                return NULL;
+                }
+        return ret;
+        }
+void ENGINE_load_atalla(void)
+        {
+        /* Copied from eng_[openssl|dyn].c */
+        ENGINE *toadd = engine_atalla();
+        if(!toadd) return;
+        ENGINE_add(toadd);
+        ENGINE_free(toadd);
+        ERR_clear_error();
+        }
+#endif
+/* This is a process-global DSO handle used for loading and unloading
+ * the Atalla library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *atalla_dso = NULL;
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+static tfnASI_GetHardwareConfig *p_Atalla_GetHardwareConfig = NULL;
+static tfnASI_RSAPrivateKeyOpFn *p_Atalla_RSAPrivateKeyOpFn = NULL;
+static tfnASI_GetPerformanceStatistics *p_Atalla_GetPerformanceStatistics = NULL;
+/* These are the static string constants for the DSO file name and the function
+ * symbol names to bind to. Regrettably, the DSO name on *nix appears to be
+ * "atasi.so" rather than something more consistent like "libatasi.so". At the
+ * time of writing, I'm not sure what the file name on win32 is but clearly
+ * native name translation is not possible (eg libatasi.so on *nix, and
+ * atasi.dll on win32). For the purposes of testing, I have created a symbollic
+ * link called "libatasi.so" so that we can use native name-translation - a
+ * better solution will be needed. */
+static const char *ATALLA_LIBNAME = NULL;
+static const char *get_ATALLA_LIBNAME(void)
+        {
+                if(ATALLA_LIBNAME)
+                        return ATALLA_LIBNAME;
+                return "atasi";
+        }
+static void free_ATALLA_LIBNAME(void)
+        {
+                if(ATALLA_LIBNAME)
+                        OPENSSL_free((void*)ATALLA_LIBNAME);
+                ATALLA_LIBNAME = NULL;
+        }
+static long set_ATALLA_LIBNAME(const char *name)
+        {
+        free_ATALLA_LIBNAME();
+        return (((ATALLA_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+        }
+static const char *ATALLA_F1 = "ASI_GetHardwareConfig";
+static const char *ATALLA_F2 = "ASI_RSAPrivateKeyOpFn";
+static const char *ATALLA_F3 = "ASI_GetPerformanceStatistics";
+/* Destructor (complements the "ENGINE_atalla()" constructor) */
+static int atalla_destroy(ENGINE *e)
+        {
+        free_ATALLA_LIBNAME();
+        /* Unload the atalla error strings so any error state including our
+         * functs or reasons won't lead to a segfault (they simply get displayed
+         * without corresponding string data because none will be found). */
+        ERR_unload_ATALLA_strings();
+        return 1;
+        }
+/* (de)initialisation functions. */
+static int atalla_init(ENGINE *e)
+        {
+        tfnASI_GetHardwareConfig *p1;
+        tfnASI_RSAPrivateKeyOpFn *p2;
+        tfnASI_GetPerformanceStatistics *p3;
+        /* Not sure of the origin of this magic value, but Ben's code had it
+         * and it seemed to have been working for a few people. :-) */
+        unsigned int config_buf[1024];
+        if(atalla_dso != NULL)
+                {
+                ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_ALREADY_LOADED);
+                goto err;
+                }
+        /* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be
+         * changed unfortunately because the Atalla drivers don't have
+         * standard library names that can be platform-translated well. */
+        /* TODO: Work out how to actually map to the names the Atalla
+         * drivers really use - for now a symbollic link needs to be
+         * created on the host system from libatasi.so to atasi.so on
+         * unix variants. */
+        atalla_dso = DSO_load(NULL, get_ATALLA_LIBNAME(), NULL, 0);
+        if(atalla_dso == NULL)
+                {
+                ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED);
+                goto err;
+                }
+        if(!(p1 = (tfnASI_GetHardwareConfig *)DSO_bind_func(
+                                atalla_dso, ATALLA_F1)) ||
+                        !(p2 = (tfnASI_RSAPrivateKeyOpFn *)DSO_bind_func(
+                                atalla_dso, ATALLA_F2)) ||
+                        !(p3 = (tfnASI_GetPerformanceStatistics *)DSO_bind_func(
+                                atalla_dso, ATALLA_F3)))
+                {
+                ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED);
+                goto err;
+                }
+        /* Copy the pointers */
+        p_Atalla_GetHardwareConfig = p1;
+        p_Atalla_RSAPrivateKeyOpFn = p2;
+        p_Atalla_GetPerformanceStatistics = p3;
+        /* Perform a basic test to see if there's actually any unit
+         * running. */
+        if(p1(0L, config_buf) != 0)
+                {
+                ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_UNIT_FAILURE);
+                goto err;
+                }
+        /* Everything's fine. */
+        return 1;
+err:
+        if(atalla_dso)
+                DSO_free(atalla_dso);
+        atalla_dso = NULL;
+        p_Atalla_GetHardwareConfig = NULL;
+        p_Atalla_RSAPrivateKeyOpFn = NULL;
+        p_Atalla_GetPerformanceStatistics = NULL;
+        return 0;
+        }
+static int atalla_finish(ENGINE *e)
+        {
+        free_ATALLA_LIBNAME();
+        if(atalla_dso == NULL)
+                {
+                ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_NOT_LOADED);
+                return 0;
+                }
+        if(!DSO_free(atalla_dso))
+                {
+                ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_UNIT_FAILURE);
+                return 0;
+                }
+        atalla_dso = NULL;
+        p_Atalla_GetHardwareConfig = NULL;
+        p_Atalla_RSAPrivateKeyOpFn = NULL;
+        p_Atalla_GetPerformanceStatistics = NULL;
+        return 1;
+        }
+static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+        {
+        int initialised = ((atalla_dso == NULL) ? 0 : 1);
+        switch(cmd)
+                {
+        case ATALLA_CMD_SO_PATH:
+                if(p == NULL)
+                        {
+                        ATALLAerr(ATALLA_F_ATALLA_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+                        return 0;
+                        }
+                if(initialised)
+                        {
+                        ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_ALREADY_LOADED);
+                        return 0;
+                        }
+                return set_ATALLA_LIBNAME((const char *)p);
+        default:
+                break;
+                }
+        ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+        return 0;
+        }
+static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                        const BIGNUM *m, BN_CTX *ctx)
+        {
+        /* I need somewhere to store temporary serialised values for
+         * use with the Atalla API calls. A neat cheat - I'll use
+         * BIGNUMs from the BN_CTX but access their arrays directly as
+         * byte arrays <grin>. This way I don't have to clean anything
+         * up. */
+        BIGNUM *modulus;
+        BIGNUM *exponent;
+        BIGNUM *argument;
+        BIGNUM *result;
+        RSAPrivateKey keydata;
+        int to_return, numbytes;
+        modulus = exponent = argument = result = NULL;
+        to_return = 0; /* expect failure */
+        if(!atalla_dso)
+                {
+                ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_NOT_LOADED);
+                goto err;
+                }
+        /* Prepare the params */
+        BN_CTX_start(ctx);
+        modulus = BN_CTX_get(ctx);
+        exponent = BN_CTX_get(ctx);
+        argument = BN_CTX_get(ctx);
+        result = BN_CTX_get(ctx);
+        if (!result)
+                {
+                ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_BN_CTX_FULL);
+                goto err;
+                }
+        if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, m->top) ||
+           !bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top))
+                {
+                ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_BN_EXPAND_FAIL);
+                goto err;
+                }
+        /* Prepare the key-data */
+        memset(&keydata, 0,sizeof keydata);
+        numbytes = BN_num_bytes(m);
+        memset(exponent->d, 0, numbytes);
+        memset(modulus->d, 0, numbytes);
+        BN_bn2bin(p, (unsigned char *)exponent->d + numbytes - BN_num_bytes(p));
+        BN_bn2bin(m, (unsigned char *)modulus->d + numbytes - BN_num_bytes(m));
+        keydata.privateExponent.data = (unsigned char *)exponent->d;
+        keydata.privateExponent.len = numbytes;
+        keydata.modulus.data = (unsigned char *)modulus->d;
+        keydata.modulus.len = numbytes;
+        /* Prepare the argument */
+        memset(argument->d, 0, numbytes);
+        memset(result->d, 0, numbytes);
+        BN_bn2bin(a, (unsigned char *)argument->d + numbytes - BN_num_bytes(a));
+        /* Perform the operation */
+        if(p_Atalla_RSAPrivateKeyOpFn(&keydata, (unsigned char *)result->d,
+                        (unsigned char *)argument->d,
+                        keydata.modulus.len) != 0)
+                {
+                ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_REQUEST_FAILED);
+                goto err;
+                }
+        /* Convert the response */
+        BN_bin2bn((unsigned char *)result->d, numbytes, r);
+        to_return = 1;
+err:
+        BN_CTX_end(ctx);
+        return to_return;
+        }
+#ifndef OPENSSL_NO_RSA
+static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+        {
+        BN_CTX *ctx = NULL;
+        int to_return = 0;
+        if(!atalla_dso)
+                {
+                ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_NOT_LOADED);
+                goto err;
+                }
+        if((ctx = BN_CTX_new()) == NULL)
+                goto err;
+        if(!rsa->d || !rsa->n)
+                {
+                ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_MISSING_KEY_COMPONENTS);
+                goto err;
+                }
+        to_return = atalla_mod_exp(r0, I, rsa->d, rsa->n, ctx);
+err:
+        if(ctx)
+                BN_CTX_free(ctx);
+        return to_return;
+        }
+#endif
+#ifndef OPENSSL_NO_DSA
+/* This code was liberated and adapted from the commented-out code in
+ * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
+ * (it doesn't have a CRT form for RSA), this function means that an
+ * Atalla system running with a DSA server certificate can handshake
+ * around 5 or 6 times faster/more than an equivalent system running with
+ * RSA. Just check out the "signs" statistics from the RSA and DSA parts
+ * of "openssl speed -engine atalla dsa1024 rsa1024". */
+static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+                BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+                BN_CTX *ctx, BN_MONT_CTX *in_mont)
+        {
+        BIGNUM t;
+        int to_return = 0;
+ 
+        BN_init(&t);
+        /* let rr = a1 ^ p1 mod m */
+        if (!atalla_mod_exp(rr,a1,p1,m,ctx)) goto end;
+        /* let t = a2 ^ p2 mod m */
+        if (!atalla_mod_exp(&t,a2,p2,m,ctx)) goto end;
+        /* let rr = rr * t mod m */
+        if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
+        to_return = 1;
+end:
+        BN_free(&t);
+        return to_return;
+        }
+static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                BN_MONT_CTX *m_ctx)
+        {
+        return atalla_mod_exp(r, a, p, m, ctx);
+        }
+#endif
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+        {
+        return atalla_mod_exp(r, a, p, m, ctx);
+        }
+#ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
+                const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+        {
+        return atalla_mod_exp(r, a, p, m, ctx);
+        }
+#endif
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+        {
+        if(id && (strcmp(id, engine_atalla_id) != 0))
+                return 0;
+        if(!bind_helper(e))
+                return 0;
+        return 1;
+        }
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+#endif /* !OPENSSL_NO_HW_ATALLA */
+#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_atalla_err.c b/src/lib/libcrypto/engine/hw_atalla_err.c
new file mode 100644
index 0000000000..1df9c4570c
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_atalla_err.c
@@ -0,0 +1,145 @@
+/* hw_atalla_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_atalla_err.h"
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA ATALLA_str_functs[]=
+        {
+{ERR_PACK(0,ATALLA_F_ATALLA_CTRL,0),    "ATALLA_CTRL"},
+{ERR_PACK(0,ATALLA_F_ATALLA_FINISH,0),  "ATALLA_FINISH"},
+{ERR_PACK(0,ATALLA_F_ATALLA_INIT,0),    "ATALLA_INIT"},
+{ERR_PACK(0,ATALLA_F_ATALLA_MOD_EXP,0), "ATALLA_MOD_EXP"},
+{ERR_PACK(0,ATALLA_F_ATALLA_RSA_MOD_EXP,0),     "ATALLA_RSA_MOD_EXP"},
+{0,NULL}
+        };
+static ERR_STRING_DATA ATALLA_str_reasons[]=
+        {
+{ATALLA_R_ALREADY_LOADED                 ,"already loaded"},
+{ATALLA_R_BN_CTX_FULL                    ,"bn ctx full"},
+{ATALLA_R_BN_EXPAND_FAIL                 ,"bn expand fail"},
+{ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED   ,"ctrl command not implemented"},
+{ATALLA_R_MISSING_KEY_COMPONENTS         ,"missing key components"},
+{ATALLA_R_NOT_LOADED                     ,"not loaded"},
+{ATALLA_R_REQUEST_FAILED                 ,"request failed"},
+{ATALLA_R_UNIT_FAILURE                   ,"unit failure"},
+{0,NULL}
+        };
+#endif
+#ifdef ATALLA_LIB_NAME
+static ERR_STRING_DATA ATALLA_lib_name[]=
+        {
+{0      ,ATALLA_LIB_NAME},
+{0,NULL}
+        };
+#endif
+static int ATALLA_lib_error_code=0;
+static int ATALLA_error_init=1;
+static void ERR_load_ATALLA_strings(void)
+        {
+        if (ATALLA_lib_error_code == 0)
+                ATALLA_lib_error_code=ERR_get_next_error_library();
+        if (ATALLA_error_init)
+                {
+                ATALLA_error_init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(ATALLA_lib_error_code,ATALLA_str_functs);
+                ERR_load_strings(ATALLA_lib_error_code,ATALLA_str_reasons);
+#endif
+#ifdef ATALLA_LIB_NAME
+                ATALLA_lib_name->error = ERR_PACK(ATALLA_lib_error_code,0,0);
+                ERR_load_strings(0,ATALLA_lib_name);
+#endif
+                }
+        }
+static void ERR_unload_ATALLA_strings(void)
+        {
+        if (ATALLA_error_init == 0)
+                {
+#ifndef OPENSSL_NO_ERR
+                ERR_unload_strings(ATALLA_lib_error_code,ATALLA_str_functs);
+                ERR_unload_strings(ATALLA_lib_error_code,ATALLA_str_reasons);
+#endif
+#ifdef ATALLA_LIB_NAME
+                ERR_unload_strings(0,ATALLA_lib_name);
+#endif
+                ATALLA_error_init=1;
+                }
+        }
+static void ERR_ATALLA_error(int function, int reason, char *file, int line)
+        {
+        if (ATALLA_lib_error_code == 0)
+                ATALLA_lib_error_code=ERR_get_next_error_library();
+        ERR_PUT_error(ATALLA_lib_error_code,function,reason,file,line);
+        }
diff --git a/src/lib/libcrypto/engine/hw_atalla_err.h b/src/lib/libcrypto/engine/hw_atalla_err.h
new file mode 100644
index 0000000000..cdac052d8c
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_atalla_err.h
@@ -0,0 +1,89 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_ATALLA_ERR_H
+#define HEADER_ATALLA_ERR_H
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_ATALLA_strings(void);
+static void ERR_unload_ATALLA_strings(void);
+static void ERR_ATALLA_error(int function, int reason, char *file, int line);
+#define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),__FILE__,__LINE__)
+/* Error codes for the ATALLA functions. */
+/* Function codes. */
+#define ATALLA_F_ATALLA_CTRL                             100
+#define ATALLA_F_ATALLA_FINISH                           101
+#define ATALLA_F_ATALLA_INIT                             102
+#define ATALLA_F_ATALLA_MOD_EXP                          103
+#define ATALLA_F_ATALLA_RSA_MOD_EXP                      104
+/* Reason codes. */
+#define ATALLA_R_ALREADY_LOADED                          100
+#define ATALLA_R_BN_CTX_FULL                             101
+#define ATALLA_R_BN_EXPAND_FAIL                          102
+#define ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED            103
+#define ATALLA_R_MISSING_KEY_COMPONENTS                  104
+#define ATALLA_R_NOT_LOADED                              105
+#define ATALLA_R_REQUEST_FAILED                          106
+#define ATALLA_R_UNIT_FAILURE                            107
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/engine/hw_cryptodev.c b/src/lib/libcrypto/engine/hw_cryptodev.c
new file mode 100644
index 0000000000..a98f5d7e57
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_cryptodev.c
@@ -0,0 +1,1355 @@
+/*
+ * Copyright (c) 2002-2004 Theo de Raadt
+ * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
+ * Copyright (c) 2002 Markus Friedl
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+#include <openssl/objects.h>
+#include <openssl/engine.h>
+#include <openssl/evp.h>
+#if (defined(__unix__) || defined(unix)) && !defined(USG)
+#include <sys/param.h>
+# if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
+# define HAVE_CRYPTODEV
+# endif
+# if (OpenBSD >= 200110)
+# define HAVE_SYSLOG_R
+# endif
+#endif
+#ifndef HAVE_CRYPTODEV
+void
+ENGINE_load_cryptodev(void)
+{
+        /* This is a NOP on platforms without /dev/crypto */
+        return;
+}
+#else
+#include <sys/types.h>
+#include <crypto/cryptodev.h>
+#include <sys/ioctl.h>
+#include <errno.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <stdarg.h>
+#include <syslog.h>
+#include <errno.h>
+#include <string.h>
+#ifdef __i386__
+#include <sys/sysctl.h>
+#include <machine/cpu.h>
+#include <machine/specialreg.h>
+#include <ssl/aes.h>
+static int check_viac3aes(void);
+#endif
+struct dev_crypto_state {
+        struct session_op d_sess;
+        int d_fd;
+};
+struct dev_crypto_cipher {
+        int     c_id;
+        int     c_nid;
+        int     c_ivmax;
+        int     c_keylen;
+};
+static u_int32_t cryptodev_asymfeat = 0;
+static int get_asym_dev_crypto(void);
+static int open_dev_crypto(void);
+static int get_dev_crypto(void);
+static struct dev_crypto_cipher *cipher_nid_to_cryptodev(int nid);
+static int get_cryptodev_ciphers(const int **cnids);
+/*static int get_cryptodev_digests(const int **cnids);*/
+static int cryptodev_usable_ciphers(const int **nids);
+static int cryptodev_usable_digests(const int **nids);
+static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+    const unsigned char *in, unsigned int inl);
+static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+    const unsigned char *iv, int enc);
+static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
+static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+    const int **nids, int nid);
+static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+    const int **nids, int nid);
+static int bn2crparam(const BIGNUM *a, struct crparam *crp);
+static int crparam2bn(struct crparam *crp, BIGNUM *a);
+static void zapparams(struct crypt_kop *kop);
+static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
+    int slen, BIGNUM *s);
+static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
+    RSA *rsa);
+static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
+    BN_CTX *ctx, BN_MONT_CTX *mont);
+static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst,
+    int dlen, DSA *dsa);
+static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
+    DSA_SIG *sig, DSA *dsa);
+static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+    BN_MONT_CTX *m_ctx);
+static int cryptodev_dh_compute_key(unsigned char *key,
+    const BIGNUM *pub_key, DH *dh);
+static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
+    void (*f)());
+void ENGINE_load_cryptodev(void);
+static const ENGINE_CMD_DEFN cryptodev_defns[] = {
+        { 0, NULL, NULL, 0 }
+};
+static struct dev_crypto_cipher ciphers[] = {
+        { CRYPTO_DES_CBC,               NID_des_cbc,            8,       8, },
+        { CRYPTO_3DES_CBC,              NID_des_ede3_cbc,       8,      24, },
+        { CRYPTO_AES_CBC,               NID_aes_128_cbc,        16,     16, },
+        { CRYPTO_AES_CBC,               NID_aes_192_cbc,        16,     24, },
+        { CRYPTO_AES_CBC,               NID_aes_256_cbc,        16,     32, },
+        { CRYPTO_BLF_CBC,               NID_bf_cbc,             8,      16, },
+        { CRYPTO_CAST_CBC,              NID_cast5_cbc,          8,      16, },
+        { CRYPTO_SKIPJACK_CBC,          NID_undef,              0,       0, },
+        { 0,                            NID_undef,              0,       0, },
+};
+#if 0 /* UNUSED */
+static struct {
+        int     id;
+        int     nid;
+} digests[] = {
+        { CRYPTO_SHA1_HMAC,             NID_hmacWithSHA1,       },
+        { CRYPTO_RIPEMD160_HMAC,        NID_ripemd160,          },
+        { CRYPTO_MD5_KPDK,              NID_undef,              },
+        { CRYPTO_SHA1_KPDK,             NID_undef,              },
+        { CRYPTO_MD5,                   NID_md5,                },
+        { CRYPTO_SHA1,                  NID_undef,              },
+        { 0,                            NID_undef,              },
+};
+#endif
+/*
+ * Return a fd if /dev/crypto seems usable, -1 otherwise.
+ */
+static int
+open_dev_crypto(void)
+{
+        static int fd = -1;
+        if (fd == -1) {
+                if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
+                        return (-1);
+                /* close on exec */
+                if (fcntl(fd, F_SETFD, 1) == -1) {
+                        close(fd);
+                        fd = -1;
+                        return (-1);
+                }
+        }
+        return (fd);
+}
+static int
+get_dev_crypto(void)
+{
+        int fd, retfd;
+        if ((fd = open_dev_crypto()) == -1)
+                return (-1);
+        if (ioctl(fd, CRIOGET, &retfd) == -1) {
+                close(fd);
+                return (-1);
+        }
+        /* close on exec */
+        if (fcntl(retfd, F_SETFD, 1) == -1) {
+                close(retfd);
+                return (-1);
+        }
+        return (retfd);
+}
+/* Caching version for asym operations */
+static int
+get_asym_dev_crypto(void)
+{
+        static int fd = -1;
+        if (fd == -1)
+                fd = get_dev_crypto();
+        return fd;
+}
+/* convert libcrypto nids to cryptodev */
+static struct dev_crypto_cipher *
+cipher_nid_to_cryptodev(int nid)
+{
+        int i;
+        for (i = 0; ciphers[i].c_id; i++)
+                if (ciphers[i].c_nid == nid)
+                        return (&ciphers[i]);
+        return (NULL);
+}
+/*
+ * Find out what ciphers /dev/crypto will let us have a session for.
+ * XXX note, that some of these openssl doesn't deal with yet!
+ * returning them here is harmless, as long as we return NULL
+ * when asked for a handler in the cryptodev_engine_ciphers routine
+ */
+static int
+get_cryptodev_ciphers(const int **cnids)
+{
+        static int nids[CRYPTO_ALGORITHM_MAX];
+        struct session_op sess;
+        int fd, i, count = 0;
+        if ((fd = get_dev_crypto()) < 0) {
+                *cnids = NULL;
+                return (0);
+        }
+        memset(&sess, 0, sizeof(sess));
+        sess.key = (caddr_t)"123456781234567812345678";
+        for (i = 0; ciphers[i].c_id && count < CRYPTO_ALGORITHM_MAX; i++) {
+                if (ciphers[i].c_nid == NID_undef)
+                        continue;
+                sess.cipher = ciphers[i].c_id;
+                sess.keylen = ciphers[i].c_keylen;
+                sess.mac = 0;
+                if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+                    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+                        nids[count++] = ciphers[i].c_nid;
+        }
+        close(fd);
+#if defined(__i386__)
+        /*
+         * On i386, always check for the VIA C3 AES instructions;
+         * even if /dev/crypto is disabled.
+         */
+        if (check_viac3aes() >= 1) {
+                int have_NID_aes_128_cbc = 0;
+                int have_NID_aes_192_cbc = 0;
+                int have_NID_aes_256_cbc = 0;
+                for (i = 0; i < count; i++) {
+                        if (nids[i] == NID_aes_128_cbc)
+                                have_NID_aes_128_cbc = 1;
+                        if (nids[i] == NID_aes_192_cbc)
+                                have_NID_aes_192_cbc = 1;
+                        if (nids[i] == NID_aes_256_cbc)
+                                have_NID_aes_256_cbc = 1;
+                }
+                if (!have_NID_aes_128_cbc)
+                        nids[count++] = NID_aes_128_cbc;
+                if (!have_NID_aes_192_cbc)
+                        nids[count++] = NID_aes_192_cbc;
+                if (!have_NID_aes_256_cbc)
+                        nids[count++] = NID_aes_256_cbc;
+        }
+#endif
+        if (count > 0)
+                *cnids = nids;
+        else
+                *cnids = NULL;
+        return (count);
+}
+/*
+ * Find out what digests /dev/crypto will let us have a session for.
+ * XXX note, that some of these openssl doesn't deal with yet!
+ * returning them here is harmless, as long as we return NULL
+ * when asked for a handler in the cryptodev_engine_digests routine
+ */
+#if 0 /* UNUSED */
+static int
+get_cryptodev_digests(const int **cnids)
+{
+        static int nids[CRYPTO_ALGORITHM_MAX];
+        struct session_op sess;
+        int fd, i, count = 0;
+        if ((fd = get_dev_crypto()) < 0) {
+                *cnids = NULL;
+                return (0);
+        }
+        memset(&sess, 0, sizeof(sess));
+        for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+                if (digests[i].nid == NID_undef)
+                        continue;
+                sess.mac = digests[i].id;
+                sess.cipher = 0;
+                if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+                    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+                        nids[count++] = digests[i].nid;
+        }
+        close(fd);
+        if (count > 0)
+                *cnids = nids;
+        else
+                *cnids = NULL;
+        return (count);
+}
+#endif
+/*
+ * Find the useable ciphers|digests from dev/crypto - this is the first
+ * thing called by the engine init crud which determines what it
+ * can use for ciphers from this engine. We want to return
+ * only what we can do, anythine else is handled by software.
+ *
+ * If we can't initialize the device to do anything useful for
+ * any reason, we want to return a NULL array, and 0 length,
+ * which forces everything to be done is software. By putting
+ * the initalization of the device in here, we ensure we can
+ * use this engine as the default, and if for whatever reason
+ * /dev/crypto won't do what we want it will just be done in
+ * software
+ *
+ * This can (should) be greatly expanded to perhaps take into
+ * account speed of the device, and what we want to do.
+ * (although the disabling of particular alg's could be controlled
+ * by the device driver with sysctl's.) - this is where we
+ * want most of the decisions made about what we actually want
+ * to use from /dev/crypto.
+ */
+static int
+cryptodev_usable_ciphers(const int **nids)
+{
+        return (get_cryptodev_ciphers(nids));
+}
+static int
+cryptodev_usable_digests(const int **nids)
+{
+        /*
+         * XXXX just disable all digests for now, because it sucks.
+         * we need a better way to decide this - i.e. I may not
+         * want digests on slow cards like hifn on fast machines,
+         * but might want them on slow or loaded machines, etc.
+         * will also want them when using crypto cards that don't
+         * suck moose gonads - would be nice to be able to decide something
+         * as reasonable default without having hackery that's card dependent.
+         * of course, the default should probably be just do everything,
+         * with perhaps a sysctl to turn algoritms off (or have them off
+         * by default) on cards that generally suck like the hifn.
+         */
+        *nids = NULL;
+        return (0);
+}
+static int
+cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+    const unsigned char *in, unsigned int inl)
+{
+        struct crypt_op cryp;
+        struct dev_crypto_state *state = ctx->cipher_data;
+        struct session_op *sess = &state->d_sess;
+        void *iiv;
+        unsigned char save_iv[EVP_MAX_IV_LENGTH];
+        if (state->d_fd < 0)
+                return (0);
+        if (!inl)
+                return (1);
+        if ((inl % ctx->cipher->block_size) != 0)
+                return (0);
+        memset(&cryp, 0, sizeof(cryp));
+        cryp.ses = sess->ses;
+        cryp.flags = 0;
+        cryp.len = inl;
+        cryp.src = (caddr_t) in;
+        cryp.dst = (caddr_t) out;
+        cryp.mac = 0;
+        cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+        if (ctx->cipher->iv_len) {
+                cryp.iv = (caddr_t) ctx->iv;
+                if (!ctx->encrypt) {
+                        iiv = (void *) in + inl - ctx->cipher->iv_len;
+                        memcpy(save_iv, iiv, ctx->cipher->iv_len);
+                }
+        } else
+                cryp.iv = NULL;
+        if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
+                /* XXX need better errror handling
+                 * this can fail for a number of different reasons.
+                 */
+                return (0);
+        }
+        if (ctx->cipher->iv_len) {
+                if (ctx->encrypt)
+                        iiv = (void *) out + inl - ctx->cipher->iv_len;
+                else
+                        iiv = save_iv;
+                memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
+        }
+        return (1);
+}
+static int
+cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+    const unsigned char *iv, int enc)
+{
+        struct dev_crypto_state *state = ctx->cipher_data;
+        struct session_op *sess = &state->d_sess;
+        struct dev_crypto_cipher *cipher;
+        if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NULL)
+                return (0);
+        if (ctx->cipher->iv_len > cipher->c_ivmax)
+                return (0);
+        if (ctx->key_len != cipher->c_keylen)
+                return (0);
+        memset(sess, 0, sizeof(struct session_op));
+        if ((state->d_fd = get_dev_crypto()) < 0)
+                return (0);
+        sess->key = (unsigned char *)key;
+        sess->keylen = ctx->key_len;
+        sess->cipher = cipher->c_id;
+        if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
+                close(state->d_fd);
+                state->d_fd = -1;
+                return (0);
+        }
+        return (1);
+}
+/*
+ * free anything we allocated earlier when initting a
+ * session, and close the session.
+ */
+static int
+cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
+{
+        int ret = 0;
+        struct dev_crypto_state *state = ctx->cipher_data;
+        struct session_op *sess = &state->d_sess;
+        if (state->d_fd < 0)
+                return (0);
+        /* XXX if this ioctl fails, someting's wrong. the invoker
+         * may have called us with a bogus ctx, or we could
+         * have a device that for whatever reason just doesn't
+         * want to play ball - it's not clear what's right
+         * here - should this be an error? should it just
+         * increase a counter, hmm. For right now, we return
+         * 0 - I don't believe that to be "right". we could
+         * call the gorpy openssl lib error handlers that
+         * print messages to users of the library. hmm..
+         */
+        if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
+                ret = 0;
+        } else {
+                ret = 1;
+        }
+        close(state->d_fd);
+        state->d_fd = -1;
+        return (ret);
+}
+/*
+ * libcrypto EVP stuff - this is how we get wired to EVP so the engine
+ * gets called when libcrypto requests a cipher NID.
+ */
+/* DES CBC EVP */
+const EVP_CIPHER cryptodev_des_cbc = {
+        NID_des_cbc,
+        8, 8, 8,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+/* 3DES CBC EVP */
+const EVP_CIPHER cryptodev_3des_cbc = {
+        NID_des_ede3_cbc,
+        8, 24, 8,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+const EVP_CIPHER cryptodev_bf_cbc = {
+        NID_bf_cbc,
+        8, 16, 8,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+const EVP_CIPHER cryptodev_cast_cbc = {
+        NID_cast5_cbc,
+        8, 16, 8,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+EVP_CIPHER cryptodev_aes_128_cbc = {
+        NID_aes_128_cbc,
+        16, 16, 16,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+EVP_CIPHER cryptodev_aes_192_cbc = {
+        NID_aes_192_cbc,
+        16, 24, 16,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+EVP_CIPHER cryptodev_aes_256_cbc = {
+        NID_aes_256_cbc,
+        16, 32, 16,
+        EVP_CIPH_CBC_MODE,
+        cryptodev_init_key,
+        cryptodev_cipher,
+        cryptodev_cleanup,
+        sizeof(struct dev_crypto_state),
+        EVP_CIPHER_set_asn1_iv,
+        EVP_CIPHER_get_asn1_iv,
+        NULL
+};
+#if defined(__i386__)
+static inline void
+viac3_xcrypt_cbc(int *cw, const void *src, void *dst, void *key, int rep,
+    void *iv)
+{
+#ifdef notdef
+        printf("cw %x[%x %x %x %x] src %x dst %x key %x rep %x iv %x\n",
+            cw, cw[0], cw[1], cw[2], cw[3],
+            src, dst, key, rep, iv);
+#endif
+        /*
+         * Clear bit 30 of EFLAGS.
+         */
+        __asm __volatile("pushfl; popfl");
+        /*
+         * Cannot simply place key into "b" register, since the compiler
+         * -pic mode uses that register; so instead we must dance a little.
+         */
+        __asm __volatile("pushl %%ebx; movl %0, %%ebx; rep xcrypt-cbc; popl %%ebx" :
+            : "mr" (key), "a" (iv), "c" (rep), "d" (cw), "S" (src), "D" (dst)
+            : "memory", "cc");
+}
+#define ISUNALIGNED(x)  ((long)(x)) & 15
+#define DOALIGN(v)      ((void *)(((long)(v) + 15) & ~15))
+static int
+xcrypt_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+    const unsigned char *in, unsigned int inl)
+{
+        unsigned char *save_iv_store[EVP_MAX_IV_LENGTH + 15];
+        unsigned char *save_iv = DOALIGN(save_iv_store);
+        unsigned char *ivs_store[EVP_MAX_IV_LENGTH + 15];
+        unsigned char *ivs = DOALIGN(ivs_store);
+        void *iiv, *iv = NULL, *ivp = NULL;
+        const void *usein = in;
+        void *useout = out, *spare;
+        int cws[4 + 3], *cw = DOALIGN(cws);
+        if (!inl)
+                return (1);
+        if ((inl % ctx->cipher->block_size) != 0)
+                return (0);
+        if (ISUNALIGNED(in) || ISUNALIGNED(out)) {
+                spare = malloc(inl);
+                if (spare == NULL)
+                        return (0);
+                if (ISUNALIGNED(in)) {
+                        bcopy(in, spare, inl);
+                        usein = spare;
+                }
+                if (ISUNALIGNED(out))
+                        useout = spare;
+        }
+        cw[0] = C3_CRYPT_CWLO_ALG_AES | C3_CRYPT_CWLO_KEYGEN_SW |
+            C3_CRYPT_CWLO_NORMAL;
+        cw[0] |= ctx->encrypt ? C3_CRYPT_CWLO_ENCRYPT : C3_CRYPT_CWLO_DECRYPT;
+        cw[1] = cw[2] = cw[3] = 0;
+        switch (ctx->key_len * 8) {
+        case 128:
+                cw[0] |= C3_CRYPT_CWLO_KEY128;
+                break;
+        case 192:
+                cw[0] |= C3_CRYPT_CWLO_KEY192;
+                break;
+        case 256:
+                cw[0] |= C3_CRYPT_CWLO_KEY256;
+                break;
+        }
+        if (ctx->cipher->iv_len) {
+                iv = (caddr_t) ctx->iv;
+                if (!ctx->encrypt) {
+                        iiv = (void *) in + inl - ctx->cipher->iv_len;
+                        memcpy(save_iv, iiv, ctx->cipher->iv_len);
+                }
+        }
+        ivp = iv;
+        if (ISUNALIGNED(iv)) {
+                bcopy(iv, ivs, ctx->cipher->iv_len);
+                ivp = ivs;
+        }
+        viac3_xcrypt_cbc(cw, usein, useout, ctx->cipher_data,  inl / 16, ivp);
+        if (ISUNALIGNED(in) || ISUNALIGNED(out)) {
+                if (ISUNALIGNED(out))
+                        bcopy(spare, out, inl);
+                free(spare);
+        }
+        if (ivp == ivs)
+                bcopy(ivp, iv, ctx->cipher->iv_len);
+        if (ctx->cipher->iv_len) {
+                if (ctx->encrypt)
+                        iiv = (void *) out + inl - ctx->cipher->iv_len;
+                else
+                        iiv = save_iv;
+                memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
+        }
+        return (1);
+}
+static int
+xcrypt_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+    const unsigned char *iv, int enc)
+{
+        AES_KEY *k = ctx->cipher_data;
+#ifndef AES_ASM
+        int i;
+#endif
+        bzero(k, sizeof *k);
+        if (enc)
+                AES_set_encrypt_key(key, ctx->key_len * 8, k);
+        else
+                AES_set_decrypt_key(key, ctx->key_len * 8, k);
+#ifndef AES_ASM
+        /*
+         * XXX Damn OpenSSL byte swaps the expanded key!!
+         *
+         * XXX But only if we're using the C implementation of AES
+         */
+        for (i = 0; i < 4 * (AES_MAXNR + 1); i++)
+                k->rd_key[i] = htonl(k->rd_key[i]);
+#endif
+        return (1);
+}
+static int
+xcrypt_cleanup(EVP_CIPHER_CTX *ctx)
+{
+        bzero(ctx->cipher_data, ctx->cipher->ctx_size);
+        return (1);
+}
+static int
+check_viac3aes(void)
+{
+        int mib[2] = { CTL_MACHDEP, CPU_XCRYPT }, value;
+        size_t size = sizeof(value);
+        if (sysctl(mib, sizeof(mib)/sizeof(mib[0]), &value, &size,
+            NULL, 0) < 0)
+                return (0);
+        if (value == 0)
+                return (0);
+        if (value & C3_HAS_AES) {
+                cryptodev_aes_128_cbc.init = xcrypt_init_key;
+                cryptodev_aes_128_cbc.do_cipher = xcrypt_cipher;
+                cryptodev_aes_128_cbc.cleanup = xcrypt_cleanup;
+                cryptodev_aes_128_cbc.ctx_size = sizeof(AES_KEY);
+                cryptodev_aes_192_cbc.init = xcrypt_init_key;
+                cryptodev_aes_192_cbc.do_cipher = xcrypt_cipher;
+                cryptodev_aes_192_cbc.cleanup = xcrypt_cleanup;
+                cryptodev_aes_192_cbc.ctx_size = sizeof(AES_KEY);
+                cryptodev_aes_256_cbc.init = xcrypt_init_key;
+                cryptodev_aes_256_cbc.do_cipher = xcrypt_cipher;
+                cryptodev_aes_256_cbc.cleanup = xcrypt_cleanup;
+                cryptodev_aes_256_cbc.ctx_size = sizeof(AES_KEY);
+        }
+        return (value);
+}
+#endif /* __i386__ */
+/*
+ * Registered by the ENGINE when used to find out how to deal with
+ * a particular NID in the ENGINE. this says what we'll do at the
+ * top level - note, that list is restricted by what we answer with
+ */
+static int
+cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+    const int **nids, int nid)
+{
+        if (!cipher)
+                return (cryptodev_usable_ciphers(nids));
+        switch (nid) {
+        case NID_des_ede3_cbc:
+                *cipher = &cryptodev_3des_cbc;
+                break;
+        case NID_des_cbc:
+                *cipher = &cryptodev_des_cbc;
+                break;
+        case NID_bf_cbc:
+                *cipher = &cryptodev_bf_cbc;
+                break;
+        case NID_cast5_cbc:
+                *cipher = &cryptodev_cast_cbc;
+                break;
+        case NID_aes_128_cbc:
+                *cipher = &cryptodev_aes_128_cbc;
+                break;
+        case NID_aes_192_cbc:
+                *cipher = &cryptodev_aes_192_cbc;
+                break;
+        case NID_aes_256_cbc:
+                *cipher = &cryptodev_aes_256_cbc;
+                break;
+        default:
+                *cipher = NULL;
+                break;
+        }
+        return (*cipher != NULL);
+}
+static int
+cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+    const int **nids, int nid)
+{
+        if (!digest)
+                return (cryptodev_usable_digests(nids));
+        switch (nid) {
+        case NID_md5:
+                *digest = NULL; /* need to make a clean md5 critter */
+                break;
+        default:
+                *digest = NULL;
+                break;
+        }
+        return (*digest != NULL);
+}
+/*
+ * Convert a BIGNUM to the representation that /dev/crypto needs.
+ * Upon completion of use, the caller is responsible for freeing
+ * crp->crp_p.
+ */
+static int
+bn2crparam(const BIGNUM *a, struct crparam *crp)
+{
+        int i, j, k;
+        ssize_t bytes, bits;
+        u_char *b;
+        crp->crp_p = NULL;
+        crp->crp_nbits = 0;
+        bits = BN_num_bits(a);
+        bytes = (bits + 7) / 8;
+        b = malloc(bytes);
+        if (b == NULL)
+                return (1);
+        crp->crp_p = b;
+        crp->crp_nbits = bits;
+        for (i = 0, j = 0; i < a->top; i++) {
+                for (k = 0; k < BN_BITS2 / 8; k++) {
+                        if ((j + k) >= bytes)
+                                return (0);
+                        b[j + k] = a->d[i] >> (k * 8);
+                }
+                j += BN_BITS2 / 8;
+        }
+        return (0);
+}
+/* Convert a /dev/crypto parameter to a BIGNUM */
+static int
+crparam2bn(struct crparam *crp, BIGNUM *a)
+{
+        u_int8_t *pd;
+        int i, bytes;
+        bytes = (crp->crp_nbits + 7) / 8;
+        if (bytes == 0)
+                return (-1);
+        if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
+                return (-1);
+        for (i = 0; i < bytes; i++)
+                pd[i] = crp->crp_p[bytes - i - 1];
+        BN_bin2bn(pd, bytes, a);
+        free(pd);
+        return (0);
+}
+static void
+zapparams(struct crypt_kop *kop)
+{
+        int i;
+        for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) {
+                if (kop->crk_param[i].crp_p)
+                        free(kop->crk_param[i].crp_p);
+                kop->crk_param[i].crp_p = NULL;
+                kop->crk_param[i].crp_nbits = 0;
+        }
+}
+static int
+cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
+{
+        int fd, ret = -1;
+        if ((fd = get_asym_dev_crypto()) < 0)
+                return (ret);
+        if (r) {
+                kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
+                kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
+                kop->crk_oparams++;
+        }
+        if (s) {
+                kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
+                kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
+                kop->crk_oparams++;
+        }
+        if (ioctl(fd, CIOCKEY, kop) == 0) {
+                if (r)
+                        crparam2bn(&kop->crk_param[kop->crk_iparams], r);
+                if (s)
+                        crparam2bn(&kop->crk_param[kop->crk_iparams+1], s);
+                ret = 0;
+        }
+        return (ret);
+}
+static int
+cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+        struct crypt_kop kop;
+        int ret = 1;
+        /* Currently, we know we can do mod exp iff we can do any
+         * asymmetric operations at all.
+         */
+        if (cryptodev_asymfeat == 0) {
+                ret = BN_mod_exp(r, a, p, m, ctx);
+                return (ret);
+        }
+        memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_MOD_EXP;
+        /* inputs: a^p % m */
+        if (bn2crparam(a, &kop.crk_param[0]))
+                goto err;
+        if (bn2crparam(p, &kop.crk_param[1]))
+                goto err;
+        if (bn2crparam(m, &kop.crk_param[2]))
+                goto err;
+        kop.crk_iparams = 3;
+        if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL) == -1) {
+                const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+                ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
+        }
+err:
+        zapparams(&kop);
+        return (ret);
+}
+static int
+cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+{
+        int r;
+        BN_CTX *ctx;
+        ctx = BN_CTX_new();
+        r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
+        BN_CTX_free(ctx);
+        return (r);
+}
+static int
+cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+{
+        struct crypt_kop kop;
+        int ret = 1;
+        if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+                /* XXX 0 means failure?? */
+                return (0);
+        }
+        memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_MOD_EXP_CRT;
+        /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
+        if (bn2crparam(rsa->p, &kop.crk_param[0]))
+                goto err;
+        if (bn2crparam(rsa->q, &kop.crk_param[1]))
+                goto err;
+        if (bn2crparam(I, &kop.crk_param[2]))
+                goto err;
+        if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
+                goto err;
+        if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
+                goto err;
+        if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
+                goto err;
+        kop.crk_iparams = 6;
+        if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) {
+                const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+                ret = (*meth->rsa_mod_exp)(r0, I, rsa);
+        }
+err:
+        zapparams(&kop);
+        return (ret);
+}
+static RSA_METHOD cryptodev_rsa = {
+        "cryptodev RSA method",
+        NULL,                           /* rsa_pub_enc */
+        NULL,                           /* rsa_pub_dec */
+        NULL,                           /* rsa_priv_enc */
+        NULL,                           /* rsa_priv_dec */
+        NULL,
+        NULL,
+        NULL,                           /* init */
+        NULL,                           /* finish */
+        0,                              /* flags */
+        NULL,                           /* app_data */
+        NULL,                           /* rsa_sign */
+        NULL                            /* rsa_verify */
+};
+static int
+cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+        return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+}
+static int
+cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
+    BN_CTX *ctx, BN_MONT_CTX *mont)
+{
+        BIGNUM t2;
+        int ret = 0;
+        BN_init(&t2);
+        /* v = ( g^u1 * y^u2 mod p ) mod q */
+        /* let t1 = g ^ u1 mod p */
+        ret = 0;
+        if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
+                goto err;
+        /* let t2 = y ^ u2 mod p */
+        if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
+                goto err;
+        /* let u1 = t1 * t2 mod p */
+        if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
+                goto err;
+        BN_copy(t1,u1);
+        ret = 1;
+err:
+        BN_free(&t2);
+        return(ret);
+}
+static DSA_SIG *
+cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+{
+        struct crypt_kop kop;
+        BIGNUM *r = NULL, *s = NULL;
+        DSA_SIG *dsaret = NULL;
+        if ((r = BN_new()) == NULL)
+                goto err;
+        if ((s = BN_new()) == NULL) {
+                BN_free(r);
+                goto err;
+        }
+        memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_DSA_SIGN;
+        /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+        kop.crk_param[0].crp_p = (caddr_t)dgst;
+        kop.crk_param[0].crp_nbits = dlen * 8;
+        if (bn2crparam(dsa->p, &kop.crk_param[1]))
+                goto err;
+        if (bn2crparam(dsa->q, &kop.crk_param[2]))
+                goto err;
+        if (bn2crparam(dsa->g, &kop.crk_param[3]))
+                goto err;
+        if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
+                goto err;
+        kop.crk_iparams = 5;
+        if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
+            BN_num_bytes(dsa->q), s) == 0) {
+                dsaret = DSA_SIG_new();
+                dsaret->r = r;
+                dsaret->s = s;
+        } else {
+                const DSA_METHOD *meth = DSA_OpenSSL();
+                BN_free(r);
+                BN_free(s);
+                dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
+        }
+err:
+        kop.crk_param[0].crp_p = NULL;
+        zapparams(&kop);
+        return (dsaret);
+}
+static int
+cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
+    DSA_SIG *sig, DSA *dsa)
+{
+        struct crypt_kop kop;
+        int dsaret = 1;
+        memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_DSA_VERIFY;
+        /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
+        kop.crk_param[0].crp_p = (caddr_t)dgst;
+        kop.crk_param[0].crp_nbits = dlen * 8;
+        if (bn2crparam(dsa->p, &kop.crk_param[1]))
+                goto err;
+        if (bn2crparam(dsa->q, &kop.crk_param[2]))
+                goto err;
+        if (bn2crparam(dsa->g, &kop.crk_param[3]))
+                goto err;
+        if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
+                goto err;
+        if (bn2crparam(sig->r, &kop.crk_param[5]))
+                goto err;
+        if (bn2crparam(sig->s, &kop.crk_param[6]))
+                goto err;
+        kop.crk_iparams = 7;
+        if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
+                dsaret = kop.crk_status;
+        } else {
+                const DSA_METHOD *meth = DSA_OpenSSL();
+                dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
+        }
+err:
+        kop.crk_param[0].crp_p = NULL;
+        zapparams(&kop);
+        return (dsaret);
+}
+static DSA_METHOD cryptodev_dsa = {
+        "cryptodev DSA method",
+        NULL,
+        NULL,                           /* dsa_sign_setup */
+        NULL,
+        NULL,                           /* dsa_mod_exp */
+        NULL,
+        NULL,                           /* init */
+        NULL,                           /* finish */
+        0,      /* flags */
+        NULL    /* app_data */
+};
+static int
+cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+    BN_MONT_CTX *m_ctx)
+{
+        return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+}
+static int
+cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+{
+        struct crypt_kop kop;
+        int dhret = 1;
+        int fd, keylen;
+        if ((fd = get_asym_dev_crypto()) < 0) {
+                const DH_METHOD *meth = DH_OpenSSL();
+                return ((meth->compute_key)(key, pub_key, dh));
+        }
+        keylen = BN_num_bits(dh->p);
+        memset(&kop, 0, sizeof kop);
+        kop.crk_op = CRK_DH_COMPUTE_KEY;
+        /* inputs: dh->priv_key pub_key dh->p key */
+        if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
+                goto err;
+        if (bn2crparam(pub_key, &kop.crk_param[1]))
+                goto err;
+        if (bn2crparam(dh->p, &kop.crk_param[2]))
+                goto err;
+        kop.crk_iparams = 3;
+        kop.crk_param[3].crp_p = key;
+        kop.crk_param[3].crp_nbits = keylen * 8;
+        kop.crk_oparams = 1;
+        if (ioctl(fd, CIOCKEY, &kop) == -1) {
+                const DH_METHOD *meth = DH_OpenSSL();
+                dhret = (meth->compute_key)(key, pub_key, dh);
+        }
+err:
+        kop.crk_param[3].crp_p = NULL;
+        zapparams(&kop);
+        return (dhret);
+}
+static DH_METHOD cryptodev_dh = {
+        "cryptodev DH method",
+        NULL,                           /* cryptodev_dh_generate_key */
+        NULL,
+        NULL,
+        NULL,
+        NULL,
+        0,      /* flags */
+        NULL    /* app_data */
+};
+/*
+ * ctrl right now is just a wrapper that doesn't do much
+ * but I expect we'll want some options soon.
+ */
+static int
+cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+{
+#ifdef HAVE_SYSLOG_R
+        struct syslog_data sd = SYSLOG_DATA_INIT;
+#endif
+        switch (cmd) {
+        default:
+#ifdef HAVE_SYSLOG_R
+                syslog_r(LOG_ERR, &sd,
+                    "cryptodev_ctrl: unknown command %d", cmd);
+#else
+                syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
+#endif
+                break;
+        }
+        return (1);
+}
+void
+ENGINE_load_cryptodev(void)
+{
+        ENGINE *engine = ENGINE_new();
+        int fd;
+        if (engine == NULL)
+                return;
+        if ((fd = get_dev_crypto()) < 0) {
+                ENGINE_free(engine);
+                return;
+        }
+        /*
+         * find out what asymmetric crypto algorithms we support
+         */
+        if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
+                close(fd);
+                ENGINE_free(engine);
+                return;
+        }
+        close(fd);
+        if (!ENGINE_set_id(engine, "cryptodev") ||
+            !ENGINE_set_name(engine, "BSD cryptodev engine") ||
+            !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
+            !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
+            !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
+            !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
+                ENGINE_free(engine);
+                return;
+        }
+        if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
+                const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
+                cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
+                cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
+                cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
+                cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
+                cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
+                cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
+                if (cryptodev_asymfeat & CRF_MOD_EXP) {
+                        cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
+                        if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
+                                cryptodev_rsa.rsa_mod_exp =
+                                    cryptodev_rsa_mod_exp;
+                        else
+                                cryptodev_rsa.rsa_mod_exp =
+                                    cryptodev_rsa_nocrt_mod_exp;
+                }
+        }
+        if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
+                const DSA_METHOD *meth = DSA_OpenSSL();
+                memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
+                if (cryptodev_asymfeat & CRF_DSA_SIGN)
+                        cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
+                if (cryptodev_asymfeat & CRF_MOD_EXP) {
+                        cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
+                        cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
+                }
+                if (cryptodev_asymfeat & CRF_DSA_VERIFY)
+                        cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
+        }
+        if (ENGINE_set_DH(engine, &cryptodev_dh)){
+                const DH_METHOD *dh_meth = DH_OpenSSL();
+                cryptodev_dh.generate_key = dh_meth->generate_key;
+                cryptodev_dh.compute_key = dh_meth->compute_key;
+                cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
+                if (cryptodev_asymfeat & CRF_MOD_EXP) {
+                        cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
+                        if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
+                                cryptodev_dh.compute_key =
+                                    cryptodev_dh_compute_key;
+                }
+        }
+        ENGINE_add(engine);
+        ENGINE_free(engine);
+        ERR_clear_error();
+}
+#endif /* HAVE_CRYPTODEV */
diff --git a/src/lib/libcrypto/engine/hw_cswift.c b/src/lib/libcrypto/engine/hw_cswift.c
new file mode 100644
index 0000000000..1411fd8333
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_cswift.c
@@ -0,0 +1,1109 @@
+/* crypto/engine/hw_cswift.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_CSWIFT
+/* Attribution notice: Rainbow have generously allowed me to reproduce
+ * the necessary definitions here from their API. This means the support
+ * can build independently of whether application builders have the
+ * API or hardware. This will allow developers to easily produce software
+ * that has latent hardware support for any users that have accelerators
+ * installed, without the developers themselves needing anything extra.
+ *
+ * I have only clipped the parts from the CryptoSwift header files that
+ * are (or seem) relevant to the CryptoSwift support code. This is
+ * simply to keep the file sizes reasonable.
+ * [Geoff]
+ */
+#ifdef FLAT_INC
+#include "cswift.h"
+#else
+#include "vendor_defns/cswift.h"
+#endif
+#define CSWIFT_LIB_NAME "cswift engine"
+#include "hw_cswift_err.c"
+static int cswift_destroy(ENGINE *e);
+static int cswift_init(ENGINE *e);
+static int cswift_finish(ENGINE *e);
+static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+static int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in);
+/* BIGNUM stuff */
+static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx);
+static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
+                const BIGNUM *iqmp, BN_CTX *ctx);
+#ifndef OPENSSL_NO_RSA
+/* RSA stuff */
+static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+#endif
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#ifndef OPENSSL_NO_DSA
+/* DSA stuff */
+static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
+                                DSA_SIG *sig, DSA *dsa);
+#endif
+#ifndef OPENSSL_NO_DH
+/* DH stuff */
+/* This function is alised to mod_exp (with the DH and mont dropped). */
+static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
+                const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#endif
+/* RAND stuff */
+static int cswift_rand_bytes(unsigned char *buf, int num);
+static int cswift_rand_status(void);
+/* The definitions for control commands specific to this engine */
+#define CSWIFT_CMD_SO_PATH              ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN cswift_cmd_defns[] = {
+        {CSWIFT_CMD_SO_PATH,
+                "SO_PATH",
+                "Specifies the path to the 'cswift' shared library",
+                ENGINE_CMD_FLAG_STRING},
+        {0, NULL, NULL, 0}
+        };
+#ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD cswift_rsa =
+        {
+        "CryptoSwift RSA method",
+        NULL,
+        NULL,
+        NULL,
+        NULL,
+        cswift_rsa_mod_exp,
+        cswift_mod_exp_mont,
+        NULL,
+        NULL,
+        0,
+        NULL,
+        NULL,
+        NULL
+        };
+#endif
+#ifndef OPENSSL_NO_DSA
+/* Our internal DSA_METHOD that we provide pointers to */
+static DSA_METHOD cswift_dsa =
+        {
+        "CryptoSwift DSA method",
+        cswift_dsa_sign,
+        NULL, /* dsa_sign_setup */
+        cswift_dsa_verify,
+        NULL, /* dsa_mod_exp */
+        NULL, /* bn_mod_exp */
+        NULL, /* init */
+        NULL, /* finish */
+        0, /* flags */
+        NULL /* app_data */
+        };
+#endif
+#ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD cswift_dh =
+        {
+        "CryptoSwift DH method",
+        NULL,
+        NULL,
+        cswift_mod_exp_dh,
+        NULL,
+        NULL,
+        0,
+        NULL
+        };
+#endif
+static RAND_METHOD cswift_random =
+    {
+    /* "CryptoSwift RAND method", */
+    NULL,
+    cswift_rand_bytes,
+    NULL,
+    NULL,
+    cswift_rand_bytes,
+    cswift_rand_status,
+    };
+/* Constants used when creating the ENGINE */
+static const char *engine_cswift_id = "cswift";
+static const char *engine_cswift_name = "CryptoSwift hardware engine support";
+/* This internal function is used by ENGINE_cswift() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_helper(ENGINE *e)
+        {
+#ifndef OPENSSL_NO_RSA
+        const RSA_METHOD *meth1;
+#endif
+#ifndef OPENSSL_NO_DH
+        const DH_METHOD *meth2;
+#endif
+        if(!ENGINE_set_id(e, engine_cswift_id) ||
+                        !ENGINE_set_name(e, engine_cswift_name) ||
+#ifndef OPENSSL_NO_RSA
+                        !ENGINE_set_RSA(e, &cswift_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DSA
+                        !ENGINE_set_DSA(e, &cswift_dsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
+                        !ENGINE_set_DH(e, &cswift_dh) ||
+#endif
+                        !ENGINE_set_RAND(e, &cswift_random) ||
+                        !ENGINE_set_destroy_function(e, cswift_destroy) ||
+                        !ENGINE_set_init_function(e, cswift_init) ||
+                        !ENGINE_set_finish_function(e, cswift_finish) ||
+                        !ENGINE_set_ctrl_function(e, cswift_ctrl) ||
+                        !ENGINE_set_cmd_defns(e, cswift_cmd_defns))
+                return 0;
+#ifndef OPENSSL_NO_RSA
+        /* We know that the "PKCS1_SSLeay()" functions hook properly
+         * to the cswift-specific mod_exp and mod_exp_crt so we use
+         * those functions. NB: We don't use ENGINE_openssl() or
+         * anything "more generic" because something like the RSAref
+         * code may not hook properly, and if you own one of these
+         * cards then you have the right to do RSA operations on it
+         * anyway! */ 
+        meth1 = RSA_PKCS1_SSLeay();
+        cswift_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+        cswift_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+        cswift_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+        cswift_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+#endif
+#ifndef OPENSSL_NO_DH
+        /* Much the same for Diffie-Hellman */
+        meth2 = DH_OpenSSL();
+        cswift_dh.generate_key = meth2->generate_key;
+        cswift_dh.compute_key = meth2->compute_key;
+#endif
+        /* Ensure the cswift error handling is set up */
+        ERR_load_CSWIFT_strings();
+        return 1;
+        }
+#ifndef ENGINE_DYNAMIC_SUPPORT
+static ENGINE *engine_cswift(void)
+        {
+        ENGINE *ret = ENGINE_new();
+        if(!ret)
+                return NULL;
+        if(!bind_helper(ret))
+                {
+                ENGINE_free(ret);
+                return NULL;
+                }
+        return ret;
+        }
+void ENGINE_load_cswift(void)
+        {
+        /* Copied from eng_[openssl|dyn].c */
+        ENGINE *toadd = engine_cswift();
+        if(!toadd) return;
+        ENGINE_add(toadd);
+        ENGINE_free(toadd);
+        ERR_clear_error();
+        }
+#endif
+/* This is a process-global DSO handle used for loading and unloading
+ * the CryptoSwift library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *cswift_dso = NULL;
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+t_swAcquireAccContext *p_CSwift_AcquireAccContext = NULL;
+t_swAttachKeyParam *p_CSwift_AttachKeyParam = NULL;
+t_swSimpleRequest *p_CSwift_SimpleRequest = NULL;
+t_swReleaseAccContext *p_CSwift_ReleaseAccContext = NULL;
+/* Used in the DSO operations. */
+static const char *CSWIFT_LIBNAME = NULL;
+static const char *get_CSWIFT_LIBNAME(void)
+        {
+        if(CSWIFT_LIBNAME)
+                return CSWIFT_LIBNAME;
+        return "swift";
+        }
+static void free_CSWIFT_LIBNAME(void)
+        {
+        if(CSWIFT_LIBNAME)
+                OPENSSL_free((void*)CSWIFT_LIBNAME);
+        CSWIFT_LIBNAME = NULL;
+        }
+static long set_CSWIFT_LIBNAME(const char *name)
+        {
+        free_CSWIFT_LIBNAME();
+        return (((CSWIFT_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+        }
+static const char *CSWIFT_F1 = "swAcquireAccContext";
+static const char *CSWIFT_F2 = "swAttachKeyParam";
+static const char *CSWIFT_F3 = "swSimpleRequest";
+static const char *CSWIFT_F4 = "swReleaseAccContext";
+/* CryptoSwift library functions and mechanics - these are used by the
+ * higher-level functions further down. NB: As and where there's no
+ * error checking, take a look lower down where these functions are
+ * called, the checking and error handling is probably down there. */
+/* utility function to obtain a context */
+static int get_context(SW_CONTEXT_HANDLE *hac)
+        {
+        SW_STATUS status;
+ 
+        status = p_CSwift_AcquireAccContext(hac);
+        if(status != SW_OK)
+                return 0;
+        return 1;
+        }
+ 
+/* similarly to release one. */
+static void release_context(SW_CONTEXT_HANDLE hac)
+        {
+        p_CSwift_ReleaseAccContext(hac);
+        }
+/* Destructor (complements the "ENGINE_cswift()" constructor) */
+static int cswift_destroy(ENGINE *e)
+        {
+        free_CSWIFT_LIBNAME();
+        ERR_unload_CSWIFT_strings();
+        return 1;
+        }
+/* (de)initialisation functions. */
+static int cswift_init(ENGINE *e)
+        {
+        SW_CONTEXT_HANDLE hac;
+        t_swAcquireAccContext *p1;
+        t_swAttachKeyParam *p2;
+        t_swSimpleRequest *p3;
+        t_swReleaseAccContext *p4;
+        if(cswift_dso != NULL)
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_ALREADY_LOADED);
+                goto err;
+                }
+        /* Attempt to load libswift.so/swift.dll/whatever. */
+        cswift_dso = DSO_load(NULL, get_CSWIFT_LIBNAME(), NULL, 0);
+        if(cswift_dso == NULL)
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED);
+                goto err;
+                }
+        if(!(p1 = (t_swAcquireAccContext *)
+                                DSO_bind_func(cswift_dso, CSWIFT_F1)) ||
+                        !(p2 = (t_swAttachKeyParam *)
+                                DSO_bind_func(cswift_dso, CSWIFT_F2)) ||
+                        !(p3 = (t_swSimpleRequest *)
+                                DSO_bind_func(cswift_dso, CSWIFT_F3)) ||
+                        !(p4 = (t_swReleaseAccContext *)
+                                DSO_bind_func(cswift_dso, CSWIFT_F4)))
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED);
+                goto err;
+                }
+        /* Copy the pointers */
+        p_CSwift_AcquireAccContext = p1;
+        p_CSwift_AttachKeyParam = p2;
+        p_CSwift_SimpleRequest = p3;
+        p_CSwift_ReleaseAccContext = p4;
+        /* Try and get a context - if not, we may have a DSO but no
+         * accelerator! */
+        if(!get_context(&hac))
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_UNIT_FAILURE);
+                goto err;
+                }
+        release_context(hac);
+        /* Everything's fine. */
+        return 1;
+err:
+        if(cswift_dso)
+        {
+                DSO_free(cswift_dso);
+                cswift_dso = NULL;
+        }
+        p_CSwift_AcquireAccContext = NULL;
+        p_CSwift_AttachKeyParam = NULL;
+        p_CSwift_SimpleRequest = NULL;
+        p_CSwift_ReleaseAccContext = NULL;
+        return 0;
+        }
+static int cswift_finish(ENGINE *e)
+        {
+        free_CSWIFT_LIBNAME();
+        if(cswift_dso == NULL)
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_NOT_LOADED);
+                return 0;
+                }
+        if(!DSO_free(cswift_dso))
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_UNIT_FAILURE);
+                return 0;
+                }
+        cswift_dso = NULL;
+        p_CSwift_AcquireAccContext = NULL;
+        p_CSwift_AttachKeyParam = NULL;
+        p_CSwift_SimpleRequest = NULL;
+        p_CSwift_ReleaseAccContext = NULL;
+        return 1;
+        }
+static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+        {
+        int initialised = ((cswift_dso == NULL) ? 0 : 1);
+        switch(cmd)
+                {
+        case CSWIFT_CMD_SO_PATH:
+                if(p == NULL)
+                        {
+                        CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+                        return 0;
+                        }
+                if(initialised)
+                        {
+                        CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_ALREADY_LOADED);
+                        return 0;
+                        }
+                return set_CSWIFT_LIBNAME((const char *)p);
+        default:
+                break;
+                }
+        CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+        return 0;
+        }
+/* Un petit mod_exp */
+static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                        const BIGNUM *m, BN_CTX *ctx)
+        {
+        /* I need somewhere to store temporary serialised values for
+         * use with the CryptoSwift API calls. A neat cheat - I'll use
+         * BIGNUMs from the BN_CTX but access their arrays directly as
+         * byte arrays <grin>. This way I don't have to clean anything
+         * up. */
+        BIGNUM *modulus;
+        BIGNUM *exponent;
+        BIGNUM *argument;
+        BIGNUM *result;
+        SW_STATUS sw_status;
+        SW_LARGENUMBER arg, res;
+        SW_PARAM sw_param;
+        SW_CONTEXT_HANDLE hac;
+        int to_return, acquired;
+ 
+        modulus = exponent = argument = result = NULL;
+        to_return = 0; /* expect failure */
+        acquired = 0;
+ 
+        if(!get_context(&hac))
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_UNIT_FAILURE);
+                goto err;
+                }
+        acquired = 1;
+        /* Prepare the params */
+        BN_CTX_start(ctx);
+        modulus = BN_CTX_get(ctx);
+        exponent = BN_CTX_get(ctx);
+        argument = BN_CTX_get(ctx);
+        result = BN_CTX_get(ctx);
+        if(!result)
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_CTX_FULL);
+                goto err;
+                }
+        if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, p->top) ||
+                !bn_wexpand(argument, a->top) || !bn_wexpand(result, m->top))
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_EXPAND_FAIL);
+                goto err;
+                }
+        sw_param.type = SW_ALG_EXP;
+        sw_param.up.exp.modulus.nbytes = BN_bn2bin(m,
+                (unsigned char *)modulus->d);
+        sw_param.up.exp.modulus.value = (unsigned char *)modulus->d;
+        sw_param.up.exp.exponent.nbytes = BN_bn2bin(p,
+                (unsigned char *)exponent->d);
+        sw_param.up.exp.exponent.value = (unsigned char *)exponent->d;
+        /* Attach the key params */
+        sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+        switch(sw_status)
+                {
+        case SW_OK:
+                break;
+        case SW_ERR_INPUT_SIZE:
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BAD_KEY_SIZE);
+                goto err;
+        default:
+                {
+                char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
+                sprintf(tmpbuf, "%ld", sw_status);
+                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+                }
+                goto err;
+                }
+        /* Prepare the argument and response */
+        arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
+        arg.value = (unsigned char *)argument->d;
+        res.nbytes = BN_num_bytes(m);
+        memset(result->d, 0, res.nbytes);
+        res.value = (unsigned char *)result->d;
+        /* Perform the operation */
+        if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,
+                &res, 1)) != SW_OK)
+                {
+                char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
+                sprintf(tmpbuf, "%ld", sw_status);
+                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+                goto err;
+                }
+        /* Convert the response */
+        BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
+        to_return = 1;
+err:
+        if(acquired)
+                release_context(hac);
+        BN_CTX_end(ctx);
+        return to_return;
+        }
+int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in)
+{
+        int mod;
+        int numbytes = BN_num_bytes(in);
+        mod = 0;
+        while( ((out->nbytes = (numbytes+mod)) % 32) )
+        {
+                mod++;
+        }
+        out->value = (unsigned char*)OPENSSL_malloc(out->nbytes);
+        if(!out->value)
+        {
+                return 0;
+        }
+        BN_bn2bin(in, &out->value[mod]);
+        if(mod)
+                memset(out->value, 0, mod);
+        return 1;
+}
+/* Un petit mod_exp chinois */
+static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                        const BIGNUM *q, const BIGNUM *dmp1,
+                        const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
+        {
+        SW_STATUS sw_status;
+        SW_LARGENUMBER arg, res;
+        SW_PARAM sw_param;
+        SW_CONTEXT_HANDLE hac;
+        BIGNUM *result = NULL;
+        BIGNUM *argument = NULL;
+        int to_return = 0; /* expect failure */
+        int acquired = 0;
+        sw_param.up.crt.p.value = NULL;
+        sw_param.up.crt.q.value = NULL;
+        sw_param.up.crt.dmp1.value = NULL;
+        sw_param.up.crt.dmq1.value = NULL;
+        sw_param.up.crt.iqmp.value = NULL;
+ 
+        if(!get_context(&hac))
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_UNIT_FAILURE);
+                goto err;
+                }
+        acquired = 1;
+        /* Prepare the params */
+        argument = BN_new();
+        result = BN_new();
+        if(!result || !argument)
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL);
+                goto err;
+                }
+        sw_param.type = SW_ALG_CRT;
+        /************************************************************************/
+        /* 04/02/2003                                                           */
+        /* Modified by Frederic Giudicelli (deny-all.com) to overcome the       */
+        /* limitation of cswift with values not a multiple of 32                */
+        /************************************************************************/
+        if(!cswift_bn_32copy(&sw_param.up.crt.p, p))
+        {
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+                goto err;
+        }
+        if(!cswift_bn_32copy(&sw_param.up.crt.q, q))
+        {
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+                goto err;
+        }
+        if(!cswift_bn_32copy(&sw_param.up.crt.dmp1, dmp1))
+        {
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+                goto err;
+        }
+        if(!cswift_bn_32copy(&sw_param.up.crt.dmq1, dmq1))
+        {
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+                goto err;
+        }
+        if(!cswift_bn_32copy(&sw_param.up.crt.iqmp, iqmp))
+        {
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+                goto err;
+        }
+        if(     !bn_wexpand(argument, a->top) ||
+                        !bn_wexpand(result, p->top + q->top))
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+                goto err;
+                }
+        /* Attach the key params */
+        sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+        switch(sw_status)
+                {
+        case SW_OK:
+                break;
+        case SW_ERR_INPUT_SIZE:
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BAD_KEY_SIZE);
+                goto err;
+        default:
+                {
+                char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
+                sprintf(tmpbuf, "%ld", sw_status);
+                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+                }
+                goto err;
+                }
+        /* Prepare the argument and response */
+        arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
+        arg.value = (unsigned char *)argument->d;
+        res.nbytes = 2 * BN_num_bytes(p);
+        memset(result->d, 0, res.nbytes);
+        res.value = (unsigned char *)result->d;
+        /* Perform the operation */
+        if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1,
+                &res, 1)) != SW_OK)
+                {
+                char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+                CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
+                sprintf(tmpbuf, "%ld", sw_status);
+                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+                goto err;
+                }
+        /* Convert the response */
+        BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
+        to_return = 1;
+err:
+        if(sw_param.up.crt.p.value)
+                OPENSSL_free(sw_param.up.crt.p.value);
+        if(sw_param.up.crt.q.value)
+                OPENSSL_free(sw_param.up.crt.q.value);
+        if(sw_param.up.crt.dmp1.value)
+                OPENSSL_free(sw_param.up.crt.dmp1.value);
+        if(sw_param.up.crt.dmq1.value)
+                OPENSSL_free(sw_param.up.crt.dmq1.value);
+        if(sw_param.up.crt.iqmp.value)
+                OPENSSL_free(sw_param.up.crt.iqmp.value);
+        if(result)
+                BN_free(result);
+        if(argument)
+                BN_free(argument);
+        if(acquired)
+                release_context(hac);
+        return to_return;
+        }
+ 
+#ifndef OPENSSL_NO_RSA
+static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+        {
+        BN_CTX *ctx;
+        int to_return = 0;
+        const RSA_METHOD * def_rsa_method;
+        /* Try the limits of RSA (2048 bits) */
+        if(BN_num_bytes(rsa->p) > 128 ||
+                BN_num_bytes(rsa->q) > 128 ||
+                BN_num_bytes(rsa->dmp1) > 128 ||
+                BN_num_bytes(rsa->dmq1) > 128 ||
+                BN_num_bytes(rsa->iqmp) > 128)
+        {
+#ifdef RSA_NULL
+                def_rsa_method=RSA_null_method();
+#else
+#if 0
+                def_rsa_method=RSA_PKCS1_RSAref();
+#else
+                def_rsa_method=RSA_PKCS1_SSLeay();
+#endif
+#endif
+                if(def_rsa_method)
+                        return def_rsa_method->rsa_mod_exp(r0, I, rsa);
+        }
+        if((ctx = BN_CTX_new()) == NULL)
+                goto err;
+        if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_RSA_MOD_EXP,CSWIFT_R_MISSING_KEY_COMPONENTS);
+                goto err;
+                }
+        to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
+                rsa->dmq1, rsa->iqmp, ctx);
+err:
+        if(ctx)
+                BN_CTX_free(ctx);
+        return to_return;
+        }
+#endif
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+        {
+        const RSA_METHOD * def_rsa_method;
+        /* Try the limits of RSA (2048 bits) */
+        if(BN_num_bytes(r) > 256 ||
+                BN_num_bytes(a) > 256 ||
+                BN_num_bytes(m) > 256)
+        {
+#ifdef RSA_NULL
+                def_rsa_method=RSA_null_method();
+#else
+#if 0
+                def_rsa_method=RSA_PKCS1_RSAref();
+#else
+                def_rsa_method=RSA_PKCS1_SSLeay();
+#endif
+#endif
+                if(def_rsa_method)
+                        return def_rsa_method->bn_mod_exp(r, a, p, m, ctx, m_ctx);
+        }
+        return cswift_mod_exp(r, a, p, m, ctx);
+        }
+#ifndef OPENSSL_NO_DSA
+static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+        {
+        SW_CONTEXT_HANDLE hac;
+        SW_PARAM sw_param;
+        SW_STATUS sw_status;
+        SW_LARGENUMBER arg, res;
+        unsigned char *ptr;
+        BN_CTX *ctx;
+        BIGNUM *dsa_p = NULL;
+        BIGNUM *dsa_q = NULL;
+        BIGNUM *dsa_g = NULL;
+        BIGNUM *dsa_key = NULL;
+        BIGNUM *result = NULL;
+        DSA_SIG *to_return = NULL;
+        int acquired = 0;
+        if((ctx = BN_CTX_new()) == NULL)
+                goto err;
+        if(!get_context(&hac))
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_UNIT_FAILURE);
+                goto err;
+                }
+        acquired = 1;
+        /* Prepare the params */
+        BN_CTX_start(ctx);
+        dsa_p = BN_CTX_get(ctx);
+        dsa_q = BN_CTX_get(ctx);
+        dsa_g = BN_CTX_get(ctx);
+        dsa_key = BN_CTX_get(ctx);
+        result = BN_CTX_get(ctx);
+        if(!result)
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_CTX_FULL);
+                goto err;
+                }
+        if(!bn_wexpand(dsa_p, dsa->p->top) ||
+                        !bn_wexpand(dsa_q, dsa->q->top) ||
+                        !bn_wexpand(dsa_g, dsa->g->top) ||
+                        !bn_wexpand(dsa_key, dsa->priv_key->top) ||
+                        !bn_wexpand(result, dsa->p->top))
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_EXPAND_FAIL);
+                goto err;
+                }
+        sw_param.type = SW_ALG_DSA;
+        sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
+                                (unsigned char *)dsa_p->d);
+        sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
+        sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
+                                (unsigned char *)dsa_q->d);
+        sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
+        sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
+                                (unsigned char *)dsa_g->d);
+        sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
+        sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->priv_key,
+                                (unsigned char *)dsa_key->d);
+        sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
+        /* Attach the key params */
+        sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+        switch(sw_status)
+                {
+        case SW_OK:
+                break;
+        case SW_ERR_INPUT_SIZE:
+                CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BAD_KEY_SIZE);
+                goto err;
+        default:
+                {
+                char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+                CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
+                sprintf(tmpbuf, "%ld", sw_status);
+                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+                }
+                goto err;
+                }
+        /* Prepare the argument and response */
+        arg.nbytes = dlen;
+        arg.value = (unsigned char *)dgst;
+        res.nbytes = BN_num_bytes(dsa->p);
+        memset(result->d, 0, res.nbytes);
+        res.value = (unsigned char *)result->d;
+        /* Perform the operation */
+        sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_SIGN, &arg, 1,
+                &res, 1);
+        if(sw_status != SW_OK)
+                {
+                char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+                CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
+                sprintf(tmpbuf, "%ld", sw_status);
+                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+                goto err;
+                }
+        /* Convert the response */
+        ptr = (unsigned char *)result->d;
+        if((to_return = DSA_SIG_new()) == NULL)
+                goto err;
+        to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL);
+        to_return->s = BN_bin2bn((unsigned char *)result->d + 20, 20, NULL);
+err:
+        if(acquired)
+                release_context(hac);
+        if(ctx)
+                {
+                BN_CTX_end(ctx);
+                BN_CTX_free(ctx);
+                }
+        return to_return;
+        }
+static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
+                                DSA_SIG *sig, DSA *dsa)
+        {
+        SW_CONTEXT_HANDLE hac;
+        SW_PARAM sw_param;
+        SW_STATUS sw_status;
+        SW_LARGENUMBER arg[2], res;
+        unsigned long sig_result;
+        BN_CTX *ctx;
+        BIGNUM *dsa_p = NULL;
+        BIGNUM *dsa_q = NULL;
+        BIGNUM *dsa_g = NULL;
+        BIGNUM *dsa_key = NULL;
+        BIGNUM *argument = NULL;
+        int to_return = -1;
+        int acquired = 0;
+        if((ctx = BN_CTX_new()) == NULL)
+                goto err;
+        if(!get_context(&hac))
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_UNIT_FAILURE);
+                goto err;
+                }
+        acquired = 1;
+        /* Prepare the params */
+        BN_CTX_start(ctx);
+        dsa_p = BN_CTX_get(ctx);
+        dsa_q = BN_CTX_get(ctx);
+        dsa_g = BN_CTX_get(ctx);
+        dsa_key = BN_CTX_get(ctx);
+        argument = BN_CTX_get(ctx);
+        if(!argument)
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_CTX_FULL);
+                goto err;
+                }
+        if(!bn_wexpand(dsa_p, dsa->p->top) ||
+                        !bn_wexpand(dsa_q, dsa->q->top) ||
+                        !bn_wexpand(dsa_g, dsa->g->top) ||
+                        !bn_wexpand(dsa_key, dsa->pub_key->top) ||
+                        !bn_wexpand(argument, 40))
+                {
+                CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_EXPAND_FAIL);
+                goto err;
+                }
+        sw_param.type = SW_ALG_DSA;
+        sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
+                                (unsigned char *)dsa_p->d);
+        sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
+        sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
+                                (unsigned char *)dsa_q->d);
+        sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
+        sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
+                                (unsigned char *)dsa_g->d);
+        sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
+        sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->pub_key,
+                                (unsigned char *)dsa_key->d);
+        sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
+        /* Attach the key params */
+        sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+        switch(sw_status)
+                {
+        case SW_OK:
+                break;
+        case SW_ERR_INPUT_SIZE:
+                CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BAD_KEY_SIZE);
+                goto err;
+        default:
+                {
+                char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+                CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
+                sprintf(tmpbuf, "%ld", sw_status);
+                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+                }
+                goto err;
+                }
+        /* Prepare the argument and response */
+        arg[0].nbytes = dgst_len;
+        arg[0].value = (unsigned char *)dgst;
+        arg[1].nbytes = 40;
+        arg[1].value = (unsigned char *)argument->d;
+        memset(arg[1].value, 0, 40);
+        BN_bn2bin(sig->r, arg[1].value + 20 - BN_num_bytes(sig->r));
+        BN_bn2bin(sig->s, arg[1].value + 40 - BN_num_bytes(sig->s));
+        res.nbytes = 4; /* unsigned long */
+        res.value = (unsigned char *)(&sig_result);
+        /* Perform the operation */
+        sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_VERIFY, arg, 2,
+                &res, 1);
+        if(sw_status != SW_OK)
+                {
+                char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+                CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
+                sprintf(tmpbuf, "%ld", sw_status);
+                ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+                goto err;
+                }
+        /* Convert the response */
+        to_return = ((sig_result == 0) ? 0 : 1);
+err:
+        if(acquired)
+                release_context(hac);
+        if(ctx)
+                {
+                BN_CTX_end(ctx);
+                BN_CTX_free(ctx);
+                }
+        return to_return;
+        }
+#endif
+#ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
+                const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+        {
+        return cswift_mod_exp(r, a, p, m, ctx);
+        }
+#endif
+/* Random bytes are good */
+static int cswift_rand_bytes(unsigned char *buf, int num)
+{
+        SW_CONTEXT_HANDLE hac;
+        SW_STATUS swrc;
+        SW_LARGENUMBER largenum;
+        int acquired = 0;
+        int to_return = 0; /* assume failure */
+        unsigned char buf32[1024];
+        if (!get_context(&hac))
+        {
+                CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_UNIT_FAILURE);
+                goto err;
+        }
+        acquired = 1;
+        /************************************************************************/
+        /* 04/02/2003                                                           */
+        /* Modified by Frederic Giudicelli (deny-all.com) to overcome the       */
+        /* limitation of cswift with values not a multiple of 32                */
+        /************************************************************************/
+        while(num >= sizeof(buf32))
+        {
+                largenum.value = buf;
+                largenum.nbytes = sizeof(buf32);
+                /* tell CryptoSwift how many bytes we want and where we want it.
+                 * Note: - CryptoSwift cannot do more than 4096 bytes at a time.
+                 *       - CryptoSwift can only do multiple of 32-bits. */
+                swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
+                if (swrc != SW_OK)
+                {
+                        char tmpbuf[20];
+                        CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_REQUEST_FAILED);
+                        sprintf(tmpbuf, "%ld", swrc);
+                        ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+                        goto err;
+                }
+                buf += sizeof(buf32);
+                num -= sizeof(buf32);
+        }
+        if(num)
+        {
+                largenum.nbytes = sizeof(buf32);
+                largenum.value = buf32;
+                swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
+                if (swrc != SW_OK)
+                {
+                        char tmpbuf[20];
+                        CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_REQUEST_FAILED);
+                        sprintf(tmpbuf, "%ld", swrc);
+                        ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+                        goto err;
+                }
+                memcpy(buf, largenum.value, num);
+        }
+        to_return = 1;  /* success */
+err:
+        if (acquired)
+                release_context(hac);
+        return to_return;
+}
+static int cswift_rand_status(void)
+{
+        return 1;
+}
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+        {
+        if(id && (strcmp(id, engine_cswift_id) != 0))
+                return 0;
+        if(!bind_helper(e))
+                return 0;
+        return 1;
+        }       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+#endif /* !OPENSSL_NO_HW_CSWIFT */
+#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_cswift_err.c b/src/lib/libcrypto/engine/hw_cswift_err.c
new file mode 100644
index 0000000000..684f53bf27
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_cswift_err.c
@@ -0,0 +1,149 @@
+/* hw_cswift_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_cswift_err.h"
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA CSWIFT_str_functs[]=
+        {
+{ERR_PACK(0,CSWIFT_F_CSWIFT_CTRL,0),    "CSWIFT_CTRL"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_DSA_SIGN,0),        "CSWIFT_DSA_SIGN"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_DSA_VERIFY,0),      "CSWIFT_DSA_VERIFY"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_FINISH,0),  "CSWIFT_FINISH"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_INIT,0),    "CSWIFT_INIT"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_MOD_EXP,0), "CSWIFT_MOD_EXP"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_MOD_EXP_CRT,0),     "CSWIFT_MOD_EXP_CRT"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_RSA_MOD_EXP,0),     "CSWIFT_RSA_MOD_EXP"},
+{0,NULL}
+        };
+static ERR_STRING_DATA CSWIFT_str_reasons[]=
+        {
+{CSWIFT_R_ALREADY_LOADED                 ,"already loaded"},
+{CSWIFT_R_BAD_KEY_SIZE                   ,"bad key size"},
+{CSWIFT_R_BN_CTX_FULL                    ,"bn ctx full"},
+{CSWIFT_R_BN_EXPAND_FAIL                 ,"bn expand fail"},
+{CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED   ,"ctrl command not implemented"},
+{CSWIFT_R_MISSING_KEY_COMPONENTS         ,"missing key components"},
+{CSWIFT_R_NOT_LOADED                     ,"not loaded"},
+{CSWIFT_R_REQUEST_FAILED                 ,"request failed"},
+{CSWIFT_R_UNIT_FAILURE                   ,"unit failure"},
+{0,NULL}
+        };
+#endif
+#ifdef CSWIFT_LIB_NAME
+static ERR_STRING_DATA CSWIFT_lib_name[]=
+        {
+{0      ,CSWIFT_LIB_NAME},
+{0,NULL}
+        };
+#endif
+static int CSWIFT_lib_error_code=0;
+static int CSWIFT_error_init=1;
+static void ERR_load_CSWIFT_strings(void)
+        {
+        if (CSWIFT_lib_error_code == 0)
+                CSWIFT_lib_error_code=ERR_get_next_error_library();
+        if (CSWIFT_error_init)
+                {
+                CSWIFT_error_init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(CSWIFT_lib_error_code,CSWIFT_str_functs);
+                ERR_load_strings(CSWIFT_lib_error_code,CSWIFT_str_reasons);
+#endif
+#ifdef CSWIFT_LIB_NAME
+                CSWIFT_lib_name->error = ERR_PACK(CSWIFT_lib_error_code,0,0);
+                ERR_load_strings(0,CSWIFT_lib_name);
+#endif
+                }
+        }
+static void ERR_unload_CSWIFT_strings(void)
+        {
+        if (CSWIFT_error_init == 0)
+                {
+#ifndef OPENSSL_NO_ERR
+                ERR_unload_strings(CSWIFT_lib_error_code,CSWIFT_str_functs);
+                ERR_unload_strings(CSWIFT_lib_error_code,CSWIFT_str_reasons);
+#endif
+#ifdef CSWIFT_LIB_NAME
+                ERR_unload_strings(0,CSWIFT_lib_name);
+#endif
+                CSWIFT_error_init=1;
+                }
+        }
+static void ERR_CSWIFT_error(int function, int reason, char *file, int line)
+        {
+        if (CSWIFT_lib_error_code == 0)
+                CSWIFT_lib_error_code=ERR_get_next_error_library();
+        ERR_PUT_error(CSWIFT_lib_error_code,function,reason,file,line);
+        }
diff --git a/src/lib/libcrypto/engine/hw_cswift_err.h b/src/lib/libcrypto/engine/hw_cswift_err.h
new file mode 100644
index 0000000000..7120c3216f
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_cswift_err.h
@@ -0,0 +1,93 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_CSWIFT_ERR_H
+#define HEADER_CSWIFT_ERR_H
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_CSWIFT_strings(void);
+static void ERR_unload_CSWIFT_strings(void);
+static void ERR_CSWIFT_error(int function, int reason, char *file, int line);
+#define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),__FILE__,__LINE__)
+/* Error codes for the CSWIFT functions. */
+/* Function codes. */
+#define CSWIFT_F_CSWIFT_CTRL                             100
+#define CSWIFT_F_CSWIFT_DSA_SIGN                         101
+#define CSWIFT_F_CSWIFT_DSA_VERIFY                       102
+#define CSWIFT_F_CSWIFT_FINISH                           103
+#define CSWIFT_F_CSWIFT_INIT                             104
+#define CSWIFT_F_CSWIFT_MOD_EXP                          105
+#define CSWIFT_F_CSWIFT_MOD_EXP_CRT                      106
+#define CSWIFT_F_CSWIFT_RSA_MOD_EXP                      107
+/* Reason codes. */
+#define CSWIFT_R_ALREADY_LOADED                          100
+#define CSWIFT_R_BAD_KEY_SIZE                            101
+#define CSWIFT_R_BN_CTX_FULL                             102
+#define CSWIFT_R_BN_EXPAND_FAIL                          103
+#define CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED            104
+#define CSWIFT_R_MISSING_KEY_COMPONENTS                  105
+#define CSWIFT_R_NOT_LOADED                              106
+#define CSWIFT_R_REQUEST_FAILED                          107
+#define CSWIFT_R_UNIT_FAILURE                            108
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/engine/hw_ncipher.c b/src/lib/libcrypto/engine/hw_ncipher.c
new file mode 100644
index 0000000000..0d1c6b8df0
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_ncipher.c
@@ -0,0 +1,1388 @@
+/* crypto/engine/hw_ncipher.c -*- mode: C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org), Geoff Thorpe
+ * (geoff@geoffthorpe.net) and Dr Stephen N Henson (shenson@bigfoot.com)
+ * for the OpenSSL project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/pem.h>
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+#include <openssl/ui.h>
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_NCIPHER
+/* Attribution notice: nCipher have said several times that it's OK for
+ * us to implement a general interface to their boxes, and recently declared
+ * their HWCryptoHook to be public, and therefore available for us to use.
+ * Thanks, nCipher.
+ *
+ * The hwcryptohook.h included here is from May 2000.
+ * [Richard Levitte]
+ */
+#ifdef FLAT_INC
+#include "hwcryptohook.h"
+#else
+#include "vendor_defns/hwcryptohook.h"
+#endif
+#define HWCRHK_LIB_NAME "hwcrhk engine"
+#include "hw_ncipher_err.c"
+static int hwcrhk_destroy(ENGINE *e);
+static int hwcrhk_init(ENGINE *e);
+static int hwcrhk_finish(ENGINE *e);
+static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); 
+/* Functions to handle mutexes if have dynamic locks */
+static int hwcrhk_mutex_init(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext*);
+static int hwcrhk_mutex_lock(HWCryptoHook_Mutex*);
+static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex*);
+static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex*);
+#if 1 /* This is a HACK which will disappear in 0.9.8 */
+/* Functions to handle mutexes if only have static locks */
+static int hwcrhk_static_mutex_init(HWCryptoHook_Mutex *m,
+                                    HWCryptoHook_CallerContext *c);
+static int hwcrhk_static_mutex_lock(HWCryptoHook_Mutex *m);
+static void hwcrhk_static_mutex_unlock(HWCryptoHook_Mutex *m);
+static void hwcrhk_static_mutex_destroy(HWCryptoHook_Mutex *m);
+#endif
+/* BIGNUM stuff */
+static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx);
+#ifndef OPENSSL_NO_RSA
+/* RSA stuff */
+static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa);
+#endif
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#ifndef OPENSSL_NO_DH
+/* DH stuff */
+/* This function is alised to mod_exp (with the DH and mont dropped). */
+static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
+        const BIGNUM *a, const BIGNUM *p,
+        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#endif
+/* RAND stuff */
+static int hwcrhk_rand_bytes(unsigned char *buf, int num);
+static int hwcrhk_rand_status(void);
+/* KM stuff */
+static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
+        UI_METHOD *ui_method, void *callback_data);
+static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
+        UI_METHOD *ui_method, void *callback_data);
+static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+        int ind,long argl, void *argp);
+/* Interaction stuff */
+static int hwcrhk_insert_card(const char *prompt_info,
+        const char *wrong_info,
+        HWCryptoHook_PassphraseContext *ppctx,
+        HWCryptoHook_CallerContext *cactx);
+static int hwcrhk_get_pass(const char *prompt_info,
+        int *len_io, char *buf,
+        HWCryptoHook_PassphraseContext *ppctx,
+        HWCryptoHook_CallerContext *cactx);
+static void hwcrhk_log_message(void *logstr, const char *message);
+/* The definitions for control commands specific to this engine */
+#define HWCRHK_CMD_SO_PATH              ENGINE_CMD_BASE
+#define HWCRHK_CMD_FORK_CHECK           (ENGINE_CMD_BASE + 1)
+#define HWCRHK_CMD_THREAD_LOCKING       (ENGINE_CMD_BASE + 2)
+#define HWCRHK_CMD_SET_USER_INTERFACE   (ENGINE_CMD_BASE + 3)
+#define HWCRHK_CMD_SET_CALLBACK_DATA    (ENGINE_CMD_BASE + 4)
+static const ENGINE_CMD_DEFN hwcrhk_cmd_defns[] = {
+        {HWCRHK_CMD_SO_PATH,
+                "SO_PATH",
+                "Specifies the path to the 'hwcrhk' shared library",
+                ENGINE_CMD_FLAG_STRING},
+        {HWCRHK_CMD_FORK_CHECK,
+                "FORK_CHECK",
+                "Turns fork() checking on or off (boolean)",
+                ENGINE_CMD_FLAG_NUMERIC},
+        {HWCRHK_CMD_THREAD_LOCKING,
+                "THREAD_LOCKING",
+                "Turns thread-safe locking on or off (boolean)",
+                ENGINE_CMD_FLAG_NUMERIC},
+        {HWCRHK_CMD_SET_USER_INTERFACE,
+                "SET_USER_INTERFACE",
+                "Set the global user interface (internal)",
+                ENGINE_CMD_FLAG_INTERNAL},
+        {HWCRHK_CMD_SET_CALLBACK_DATA,
+                "SET_CALLBACK_DATA",
+                "Set the global user interface extra data (internal)",
+                ENGINE_CMD_FLAG_INTERNAL},
+        {0, NULL, NULL, 0}
+        };
+#ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD hwcrhk_rsa =
+        {
+        "nCipher RSA method",
+        NULL,
+        NULL,
+        NULL,
+        NULL,
+        hwcrhk_rsa_mod_exp,
+        hwcrhk_mod_exp_mont,
+        NULL,
+        NULL,
+        0,
+        NULL,
+        NULL,
+        NULL
+        };
+#endif
+#ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD hwcrhk_dh =
+        {
+        "nCipher DH method",
+        NULL,
+        NULL,
+        hwcrhk_mod_exp_dh,
+        NULL,
+        NULL,
+        0,
+        NULL
+        };
+#endif
+static RAND_METHOD hwcrhk_rand =
+        {
+        /* "nCipher RAND method", */
+        NULL,
+        hwcrhk_rand_bytes,
+        NULL,
+        NULL,
+        hwcrhk_rand_bytes,
+        hwcrhk_rand_status,
+        };
+/* Constants used when creating the ENGINE */
+static const char *engine_hwcrhk_id = "chil";
+static const char *engine_hwcrhk_name = "nCipher hardware engine support";
+/* Internal stuff for HWCryptoHook */
+/* Some structures needed for proper use of thread locks */
+/* hwcryptohook.h has some typedefs that turn struct HWCryptoHook_MutexValue
+   into HWCryptoHook_Mutex */
+struct HWCryptoHook_MutexValue
+        {
+        int lockid;
+        };
+/* hwcryptohook.h has some typedefs that turn
+   struct HWCryptoHook_PassphraseContextValue
+   into HWCryptoHook_PassphraseContext */
+struct HWCryptoHook_PassphraseContextValue
+        {
+        UI_METHOD *ui_method;
+        void *callback_data;
+        };
+/* hwcryptohook.h has some typedefs that turn
+   struct HWCryptoHook_CallerContextValue
+   into HWCryptoHook_CallerContext */
+struct HWCryptoHook_CallerContextValue
+        {
+        pem_password_cb *password_callback; /* Deprecated!  Only present for
+                                               backward compatibility! */
+        UI_METHOD *ui_method;
+        void *callback_data;
+        };
+/* The MPI structure in HWCryptoHook is pretty compatible with OpenSSL
+   BIGNUM's, so lets define a couple of conversion macros */
+#define BN2MPI(mp, bn) \
+    {mp.size = bn->top * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
+#define MPI2BN(bn, mp) \
+    {mp.size = bn->dmax * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
+static BIO *logstream = NULL;
+static int disable_mutex_callbacks = 0;
+/* One might wonder why these are needed, since one can pass down at least
+   a UI_METHOD and a pointer to callback data to the key-loading functions.
+   The thing is that the ModExp and RSAImmed functions can load keys as well,
+   if the data they get is in a special, nCipher-defined format (hint: if you
+   look at the private exponent of the RSA data as a string, you'll see this
+   string: "nCipher KM tool key id", followed by some bytes, followed a key
+   identity string, followed by more bytes.  This happens when you use "embed"
+   keys instead of "hwcrhk" keys).  Unfortunately, those functions do not take
+   any passphrase or caller context, and our functions can't really take any
+   callback data either.  Still, the "insert_card" and "get_passphrase"
+   callbacks may be called down the line, and will need to know what user
+   interface callbacks to call, and having callback data from the application
+   may be a nice thing as well, so we need to keep track of that globally. */
+static HWCryptoHook_CallerContext password_context = { NULL, NULL, NULL };
+/* Stuff to pass to the HWCryptoHook library */
+static HWCryptoHook_InitInfo hwcrhk_globals = {
+        HWCryptoHook_InitFlags_SimpleForkCheck, /* Flags */
+        &logstream,             /* logstream */
+        sizeof(BN_ULONG),       /* limbsize */
+        0,                      /* mslimb first: false for BNs */
+        -1,                     /* msbyte first: use native */
+        0,                      /* Max mutexes, 0 = no small limit */
+        0,                      /* Max simultaneous, 0 = default */
+        /* The next few are mutex stuff: we write wrapper functions
+           around the OS mutex functions.  We initialise them to 0
+           here, and change that to actual function pointers in hwcrhk_init()
+           if dynamic locks are supported (that is, if the application
+           programmer has made sure of setting up callbacks bafore starting
+           this engine) *and* if disable_mutex_callbacks hasn't been set by
+           a call to ENGINE_ctrl(ENGINE_CTRL_CHIL_NO_LOCKING). */
+        sizeof(HWCryptoHook_Mutex),
+        0,
+        0,
+        0,
+        0,
+        /* The next few are condvar stuff: we write wrapper functions
+           round the OS functions.  Currently not implemented and not
+           and absolute necessity even in threaded programs, therefore
+           0'ed.  Will hopefully be implemented some day, since it
+           enhances the efficiency of HWCryptoHook.  */
+        0, /* sizeof(HWCryptoHook_CondVar), */
+        0, /* hwcrhk_cv_init, */
+        0, /* hwcrhk_cv_wait, */
+        0, /* hwcrhk_cv_signal, */
+        0, /* hwcrhk_cv_broadcast, */
+        0, /* hwcrhk_cv_destroy, */
+        hwcrhk_get_pass,        /* pass phrase */
+        hwcrhk_insert_card,     /* insert a card */
+        hwcrhk_log_message      /* Log message */
+};
+/* Now, to our own code */
+/* This internal function is used by ENGINE_ncipher() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_helper(ENGINE *e)
+        {
+#ifndef OPENSSL_NO_RSA
+        const RSA_METHOD *meth1;
+#endif
+#ifndef OPENSSL_NO_DH
+        const DH_METHOD *meth2;
+#endif
+        if(!ENGINE_set_id(e, engine_hwcrhk_id) ||
+                        !ENGINE_set_name(e, engine_hwcrhk_name) ||
+#ifndef OPENSSL_NO_RSA
+                        !ENGINE_set_RSA(e, &hwcrhk_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
+                        !ENGINE_set_DH(e, &hwcrhk_dh) ||
+#endif
+                        !ENGINE_set_RAND(e, &hwcrhk_rand) ||
+                        !ENGINE_set_destroy_function(e, hwcrhk_destroy) ||
+                        !ENGINE_set_init_function(e, hwcrhk_init) ||
+                        !ENGINE_set_finish_function(e, hwcrhk_finish) ||
+                        !ENGINE_set_ctrl_function(e, hwcrhk_ctrl) ||
+                        !ENGINE_set_load_privkey_function(e, hwcrhk_load_privkey) ||
+                        !ENGINE_set_load_pubkey_function(e, hwcrhk_load_pubkey) ||
+                        !ENGINE_set_cmd_defns(e, hwcrhk_cmd_defns))
+                return 0;
+#ifndef OPENSSL_NO_RSA
+        /* We know that the "PKCS1_SSLeay()" functions hook properly
+         * to the cswift-specific mod_exp and mod_exp_crt so we use
+         * those functions. NB: We don't use ENGINE_openssl() or
+         * anything "more generic" because something like the RSAref
+         * code may not hook properly, and if you own one of these
+         * cards then you have the right to do RSA operations on it
+         * anyway! */ 
+        meth1 = RSA_PKCS1_SSLeay();
+        hwcrhk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+        hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+        hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+        hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+#endif
+#ifndef OPENSSL_NO_DH
+        /* Much the same for Diffie-Hellman */
+        meth2 = DH_OpenSSL();
+        hwcrhk_dh.generate_key = meth2->generate_key;
+        hwcrhk_dh.compute_key = meth2->compute_key;
+#endif
+        /* Ensure the hwcrhk error handling is set up */
+        ERR_load_HWCRHK_strings();
+        return 1;
+        }
+#ifndef ENGINE_DYNAMIC_SUPPORT
+static ENGINE *engine_ncipher(void)
+        {
+        ENGINE *ret = ENGINE_new();
+        if(!ret)
+                return NULL;
+        if(!bind_helper(ret))
+                {
+                ENGINE_free(ret);
+                return NULL;
+                }
+        return ret;
+        }
+void ENGINE_load_chil(void)
+        {
+        /* Copied from eng_[openssl|dyn].c */
+        ENGINE *toadd = engine_ncipher();
+        if(!toadd) return;
+        ENGINE_add(toadd);
+        ENGINE_free(toadd);
+        ERR_clear_error();
+        }
+#endif
+/* This is a process-global DSO handle used for loading and unloading
+ * the HWCryptoHook library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *hwcrhk_dso = NULL;
+static HWCryptoHook_ContextHandle hwcrhk_context = 0;
+#ifndef OPENSSL_NO_RSA
+static int hndidx_rsa = -1;    /* Index for KM handle.  Not really used yet. */
+#endif
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+static HWCryptoHook_Init_t *p_hwcrhk_Init = NULL;
+static HWCryptoHook_Finish_t *p_hwcrhk_Finish = NULL;
+static HWCryptoHook_ModExp_t *p_hwcrhk_ModExp = NULL;
+#ifndef OPENSSL_NO_RSA
+static HWCryptoHook_RSA_t *p_hwcrhk_RSA = NULL;
+#endif
+static HWCryptoHook_RandomBytes_t *p_hwcrhk_RandomBytes = NULL;
+#ifndef OPENSSL_NO_RSA
+static HWCryptoHook_RSALoadKey_t *p_hwcrhk_RSALoadKey = NULL;
+static HWCryptoHook_RSAGetPublicKey_t *p_hwcrhk_RSAGetPublicKey = NULL;
+static HWCryptoHook_RSAUnloadKey_t *p_hwcrhk_RSAUnloadKey = NULL;
+#endif
+static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL;
+/* Used in the DSO operations. */
+static const char *HWCRHK_LIBNAME = NULL;
+static void free_HWCRHK_LIBNAME(void)
+        {
+        if(HWCRHK_LIBNAME)
+                OPENSSL_free((void*)HWCRHK_LIBNAME);
+        HWCRHK_LIBNAME = NULL;
+        }
+static const char *get_HWCRHK_LIBNAME(void)
+        {
+        if(HWCRHK_LIBNAME)
+                return HWCRHK_LIBNAME;
+        return "nfhwcrhk";
+        }
+static long set_HWCRHK_LIBNAME(const char *name)
+        {
+        free_HWCRHK_LIBNAME();
+        return (((HWCRHK_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+        }
+static const char *n_hwcrhk_Init = "HWCryptoHook_Init";
+static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish";
+static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp";
+#ifndef OPENSSL_NO_RSA
+static const char *n_hwcrhk_RSA = "HWCryptoHook_RSA";
+#endif
+static const char *n_hwcrhk_RandomBytes = "HWCryptoHook_RandomBytes";
+#ifndef OPENSSL_NO_RSA
+static const char *n_hwcrhk_RSALoadKey = "HWCryptoHook_RSALoadKey";
+static const char *n_hwcrhk_RSAGetPublicKey = "HWCryptoHook_RSAGetPublicKey";
+static const char *n_hwcrhk_RSAUnloadKey = "HWCryptoHook_RSAUnloadKey";
+#endif
+static const char *n_hwcrhk_ModExpCRT = "HWCryptoHook_ModExpCRT";
+/* HWCryptoHook library functions and mechanics - these are used by the
+ * higher-level functions further down. NB: As and where there's no
+ * error checking, take a look lower down where these functions are
+ * called, the checking and error handling is probably down there. */
+/* utility function to obtain a context */
+static int get_context(HWCryptoHook_ContextHandle *hac,
+        HWCryptoHook_CallerContext *cac)
+        {
+        char tempbuf[1024];
+        HWCryptoHook_ErrMsgBuf rmsg;
+        rmsg.buf = tempbuf;
+        rmsg.size = sizeof(tempbuf);
+        *hac = p_hwcrhk_Init(&hwcrhk_globals, sizeof(hwcrhk_globals), &rmsg,
+                cac);
+        if (!*hac)
+                return 0;
+        return 1;
+        }
+ 
+/* similarly to release one. */
+static void release_context(HWCryptoHook_ContextHandle hac)
+        {
+        p_hwcrhk_Finish(hac);
+        }
+/* Destructor (complements the "ENGINE_ncipher()" constructor) */
+static int hwcrhk_destroy(ENGINE *e)
+        {
+        free_HWCRHK_LIBNAME();
+        ERR_unload_HWCRHK_strings();
+        return 1;
+        }
+/* (de)initialisation functions. */
+static int hwcrhk_init(ENGINE *e)
+        {
+        HWCryptoHook_Init_t *p1;
+        HWCryptoHook_Finish_t *p2;
+        HWCryptoHook_ModExp_t *p3;
+#ifndef OPENSSL_NO_RSA
+        HWCryptoHook_RSA_t *p4;
+        HWCryptoHook_RSALoadKey_t *p5;
+        HWCryptoHook_RSAGetPublicKey_t *p6;
+        HWCryptoHook_RSAUnloadKey_t *p7;
+#endif
+        HWCryptoHook_RandomBytes_t *p8;
+        HWCryptoHook_ModExpCRT_t *p9;
+        if(hwcrhk_dso != NULL)
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_ALREADY_LOADED);
+                goto err;
+                }
+        /* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */
+        hwcrhk_dso = DSO_load(NULL, get_HWCRHK_LIBNAME(), NULL, 0);
+        if(hwcrhk_dso == NULL)
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE);
+                goto err;
+                }
+        if(!(p1 = (HWCryptoHook_Init_t *)
+                        DSO_bind_func(hwcrhk_dso, n_hwcrhk_Init)) ||
+                !(p2 = (HWCryptoHook_Finish_t *)
+                        DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) ||
+                !(p3 = (HWCryptoHook_ModExp_t *)
+                        DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) ||
+#ifndef OPENSSL_NO_RSA
+                !(p4 = (HWCryptoHook_RSA_t *)
+                        DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) ||
+                !(p5 = (HWCryptoHook_RSALoadKey_t *)
+                        DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSALoadKey)) ||
+                !(p6 = (HWCryptoHook_RSAGetPublicKey_t *)
+                        DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) ||
+                !(p7 = (HWCryptoHook_RSAUnloadKey_t *)
+                        DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) ||
+#endif
+                !(p8 = (HWCryptoHook_RandomBytes_t *)
+                        DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) ||
+                !(p9 = (HWCryptoHook_ModExpCRT_t *)
+                        DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT)))
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE);
+                goto err;
+                }
+        /* Copy the pointers */
+        p_hwcrhk_Init = p1;
+        p_hwcrhk_Finish = p2;
+        p_hwcrhk_ModExp = p3;
+#ifndef OPENSSL_NO_RSA
+        p_hwcrhk_RSA = p4;
+        p_hwcrhk_RSALoadKey = p5;
+        p_hwcrhk_RSAGetPublicKey = p6;
+        p_hwcrhk_RSAUnloadKey = p7;
+#endif
+        p_hwcrhk_RandomBytes = p8;
+        p_hwcrhk_ModExpCRT = p9;
+        /* Check if the application decided to support dynamic locks,
+           and if it does, use them. */
+        if (disable_mutex_callbacks == 0)
+                {
+                if (CRYPTO_get_dynlock_create_callback() != NULL &&
+                        CRYPTO_get_dynlock_lock_callback() != NULL &&
+                        CRYPTO_get_dynlock_destroy_callback() != NULL)
+                        {
+                        hwcrhk_globals.mutex_init = hwcrhk_mutex_init;
+                        hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock;
+                        hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
+                        hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
+                        }
+                else if (CRYPTO_get_locking_callback() != NULL)
+                        {
+                        HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DYNAMIC_LOCKING_MISSING);
+                        ERR_add_error_data(1,"You HAVE to add dynamic locking callbacks via CRYPTO_set_dynlock_{create,lock,destroy}_callback()");
+#if 1 /* This is a HACK which will disappear in 0.9.8 */
+                        hwcrhk_globals.maxmutexes    = 1; /* Only have one lock */
+                        hwcrhk_globals.mutex_init    = hwcrhk_static_mutex_init;
+                        hwcrhk_globals.mutex_acquire = hwcrhk_static_mutex_lock;
+                        hwcrhk_globals.mutex_release = hwcrhk_static_mutex_unlock;
+                        hwcrhk_globals.mutex_destroy = hwcrhk_static_mutex_destroy;
+#else
+                        goto err;
+#endif
+                        }
+                }
+        /* Try and get a context - if not, we may have a DSO but no
+         * accelerator! */
+        if(!get_context(&hwcrhk_context, &password_context))
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_UNIT_FAILURE);
+                goto err;
+                }
+        /* Everything's fine. */
+#ifndef OPENSSL_NO_RSA
+        if (hndidx_rsa == -1)
+                hndidx_rsa = RSA_get_ex_new_index(0,
+                        "nFast HWCryptoHook RSA key handle",
+                        NULL, NULL, hwcrhk_ex_free);
+#endif
+        return 1;
+err:
+        if(hwcrhk_dso)
+                DSO_free(hwcrhk_dso);
+        hwcrhk_dso = NULL;
+        p_hwcrhk_Init = NULL;
+        p_hwcrhk_Finish = NULL;
+        p_hwcrhk_ModExp = NULL;
+#ifndef OPENSSL_NO_RSA
+        p_hwcrhk_RSA = NULL;
+        p_hwcrhk_RSALoadKey = NULL;
+        p_hwcrhk_RSAGetPublicKey = NULL;
+        p_hwcrhk_RSAUnloadKey = NULL;
+#endif
+        p_hwcrhk_ModExpCRT = NULL;
+        p_hwcrhk_RandomBytes = NULL;
+        return 0;
+        }
+static int hwcrhk_finish(ENGINE *e)
+        {
+        int to_return = 1;
+        free_HWCRHK_LIBNAME();
+        if(hwcrhk_dso == NULL)
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_NOT_LOADED);
+                to_return = 0;
+                goto err;
+                }
+        release_context(hwcrhk_context);
+        if(!DSO_free(hwcrhk_dso))
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_DSO_FAILURE);
+                to_return = 0;
+                goto err;
+                }
+ err:
+        if (logstream)
+                BIO_free(logstream);
+        hwcrhk_dso = NULL;
+        p_hwcrhk_Init = NULL;
+        p_hwcrhk_Finish = NULL;
+        p_hwcrhk_ModExp = NULL;
+#ifndef OPENSSL_NO_RSA
+        p_hwcrhk_RSA = NULL;
+        p_hwcrhk_RSALoadKey = NULL;
+        p_hwcrhk_RSAGetPublicKey = NULL;
+        p_hwcrhk_RSAUnloadKey = NULL;
+#endif
+        p_hwcrhk_ModExpCRT = NULL;
+        p_hwcrhk_RandomBytes = NULL;
+        return to_return;
+        }
+static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+        {
+        int to_return = 1;
+        switch(cmd)
+                {
+        case HWCRHK_CMD_SO_PATH:
+                if(hwcrhk_dso)
+                        {
+                        HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_ALREADY_LOADED);
+                        return 0;
+                        }
+                if(p == NULL)
+                        {
+                        HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+                        return 0;
+                        }
+                return set_HWCRHK_LIBNAME((const char *)p);
+        case ENGINE_CTRL_SET_LOGSTREAM:
+                {
+                BIO *bio = (BIO *)p;
+                CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+                if (logstream)
+                        {
+                        BIO_free(logstream);
+                        logstream = NULL;
+                        }
+                if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)
+                        logstream = bio;
+                else
+                        HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_BIO_WAS_FREED);
+                }
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                break;
+        case ENGINE_CTRL_SET_PASSWORD_CALLBACK:
+                CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+                password_context.password_callback = (pem_password_cb *)f;
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                break;
+        case ENGINE_CTRL_SET_USER_INTERFACE:
+        case HWCRHK_CMD_SET_USER_INTERFACE:
+                CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+                password_context.ui_method = (UI_METHOD *)p;
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                break;
+        case ENGINE_CTRL_SET_CALLBACK_DATA:
+        case HWCRHK_CMD_SET_CALLBACK_DATA:
+                CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+                password_context.callback_data = p;
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                break;
+        /* this enables or disables the "SimpleForkCheck" flag used in the
+         * initialisation structure. */
+        case ENGINE_CTRL_CHIL_SET_FORKCHECK:
+        case HWCRHK_CMD_FORK_CHECK:
+                CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+                if(i)
+                        hwcrhk_globals.flags |=
+                                HWCryptoHook_InitFlags_SimpleForkCheck;
+                else
+                        hwcrhk_globals.flags &=
+                                ~HWCryptoHook_InitFlags_SimpleForkCheck;
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                break;
+        /* This will prevent the initialisation function from "installing"
+         * the mutex-handling callbacks, even if they are available from
+         * within the library (or were provided to the library from the
+         * calling application). This is to remove any baggage for
+         * applications not using multithreading. */
+        case ENGINE_CTRL_CHIL_NO_LOCKING:
+                CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+                disable_mutex_callbacks = 1;
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                break;
+        case HWCRHK_CMD_THREAD_LOCKING:
+                CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+                disable_mutex_callbacks = ((i == 0) ? 0 : 1);
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                break;
+        /* The command isn't understood by this engine */
+        default:
+                HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,
+                        HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+                to_return = 0;
+                break;
+                }
+        return to_return;
+        }
+static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
+        UI_METHOD *ui_method, void *callback_data)
+        {
+#ifndef OPENSSL_NO_RSA
+        RSA *rtmp = NULL;
+#endif
+        EVP_PKEY *res = NULL;
+#ifndef OPENSSL_NO_RSA
+        HWCryptoHook_MPI e, n;
+        HWCryptoHook_RSAKeyHandle *hptr;
+#endif
+#if !defined(OPENSSL_NO_RSA)
+        char tempbuf[1024];
+        HWCryptoHook_ErrMsgBuf rmsg;
+#endif
+        HWCryptoHook_PassphraseContext ppctx;
+#if !defined(OPENSSL_NO_RSA)
+        rmsg.buf = tempbuf;
+        rmsg.size = sizeof(tempbuf);
+#endif
+        if(!hwcrhk_context)
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
+                        HWCRHK_R_NOT_INITIALISED);
+                goto err;
+                }
+#ifndef OPENSSL_NO_RSA
+        hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle));
+        if (!hptr)
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
+                        ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        ppctx.ui_method = ui_method;
+        ppctx.callback_data = callback_data;
+        if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr,
+                &rmsg, &ppctx))
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
+                        HWCRHK_R_CHIL_ERROR);
+                ERR_add_error_data(1,rmsg.buf);
+                goto err;
+                }
+        if (!*hptr)
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
+                        HWCRHK_R_NO_KEY);
+                goto err;
+                }
+#endif
+#ifndef OPENSSL_NO_RSA
+        rtmp = RSA_new_method(eng);
+        RSA_set_ex_data(rtmp, hndidx_rsa, (char *)hptr);
+        rtmp->e = BN_new();
+        rtmp->n = BN_new();
+        rtmp->flags |= RSA_FLAG_EXT_PKEY;
+        MPI2BN(rtmp->e, e);
+        MPI2BN(rtmp->n, n);
+        if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)
+                != HWCRYPTOHOOK_ERROR_MPISIZE)
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,HWCRHK_R_CHIL_ERROR);
+                ERR_add_error_data(1,rmsg.buf);
+                goto err;
+                }
+        bn_expand2(rtmp->e, e.size/sizeof(BN_ULONG));
+        bn_expand2(rtmp->n, n.size/sizeof(BN_ULONG));
+        MPI2BN(rtmp->e, e);
+        MPI2BN(rtmp->n, n);
+        if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg))
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
+                        HWCRHK_R_CHIL_ERROR);
+                ERR_add_error_data(1,rmsg.buf);
+                goto err;
+                }
+        rtmp->e->top = e.size / sizeof(BN_ULONG);
+        bn_fix_top(rtmp->e);
+        rtmp->n->top = n.size / sizeof(BN_ULONG);
+        bn_fix_top(rtmp->n);
+        res = EVP_PKEY_new();
+        EVP_PKEY_assign_RSA(res, rtmp);
+#endif
+        if (!res)
+                HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
+                        HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED);
+        return res;
+ err:
+        if (res)
+                EVP_PKEY_free(res);
+#ifndef OPENSSL_NO_RSA
+        if (rtmp)
+                RSA_free(rtmp);
+#endif
+        return NULL;
+        }
+static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
+        UI_METHOD *ui_method, void *callback_data)
+        {
+        EVP_PKEY *res = NULL;
+#ifndef OPENSSL_NO_RSA
+        res = hwcrhk_load_privkey(eng, key_id,
+                ui_method, callback_data);
+#endif
+        if (res)
+                switch(res->type)
+                        {
+#ifndef OPENSSL_NO_RSA
+                case EVP_PKEY_RSA:
+                        {
+                        RSA *rsa = NULL;
+                        CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
+                        rsa = res->pkey.rsa;
+                        res->pkey.rsa = RSA_new();
+                        res->pkey.rsa->n = rsa->n;
+                        res->pkey.rsa->e = rsa->e;
+                        rsa->n = NULL;
+                        rsa->e = NULL;
+                        CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
+                        RSA_free(rsa);
+                        }
+                        break;
+#endif
+                default:
+                        HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
+                                HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+                        goto err;
+                        }
+        return res;
+ err:
+        if (res)
+                EVP_PKEY_free(res);
+        return NULL;
+        }
+/* A little mod_exp */
+static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                        const BIGNUM *m, BN_CTX *ctx)
+        {
+        char tempbuf[1024];
+        HWCryptoHook_ErrMsgBuf rmsg;
+        /* Since HWCryptoHook_MPI is pretty compatible with BIGNUM's,
+           we use them directly, plus a little macro magic.  We only
+           thing we need to make sure of is that enough space is allocated. */
+        HWCryptoHook_MPI m_a, m_p, m_n, m_r;
+        int to_return, ret;
+ 
+        to_return = 0; /* expect failure */
+        rmsg.buf = tempbuf;
+        rmsg.size = sizeof(tempbuf);
+        if(!hwcrhk_context)
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_NOT_INITIALISED);
+                goto err;
+                }
+        /* Prepare the params */
+        bn_expand2(r, m->top);  /* Check for error !! */
+        BN2MPI(m_a, a);
+        BN2MPI(m_p, p);
+        BN2MPI(m_n, m);
+        MPI2BN(r, m_r);
+        /* Perform the operation */
+        ret = p_hwcrhk_ModExp(hwcrhk_context, m_a, m_p, m_n, &m_r, &rmsg);
+        /* Convert the response */
+        r->top = m_r.size / sizeof(BN_ULONG);
+        bn_fix_top(r);
+        if (ret < 0)
+                {
+                /* FIXME: When this error is returned, HWCryptoHook is
+                   telling us that falling back to software computation
+                   might be a good thing. */
+                if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
+                        {
+                        HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FALLBACK);
+                        }
+                else
+                        {
+                        HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FAILED);
+                        }
+                ERR_add_error_data(1,rmsg.buf);
+                goto err;
+                }
+        to_return = 1;
+err:
+        return to_return;
+        }
+#ifndef OPENSSL_NO_RSA 
+static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa)
+        {
+        char tempbuf[1024];
+        HWCryptoHook_ErrMsgBuf rmsg;
+        HWCryptoHook_RSAKeyHandle *hptr;
+        int to_return = 0, ret;
+        rmsg.buf = tempbuf;
+        rmsg.size = sizeof(tempbuf);
+        if(!hwcrhk_context)
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_NOT_INITIALISED);
+                goto err;
+                }
+        /* This provides support for nForce keys.  Since that's opaque data
+           all we do is provide a handle to the proper key and let HWCryptoHook
+           take care of the rest. */
+        if ((hptr = (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx_rsa))
+                != NULL)
+                {
+                HWCryptoHook_MPI m_a, m_r;
+                if(!rsa->n)
+                        {
+                        HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+                                HWCRHK_R_MISSING_KEY_COMPONENTS);
+                        goto err;
+                        }
+                /* Prepare the params */
+                bn_expand2(r, rsa->n->top); /* Check for error !! */
+                BN2MPI(m_a, I);
+                MPI2BN(r, m_r);
+                /* Perform the operation */
+                ret = p_hwcrhk_RSA(m_a, *hptr, &m_r, &rmsg);
+                /* Convert the response */
+                r->top = m_r.size / sizeof(BN_ULONG);
+                bn_fix_top(r);
+                if (ret < 0)
+                        {
+                        /* FIXME: When this error is returned, HWCryptoHook is
+                           telling us that falling back to software computation
+                           might be a good thing. */
+                        if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
+                                {
+                                HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+                                        HWCRHK_R_REQUEST_FALLBACK);
+                                }
+                        else
+                                {
+                                HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+                                        HWCRHK_R_REQUEST_FAILED);
+                                }
+                        ERR_add_error_data(1,rmsg.buf);
+                        goto err;
+                        }
+                }
+        else
+                {
+                HWCryptoHook_MPI m_a, m_p, m_q, m_dmp1, m_dmq1, m_iqmp, m_r;
+                if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
+                        {
+                        HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+                                HWCRHK_R_MISSING_KEY_COMPONENTS);
+                        goto err;
+                        }
+                /* Prepare the params */
+                bn_expand2(r, rsa->n->top); /* Check for error !! */
+                BN2MPI(m_a, I);
+                BN2MPI(m_p, rsa->p);
+                BN2MPI(m_q, rsa->q);
+                BN2MPI(m_dmp1, rsa->dmp1);
+                BN2MPI(m_dmq1, rsa->dmq1);
+                BN2MPI(m_iqmp, rsa->iqmp);
+                MPI2BN(r, m_r);
+                /* Perform the operation */
+                ret = p_hwcrhk_ModExpCRT(hwcrhk_context, m_a, m_p, m_q,
+                        m_dmp1, m_dmq1, m_iqmp, &m_r, &rmsg);
+                /* Convert the response */
+                r->top = m_r.size / sizeof(BN_ULONG);
+                bn_fix_top(r);
+                if (ret < 0)
+                        {
+                        /* FIXME: When this error is returned, HWCryptoHook is
+                           telling us that falling back to software computation
+                           might be a good thing. */
+                        if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
+                                {
+                                HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+                                        HWCRHK_R_REQUEST_FALLBACK);
+                                }
+                        else
+                                {
+                                HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+                                        HWCRHK_R_REQUEST_FAILED);
+                                }
+                        ERR_add_error_data(1,rmsg.buf);
+                        goto err;
+                        }
+                }
+        /* If we're here, we must be here with some semblance of success :-) */
+        to_return = 1;
+err:
+        return to_return;
+        }
+#endif
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+        {
+        return hwcrhk_mod_exp(r, a, p, m, ctx);
+        }
+#ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
+                const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+        {
+        return hwcrhk_mod_exp(r, a, p, m, ctx);
+        }
+#endif
+/* Random bytes are good */
+static int hwcrhk_rand_bytes(unsigned char *buf, int num)
+        {
+        char tempbuf[1024];
+        HWCryptoHook_ErrMsgBuf rmsg;
+        int to_return = 0; /* assume failure */
+        int ret;
+        rmsg.buf = tempbuf;
+        rmsg.size = sizeof(tempbuf);
+        if(!hwcrhk_context)
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,HWCRHK_R_NOT_INITIALISED);
+                goto err;
+                }
+        ret = p_hwcrhk_RandomBytes(hwcrhk_context, buf, num, &rmsg);
+        if (ret < 0)
+                {
+                /* FIXME: When this error is returned, HWCryptoHook is
+                   telling us that falling back to software computation
+                   might be a good thing. */
+                if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
+                        {
+                        HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,
+                                HWCRHK_R_REQUEST_FALLBACK);
+                        }
+                else
+                        {
+                        HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,
+                                HWCRHK_R_REQUEST_FAILED);
+                        }
+                ERR_add_error_data(1,rmsg.buf);
+                goto err;
+                }
+        to_return = 1;
+ err:
+        return to_return;
+        }
+static int hwcrhk_rand_status(void)
+        {
+        return 1;
+        }
+/* This cleans up an RSA KM key, called when ex_data is freed */
+static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+        int ind,long argl, void *argp)
+{
+        char tempbuf[1024];
+        HWCryptoHook_ErrMsgBuf rmsg;
+#ifndef OPENSSL_NO_RSA
+        HWCryptoHook_RSAKeyHandle *hptr;
+#endif
+#if !defined(OPENSSL_NO_RSA)
+        int ret;
+#endif
+        rmsg.buf = tempbuf;
+        rmsg.size = sizeof(tempbuf);
+#ifndef OPENSSL_NO_RSA
+        hptr = (HWCryptoHook_RSAKeyHandle *) item;
+        if(hptr)
+                {
+                ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL);
+                OPENSSL_free(hptr);
+                }
+#endif
+}
+/* Mutex calls: since the HWCryptoHook model closely follows the POSIX model
+ * these just wrap the POSIX functions and add some logging.
+ */
+static int hwcrhk_mutex_init(HWCryptoHook_Mutex* mt,
+        HWCryptoHook_CallerContext *cactx)
+        {
+        mt->lockid = CRYPTO_get_new_dynlockid();
+        if (mt->lockid == 0)
+                return 1; /* failure */
+        return 0; /* success */
+        }
+static int hwcrhk_mutex_lock(HWCryptoHook_Mutex *mt)
+        {
+        CRYPTO_w_lock(mt->lockid);
+        return 0;
+        }
+static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex * mt)
+        {
+        CRYPTO_w_unlock(mt->lockid);
+        }
+static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex *mt)
+        {
+        CRYPTO_destroy_dynlockid(mt->lockid);
+        }
+/* Mutex upcalls to use if the application does not support dynamic locks */
+static int hwcrhk_static_mutex_init(HWCryptoHook_Mutex *m,
+        HWCryptoHook_CallerContext *c)
+        {
+        return 0;
+        }
+static int hwcrhk_static_mutex_lock(HWCryptoHook_Mutex *m)
+        {
+        CRYPTO_w_lock(CRYPTO_LOCK_HWCRHK);
+        return 0;
+        }
+static void hwcrhk_static_mutex_unlock(HWCryptoHook_Mutex *m)
+        {
+        CRYPTO_w_unlock(CRYPTO_LOCK_HWCRHK);
+        }
+static void hwcrhk_static_mutex_destroy(HWCryptoHook_Mutex *m)
+        {
+        }
+static int hwcrhk_get_pass(const char *prompt_info,
+        int *len_io, char *buf,
+        HWCryptoHook_PassphraseContext *ppctx,
+        HWCryptoHook_CallerContext *cactx)
+        {
+        pem_password_cb *callback = NULL;
+        void *callback_data = NULL;
+        UI_METHOD *ui_method = NULL;
+        if (cactx)
+                {
+                if (cactx->ui_method)
+                        ui_method = cactx->ui_method;
+                if (cactx->password_callback)
+                        callback = cactx->password_callback;
+                if (cactx->callback_data)
+                        callback_data = cactx->callback_data;
+                }
+        if (ppctx)
+                {
+                if (ppctx->ui_method)
+                        {
+                        ui_method = ppctx->ui_method;
+                        callback = NULL;
+                        }
+                if (ppctx->callback_data)
+                        callback_data = ppctx->callback_data;
+                }
+        if (callback == NULL && ui_method == NULL)
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_GET_PASS,HWCRHK_R_NO_CALLBACK);
+                return -1;
+                }
+        if (ui_method)
+                {
+                UI *ui = UI_new_method(ui_method);
+                if (ui)
+                        {
+                        int ok;
+                        char *prompt = UI_construct_prompt(ui,
+                                "pass phrase", prompt_info);
+                        ok = UI_add_input_string(ui,prompt,
+                                UI_INPUT_FLAG_DEFAULT_PWD,
+                                buf,0,(*len_io) - 1);
+                        UI_add_user_data(ui, callback_data);
+                        UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
+                        if (ok >= 0)
+                                do
+                                        {
+                                        ok=UI_process(ui);
+                                        }
+                                while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
+                        if (ok >= 0)
+                                *len_io = strlen(buf);
+                        UI_free(ui);
+                        OPENSSL_free(prompt);
+                        }
+                }
+        else
+                {
+                *len_io = callback(buf, *len_io, 0, callback_data);
+                }
+        if(!*len_io)
+                return -1;
+        return 0;
+        }
+static int hwcrhk_insert_card(const char *prompt_info,
+                      const char *wrong_info,
+                      HWCryptoHook_PassphraseContext *ppctx,
+                      HWCryptoHook_CallerContext *cactx)
+        {
+        int ok = -1;
+        UI *ui;
+        void *callback_data = NULL;
+        UI_METHOD *ui_method = NULL;
+        if (cactx)
+                {
+                if (cactx->ui_method)
+                        ui_method = cactx->ui_method;
+                if (cactx->callback_data)
+                        callback_data = cactx->callback_data;
+                }
+        if (ppctx)
+                {
+                if (ppctx->ui_method)
+                        ui_method = ppctx->ui_method;
+                if (ppctx->callback_data)
+                        callback_data = ppctx->callback_data;
+                }
+        if (ui_method == NULL)
+                {
+                HWCRHKerr(HWCRHK_F_HWCRHK_INSERT_CARD,
+                        HWCRHK_R_NO_CALLBACK);
+                return -1;
+                }
+        ui = UI_new_method(ui_method);
+        if (ui)
+                {
+                char answer;
+                char buf[BUFSIZ];
+                if (wrong_info)
+                        BIO_snprintf(buf, sizeof(buf)-1,
+                                "Current card: \"%s\"\n", wrong_info);
+                ok = UI_dup_info_string(ui, buf);
+                if (ok >= 0 && prompt_info)
+                        {
+                        BIO_snprintf(buf, sizeof(buf)-1,
+                                "Insert card \"%s\"", prompt_info);
+                        ok = UI_dup_input_boolean(ui, buf,
+                                "\n then hit <enter> or C<enter> to cancel\n",
+                                "\r\n", "Cc", UI_INPUT_FLAG_ECHO, &answer);
+                        }
+                UI_add_user_data(ui, callback_data);
+                if (ok >= 0)
+                        ok = UI_process(ui);
+                UI_free(ui);
+                if (ok == -2 || (ok >= 0 && answer == 'C'))
+                        ok = 1;
+                else if (ok < 0)
+                        ok = -1;
+                else
+                        ok = 0;
+                }
+        return ok;
+        }
+static void hwcrhk_log_message(void *logstr, const char *message)
+        {
+        BIO *lstream = NULL;
+        CRYPTO_w_lock(CRYPTO_LOCK_BIO);
+        if (logstr)
+                lstream=*(BIO **)logstr;
+        if (lstream)
+                {
+                BIO_printf(lstream, "%s\n", message);
+                }
+        CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
+        }
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */      
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+        {
+        if(id && (strcmp(id, engine_hwcrhk_id) != 0))
+                return 0;
+        if(!bind_helper(e))
+                return 0;
+        return 1;
+        }       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+#endif /* !OPENSSL_NO_HW_NCIPHER */
+#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_ncipher_err.c b/src/lib/libcrypto/engine/hw_ncipher_err.c
new file mode 100644
index 0000000000..5bc94581b7
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_ncipher_err.c
@@ -0,0 +1,157 @@
+/* hw_ncipher_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_ncipher_err.h"
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA HWCRHK_str_functs[]=
+        {
+{ERR_PACK(0,HWCRHK_F_HWCRHK_CTRL,0),    "HWCRHK_CTRL"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_FINISH,0),  "HWCRHK_FINISH"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_GET_PASS,0),        "HWCRHK_GET_PASS"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_INIT,0),    "HWCRHK_INIT"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_INSERT_CARD,0),     "HWCRHK_INSERT_CARD"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_LOAD_PRIVKEY,0),    "HWCRHK_LOAD_PRIVKEY"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_LOAD_PUBKEY,0),     "HWCRHK_LOAD_PUBKEY"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_MOD_EXP,0), "HWCRHK_MOD_EXP"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_RAND_BYTES,0),      "HWCRHK_RAND_BYTES"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_RSA_MOD_EXP,0),     "HWCRHK_RSA_MOD_EXP"},
+{0,NULL}
+        };
+static ERR_STRING_DATA HWCRHK_str_reasons[]=
+        {
+{HWCRHK_R_ALREADY_LOADED                 ,"already loaded"},
+{HWCRHK_R_BIO_WAS_FREED                  ,"bio was freed"},
+{HWCRHK_R_CHIL_ERROR                     ,"chil error"},
+{HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED   ,"ctrl command not implemented"},
+{HWCRHK_R_DSO_FAILURE                    ,"dso failure"},
+{HWCRHK_R_DYNAMIC_LOCKING_MISSING        ,"dynamic locking missing"},
+{HWCRHK_R_MISSING_KEY_COMPONENTS         ,"missing key components"},
+{HWCRHK_R_NOT_INITIALISED                ,"not initialised"},
+{HWCRHK_R_NOT_LOADED                     ,"not loaded"},
+{HWCRHK_R_NO_CALLBACK                    ,"no callback"},
+{HWCRHK_R_NO_KEY                         ,"no key"},
+{HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED,"private key algorithms disabled"},
+{HWCRHK_R_REQUEST_FAILED                 ,"request failed"},
+{HWCRHK_R_REQUEST_FALLBACK               ,"request fallback"},
+{HWCRHK_R_UNIT_FAILURE                   ,"unit failure"},
+{0,NULL}
+        };
+#endif
+#ifdef HWCRHK_LIB_NAME
+static ERR_STRING_DATA HWCRHK_lib_name[]=
+        {
+{0      ,HWCRHK_LIB_NAME},
+{0,NULL}
+        };
+#endif
+static int HWCRHK_lib_error_code=0;
+static int HWCRHK_error_init=1;
+static void ERR_load_HWCRHK_strings(void)
+        {
+        if (HWCRHK_lib_error_code == 0)
+                HWCRHK_lib_error_code=ERR_get_next_error_library();
+        if (HWCRHK_error_init)
+                {
+                HWCRHK_error_init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(HWCRHK_lib_error_code,HWCRHK_str_functs);
+                ERR_load_strings(HWCRHK_lib_error_code,HWCRHK_str_reasons);
+#endif
+#ifdef HWCRHK_LIB_NAME
+                HWCRHK_lib_name->error = ERR_PACK(HWCRHK_lib_error_code,0,0);
+                ERR_load_strings(0,HWCRHK_lib_name);
+#endif
+                }
+        }
+static void ERR_unload_HWCRHK_strings(void)
+        {
+        if (HWCRHK_error_init == 0)
+                {
+#ifndef OPENSSL_NO_ERR
+                ERR_unload_strings(HWCRHK_lib_error_code,HWCRHK_str_functs);
+                ERR_unload_strings(HWCRHK_lib_error_code,HWCRHK_str_reasons);
+#endif
+#ifdef HWCRHK_LIB_NAME
+                ERR_unload_strings(0,HWCRHK_lib_name);
+#endif
+                HWCRHK_error_init=1;
+                }
+        }
+static void ERR_HWCRHK_error(int function, int reason, char *file, int line)
+        {
+        if (HWCRHK_lib_error_code == 0)
+                HWCRHK_lib_error_code=ERR_get_next_error_library();
+        ERR_PUT_error(HWCRHK_lib_error_code,function,reason,file,line);
+        }
diff --git a/src/lib/libcrypto/engine/hw_ncipher_err.h b/src/lib/libcrypto/engine/hw_ncipher_err.h
new file mode 100644
index 0000000000..d232d02319
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_ncipher_err.h
@@ -0,0 +1,101 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_HWCRHK_ERR_H
+#define HEADER_HWCRHK_ERR_H
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_HWCRHK_strings(void);
+static void ERR_unload_HWCRHK_strings(void);
+static void ERR_HWCRHK_error(int function, int reason, char *file, int line);
+#define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),__FILE__,__LINE__)
+/* Error codes for the HWCRHK functions. */
+/* Function codes. */
+#define HWCRHK_F_HWCRHK_CTRL                             100
+#define HWCRHK_F_HWCRHK_FINISH                           101
+#define HWCRHK_F_HWCRHK_GET_PASS                         102
+#define HWCRHK_F_HWCRHK_INIT                             103
+#define HWCRHK_F_HWCRHK_INSERT_CARD                      104
+#define HWCRHK_F_HWCRHK_LOAD_PRIVKEY                     105
+#define HWCRHK_F_HWCRHK_LOAD_PUBKEY                      106
+#define HWCRHK_F_HWCRHK_MOD_EXP                          107
+#define HWCRHK_F_HWCRHK_RAND_BYTES                       108
+#define HWCRHK_F_HWCRHK_RSA_MOD_EXP                      109
+/* Reason codes. */
+#define HWCRHK_R_ALREADY_LOADED                          100
+#define HWCRHK_R_BIO_WAS_FREED                           101
+#define HWCRHK_R_CHIL_ERROR                              102
+#define HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED            103
+#define HWCRHK_R_DSO_FAILURE                             104
+#define HWCRHK_R_DYNAMIC_LOCKING_MISSING                 114
+#define HWCRHK_R_MISSING_KEY_COMPONENTS                  105
+#define HWCRHK_R_NOT_INITIALISED                         106
+#define HWCRHK_R_NOT_LOADED                              107
+#define HWCRHK_R_NO_CALLBACK                             108
+#define HWCRHK_R_NO_KEY                                  109
+#define HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED         110
+#define HWCRHK_R_REQUEST_FAILED                          111
+#define HWCRHK_R_REQUEST_FALLBACK                        112
+#define HWCRHK_R_UNIT_FAILURE                            113
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/engine/hw_nuron.c b/src/lib/libcrypto/engine/hw_nuron.c
new file mode 100644
index 0000000000..fb9188bfe5
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_nuron.c
@@ -0,0 +1,418 @@
+/* crypto/engine/hw_nuron.c */
+/* Written by Ben Laurie for the OpenSSL Project, leaning heavily on Geoff
+ * Thorpe's Atalla implementation.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_NURON
+#define NURON_LIB_NAME "nuron engine"
+#include "hw_nuron_err.c"
+static const char *NURON_LIBNAME = NULL;
+static const char *get_NURON_LIBNAME(void)
+        {
+        if(NURON_LIBNAME)
+                return NURON_LIBNAME;
+        return "nuronssl";
+        }
+static void free_NURON_LIBNAME(void)
+        {
+        if(NURON_LIBNAME)
+                OPENSSL_free((void*)NURON_LIBNAME);
+        NURON_LIBNAME = NULL;
+        }
+static long set_NURON_LIBNAME(const char *name)
+        {
+        free_NURON_LIBNAME();
+        return (((NURON_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+        }
+static const char *NURON_F1 = "nuron_mod_exp";
+/* The definitions for control commands specific to this engine */
+#define NURON_CMD_SO_PATH               ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN nuron_cmd_defns[] = {
+        {NURON_CMD_SO_PATH,
+                "SO_PATH",
+                "Specifies the path to the 'nuronssl' shared library",
+                ENGINE_CMD_FLAG_STRING},
+        {0, NULL, NULL, 0}
+        };
+typedef int tfnModExp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,const BIGNUM *m);
+static tfnModExp *pfnModExp = NULL;
+static DSO *pvDSOHandle = NULL;
+static int nuron_destroy(ENGINE *e)
+        {
+        free_NURON_LIBNAME();
+        ERR_unload_NURON_strings();
+        return 1;
+        }
+static int nuron_init(ENGINE *e)
+        {
+        if(pvDSOHandle != NULL)
+                {
+                NURONerr(NURON_F_NURON_INIT,NURON_R_ALREADY_LOADED);
+                return 0;
+                }
+        pvDSOHandle = DSO_load(NULL, get_NURON_LIBNAME(), NULL,
+                DSO_FLAG_NAME_TRANSLATION_EXT_ONLY);
+        if(!pvDSOHandle)
+                {
+                NURONerr(NURON_F_NURON_INIT,NURON_R_DSO_NOT_FOUND);
+                return 0;
+                }
+        pfnModExp = (tfnModExp *)DSO_bind_func(pvDSOHandle, NURON_F1);
+        if(!pfnModExp)
+                {
+                NURONerr(NURON_F_NURON_INIT,NURON_R_DSO_FUNCTION_NOT_FOUND);
+                return 0;
+                }
+        return 1;
+        }
+static int nuron_finish(ENGINE *e)
+        {
+        free_NURON_LIBNAME();
+        if(pvDSOHandle == NULL)
+                {
+                NURONerr(NURON_F_NURON_FINISH,NURON_R_NOT_LOADED);
+                return 0;
+                }
+        if(!DSO_free(pvDSOHandle))
+                {
+                NURONerr(NURON_F_NURON_FINISH,NURON_R_DSO_FAILURE);
+                return 0;
+                }
+        pvDSOHandle=NULL;
+        pfnModExp=NULL;
+        return 1;
+        }
+static int nuron_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+        {
+        int initialised = ((pvDSOHandle == NULL) ? 0 : 1);
+        switch(cmd)
+                {
+        case NURON_CMD_SO_PATH:
+                if(p == NULL)
+                        {
+                        NURONerr(NURON_F_NURON_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+                        return 0;
+                        }
+                if(initialised)
+                        {
+                        NURONerr(NURON_F_NURON_CTRL,NURON_R_ALREADY_LOADED);
+                        return 0;
+                        }
+                return set_NURON_LIBNAME((const char *)p);
+        default:
+                break;
+                }
+        NURONerr(NURON_F_NURON_CTRL,NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+        return 0;
+}
+static int nuron_mod_exp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,
+                         const BIGNUM *m,BN_CTX *ctx)
+        {
+        if(!pvDSOHandle)
+                {
+                NURONerr(NURON_F_NURON_MOD_EXP,NURON_R_NOT_LOADED);
+                return 0;
+                }
+        return pfnModExp(r,a,p,m);
+        }
+#ifndef OPENSSL_NO_RSA
+static int nuron_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+        {
+        return nuron_mod_exp(r0,I,rsa->d,rsa->n,NULL);
+        }
+#endif
+#ifndef OPENSSL_NO_DSA
+/* This code was liberated and adapted from the commented-out code in
+ * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
+ * (it doesn't have a CRT form for RSA), this function means that an
+ * Atalla system running with a DSA server certificate can handshake
+ * around 5 or 6 times faster/more than an equivalent system running with
+ * RSA. Just check out the "signs" statistics from the RSA and DSA parts
+ * of "openssl speed -engine atalla dsa1024 rsa1024". */
+static int nuron_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+                             BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+                             BN_CTX *ctx, BN_MONT_CTX *in_mont)
+        {
+        BIGNUM t;
+        int to_return = 0;
+ 
+        BN_init(&t);
+        /* let rr = a1 ^ p1 mod m */
+        if (!nuron_mod_exp(rr,a1,p1,m,ctx))
+                goto end;
+        /* let t = a2 ^ p2 mod m */
+        if (!nuron_mod_exp(&t,a2,p2,m,ctx))
+                goto end;
+        /* let rr = rr * t mod m */
+        if (!BN_mod_mul(rr,rr,&t,m,ctx))
+                goto end;
+        to_return = 1;
+end:
+        BN_free(&t);
+        return to_return;
+        }
+static int nuron_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+                             const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                             BN_MONT_CTX *m_ctx)
+        {
+        return nuron_mod_exp(r, a, p, m, ctx);
+        }
+#endif
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int nuron_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                              const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+        {
+        return nuron_mod_exp(r, a, p, m, ctx);
+        }
+#ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int nuron_mod_exp_dh(const DH *dh, BIGNUM *r,
+                const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+        {
+        return nuron_mod_exp(r, a, p, m, ctx);
+        }
+#endif
+#ifndef OPENSSL_NO_RSA
+static RSA_METHOD nuron_rsa =
+        {
+        "Nuron RSA method",
+        NULL,
+        NULL,
+        NULL,
+        NULL,
+        nuron_rsa_mod_exp,
+        nuron_mod_exp_mont,
+        NULL,
+        NULL,
+        0,
+        NULL,
+        NULL,
+        NULL
+        };
+#endif
+#ifndef OPENSSL_NO_DSA
+static DSA_METHOD nuron_dsa =
+        {
+        "Nuron DSA method",
+        NULL, /* dsa_do_sign */
+        NULL, /* dsa_sign_setup */
+        NULL, /* dsa_do_verify */
+        nuron_dsa_mod_exp, /* dsa_mod_exp */
+        nuron_mod_exp_dsa, /* bn_mod_exp */
+        NULL, /* init */
+        NULL, /* finish */
+        0, /* flags */
+        NULL /* app_data */
+        };
+#endif
+#ifndef OPENSSL_NO_DH
+static DH_METHOD nuron_dh =
+        {
+        "Nuron DH method",
+        NULL,
+        NULL,
+        nuron_mod_exp_dh,
+        NULL,
+        NULL,
+        0,
+        NULL
+        };
+#endif
+/* Constants used when creating the ENGINE */
+static const char *engine_nuron_id = "nuron";
+static const char *engine_nuron_name = "Nuron hardware engine support";
+/* This internal function is used by ENGINE_nuron() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_helper(ENGINE *e)
+        {
+#ifndef OPENSSL_NO_RSA
+        const RSA_METHOD *meth1;
+#endif
+#ifndef OPENSSL_NO_DSA
+        const DSA_METHOD *meth2;
+#endif
+#ifndef OPENSSL_NO_DH
+        const DH_METHOD *meth3;
+#endif
+        if(!ENGINE_set_id(e, engine_nuron_id) ||
+                        !ENGINE_set_name(e, engine_nuron_name) ||
+#ifndef OPENSSL_NO_RSA
+                        !ENGINE_set_RSA(e, &nuron_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DSA
+                        !ENGINE_set_DSA(e, &nuron_dsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
+                        !ENGINE_set_DH(e, &nuron_dh) ||
+#endif
+                        !ENGINE_set_destroy_function(e, nuron_destroy) ||
+                        !ENGINE_set_init_function(e, nuron_init) ||
+                        !ENGINE_set_finish_function(e, nuron_finish) ||
+                        !ENGINE_set_ctrl_function(e, nuron_ctrl) ||
+                        !ENGINE_set_cmd_defns(e, nuron_cmd_defns))
+                return 0;
+#ifndef OPENSSL_NO_RSA
+        /* We know that the "PKCS1_SSLeay()" functions hook properly
+         * to the nuron-specific mod_exp and mod_exp_crt so we use
+         * those functions. NB: We don't use ENGINE_openssl() or
+         * anything "more generic" because something like the RSAref
+         * code may not hook properly, and if you own one of these
+         * cards then you have the right to do RSA operations on it
+         * anyway! */ 
+        meth1=RSA_PKCS1_SSLeay();
+        nuron_rsa.rsa_pub_enc=meth1->rsa_pub_enc;
+        nuron_rsa.rsa_pub_dec=meth1->rsa_pub_dec;
+        nuron_rsa.rsa_priv_enc=meth1->rsa_priv_enc;
+        nuron_rsa.rsa_priv_dec=meth1->rsa_priv_dec;
+#endif
+#ifndef OPENSSL_NO_DSA
+        /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
+         * bits. */
+        meth2=DSA_OpenSSL();
+        nuron_dsa.dsa_do_sign=meth2->dsa_do_sign;
+        nuron_dsa.dsa_sign_setup=meth2->dsa_sign_setup;
+        nuron_dsa.dsa_do_verify=meth2->dsa_do_verify;
+#endif
+#ifndef OPENSSL_NO_DH
+        /* Much the same for Diffie-Hellman */
+        meth3=DH_OpenSSL();
+        nuron_dh.generate_key=meth3->generate_key;
+        nuron_dh.compute_key=meth3->compute_key;
+#endif
+        /* Ensure the nuron error handling is set up */
+        ERR_load_NURON_strings();
+        return 1;
+        }
+#ifndef ENGINE_DYNAMIC_SUPPORT
+static ENGINE *engine_nuron(void)
+        {
+        ENGINE *ret = ENGINE_new();
+        if(!ret)
+                return NULL;
+        if(!bind_helper(ret))
+                {
+                ENGINE_free(ret);
+                return NULL;
+                }
+        return ret;
+        }
+void ENGINE_load_nuron(void)
+        {
+        /* Copied from eng_[openssl|dyn].c */
+        ENGINE *toadd = engine_nuron();
+        if(!toadd) return;
+        ENGINE_add(toadd);
+        ENGINE_free(toadd);
+        ERR_clear_error();
+        }
+#endif
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */      
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+        {
+        if(id && (strcmp(id, engine_nuron_id) != 0))
+                return 0;
+        if(!bind_helper(e))
+                return 0;
+        return 1;
+        }       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+#endif /* !OPENSSL_NO_HW_NURON */
+#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_nuron_err.c b/src/lib/libcrypto/engine/hw_nuron_err.c
new file mode 100644
index 0000000000..df9d7bde76
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_nuron_err.c
@@ -0,0 +1,142 @@
+/* hw_nuron_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_nuron_err.h"
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA NURON_str_functs[]=
+        {
+{ERR_PACK(0,NURON_F_NURON_CTRL,0),      "NURON_CTRL"},
+{ERR_PACK(0,NURON_F_NURON_FINISH,0),    "NURON_FINISH"},
+{ERR_PACK(0,NURON_F_NURON_INIT,0),      "NURON_INIT"},
+{ERR_PACK(0,NURON_F_NURON_MOD_EXP,0),   "NURON_MOD_EXP"},
+{0,NULL}
+        };
+static ERR_STRING_DATA NURON_str_reasons[]=
+        {
+{NURON_R_ALREADY_LOADED                  ,"already loaded"},
+{NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED    ,"ctrl command not implemented"},
+{NURON_R_DSO_FAILURE                     ,"dso failure"},
+{NURON_R_DSO_FUNCTION_NOT_FOUND          ,"dso function not found"},
+{NURON_R_DSO_NOT_FOUND                   ,"dso not found"},
+{NURON_R_NOT_LOADED                      ,"not loaded"},
+{0,NULL}
+        };
+#endif
+#ifdef NURON_LIB_NAME
+static ERR_STRING_DATA NURON_lib_name[]=
+        {
+{0      ,NURON_LIB_NAME},
+{0,NULL}
+        };
+#endif
+static int NURON_lib_error_code=0;
+static int NURON_error_init=1;
+static void ERR_load_NURON_strings(void)
+        {
+        if (NURON_lib_error_code == 0)
+                NURON_lib_error_code=ERR_get_next_error_library();
+        if (NURON_error_init)
+                {
+                NURON_error_init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(NURON_lib_error_code,NURON_str_functs);
+                ERR_load_strings(NURON_lib_error_code,NURON_str_reasons);
+#endif
+#ifdef NURON_LIB_NAME
+                NURON_lib_name->error = ERR_PACK(NURON_lib_error_code,0,0);
+                ERR_load_strings(0,NURON_lib_name);
+#endif
+                }
+        }
+static void ERR_unload_NURON_strings(void)
+        {
+        if (NURON_error_init == 0)
+                {
+#ifndef OPENSSL_NO_ERR
+                ERR_unload_strings(NURON_lib_error_code,NURON_str_functs);
+                ERR_unload_strings(NURON_lib_error_code,NURON_str_reasons);
+#endif
+#ifdef NURON_LIB_NAME
+                ERR_unload_strings(0,NURON_lib_name);
+#endif
+                NURON_error_init=1;
+                }
+        }
+static void ERR_NURON_error(int function, int reason, char *file, int line)
+        {
+        if (NURON_lib_error_code == 0)
+                NURON_lib_error_code=ERR_get_next_error_library();
+        ERR_PUT_error(NURON_lib_error_code,function,reason,file,line);
+        }
diff --git a/src/lib/libcrypto/engine/hw_nuron_err.h b/src/lib/libcrypto/engine/hw_nuron_err.h
new file mode 100644
index 0000000000..a56bfdf303
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_nuron_err.h
@@ -0,0 +1,86 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_NURON_ERR_H
+#define HEADER_NURON_ERR_H
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_NURON_strings(void);
+static void ERR_unload_NURON_strings(void);
+static void ERR_NURON_error(int function, int reason, char *file, int line);
+#define NURONerr(f,r) ERR_NURON_error((f),(r),__FILE__,__LINE__)
+/* Error codes for the NURON functions. */
+/* Function codes. */
+#define NURON_F_NURON_CTRL                               100
+#define NURON_F_NURON_FINISH                             101
+#define NURON_F_NURON_INIT                               102
+#define NURON_F_NURON_MOD_EXP                            103
+/* Reason codes. */
+#define NURON_R_ALREADY_LOADED                           100
+#define NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED             101
+#define NURON_R_DSO_FAILURE                              102
+#define NURON_R_DSO_FUNCTION_NOT_FOUND                   103
+#define NURON_R_DSO_NOT_FOUND                            104
+#define NURON_R_NOT_LOADED                               105
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/engine/hw_sureware.c b/src/lib/libcrypto/engine/hw_sureware.c
new file mode 100644
index 0000000000..fca467e690
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_sureware.c
@@ -0,0 +1,1039 @@
+/* Written by Corinne Dive-Reclus(cdive@baltimore.com)
+* 
+*
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that the following conditions
+* are met:
+*
+* 1. Redistributions of source code must retain the above copyright
+*    notice, this list of conditions and the following disclaimer. 
+*
+* 2. Redistributions in binary form must reproduce the above copyright
+*    notice, this list of conditions and the following disclaimer in
+*    the documentation and/or other materials provided with the
+*    distribution.
+*
+* 3. All advertising materials mentioning features or use of this
+*    software must display the following acknowledgment:
+*    "This product includes software developed by the OpenSSL Project
+*    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+*
+* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+*    endorse or promote products derived from this software without
+*    prior written permission. For written permission, please contact
+*    licensing@OpenSSL.org.
+*
+* 5. Products derived from this software may not be called "OpenSSL"
+*    nor may "OpenSSL" appear in their names without prior written
+*    permission of the OpenSSL Project.
+*
+* 6. Redistributions of any form whatsoever must retain the following
+*    acknowledgment:
+*    "This product includes software developed by the OpenSSL Project
+*    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+*
+* Written by Corinne Dive-Reclus(cdive@baltimore.com)
+*
+* Copyright@2001 Baltimore Technologies Ltd.
+* All right Reserved.
+*                                                                                                                                                                                               *       
+*               THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND                                                                                                                                                   *
+*               ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE                                   * 
+*               IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE                              *
+*               ARE DISCLAIMED.  IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE                                             *
+*               FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL                              *
+*               DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS                                 *
+*               OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)                                   *
+*               HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT                              *
+*               LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY                               *
+*               OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF                                  *
+*               SUCH DAMAGE.                                                                                                                                                    *
+====================================================================*/
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/pem.h>
+#include <openssl/dso.h>
+#include "eng_int.h"
+#include "engine.h"
+#include <openssl/engine.h>
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_SUREWARE
+#ifdef FLAT_INC
+#include "sureware.h"
+#else
+#include "vendor_defns/sureware.h"
+#endif
+#define SUREWARE_LIB_NAME "sureware engine"
+#include "hw_sureware_err.c"
+static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+static int surewarehk_destroy(ENGINE *e);
+static int surewarehk_init(ENGINE *e);
+static int surewarehk_finish(ENGINE *e);
+static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+        const BIGNUM *m, BN_CTX *ctx);
+/* RSA stuff */
+static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,
+                        RSA *rsa,int padding);
+static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,
+                            RSA *rsa,int padding);
+/* RAND stuff */
+static int surewarehk_rand_bytes(unsigned char *buf, int num);
+static void surewarehk_rand_seed(const void *buf, int num);
+static void surewarehk_rand_add(const void *buf, int num, double entropy);
+/* KM stuff */
+static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
+        UI_METHOD *ui_method, void *callback_data);
+static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
+        UI_METHOD *ui_method, void *callback_data);
+static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+        int idx,long argl, void *argp);
+#if 0
+static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+        int idx,long argl, void *argp);
+#endif
+#ifndef OPENSSL_NO_RSA
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int surewarehk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+        return surewarehk_modexp(r, a, p, m, ctx);
+}
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD surewarehk_rsa =
+        {
+        "SureWare RSA method",
+        NULL, /* pub_enc*/
+        NULL, /* pub_dec*/
+        surewarehk_rsa_sign, /* our rsa_sign is OpenSSL priv_enc*/
+        surewarehk_rsa_priv_dec, /* priv_dec*/
+        NULL, /*mod_exp*/
+        surewarehk_mod_exp_mont, /*mod_exp_mongomery*/
+        NULL, /* init*/
+        NULL, /* finish*/
+        0,      /* RSA flag*/
+        NULL, 
+        NULL, /* OpenSSL sign*/
+        NULL  /* OpenSSL verify*/
+        };
+#endif
+#ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int surewarehk_modexp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+        const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+        return surewarehk_modexp(r, a, p, m, ctx);
+}
+static DH_METHOD surewarehk_dh =
+        {
+        "SureWare DH method",
+        NULL,/*gen_key*/
+        NULL,/*agree,*/
+        surewarehk_modexp_dh, /*dh mod exp*/
+        NULL, /* init*/
+        NULL, /* finish*/
+        0,    /* flags*/
+        NULL 
+        };
+#endif
+static RAND_METHOD surewarehk_rand =
+        {
+        /* "SureWare RAND method", */
+        surewarehk_rand_seed,
+        surewarehk_rand_bytes,
+        NULL,/*cleanup*/
+        surewarehk_rand_add,
+        surewarehk_rand_bytes,
+        NULL,/*rand_status*/
+        };
+#ifndef OPENSSL_NO_DSA
+/* DSA stuff */
+static  DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static int surewarehk_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+                BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+                BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+        BIGNUM t;
+        int to_return = 0;
+        BN_init(&t);
+        /* let rr = a1 ^ p1 mod m */
+        if (!surewarehk_modexp(rr,a1,p1,m,ctx)) goto end;
+        /* let t = a2 ^ p2 mod m */
+        if (!surewarehk_modexp(&t,a2,p2,m,ctx)) goto end;
+        /* let rr = rr * t mod m */
+        if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
+        to_return = 1;
+end:
+        BN_free(&t);
+        return to_return;
+}
+static DSA_METHOD surewarehk_dsa =
+        {
+         "SureWare DSA method", 
+        surewarehk_dsa_do_sign,
+        NULL,/*sign setup*/
+        NULL,/*verify,*/
+        surewarehk_dsa_mod_exp,/*mod exp*/
+        NULL,/*bn mod exp*/
+        NULL, /*init*/
+        NULL,/*finish*/
+        0,
+        NULL,
+        };
+#endif
+static const char *engine_sureware_id = "sureware";
+static const char *engine_sureware_name = "SureWare hardware engine support";
+/* Now, to our own code */
+/* As this is only ever called once, there's no need for locking
+ * (indeed - the lock will already be held by our caller!!!) */
+static int bind_sureware(ENGINE *e)
+{
+#ifndef OPENSSL_NO_RSA
+        const RSA_METHOD *meth1;
+#endif
+#ifndef OPENSSL_NO_DSA
+        const DSA_METHOD *meth2;
+#endif
+#ifndef OPENSSL_NO_DH
+        const DH_METHOD *meth3;
+#endif
+        if(!ENGINE_set_id(e, engine_sureware_id) ||
+           !ENGINE_set_name(e, engine_sureware_name) ||
+#ifndef OPENSSL_NO_RSA
+           !ENGINE_set_RSA(e, &surewarehk_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DSA
+           !ENGINE_set_DSA(e, &surewarehk_dsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
+           !ENGINE_set_DH(e, &surewarehk_dh) ||
+#endif
+           !ENGINE_set_RAND(e, &surewarehk_rand) ||
+           !ENGINE_set_destroy_function(e, surewarehk_destroy) ||
+           !ENGINE_set_init_function(e, surewarehk_init) ||
+           !ENGINE_set_finish_function(e, surewarehk_finish) ||
+           !ENGINE_set_ctrl_function(e, surewarehk_ctrl) ||
+           !ENGINE_set_load_privkey_function(e, surewarehk_load_privkey) ||
+           !ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey))
+          return 0;
+#ifndef OPENSSL_NO_RSA
+        /* We know that the "PKCS1_SSLeay()" functions hook properly
+         * to the cswift-specific mod_exp and mod_exp_crt so we use
+         * those functions. NB: We don't use ENGINE_openssl() or
+         * anything "more generic" because something like the RSAref
+         * code may not hook properly, and if you own one of these
+         * cards then you have the right to do RSA operations on it
+         * anyway! */ 
+        meth1 = RSA_PKCS1_SSLeay();
+        if (meth1)
+        {
+                surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+                surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+        }
+#endif
+#ifndef OPENSSL_NO_DSA
+        /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
+         * bits. */
+        meth2 = DSA_OpenSSL();
+        if (meth2)
+        {
+                surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify;
+        }
+#endif
+#ifndef OPENSSL_NO_DH
+        /* Much the same for Diffie-Hellman */
+        meth3 = DH_OpenSSL();
+        if (meth3)
+        {
+                surewarehk_dh.generate_key = meth3->generate_key;
+                surewarehk_dh.compute_key = meth3->compute_key;
+        }
+#endif
+        /* Ensure the sureware error handling is set up */
+        ERR_load_SUREWARE_strings();
+        return 1;
+}
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_helper(ENGINE *e, const char *id)
+        {
+        if(id && (strcmp(id, engine_sureware_id) != 0))
+                return 0;
+        if(!bind_sureware(e))
+                return 0;
+        return 1;
+        }       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+#else
+static ENGINE *engine_sureware(void)
+        {
+        ENGINE *ret = ENGINE_new();
+        if(!ret)
+                return NULL;
+        if(!bind_sureware(ret))
+                {
+                ENGINE_free(ret);
+                return NULL;
+                }
+        return ret;
+        }
+void ENGINE_load_sureware(void)
+        {
+        /* Copied from eng_[openssl|dyn].c */
+        ENGINE *toadd = engine_sureware();
+        if(!toadd) return;
+        ENGINE_add(toadd);
+        ENGINE_free(toadd);
+        ERR_clear_error();
+        }
+#endif
+/* This is a process-global DSO handle used for loading and unloading
+ * the SureWareHook library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *surewarehk_dso = NULL;
+#ifndef OPENSSL_NO_RSA
+static int rsaHndidx = -1;      /* Index for KM handle.  Not really used yet. */
+#endif
+#ifndef OPENSSL_NO_DSA
+static int dsaHndidx = -1;      /* Index for KM handle.  Not really used yet. */
+#endif
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+static SureWareHook_Init_t *p_surewarehk_Init = NULL;
+static SureWareHook_Finish_t *p_surewarehk_Finish = NULL;
+static SureWareHook_Rand_Bytes_t *p_surewarehk_Rand_Bytes = NULL;
+static SureWareHook_Rand_Seed_t *p_surewarehk_Rand_Seed = NULL;
+static SureWareHook_Load_Privkey_t *p_surewarehk_Load_Privkey = NULL;
+static SureWareHook_Info_Pubkey_t *p_surewarehk_Info_Pubkey = NULL;
+static SureWareHook_Load_Rsa_Pubkey_t *p_surewarehk_Load_Rsa_Pubkey = NULL;
+static SureWareHook_Load_Dsa_Pubkey_t *p_surewarehk_Load_Dsa_Pubkey = NULL;
+static SureWareHook_Free_t *p_surewarehk_Free=NULL;
+static SureWareHook_Rsa_Priv_Dec_t *p_surewarehk_Rsa_Priv_Dec=NULL;
+static SureWareHook_Rsa_Sign_t *p_surewarehk_Rsa_Sign=NULL;
+static SureWareHook_Dsa_Sign_t *p_surewarehk_Dsa_Sign=NULL;
+static SureWareHook_Mod_Exp_t *p_surewarehk_Mod_Exp=NULL;
+/* Used in the DSO operations. */
+static const char *surewarehk_LIBNAME = "SureWareHook";
+static const char *n_surewarehk_Init = "SureWareHook_Init";
+static const char *n_surewarehk_Finish = "SureWareHook_Finish";
+static const char *n_surewarehk_Rand_Bytes="SureWareHook_Rand_Bytes";
+static const char *n_surewarehk_Rand_Seed="SureWareHook_Rand_Seed";
+static const char *n_surewarehk_Load_Privkey="SureWareHook_Load_Privkey";
+static const char *n_surewarehk_Info_Pubkey="SureWareHook_Info_Pubkey";
+static const char *n_surewarehk_Load_Rsa_Pubkey="SureWareHook_Load_Rsa_Pubkey";
+static const char *n_surewarehk_Load_Dsa_Pubkey="SureWareHook_Load_Dsa_Pubkey";
+static const char *n_surewarehk_Free="SureWareHook_Free";
+static const char *n_surewarehk_Rsa_Priv_Dec="SureWareHook_Rsa_Priv_Dec";
+static const char *n_surewarehk_Rsa_Sign="SureWareHook_Rsa_Sign";
+static const char *n_surewarehk_Dsa_Sign="SureWareHook_Dsa_Sign";
+static const char *n_surewarehk_Mod_Exp="SureWareHook_Mod_Exp";
+static BIO *logstream = NULL;
+/* SureWareHook library functions and mechanics - these are used by the
+ * higher-level functions further down. NB: As and where there's no
+ * error checking, take a look lower down where these functions are
+ * called, the checking and error handling is probably down there. 
+*/
+static int threadsafe=1;
+static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+{
+        int to_return = 1;
+        switch(cmd)
+        {
+                case ENGINE_CTRL_SET_LOGSTREAM:
+                {
+                        BIO *bio = (BIO *)p;
+                        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+                        if (logstream)
+                        {
+                                BIO_free(logstream);
+                                logstream = NULL;
+                        }
+                        if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)
+                                logstream = bio;
+                        else
+                                SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,SUREWARE_R_BIO_WAS_FREED);
+                }
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                break;
+        /* This will prevent the initialisation function from "installing"
+         * the mutex-handling callbacks, even if they are available from
+         * within the library (or were provided to the library from the
+         * calling application). This is to remove any baggage for
+         * applications not using multithreading. */
+        case ENGINE_CTRL_CHIL_NO_LOCKING:
+                CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+                threadsafe = 0;
+                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+                break;
+        /* The command isn't understood by this engine */
+        default:
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,
+                        ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+                to_return = 0;
+                break;
+                }
+        return to_return;
+}
+/* Destructor (complements the "ENGINE_surewarehk()" constructor) */
+static int surewarehk_destroy(ENGINE *e)
+{
+        ERR_unload_SUREWARE_strings();
+        return 1;
+}
+/* (de)initialisation functions. */
+static int surewarehk_init(ENGINE *e)
+{
+        char msg[64]="ENGINE_init";
+        SureWareHook_Init_t *p1=NULL;
+        SureWareHook_Finish_t *p2=NULL;
+        SureWareHook_Rand_Bytes_t *p3=NULL;
+        SureWareHook_Rand_Seed_t *p4=NULL;
+        SureWareHook_Load_Privkey_t *p5=NULL;
+        SureWareHook_Load_Rsa_Pubkey_t *p6=NULL;
+        SureWareHook_Free_t *p7=NULL;
+        SureWareHook_Rsa_Priv_Dec_t *p8=NULL;
+        SureWareHook_Rsa_Sign_t *p9=NULL;
+        SureWareHook_Dsa_Sign_t *p12=NULL;
+        SureWareHook_Info_Pubkey_t *p13=NULL;
+        SureWareHook_Load_Dsa_Pubkey_t *p14=NULL;
+        SureWareHook_Mod_Exp_t *p15=NULL;
+        if(surewarehk_dso != NULL)
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_ALREADY_LOADED);
+                goto err;
+        }
+        /* Attempt to load libsurewarehk.so/surewarehk.dll/whatever. */
+        surewarehk_dso = DSO_load(NULL, surewarehk_LIBNAME, NULL, 0);
+        if(surewarehk_dso == NULL)
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);
+                goto err;
+        }
+        if(!(p1=(SureWareHook_Init_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Init)) ||
+           !(p2=(SureWareHook_Finish_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Finish)) ||
+           !(p3=(SureWareHook_Rand_Bytes_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Bytes)) ||
+           !(p4=(SureWareHook_Rand_Seed_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Seed)) ||
+           !(p5=(SureWareHook_Load_Privkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Privkey)) ||
+           !(p6=(SureWareHook_Load_Rsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Rsa_Pubkey)) ||
+           !(p7=(SureWareHook_Free_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Free)) ||
+           !(p8=(SureWareHook_Rsa_Priv_Dec_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Priv_Dec)) ||
+           !(p9=(SureWareHook_Rsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Sign)) ||
+           !(p12=(SureWareHook_Dsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Dsa_Sign)) ||
+           !(p13=(SureWareHook_Info_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Info_Pubkey)) ||
+           !(p14=(SureWareHook_Load_Dsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Dsa_Pubkey)) ||
+           !(p15=(SureWareHook_Mod_Exp_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Mod_Exp)))
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);
+                goto err;
+        }
+        /* Copy the pointers */
+        p_surewarehk_Init = p1;
+        p_surewarehk_Finish = p2;
+        p_surewarehk_Rand_Bytes = p3;
+        p_surewarehk_Rand_Seed = p4;
+        p_surewarehk_Load_Privkey = p5;
+        p_surewarehk_Load_Rsa_Pubkey = p6;
+        p_surewarehk_Free = p7;
+        p_surewarehk_Rsa_Priv_Dec = p8;
+        p_surewarehk_Rsa_Sign = p9;
+        p_surewarehk_Dsa_Sign = p12;
+        p_surewarehk_Info_Pubkey = p13;
+        p_surewarehk_Load_Dsa_Pubkey = p14;
+        p_surewarehk_Mod_Exp = p15;
+        /* Contact the hardware and initialises it. */
+        if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE);
+                goto err;
+        }
+        if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE);
+                goto err;
+        }
+        /* try to load the default private key, if failed does not return a failure but
+           wait for an explicit ENGINE_load_privakey */
+        surewarehk_load_privkey(e,NULL,NULL,NULL);
+        /* Everything's fine. */
+#ifndef OPENSSL_NO_RSA
+        if (rsaHndidx == -1)
+                rsaHndidx = RSA_get_ex_new_index(0,
+                                                "SureWareHook RSA key handle",
+                                                NULL, NULL, surewarehk_ex_free);
+#endif
+#ifndef OPENSSL_NO_DSA
+        if (dsaHndidx == -1)
+                dsaHndidx = DSA_get_ex_new_index(0,
+                                                "SureWareHook DSA key handle",
+                                                NULL, NULL, surewarehk_ex_free);
+#endif
+        return 1;
+err:
+        if(surewarehk_dso)
+                DSO_free(surewarehk_dso);
+        surewarehk_dso = NULL;
+        p_surewarehk_Init = NULL;
+        p_surewarehk_Finish = NULL;
+        p_surewarehk_Rand_Bytes = NULL;
+        p_surewarehk_Rand_Seed = NULL;
+        p_surewarehk_Load_Privkey = NULL;
+        p_surewarehk_Load_Rsa_Pubkey = NULL;
+        p_surewarehk_Free = NULL;
+        p_surewarehk_Rsa_Priv_Dec = NULL;
+        p_surewarehk_Rsa_Sign = NULL;
+        p_surewarehk_Dsa_Sign = NULL;
+        p_surewarehk_Info_Pubkey = NULL;
+        p_surewarehk_Load_Dsa_Pubkey = NULL;
+        p_surewarehk_Mod_Exp = NULL;
+        return 0;
+}
+static int surewarehk_finish(ENGINE *e)
+{
+        int to_return = 1;
+        if(surewarehk_dso == NULL)
+                {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH,ENGINE_R_NOT_LOADED);
+                to_return = 0;
+                goto err;
+                }
+        p_surewarehk_Finish();
+        if(!DSO_free(surewarehk_dso))
+                {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH,ENGINE_R_DSO_FAILURE);
+                to_return = 0;
+                goto err;
+                }
+ err:
+        if (logstream)
+                BIO_free(logstream);
+        surewarehk_dso = NULL;
+        p_surewarehk_Init = NULL;
+        p_surewarehk_Finish = NULL;
+        p_surewarehk_Rand_Bytes = NULL;
+        p_surewarehk_Rand_Seed = NULL;
+        p_surewarehk_Load_Privkey = NULL;
+        p_surewarehk_Load_Rsa_Pubkey = NULL;
+        p_surewarehk_Free = NULL;
+        p_surewarehk_Rsa_Priv_Dec = NULL;
+        p_surewarehk_Rsa_Sign = NULL;
+        p_surewarehk_Dsa_Sign = NULL;
+        p_surewarehk_Info_Pubkey = NULL;
+        p_surewarehk_Load_Dsa_Pubkey = NULL;
+        p_surewarehk_Mod_Exp = NULL;
+        return to_return;
+}
+static void surewarehk_error_handling(char *const msg,int func,int ret)
+{
+        switch (ret)
+        {
+                case SUREWAREHOOK_ERROR_UNIT_FAILURE:
+                        ENGINEerr(func,SUREWARE_R_UNIT_FAILURE);
+                        break;
+                case SUREWAREHOOK_ERROR_FALLBACK:
+                        ENGINEerr(func,SUREWARE_R_REQUEST_FALLBACK);
+                        break;
+                case SUREWAREHOOK_ERROR_DATA_SIZE:
+                        ENGINEerr(func,SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+                        break;
+                case SUREWAREHOOK_ERROR_INVALID_PAD:
+                        ENGINEerr(func,RSA_R_PADDING_CHECK_FAILED);
+                        break;
+                default:
+                        ENGINEerr(func,SUREWARE_R_REQUEST_FAILED);
+                        break;
+                case 1:/*nothing*/
+                        msg[0]='\0';
+        }
+        if (*msg)
+        {
+                ERR_add_error_data(1,msg);
+                if (logstream)
+                {
+                        CRYPTO_w_lock(CRYPTO_LOCK_BIO);
+                        BIO_write(logstream, msg, strlen(msg));
+                        CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
+                }
+        }
+}
+static int surewarehk_rand_bytes(unsigned char *buf, int num)
+{
+        int ret=0;
+        char msg[64]="ENGINE_rand_bytes";
+        if(!p_surewarehk_Rand_Bytes)
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_BYTES,ENGINE_R_NOT_INITIALISED);
+        }
+        else
+        {
+                ret = p_surewarehk_Rand_Bytes(msg,buf, num);
+                surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_BYTES,ret);
+        }
+        return ret==1 ? 1 : 0;
+}
+static void surewarehk_rand_seed(const void *buf, int num)
+{
+        int ret=0;
+        char msg[64]="ENGINE_rand_seed";
+        if(!p_surewarehk_Rand_Seed)
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_SEED,ENGINE_R_NOT_INITIALISED);
+        }
+        else
+        {
+                ret = p_surewarehk_Rand_Seed(msg,buf, num);
+                surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_SEED,ret);
+        }
+}
+static void surewarehk_rand_add(const void *buf, int num, double entropy)
+{
+        surewarehk_rand_seed(buf,num);
+}
+static EVP_PKEY* sureware_load_public(ENGINE *e,const char *key_id,char *hptr,unsigned long el,char keytype)
+{
+        EVP_PKEY *res = NULL;
+#ifndef OPENSSL_NO_RSA
+        RSA *rsatmp = NULL;
+#endif
+#ifndef OPENSSL_NO_DSA
+        DSA *dsatmp=NULL;
+#endif
+        char msg[64]="sureware_load_public";
+        int ret=0;
+        if(!p_surewarehk_Load_Rsa_Pubkey || !p_surewarehk_Load_Dsa_Pubkey)
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ENGINE_R_NOT_INITIALISED);
+                goto err;
+        }
+        switch (keytype)
+        {
+#ifndef OPENSSL_NO_RSA
+        case 1: /*RSA*/
+                /* set private external reference */
+                rsatmp = RSA_new_method(e);
+                RSA_set_ex_data(rsatmp,rsaHndidx,hptr);
+                rsatmp->flags |= RSA_FLAG_EXT_PKEY;
+                /* set public big nums*/
+                rsatmp->e = BN_new();
+                rsatmp->n = BN_new();
+                bn_expand2(rsatmp->e, el/sizeof(BN_ULONG));
+                bn_expand2(rsatmp->n, el/sizeof(BN_ULONG));
+                if (!rsatmp->e || rsatmp->e->dmax!=(int)(el/sizeof(BN_ULONG))|| 
+                        !rsatmp->n || rsatmp->n->dmax!=(int)(el/sizeof(BN_ULONG)))
+                        goto err;
+                ret=p_surewarehk_Load_Rsa_Pubkey(msg,key_id,el,
+                                                 (unsigned long *)rsatmp->n->d,
+                                                 (unsigned long *)rsatmp->e->d);
+                surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ret);
+                if (ret!=1)
+                {
+                        SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+                        goto err;
+                }
+                /* normalise pub e and pub n */
+                rsatmp->e->top=el/sizeof(BN_ULONG);
+                bn_fix_top(rsatmp->e);
+                rsatmp->n->top=el/sizeof(BN_ULONG);
+                bn_fix_top(rsatmp->n);
+                /* create an EVP object: engine + rsa key */
+                res = EVP_PKEY_new();
+                EVP_PKEY_assign_RSA(res, rsatmp);
+                break;
+#endif
+#ifndef OPENSSL_NO_DSA
+        case 2:/*DSA*/
+                /* set private/public external reference */
+                dsatmp = DSA_new_method(e);
+                DSA_set_ex_data(dsatmp,dsaHndidx,hptr);
+                /*dsatmp->flags |= DSA_FLAG_EXT_PKEY;*/
+                /* set public key*/
+                dsatmp->pub_key = BN_new();
+                dsatmp->p = BN_new();
+                dsatmp->q = BN_new();
+                dsatmp->g = BN_new();
+                bn_expand2(dsatmp->pub_key, el/sizeof(BN_ULONG));
+                bn_expand2(dsatmp->p, el/sizeof(BN_ULONG));
+                bn_expand2(dsatmp->q, 20/sizeof(BN_ULONG));
+                bn_expand2(dsatmp->g, el/sizeof(BN_ULONG));
+                if (!dsatmp->pub_key || dsatmp->pub_key->dmax!=(int)(el/sizeof(BN_ULONG))|| 
+                        !dsatmp->p || dsatmp->p->dmax!=(int)(el/sizeof(BN_ULONG)) ||
+                        !dsatmp->q || dsatmp->q->dmax!=20/sizeof(BN_ULONG) ||
+                        !dsatmp->g || dsatmp->g->dmax!=(int)(el/sizeof(BN_ULONG)))
+                        goto err;
+                ret=p_surewarehk_Load_Dsa_Pubkey(msg,key_id,el,
+                                                 (unsigned long *)dsatmp->pub_key->d, 
+                                                 (unsigned long *)dsatmp->p->d,
+                                                 (unsigned long *)dsatmp->q->d,
+                                                 (unsigned long *)dsatmp->g->d);
+                surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ret);
+                if (ret!=1)
+                {
+                        SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+                        goto err;
+                }
+                /* set parameters */
+                /* normalise pubkey and parameters in case of */
+                dsatmp->pub_key->top=el/sizeof(BN_ULONG);
+                bn_fix_top(dsatmp->pub_key);
+                dsatmp->p->top=el/sizeof(BN_ULONG);
+                bn_fix_top(dsatmp->p);
+                dsatmp->q->top=20/sizeof(BN_ULONG);
+                bn_fix_top(dsatmp->q);
+                dsatmp->g->top=el/sizeof(BN_ULONG);
+                bn_fix_top(dsatmp->g);
+                /* create an EVP object: engine + rsa key */
+                res = EVP_PKEY_new();
+                EVP_PKEY_assign_DSA(res, dsatmp);
+                break;
+#endif
+        default:
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
+                goto err;
+        }
+        return res;
+ err:
+        if (res)
+                EVP_PKEY_free(res);
+#ifndef OPENSSL_NO_RSA
+        if (rsatmp)
+                RSA_free(rsatmp);
+#endif
+#ifndef OPENSSL_NO_DSA
+        if (dsatmp)
+                DSA_free(dsatmp);
+#endif
+        return NULL;
+}
+static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
+                                         UI_METHOD *ui_method, void *callback_data)
+{
+        EVP_PKEY *res = NULL;
+        int ret=0;
+        unsigned long el=0;
+        char *hptr=NULL;
+        char keytype=0;
+        char msg[64]="ENGINE_load_privkey";
+        if(!p_surewarehk_Load_Privkey)
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_NOT_INITIALISED);
+        }
+        else
+        {
+                ret=p_surewarehk_Load_Privkey(msg,key_id,&hptr,&el,&keytype);
+                if (ret!=1)
+                {
+                        SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
+                        ERR_add_error_data(1,msg);              
+                }
+                else
+                        res=sureware_load_public(e,key_id,hptr,el,keytype);
+        }
+        return res;
+}
+static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
+                                         UI_METHOD *ui_method, void *callback_data)
+{
+        EVP_PKEY *res = NULL;
+        int ret=0;
+        unsigned long el=0;
+        char *hptr=NULL;
+        char keytype=0;
+        char msg[64]="ENGINE_load_pubkey";
+        if(!p_surewarehk_Info_Pubkey)
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ENGINE_R_NOT_INITIALISED);
+        }
+        else
+        {
+                /* call once to identify if DSA or RSA */
+                ret=p_surewarehk_Info_Pubkey(msg,key_id,&el,&keytype);
+                if (ret!=1)
+                {
+                        SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+                        ERR_add_error_data(1,msg);
+                }
+                else
+                        res=sureware_load_public(e,key_id,hptr,el,keytype);
+        }
+        return res;
+}
+/* This cleans up an RSA/DSA KM key(do not destroy the key into the hardware)
+, called when ex_data is freed */
+static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+        int idx,long argl, void *argp)
+{
+        if(!p_surewarehk_Free)
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE,ENGINE_R_NOT_INITIALISED);
+        }
+        else
+                p_surewarehk_Free((char *)item,0);
+}
+#if 0
+/* This cleans up an DH KM key (destroys the key into hardware), 
+called when ex_data is freed */
+static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+        int idx,long argl, void *argp)
+{
+        if(!p_surewarehk_Free)
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE,ENGINE_R_NOT_INITIALISED);
+        }
+        else
+                p_surewarehk_Free((char *)item,1);
+}
+#endif
+/*
+* return number of decrypted bytes
+*/
+#ifndef OPENSSL_NO_RSA
+static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,
+                        RSA *rsa,int padding)
+{
+        int ret=0,tlen;
+        char *buf=NULL,*hptr=NULL;
+        char msg[64]="ENGINE_rsa_priv_dec";
+        if (!p_surewarehk_Rsa_Priv_Dec)
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ENGINE_R_NOT_INITIALISED);
+        }
+        /* extract ref to private key */
+        else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx)))
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_MISSING_KEY_COMPONENTS);
+                goto err;
+        }
+        /* analyse what padding we can do into the hardware */
+        if (padding==RSA_PKCS1_PADDING)
+        {
+                /* do it one shot */
+                ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);
+                surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret);
+                if (ret!=1)
+                        goto err;
+                ret=tlen;
+        }
+        else /* do with no padding into hardware */
+        {
+                ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_NO_PAD);
+                surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret);
+                if (ret!=1)
+                        goto err;
+                /* intermediate buffer for padding */
+                if ((buf=OPENSSL_malloc(tlen)) == NULL)
+                {
+                        RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                }
+                memcpy(buf,to,tlen);/* transfert to into buf */
+                switch (padding) /* check padding in software */
+                {
+#ifndef OPENSSL_NO_SHA
+                case RSA_PKCS1_OAEP_PADDING:
+                        ret=RSA_padding_check_PKCS1_OAEP(to,tlen,(unsigned char *)buf,tlen,tlen,NULL,0);
+                        break;
+#endif
+                case RSA_SSLV23_PADDING:
+                        ret=RSA_padding_check_SSLv23(to,tlen,(unsigned char *)buf,flen,tlen);
+                        break;
+                case RSA_NO_PADDING:
+                        ret=RSA_padding_check_none(to,tlen,(unsigned char *)buf,flen,tlen);
+                        break;
+                default:
+                        RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,RSA_R_UNKNOWN_PADDING_TYPE);
+                        goto err;
+                }
+                if (ret < 0)
+                        RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,RSA_R_PADDING_CHECK_FAILED);
+        }
+err:
+        if (buf)
+        {
+                OPENSSL_cleanse(buf,tlen);
+                OPENSSL_free(buf);
+        }
+        return ret;
+}
+/*
+* Does what OpenSSL rsa_priv_enc does.
+*/
+static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,
+                            RSA *rsa,int padding)
+{
+        int ret=0,tlen;
+        char *hptr=NULL;
+        char msg[64]="ENGINE_rsa_sign";
+        if (!p_surewarehk_Rsa_Sign)
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,ENGINE_R_NOT_INITIALISED);
+        }
+        /* extract ref to private key */
+        else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx)))
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,SUREWARE_R_MISSING_KEY_COMPONENTS);
+        }
+        else
+        {
+                switch (padding)
+                {
+                case RSA_PKCS1_PADDING: /* do it in one shot */
+                        ret=p_surewarehk_Rsa_Sign(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);
+                        surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,ret);
+                        break;
+                case RSA_NO_PADDING:
+                default:
+                        RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,RSA_R_UNKNOWN_PADDING_TYPE);
+                }
+        }
+        return ret==1 ? tlen : ret;
+}
+#endif
+#ifndef OPENSSL_NO_DSA
+/* DSA sign and verify */
+static  DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *from, int flen, DSA *dsa)
+{
+        int ret=0;
+        char *hptr=NULL;
+        DSA_SIG *psign=NULL;
+        char msg[64]="ENGINE_dsa_do_sign";
+        if (!p_surewarehk_Dsa_Sign)
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ENGINE_R_NOT_INITIALISED);
+        }
+        /* extract ref to private key */
+        else if (!(hptr=DSA_get_ex_data(dsa, dsaHndidx)))
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,SUREWARE_R_MISSING_KEY_COMPONENTS);
+        }
+        else
+        {
+                if((psign = DSA_SIG_new()) == NULL)
+                {
+                        SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ERR_R_MALLOC_FAILURE);
+                        goto err;
+                }
+                psign->r=BN_new();
+                psign->s=BN_new();
+                bn_expand2(psign->r, 20/sizeof(BN_ULONG));
+                bn_expand2(psign->s, 20/sizeof(BN_ULONG));
+                if (!psign->r || psign->r->dmax!=20/sizeof(BN_ULONG) ||
+                        !psign->s || psign->s->dmax!=20/sizeof(BN_ULONG))
+                        goto err;
+                ret=p_surewarehk_Dsa_Sign(msg,flen,from,
+                                          (unsigned long *)psign->r->d,
+                                          (unsigned long *)psign->s->d,
+                                          hptr);
+                surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ret);
+        }
+        psign->r->top=20/sizeof(BN_ULONG);
+        bn_fix_top(psign->r);
+        psign->s->top=20/sizeof(BN_ULONG);
+        bn_fix_top(psign->s);
+err:    
+        if (psign)
+        {
+                DSA_SIG_free(psign);
+                psign=NULL;
+        }
+        return psign;
+}
+#endif
+static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                             const BIGNUM *m, BN_CTX *ctx)
+{
+        int ret=0;
+        char msg[64]="ENGINE_modexp";
+        if (!p_surewarehk_Mod_Exp)
+        {
+                SUREWAREerr(SUREWARE_F_SUREWAREHK_MOD_EXP,ENGINE_R_NOT_INITIALISED);
+        }
+        else
+        {
+                bn_expand2(r,m->top);
+                if (r && r->dmax==m->top)
+                {
+                        /* do it*/
+                        ret=p_surewarehk_Mod_Exp(msg,
+                                                 m->top*sizeof(BN_ULONG),
+                                                 (unsigned long *)m->d,
+                                                 p->top*sizeof(BN_ULONG),
+                                                 (unsigned long *)p->d,
+                                                 a->top*sizeof(BN_ULONG),
+                                                 (unsigned long *)a->d,
+                                                 (unsigned long *)r->d);
+                        surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_MOD_EXP,ret);
+                        if (ret==1)
+                        {
+                                /* normalise result */
+                                r->top=m->top;
+                                bn_fix_top(r);
+                        }
+                }
+        }
+        return ret;
+}
+#endif /* !OPENSSL_NO_HW_SureWare */
+#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_sureware_err.c b/src/lib/libcrypto/engine/hw_sureware_err.c
new file mode 100644
index 0000000000..69955dadbb
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_sureware_err.c
@@ -0,0 +1,150 @@
+/* hw_sureware_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_sureware_err.h"
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA SUREWARE_str_functs[]=
+        {
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_CTRL,0),      "SUREWAREHK_CTRL"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,0),       "SUREWAREHK_DSA_DO_SIGN"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_EX_FREE,0),   "SUREWAREHK_EX_FREE"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_FINISH,0),    "SUREWAREHK_FINISH"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_INIT,0),      "SUREWAREHK_INIT"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,0),  "SUREWAREHK_LOAD_PRIVATE_KEY"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,0),   "SUREWAREHK_LOAD_PUBLIC_KEY"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_MOD_EXP,0),   "SUREWAREHK_MOD_EXP"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_RAND_BYTES,0),        "SUREWAREHK_RAND_BYTES"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_RAND_SEED,0), "SUREWAREHK_RAND_SEED"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,0),      "SUREWAREHK_RSA_PRIV_DEC"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,0),      "SUREWAREHK_RSA_PRIV_ENC"},
+{0,NULL}
+        };
+static ERR_STRING_DATA SUREWARE_str_reasons[]=
+        {
+{SUREWARE_R_BIO_WAS_FREED                ,"bio was freed"},
+{SUREWARE_R_MISSING_KEY_COMPONENTS       ,"missing key components"},
+{SUREWARE_R_REQUEST_FAILED               ,"request failed"},
+{SUREWARE_R_REQUEST_FALLBACK             ,"request fallback"},
+{SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL  ,"size too large or too small"},
+{SUREWARE_R_UNIT_FAILURE                 ,"unit failure"},
+{0,NULL}
+        };
+#endif
+#ifdef SUREWARE_LIB_NAME
+static ERR_STRING_DATA SUREWARE_lib_name[]=
+        {
+{0      ,SUREWARE_LIB_NAME},
+{0,NULL}
+        };
+#endif
+static int SUREWARE_lib_error_code=0;
+static int SUREWARE_error_init=1;
+static void ERR_load_SUREWARE_strings(void)
+        {
+        if (SUREWARE_lib_error_code == 0)
+                SUREWARE_lib_error_code=ERR_get_next_error_library();
+        if (SUREWARE_error_init)
+                {
+                SUREWARE_error_init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(SUREWARE_lib_error_code,SUREWARE_str_functs);
+                ERR_load_strings(SUREWARE_lib_error_code,SUREWARE_str_reasons);
+#endif
+#ifdef SUREWARE_LIB_NAME
+                SUREWARE_lib_name->error = ERR_PACK(SUREWARE_lib_error_code,0,0);
+                ERR_load_strings(0,SUREWARE_lib_name);
+#endif
+                }
+        }
+static void ERR_unload_SUREWARE_strings(void)
+        {
+        if (SUREWARE_error_init == 0)
+                {
+#ifndef OPENSSL_NO_ERR
+                ERR_unload_strings(SUREWARE_lib_error_code,SUREWARE_str_functs);
+                ERR_unload_strings(SUREWARE_lib_error_code,SUREWARE_str_reasons);
+#endif
+#ifdef SUREWARE_LIB_NAME
+                ERR_unload_strings(0,SUREWARE_lib_name);
+#endif
+                SUREWARE_error_init=1;
+                }
+        }
+static void ERR_SUREWARE_error(int function, int reason, char *file, int line)
+        {
+        if (SUREWARE_lib_error_code == 0)
+                SUREWARE_lib_error_code=ERR_get_next_error_library();
+        ERR_PUT_error(SUREWARE_lib_error_code,function,reason,file,line);
+        }
diff --git a/src/lib/libcrypto/engine/hw_sureware_err.h b/src/lib/libcrypto/engine/hw_sureware_err.h
new file mode 100644
index 0000000000..bc52af5e05
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_sureware_err.h
@@ -0,0 +1,94 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_SUREWARE_ERR_H
+#define HEADER_SUREWARE_ERR_H
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_SUREWARE_strings(void);
+static void ERR_unload_SUREWARE_strings(void);
+static void ERR_SUREWARE_error(int function, int reason, char *file, int line);
+#define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),__FILE__,__LINE__)
+/* Error codes for the SUREWARE functions. */
+/* Function codes. */
+#define SUREWARE_F_SUREWAREHK_CTRL                       100
+#define SUREWARE_F_SUREWAREHK_DSA_DO_SIGN                101
+#define SUREWARE_F_SUREWAREHK_EX_FREE                    102
+#define SUREWARE_F_SUREWAREHK_FINISH                     103
+#define SUREWARE_F_SUREWAREHK_INIT                       104
+#define SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY           105
+#define SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY            106
+#define SUREWARE_F_SUREWAREHK_MOD_EXP                    107
+#define SUREWARE_F_SUREWAREHK_RAND_BYTES                 108
+#define SUREWARE_F_SUREWAREHK_RAND_SEED                  109
+#define SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC               110
+#define SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC               111
+/* Reason codes. */
+#define SUREWARE_R_BIO_WAS_FREED                         100
+#define SUREWARE_R_MISSING_KEY_COMPONENTS                105
+#define SUREWARE_R_REQUEST_FAILED                        101
+#define SUREWARE_R_REQUEST_FALLBACK                      102
+#define SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL           103
+#define SUREWARE_R_UNIT_FAILURE                          104
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/engine/hw_ubsec.c b/src/lib/libcrypto/engine/hw_ubsec.c
new file mode 100644
index 0000000000..8fb834af31
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_ubsec.c
@@ -0,0 +1,1061 @@
+/* crypto/engine/hw_ubsec.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ *
+ * Cloned shamelessly by Joe Tardo. 
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_UBSEC
+#ifdef FLAT_INC
+#include "hw_ubsec.h"
+#else
+#include "vendor_defns/hw_ubsec.h"
+#endif
+#define UBSEC_LIB_NAME "ubsec engine"
+#include "hw_ubsec_err.c"
+#define FAIL_TO_SOFTWARE -15
+static int ubsec_destroy(ENGINE *e);
+static int ubsec_init(ENGINE *e);
+static int ubsec_finish(ENGINE *e);
+static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx);
+static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                        const BIGNUM *q, const BIGNUM *dp,
+                        const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx);
+#ifndef OPENSSL_NO_RSA
+static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+#endif
+static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#ifndef OPENSSL_NO_DSA
+#ifdef NOT_USED
+static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+                BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+                BN_CTX *ctx, BN_MONT_CTX *in_mont);
+static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                BN_MONT_CTX *m_ctx);
+#endif
+static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
+                                DSA_SIG *sig, DSA *dsa);
+#endif
+#ifndef OPENSSL_NO_DH
+static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                BN_MONT_CTX *m_ctx);
+static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
+static int ubsec_dh_generate_key(DH *dh);
+#endif
+#ifdef NOT_USED
+static int ubsec_rand_bytes(unsigned char *buf, int num);
+static int ubsec_rand_status(void);
+#endif
+#define UBSEC_CMD_SO_PATH               ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN ubsec_cmd_defns[] = {
+        {UBSEC_CMD_SO_PATH,
+                "SO_PATH",
+                "Specifies the path to the 'ubsec' shared library",
+                ENGINE_CMD_FLAG_STRING},
+        {0, NULL, NULL, 0}
+        };
+#ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD ubsec_rsa =
+        {
+        "UBSEC RSA method",
+        NULL,
+        NULL,
+        NULL,
+        NULL,
+        ubsec_rsa_mod_exp,
+        ubsec_mod_exp_mont,
+        NULL,
+        NULL,
+        0,
+        NULL,
+        NULL,
+        NULL
+        };
+#endif
+#ifndef OPENSSL_NO_DSA
+/* Our internal DSA_METHOD that we provide pointers to */
+static DSA_METHOD ubsec_dsa =
+        {
+        "UBSEC DSA method",
+        ubsec_dsa_do_sign, /* dsa_do_sign */
+        NULL, /* dsa_sign_setup */
+        ubsec_dsa_verify, /* dsa_do_verify */
+        NULL, /* ubsec_dsa_mod_exp */ /* dsa_mod_exp */
+        NULL, /* ubsec_mod_exp_dsa */ /* bn_mod_exp */
+        NULL, /* init */
+        NULL, /* finish */
+        0, /* flags */
+        NULL /* app_data */
+        };
+#endif
+#ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD ubsec_dh =
+        {
+        "UBSEC DH method",
+        ubsec_dh_generate_key,
+        ubsec_dh_compute_key,
+        ubsec_mod_exp_dh,
+        NULL,
+        NULL,
+        0,
+        NULL
+        };
+#endif
+/* Constants used when creating the ENGINE */
+static const char *engine_ubsec_id = "ubsec";
+static const char *engine_ubsec_name = "UBSEC hardware engine support";
+/* This internal function is used by ENGINE_ubsec() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_helper(ENGINE *e)
+        {
+#ifndef OPENSSL_NO_RSA
+        const RSA_METHOD *meth1;
+#endif
+#ifndef OPENSSL_NO_DH
+#ifndef HAVE_UBSEC_DH
+        const DH_METHOD *meth3;
+#endif /* HAVE_UBSEC_DH */
+#endif
+        if(!ENGINE_set_id(e, engine_ubsec_id) ||
+                        !ENGINE_set_name(e, engine_ubsec_name) ||
+#ifndef OPENSSL_NO_RSA
+                        !ENGINE_set_RSA(e, &ubsec_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DSA
+                        !ENGINE_set_DSA(e, &ubsec_dsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
+                        !ENGINE_set_DH(e, &ubsec_dh) ||
+#endif
+                        !ENGINE_set_destroy_function(e, ubsec_destroy) ||
+                        !ENGINE_set_init_function(e, ubsec_init) ||
+                        !ENGINE_set_finish_function(e, ubsec_finish) ||
+                        !ENGINE_set_ctrl_function(e, ubsec_ctrl) ||
+                        !ENGINE_set_cmd_defns(e, ubsec_cmd_defns))
+                return 0;
+#ifndef OPENSSL_NO_RSA
+        /* We know that the "PKCS1_SSLeay()" functions hook properly
+         * to the Broadcom-specific mod_exp and mod_exp_crt so we use
+         * those functions. NB: We don't use ENGINE_openssl() or
+         * anything "more generic" because something like the RSAref
+         * code may not hook properly, and if you own one of these
+         * cards then you have the right to do RSA operations on it
+         * anyway! */ 
+        meth1 = RSA_PKCS1_SSLeay();
+        ubsec_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+        ubsec_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+        ubsec_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+        ubsec_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+#endif
+#ifndef OPENSSL_NO_DH
+#ifndef HAVE_UBSEC_DH
+        /* Much the same for Diffie-Hellman */
+        meth3 = DH_OpenSSL();
+        ubsec_dh.generate_key = meth3->generate_key;
+        ubsec_dh.compute_key = meth3->compute_key;
+#endif /* HAVE_UBSEC_DH */
+#endif
+        /* Ensure the ubsec error handling is set up */
+        ERR_load_UBSEC_strings();
+        return 1;
+        }
+#ifndef ENGINE_DYNAMIC_SUPPORT
+static ENGINE *engine_ubsec(void)
+        {
+        ENGINE *ret = ENGINE_new();
+        if(!ret)
+                return NULL;
+        if(!bind_helper(ret))
+                {
+                ENGINE_free(ret);
+                return NULL;
+                }
+        return ret;
+        }
+void ENGINE_load_ubsec(void)
+        {
+        /* Copied from eng_[openssl|dyn].c */
+        ENGINE *toadd = engine_ubsec();
+        if(!toadd) return;
+        ENGINE_add(toadd);
+        ENGINE_free(toadd);
+        ERR_clear_error();
+        }
+#endif
+/* This is a process-global DSO handle used for loading and unloading
+ * the UBSEC library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *ubsec_dso = NULL;
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+static t_UBSEC_ubsec_bytes_to_bits *p_UBSEC_ubsec_bytes_to_bits = NULL;
+static t_UBSEC_ubsec_bits_to_bytes *p_UBSEC_ubsec_bits_to_bytes = NULL;
+static t_UBSEC_ubsec_open *p_UBSEC_ubsec_open = NULL;
+static t_UBSEC_ubsec_close *p_UBSEC_ubsec_close = NULL;
+#ifndef OPENSSL_NO_DH
+static t_UBSEC_diffie_hellman_generate_ioctl 
+        *p_UBSEC_diffie_hellman_generate_ioctl = NULL;
+static t_UBSEC_diffie_hellman_agree_ioctl *p_UBSEC_diffie_hellman_agree_ioctl = NULL;
+#endif
+/* #ifndef OPENSSL_NO_RSA */
+static t_UBSEC_rsa_mod_exp_ioctl *p_UBSEC_rsa_mod_exp_ioctl = NULL;
+static t_UBSEC_rsa_mod_exp_crt_ioctl *p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
+/* #endif */
+#ifndef OPENSSL_NO_DSA
+static t_UBSEC_dsa_sign_ioctl *p_UBSEC_dsa_sign_ioctl = NULL;
+static t_UBSEC_dsa_verify_ioctl *p_UBSEC_dsa_verify_ioctl = NULL;
+#endif
+static t_UBSEC_math_accelerate_ioctl *p_UBSEC_math_accelerate_ioctl = NULL;
+static t_UBSEC_rng_ioctl *p_UBSEC_rng_ioctl = NULL;
+static t_UBSEC_max_key_len_ioctl *p_UBSEC_max_key_len_ioctl = NULL;
+static int max_key_len = 1024;  /* ??? */
+/* 
+ * These are the static string constants for the DSO file name and the function
+ * symbol names to bind to. 
+ */
+static const char *UBSEC_LIBNAME = NULL;
+static const char *get_UBSEC_LIBNAME(void)
+        {
+        if(UBSEC_LIBNAME)
+                return UBSEC_LIBNAME;
+        return "ubsec";
+        }
+static void free_UBSEC_LIBNAME(void)
+        {
+        if(UBSEC_LIBNAME)
+                OPENSSL_free((void*)UBSEC_LIBNAME);
+        UBSEC_LIBNAME = NULL;
+        }
+static long set_UBSEC_LIBNAME(const char *name)
+        {
+        free_UBSEC_LIBNAME();
+        return (((UBSEC_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+        }
+static const char *UBSEC_F1 = "ubsec_bytes_to_bits";
+static const char *UBSEC_F2 = "ubsec_bits_to_bytes";
+static const char *UBSEC_F3 = "ubsec_open";
+static const char *UBSEC_F4 = "ubsec_close";
+#ifndef OPENSSL_NO_DH
+static const char *UBSEC_F5 = "diffie_hellman_generate_ioctl";
+static const char *UBSEC_F6 = "diffie_hellman_agree_ioctl";
+#endif
+/* #ifndef OPENSSL_NO_RSA */
+static const char *UBSEC_F7 = "rsa_mod_exp_ioctl";
+static const char *UBSEC_F8 = "rsa_mod_exp_crt_ioctl";
+/* #endif */
+#ifndef OPENSSL_NO_DSA
+static const char *UBSEC_F9 = "dsa_sign_ioctl";
+static const char *UBSEC_F10 = "dsa_verify_ioctl";
+#endif
+static const char *UBSEC_F11 = "math_accelerate_ioctl";
+static const char *UBSEC_F12 = "rng_ioctl";
+static const char *UBSEC_F13 = "ubsec_max_key_len_ioctl";
+/* Destructor (complements the "ENGINE_ubsec()" constructor) */
+static int ubsec_destroy(ENGINE *e)
+        {
+        free_UBSEC_LIBNAME();
+        ERR_unload_UBSEC_strings();
+        return 1;
+        }
+/* (de)initialisation functions. */
+static int ubsec_init(ENGINE *e)
+        {
+        t_UBSEC_ubsec_bytes_to_bits *p1;
+        t_UBSEC_ubsec_bits_to_bytes *p2;
+        t_UBSEC_ubsec_open *p3;
+        t_UBSEC_ubsec_close *p4;
+#ifndef OPENSSL_NO_DH
+        t_UBSEC_diffie_hellman_generate_ioctl *p5;
+        t_UBSEC_diffie_hellman_agree_ioctl *p6;
+#endif
+/* #ifndef OPENSSL_NO_RSA */
+        t_UBSEC_rsa_mod_exp_ioctl *p7;
+        t_UBSEC_rsa_mod_exp_crt_ioctl *p8;
+/* #endif */
+#ifndef OPENSSL_NO_DSA
+        t_UBSEC_dsa_sign_ioctl *p9;
+        t_UBSEC_dsa_verify_ioctl *p10;
+#endif
+        t_UBSEC_math_accelerate_ioctl *p11;
+        t_UBSEC_rng_ioctl *p12;
+        t_UBSEC_max_key_len_ioctl *p13;
+        int fd = 0;
+        if(ubsec_dso != NULL)
+                {
+                UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_ALREADY_LOADED);
+                goto err;
+                }
+        /* 
+         * Attempt to load libubsec.so/ubsec.dll/whatever. 
+         */
+        ubsec_dso = DSO_load(NULL, get_UBSEC_LIBNAME(), NULL, 0);
+        if(ubsec_dso == NULL)
+                {
+                UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
+                goto err;
+                }
+        if (
+        !(p1 = (t_UBSEC_ubsec_bytes_to_bits *) DSO_bind_func(ubsec_dso, UBSEC_F1)) ||
+        !(p2 = (t_UBSEC_ubsec_bits_to_bytes *) DSO_bind_func(ubsec_dso, UBSEC_F2)) ||
+        !(p3 = (t_UBSEC_ubsec_open *) DSO_bind_func(ubsec_dso, UBSEC_F3)) ||
+        !(p4 = (t_UBSEC_ubsec_close *) DSO_bind_func(ubsec_dso, UBSEC_F4)) ||
+#ifndef OPENSSL_NO_DH
+        !(p5 = (t_UBSEC_diffie_hellman_generate_ioctl *) 
+                                DSO_bind_func(ubsec_dso, UBSEC_F5)) ||
+        !(p6 = (t_UBSEC_diffie_hellman_agree_ioctl *) 
+                                DSO_bind_func(ubsec_dso, UBSEC_F6)) ||
+#endif
+/* #ifndef OPENSSL_NO_RSA */
+        !(p7 = (t_UBSEC_rsa_mod_exp_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F7)) ||
+        !(p8 = (t_UBSEC_rsa_mod_exp_crt_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F8)) ||
+/* #endif */
+#ifndef OPENSSL_NO_DSA
+        !(p9 = (t_UBSEC_dsa_sign_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F9)) ||
+        !(p10 = (t_UBSEC_dsa_verify_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F10)) ||
+#endif
+        !(p11 = (t_UBSEC_math_accelerate_ioctl *) 
+                                DSO_bind_func(ubsec_dso, UBSEC_F11)) ||
+        !(p12 = (t_UBSEC_rng_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F12)) ||
+        !(p13 = (t_UBSEC_max_key_len_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F13)))
+                {
+                UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
+                goto err;
+                }
+        /* Copy the pointers */
+        p_UBSEC_ubsec_bytes_to_bits = p1;
+        p_UBSEC_ubsec_bits_to_bytes = p2;
+        p_UBSEC_ubsec_open = p3;
+        p_UBSEC_ubsec_close = p4;
+#ifndef OPENSSL_NO_DH
+        p_UBSEC_diffie_hellman_generate_ioctl = p5;
+        p_UBSEC_diffie_hellman_agree_ioctl = p6;
+#endif
+#ifndef OPENSSL_NO_RSA
+        p_UBSEC_rsa_mod_exp_ioctl = p7;
+        p_UBSEC_rsa_mod_exp_crt_ioctl = p8;
+#endif
+#ifndef OPENSSL_NO_DSA
+        p_UBSEC_dsa_sign_ioctl = p9;
+        p_UBSEC_dsa_verify_ioctl = p10;
+#endif
+        p_UBSEC_math_accelerate_ioctl = p11;
+        p_UBSEC_rng_ioctl = p12;
+        p_UBSEC_max_key_len_ioctl = p13;
+        /* Perform an open to see if there's actually any unit running. */
+        if (((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) > 0) && (p_UBSEC_max_key_len_ioctl(fd, &max_key_len) == 0))
+        {
+           p_UBSEC_ubsec_close(fd);
+           return 1;
+        }
+        else
+        {
+          UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+        }
+err:
+        if(ubsec_dso)
+                DSO_free(ubsec_dso);
+        ubsec_dso = NULL;
+        p_UBSEC_ubsec_bytes_to_bits = NULL;
+        p_UBSEC_ubsec_bits_to_bytes = NULL;
+        p_UBSEC_ubsec_open = NULL;
+        p_UBSEC_ubsec_close = NULL;
+#ifndef OPENSSL_NO_DH
+        p_UBSEC_diffie_hellman_generate_ioctl = NULL;
+        p_UBSEC_diffie_hellman_agree_ioctl = NULL;
+#endif
+#ifndef OPENSSL_NO_RSA
+        p_UBSEC_rsa_mod_exp_ioctl = NULL;
+        p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
+#endif
+#ifndef OPENSSL_NO_DSA
+        p_UBSEC_dsa_sign_ioctl = NULL;
+        p_UBSEC_dsa_verify_ioctl = NULL;
+#endif
+        p_UBSEC_math_accelerate_ioctl = NULL;
+        p_UBSEC_rng_ioctl = NULL;
+        p_UBSEC_max_key_len_ioctl = NULL;
+        return 0;
+        }
+static int ubsec_finish(ENGINE *e)
+        {
+        free_UBSEC_LIBNAME();
+        if(ubsec_dso == NULL)
+                {
+                UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_NOT_LOADED);
+                return 0;
+                }
+        if(!DSO_free(ubsec_dso))
+                {
+                UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_DSO_FAILURE);
+                return 0;
+                }
+        ubsec_dso = NULL;
+        p_UBSEC_ubsec_bytes_to_bits = NULL;
+        p_UBSEC_ubsec_bits_to_bytes = NULL;
+        p_UBSEC_ubsec_open = NULL;
+        p_UBSEC_ubsec_close = NULL;
+#ifndef OPENSSL_NO_DH
+        p_UBSEC_diffie_hellman_generate_ioctl = NULL;
+        p_UBSEC_diffie_hellman_agree_ioctl = NULL;
+#endif
+#ifndef OPENSSL_NO_RSA
+        p_UBSEC_rsa_mod_exp_ioctl = NULL;
+        p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
+#endif
+#ifndef OPENSSL_NO_DSA
+        p_UBSEC_dsa_sign_ioctl = NULL;
+        p_UBSEC_dsa_verify_ioctl = NULL;
+#endif
+        p_UBSEC_math_accelerate_ioctl = NULL;
+        p_UBSEC_rng_ioctl = NULL;
+        p_UBSEC_max_key_len_ioctl = NULL;
+        return 1;
+        }
+static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+        {
+        int initialised = ((ubsec_dso == NULL) ? 0 : 1);
+        switch(cmd)
+                {
+        case UBSEC_CMD_SO_PATH:
+                if(p == NULL)
+                        {
+                        UBSECerr(UBSEC_F_UBSEC_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+                        return 0;
+                        }
+                if(initialised)
+                        {
+                        UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_ALREADY_LOADED);
+                        return 0;
+                        }
+                return set_UBSEC_LIBNAME((const char *)p);
+        default:
+                break;
+                }
+        UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+        return 0;
+        }
+static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx)
+        {
+        int     y_len = 0;
+        int     fd;
+        if(ubsec_dso == NULL)
+        {
+                UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_NOT_LOADED);
+                return 0;
+        }
+        /* Check if hardware can't handle this argument. */
+        y_len = BN_num_bits(m);
+        if (y_len > max_key_len) {
+                UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+                return BN_mod_exp(r, a, p, m, ctx);
+        } 
+        if(!bn_wexpand(r, m->top))
+        {
+                UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL);
+                return 0;
+        }
+        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
+                fd = 0;
+                UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+                return BN_mod_exp(r, a, p, m, ctx);
+        }
+        if (p_UBSEC_rsa_mod_exp_ioctl(fd, (unsigned char *)a->d, BN_num_bits(a),
+                (unsigned char *)m->d, BN_num_bits(m), (unsigned char *)p->d, 
+                BN_num_bits(p), (unsigned char *)r->d, &y_len) != 0)
+        {
+                UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED);
+                p_UBSEC_ubsec_close(fd);
+                return BN_mod_exp(r, a, p, m, ctx);
+        }
+        p_UBSEC_ubsec_close(fd);
+        r->top = (BN_num_bits(m)+BN_BITS2-1)/BN_BITS2;
+        return 1;
+        }
+#ifndef OPENSSL_NO_RSA
+static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+        {
+        BN_CTX *ctx;
+        int to_return = 0;
+        if((ctx = BN_CTX_new()) == NULL)
+                goto err;
+        if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
+                {
+                UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP, UBSEC_R_MISSING_KEY_COMPONENTS);
+                goto err;
+                }
+        to_return = ubsec_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
+                    rsa->dmq1, rsa->iqmp, ctx);
+        if (to_return == FAIL_TO_SOFTWARE)
+        {
+          /*
+           * Do in software as hardware failed.
+           */
+           const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+           to_return = (*meth->rsa_mod_exp)(r0, I, rsa);
+        }
+err:
+        if(ctx)
+                BN_CTX_free(ctx);
+        return to_return;
+        }
+#endif
+static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                        const BIGNUM *q, const BIGNUM *dp,
+                        const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx)
+        {
+        int     y_len,
+                m_len,
+                fd;
+        m_len = BN_num_bytes(p) + BN_num_bytes(q) + 1;
+        y_len = BN_num_bits(p) + BN_num_bits(q);
+        /* Check if hardware can't handle this argument. */
+        if (y_len > max_key_len) {
+                UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+                return FAIL_TO_SOFTWARE;
+        } 
+        if (!bn_wexpand(r, p->top + q->top + 1)) {
+                UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP_CRT, UBSEC_R_BN_EXPAND_FAIL);
+                return 0;
+        }
+        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
+                fd = 0;
+                UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+                return FAIL_TO_SOFTWARE;
+        }
+        if (p_UBSEC_rsa_mod_exp_crt_ioctl(fd,
+                (unsigned char *)a->d, BN_num_bits(a), 
+                (unsigned char *)qinv->d, BN_num_bits(qinv),
+                (unsigned char *)dp->d, BN_num_bits(dp),
+                (unsigned char *)p->d, BN_num_bits(p),
+                (unsigned char *)dq->d, BN_num_bits(dq),
+                (unsigned char *)q->d, BN_num_bits(q),
+                (unsigned char *)r->d,  &y_len) != 0) {
+                UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED);
+                p_UBSEC_ubsec_close(fd);
+                return FAIL_TO_SOFTWARE;
+        }
+        p_UBSEC_ubsec_close(fd);
+        r->top = (BN_num_bits(p) + BN_num_bits(q) + BN_BITS2 - 1)/BN_BITS2;
+        return 1;
+}
+#ifndef OPENSSL_NO_DSA
+#ifdef NOT_USED
+static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+                BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+                BN_CTX *ctx, BN_MONT_CTX *in_mont)
+        {
+        BIGNUM t;
+        int to_return = 0;
+ 
+        BN_init(&t);
+        /* let rr = a1 ^ p1 mod m */
+        if (!ubsec_mod_exp(rr,a1,p1,m,ctx)) goto end;
+        /* let t = a2 ^ p2 mod m */
+        if (!ubsec_mod_exp(&t,a2,p2,m,ctx)) goto end;
+        /* let rr = rr * t mod m */
+        if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
+        to_return = 1;
+end:
+        BN_free(&t);
+        return to_return;
+        }
+static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                BN_MONT_CTX *m_ctx)
+        {
+        return ubsec_mod_exp(r, a, p, m, ctx);
+        }
+#endif
+#endif
+/*
+ * This function is aliased to mod_exp (with the mont stuff dropped).
+ */
+static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+        {
+        int ret = 0;
+#ifndef OPENSSL_NO_RSA
+        /* Do in software if the key is too large for the hardware. */
+        if (BN_num_bits(m) > max_key_len)
+                {
+                const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+                ret = (*meth->bn_mod_exp)(r, a, p, m, ctx, m_ctx);
+                }
+        else
+#endif
+                {
+                ret = ubsec_mod_exp(r, a, p, m, ctx);
+                }
+        
+        return ret;
+        }
+#ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                BN_MONT_CTX *m_ctx)
+        {
+        return ubsec_mod_exp(r, a, p, m, ctx);
+        }
+#endif
+#ifndef OPENSSL_NO_DSA
+static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+        {
+        DSA_SIG *to_return = NULL;
+        int s_len = 160, r_len = 160, d_len, fd;
+        BIGNUM m, *r=NULL, *s=NULL;
+        BN_init(&m);
+        s = BN_new();
+        r = BN_new();
+        if ((s == NULL) || (r==NULL))
+                goto err;
+        d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dlen);
+        if(!bn_wexpand(r, (160+BN_BITS2-1)/BN_BITS2) ||
+           (!bn_wexpand(s, (160+BN_BITS2-1)/BN_BITS2))) {
+                UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL);
+                goto err;
+        }
+        if (BN_bin2bn(dgst,dlen,&m) == NULL) {
+                UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL);
+                goto err;
+        } 
+        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
+                const DSA_METHOD *meth;
+                fd = 0;
+                UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+                meth = DSA_OpenSSL();
+                to_return =  meth->dsa_do_sign(dgst, dlen, dsa);
+                goto err;
+        }
+        if (p_UBSEC_dsa_sign_ioctl(fd, 0, /* compute hash before signing */
+                (unsigned char *)dgst, d_len,
+                NULL, 0,  /* compute random value */
+                (unsigned char *)dsa->p->d, BN_num_bits(dsa->p), 
+                (unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
+                (unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
+                (unsigned char *)dsa->priv_key->d, BN_num_bits(dsa->priv_key),
+                (unsigned char *)r->d, &r_len,
+                (unsigned char *)s->d, &s_len ) != 0) {
+                const DSA_METHOD *meth;
+                UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_REQUEST_FAILED);
+                p_UBSEC_ubsec_close(fd);
+                meth = DSA_OpenSSL();
+                to_return = meth->dsa_do_sign(dgst, dlen, dsa);
+                goto err;
+        }
+        p_UBSEC_ubsec_close(fd);
+        r->top = (160+BN_BITS2-1)/BN_BITS2;
+        s->top = (160+BN_BITS2-1)/BN_BITS2;
+        to_return = DSA_SIG_new();
+        if(to_return == NULL) {
+                UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL);
+                goto err;
+        }
+        to_return->r = r;
+        to_return->s = s;
+err:
+        if (!to_return) {
+                if (r) BN_free(r);
+                if (s) BN_free(s);
+        }                                 
+        BN_clear_free(&m);
+        return to_return;
+}
+static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
+                                DSA_SIG *sig, DSA *dsa)
+        {
+        int v_len, d_len;
+        int to_return = 0;
+        int fd;
+        BIGNUM v;
+        BN_init(&v);
+        if(!bn_wexpand(&v, dsa->p->top)) {
+                UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY ,UBSEC_R_BN_EXPAND_FAIL);
+                goto err;
+        }
+        v_len = BN_num_bits(dsa->p);
+        d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dgst_len);
+        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
+                const DSA_METHOD *meth;
+                fd = 0;
+                UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+                meth = DSA_OpenSSL();
+                to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
+                goto err;
+        }
+        if (p_UBSEC_dsa_verify_ioctl(fd, 0, /* compute hash before signing */
+                (unsigned char *)dgst, d_len,
+                (unsigned char *)dsa->p->d, BN_num_bits(dsa->p), 
+                (unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
+                (unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
+                (unsigned char *)dsa->pub_key->d, BN_num_bits(dsa->pub_key),
+                (unsigned char *)sig->r->d, BN_num_bits(sig->r),
+                (unsigned char *)sig->s->d, BN_num_bits(sig->s),
+                (unsigned char *)v.d, &v_len) != 0) {
+                const DSA_METHOD *meth;
+                UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY , UBSEC_R_REQUEST_FAILED);
+                p_UBSEC_ubsec_close(fd);
+                meth = DSA_OpenSSL();
+                to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
+                goto err;
+        }
+        p_UBSEC_ubsec_close(fd);
+        to_return = 1;
+err:
+        BN_clear_free(&v);
+        return to_return;
+        }
+#endif
+#ifndef OPENSSL_NO_DH
+static int ubsec_dh_compute_key (unsigned char *key,const BIGNUM *pub_key,DH *dh)
+        {
+        int      ret      = -1,
+                 k_len,
+                 fd;
+        k_len = BN_num_bits(dh->p);
+        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
+                {
+                const DH_METHOD *meth;
+                ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+                meth = DH_OpenSSL();
+                ret = meth->compute_key(key, pub_key, dh);
+                goto err;
+                }
+        if (p_UBSEC_diffie_hellman_agree_ioctl(fd,
+                                               (unsigned char *)dh->priv_key->d, BN_num_bits(dh->priv_key),
+                                               (unsigned char *)pub_key->d, BN_num_bits(pub_key),
+                                               (unsigned char *)dh->p->d, BN_num_bits(dh->p),
+                                               key, &k_len) != 0)
+                {
+                /* Hardware's a no go, failover to software */
+                const DH_METHOD *meth;
+                ENGINEerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED);
+                p_UBSEC_ubsec_close(fd);
+                meth = DH_OpenSSL();
+                ret = meth->compute_key(key, pub_key, dh);
+                goto err;
+                }
+        p_UBSEC_ubsec_close(fd);
+        ret = p_UBSEC_ubsec_bits_to_bytes(k_len);
+err:
+        return ret;
+        }
+static int ubsec_dh_generate_key (DH *dh)
+        {
+        int      ret               = 0,
+                 random_bits       = 0,
+                 pub_key_len       = 0,
+                 priv_key_len      = 0,
+                 fd;
+        BIGNUM   *pub_key          = NULL;
+        BIGNUM   *priv_key         = NULL;
+        /* 
+         *  How many bits should Random x be? dh_key.c
+         *  sets the range from 0 to num_bits(modulus) ???
+         */
+        if (dh->priv_key == NULL)
+                {
+                priv_key = BN_new();
+                if (priv_key == NULL) goto err;
+                priv_key_len = BN_num_bits(dh->p);
+                bn_wexpand(priv_key, dh->p->top);
+                do
+                        if (!BN_rand_range(priv_key, dh->p)) goto err;
+                while (BN_is_zero(priv_key));
+                random_bits = BN_num_bits(priv_key);
+                }
+        else
+                {
+                priv_key = dh->priv_key;
+                }
+        if (dh->pub_key == NULL)
+                {
+                pub_key = BN_new();
+                pub_key_len = BN_num_bits(dh->p);
+                bn_wexpand(pub_key, dh->p->top);
+                if(pub_key == NULL) goto err;
+                }
+        else
+                {
+                pub_key = dh->pub_key;
+                }
+        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
+                {
+                const DH_METHOD *meth;
+                ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+                meth = DH_OpenSSL();
+                ret = meth->generate_key(dh);
+                goto err;
+                }
+        if (p_UBSEC_diffie_hellman_generate_ioctl(fd,
+                                                  (unsigned char *)priv_key->d, &priv_key_len,
+                                                  (unsigned char *)pub_key->d,  &pub_key_len,
+                                                  (unsigned char *)dh->g->d, BN_num_bits(dh->g),
+                                                  (unsigned char *)dh->p->d, BN_num_bits(dh->p),
+                                                  0, 0, random_bits) != 0)
+                {
+                /* Hardware's a no go, failover to software */
+                const DH_METHOD *meth;
+                ENGINEerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED);
+                p_UBSEC_ubsec_close(fd);
+                meth = DH_OpenSSL();
+                ret = meth->generate_key(dh);
+                goto err;
+                }
+        p_UBSEC_ubsec_close(fd);
+        dh->pub_key = pub_key;
+        dh->pub_key->top = (pub_key_len + BN_BITS2-1) / BN_BITS2;
+        dh->priv_key = priv_key;
+        dh->priv_key->top = (priv_key_len + BN_BITS2-1) / BN_BITS2;
+        ret = 1;
+err:
+        return ret;
+        }
+#endif
+#ifdef NOT_USED
+static int ubsec_rand_bytes(unsigned char * buf,
+                            int num)
+        {
+        int      ret      = 0,
+                 fd;
+        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
+                {
+                const RAND_METHOD *meth;
+                ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+                num = p_UBSEC_ubsec_bits_to_bytes(num);
+                meth = RAND_SSLeay();
+                meth->seed(buf, num);
+                ret = meth->bytes(buf, num);
+                goto err;
+                }
+        num *= 8; /* bytes to bits */
+        if (p_UBSEC_rng_ioctl(fd,
+                              UBSEC_RNG_DIRECT,
+                              buf,
+                              &num) != 0)
+                {
+                /* Hardware's a no go, failover to software */
+                const RAND_METHOD *meth;
+                ENGINEerr(UBSEC_F_UBSEC_RNG_BYTES, UBSEC_R_REQUEST_FAILED);
+                p_UBSEC_ubsec_close(fd);
+                num = p_UBSEC_ubsec_bits_to_bytes(num);
+                meth = RAND_SSLeay();
+                meth->seed(buf, num);
+                ret = meth->bytes(buf, num);
+                goto err;
+                }
+        p_UBSEC_ubsec_close(fd);
+        ret = 1;
+err:
+        return(ret);
+        }
+static int ubsec_rand_status(void)
+        {
+        return 0;
+        }
+#endif
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+        {
+        if(id && (strcmp(id, engine_ubsec_id) != 0))
+                return 0;
+        if(!bind_helper(e))
+                return 0;
+        return 1;
+        }
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+#endif /* !OPENSSL_NO_HW_UBSEC */
+#endif /* !OPENSSL_NO_HW */
diff --git a/src/lib/libcrypto/engine/hw_ubsec_err.c b/src/lib/libcrypto/engine/hw_ubsec_err.c
new file mode 100644
index 0000000000..d707331fc2
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_ubsec_err.c
@@ -0,0 +1,151 @@
+/* hw_ubsec_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_ubsec_err.h"
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA UBSEC_str_functs[]=
+        {
+{ERR_PACK(0,UBSEC_F_UBSEC_CTRL,0),      "UBSEC_CTRL"},
+{ERR_PACK(0,UBSEC_F_UBSEC_DH_COMPUTE_KEY,0),    "UBSEC_DH_COMPUTE_KEY"},
+{ERR_PACK(0,UBSEC_F_UBSEC_DSA_SIGN,0),  "UBSEC_DSA_SIGN"},
+{ERR_PACK(0,UBSEC_F_UBSEC_DSA_VERIFY,0),        "UBSEC_DSA_VERIFY"},
+{ERR_PACK(0,UBSEC_F_UBSEC_FINISH,0),    "UBSEC_FINISH"},
+{ERR_PACK(0,UBSEC_F_UBSEC_INIT,0),      "UBSEC_INIT"},
+{ERR_PACK(0,UBSEC_F_UBSEC_MOD_EXP,0),   "UBSEC_MOD_EXP"},
+{ERR_PACK(0,UBSEC_F_UBSEC_RNG_BYTES,0), "UBSEC_RNG_BYTES"},
+{ERR_PACK(0,UBSEC_F_UBSEC_RSA_MOD_EXP,0),       "UBSEC_RSA_MOD_EXP"},
+{ERR_PACK(0,UBSEC_F_UBSEC_RSA_MOD_EXP_CRT,0),   "UBSEC_RSA_MOD_EXP_CRT"},
+{0,NULL}
+        };
+static ERR_STRING_DATA UBSEC_str_reasons[]=
+        {
+{UBSEC_R_ALREADY_LOADED                  ,"already loaded"},
+{UBSEC_R_BN_EXPAND_FAIL                  ,"bn expand fail"},
+{UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED    ,"ctrl command not implemented"},
+{UBSEC_R_DSO_FAILURE                     ,"dso failure"},
+{UBSEC_R_MISSING_KEY_COMPONENTS          ,"missing key components"},
+{UBSEC_R_NOT_LOADED                      ,"not loaded"},
+{UBSEC_R_REQUEST_FAILED                  ,"request failed"},
+{UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL     ,"size too large or too small"},
+{UBSEC_R_UNIT_FAILURE                    ,"unit failure"},
+{0,NULL}
+        };
+#endif
+#ifdef UBSEC_LIB_NAME
+static ERR_STRING_DATA UBSEC_lib_name[]=
+        {
+{0      ,UBSEC_LIB_NAME},
+{0,NULL}
+        };
+#endif
+static int UBSEC_lib_error_code=0;
+static int UBSEC_error_init=1;
+static void ERR_load_UBSEC_strings(void)
+        {
+        if (UBSEC_lib_error_code == 0)
+                UBSEC_lib_error_code=ERR_get_next_error_library();
+        if (UBSEC_error_init)
+                {
+                UBSEC_error_init=0;
+#ifndef OPENSSL_NO_ERR
+                ERR_load_strings(UBSEC_lib_error_code,UBSEC_str_functs);
+                ERR_load_strings(UBSEC_lib_error_code,UBSEC_str_reasons);
+#endif
+#ifdef UBSEC_LIB_NAME
+                UBSEC_lib_name->error = ERR_PACK(UBSEC_lib_error_code,0,0);
+                ERR_load_strings(0,UBSEC_lib_name);
+#endif
+                }
+        }
+static void ERR_unload_UBSEC_strings(void)
+        {
+        if (UBSEC_error_init == 0)
+                {
+#ifndef OPENSSL_NO_ERR
+                ERR_unload_strings(UBSEC_lib_error_code,UBSEC_str_functs);
+                ERR_unload_strings(UBSEC_lib_error_code,UBSEC_str_reasons);
+#endif
+#ifdef UBSEC_LIB_NAME
+                ERR_unload_strings(0,UBSEC_lib_name);
+#endif
+                UBSEC_error_init=1;
+                }
+        }
+static void ERR_UBSEC_error(int function, int reason, char *file, int line)
+        {
+        if (UBSEC_lib_error_code == 0)
+                UBSEC_lib_error_code=ERR_get_next_error_library();
+        ERR_PUT_error(UBSEC_lib_error_code,function,reason,file,line);
+        }
diff --git a/src/lib/libcrypto/engine/hw_ubsec_err.h b/src/lib/libcrypto/engine/hw_ubsec_err.h
new file mode 100644
index 0000000000..023d3be771
--- /dev/null
+++ b/src/lib/libcrypto/engine/hw_ubsec_err.h
@@ -0,0 +1,95 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_UBSEC_ERR_H
+#define HEADER_UBSEC_ERR_H
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_UBSEC_strings(void);
+static void ERR_unload_UBSEC_strings(void);
+static void ERR_UBSEC_error(int function, int reason, char *file, int line);
+#define UBSECerr(f,r) ERR_UBSEC_error((f),(r),__FILE__,__LINE__)
+/* Error codes for the UBSEC functions. */
+/* Function codes. */
+#define UBSEC_F_UBSEC_CTRL                               100
+#define UBSEC_F_UBSEC_DH_COMPUTE_KEY                     101
+#define UBSEC_F_UBSEC_DSA_SIGN                           102
+#define UBSEC_F_UBSEC_DSA_VERIFY                         103
+#define UBSEC_F_UBSEC_FINISH                             104
+#define UBSEC_F_UBSEC_INIT                               105
+#define UBSEC_F_UBSEC_MOD_EXP                            106
+#define UBSEC_F_UBSEC_RNG_BYTES                          107
+#define UBSEC_F_UBSEC_RSA_MOD_EXP                        108
+#define UBSEC_F_UBSEC_RSA_MOD_EXP_CRT                    109
+/* Reason codes. */
+#define UBSEC_R_ALREADY_LOADED                           100
+#define UBSEC_R_BN_EXPAND_FAIL                           101
+#define UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED             102
+#define UBSEC_R_DSO_FAILURE                              103
+#define UBSEC_R_MISSING_KEY_COMPONENTS                   104
+#define UBSEC_R_NOT_LOADED                               105
+#define UBSEC_R_REQUEST_FAILED                           106
+#define UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL              107
+#define UBSEC_R_UNIT_FAILURE                             108
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/engine/tb_cipher.c b/src/lib/libcrypto/engine/tb_cipher.c
index 177fc1fb73..50b3cec1fa 100644
--- a/src/lib/libcrypto/engine/tb_cipher.c
+++ b/src/lib/libcrypto/engine/tb_cipher.c
@@ -52,6 +52,8 @@
 *
 */
+#include <openssl/evp.h>
+#include <openssl/engine.h>
 #include "eng_int.h"
 /* If this symbol is defined then ENGINE_get_cipher_engine(), the function that
diff --git a/src/lib/libcrypto/engine/tb_dh.c b/src/lib/libcrypto/engine/tb_dh.c
index 6e9d428761..e290e1702b 100644
--- a/src/lib/libcrypto/engine/tb_dh.c
+++ b/src/lib/libcrypto/engine/tb_dh.c
@@ -52,6 +52,8 @@
 *
 */
+#include <openssl/evp.h>
+#include <openssl/engine.h>
 #include "eng_int.h"
 /* If this symbol is defined then ENGINE_get_default_DH(), the function that is
diff --git a/src/lib/libcrypto/engine/tb_digest.c b/src/lib/libcrypto/engine/tb_digest.c
index d3f4bb2747..e82d2a17c9 100644
--- a/src/lib/libcrypto/engine/tb_digest.c
+++ b/src/lib/libcrypto/engine/tb_digest.c
@@ -52,6 +52,8 @@
 *
 */
+#include <openssl/evp.h>
+#include <openssl/engine.h>
 #include "eng_int.h"
 /* If this symbol is defined then ENGINE_get_digest_engine(), the function that
diff --git a/src/lib/libcrypto/engine/tb_dsa.c b/src/lib/libcrypto/engine/tb_dsa.c
index e4674f5f07..7efe181927 100644
--- a/src/lib/libcrypto/engine/tb_dsa.c
+++ b/src/lib/libcrypto/engine/tb_dsa.c
@@ -52,6 +52,8 @@
 *
 */
+#include <openssl/evp.h>
+#include <openssl/engine.h>
 #include "eng_int.h"
 /* If this symbol is defined then ENGINE_get_default_DSA(), the function that is
diff --git a/src/lib/libcrypto/engine/tb_rand.c b/src/lib/libcrypto/engine/tb_rand.c
index f36f67c0f6..69b67111bc 100644
--- a/src/lib/libcrypto/engine/tb_rand.c
+++ b/src/lib/libcrypto/engine/tb_rand.c
@@ -52,6 +52,8 @@
 *
 */
+#include <openssl/evp.h>
+#include <openssl/engine.h>
 #include "eng_int.h"
 /* If this symbol is defined then ENGINE_get_default_RAND(), the function that is
diff --git a/src/lib/libcrypto/engine/tb_rsa.c b/src/lib/libcrypto/engine/tb_rsa.c
index fbc707fd26..fee4867f52 100644
--- a/src/lib/libcrypto/engine/tb_rsa.c
+++ b/src/lib/libcrypto/engine/tb_rsa.c
@@ -52,6 +52,8 @@
 *
 */
+#include <openssl/evp.h>
+#include <openssl/engine.h>
 #include "eng_int.h"
 /* If this symbol is defined then ENGINE_get_default_RSA(), the function that is
diff --git a/src/lib/libcrypto/engine/vendor_defns/aep.h b/src/lib/libcrypto/engine/vendor_defns/aep.h
new file mode 100644
index 0000000000..2b2792d2d6
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/aep.h
@@ -0,0 +1,178 @@
+/* This header declares the necessary definitions for using the exponentiation
+ * acceleration capabilities, and rnd number generation of the AEP card. 
+ *
+ */
+/*
+ *
+ * Some AEP defines
+ *
+ */
+/*Successful return value*/
+#define AEP_R_OK                                0x00000000
+/*Miscelleanous unsuccessful return value*/
+#define AEP_R_GENERAL_ERROR                     0x10000001
+/*Insufficient host memory*/
+#define AEP_R_HOST_MEMORY                       0x10000002
+#define AEP_R_FUNCTION_FAILED                   0x10000006
+/*Invalid arguments in function call*/
+#define AEP_R_ARGUMENTS_BAD                     0x10020000
+#define AEP_R_NO_TARGET_RESOURCES                               0x10030000
+/*Error occuring on socket operation*/
+#define AEP_R_SOCKERROR                                                 0x10000010
+/*Socket has been closed from the other end*/
+#define AEP_R_SOCKEOF                                                   0x10000011
+/*Invalid handles*/
+#define AEP_R_CONNECTION_HANDLE_INVALID         0x100000B3
+#define AEP_R_TRANSACTION_HANDLE_INVALID                0x10040000
+/*Transaction has not yet returned from accelerator*/
+#define AEP_R_TRANSACTION_NOT_READY                             0x00010000
+/*There is already a thread waiting on this transaction*/
+#define AEP_R_TRANSACTION_CLAIMED                               0x10050000
+/*The transaction timed out*/
+#define AEP_R_TIMED_OUT                                                 0x10060000
+#define AEP_R_FXN_NOT_IMPLEMENTED                               0x10070000
+#define AEP_R_TARGET_ERROR                                              0x10080000
+/*Error in the AEP daemon process*/
+#define AEP_R_DAEMON_ERROR                                              0x10090000
+/*Invalid ctx id*/
+#define AEP_R_INVALID_CTX_ID                                    0x10009000
+#define AEP_R_NO_KEY_MANAGER                                    0x1000a000
+/*Error obtaining a mutex*/
+#define AEP_R_MUTEX_BAD                         0x000001A0
+/*Fxn call before AEP_Initialise ot after AEP_Finialise*/
+#define AEP_R_AEPAPI_NOT_INITIALIZED                    0x10000190
+/*AEP_Initialise has already been called*/
+#define AEP_R_AEPAPI_ALREADY_INITIALIZED                0x10000191
+/*Maximum number of connections to daemon reached*/
+#define AEP_R_NO_MORE_CONNECTION_HNDLS                  0x10000200
+/*
+ *
+ * Some AEP Type definitions
+ *
+ */
+/* an unsigned 8-bit value */
+typedef unsigned char                           AEP_U8;
+/* an unsigned 8-bit character */
+typedef char                                    AEP_CHAR;
+/* a BYTE-sized Boolean flag */
+typedef AEP_U8                                  AEP_BBOOL;
+/*Unsigned value, at least 16 bits long*/
+typedef unsigned short                          AEP_U16;
+/* an unsigned value, at least 32 bits long */
+#ifdef SIXTY_FOUR_BIT_LONG
+typedef unsigned int                            AEP_U32;
+#else
+typedef unsigned long                           AEP_U32;
+#endif
+#ifdef SIXTY_FOUR_BIT_LONG
+typedef unsigned long                           AEP_U64;
+#else
+typedef struct { unsigned long l1, l2; }        AEP_U64;
+#endif
+/* at least 32 bits; each bit is a Boolean flag */
+typedef AEP_U32                 AEP_FLAGS;
+typedef AEP_U8          *AEP_U8_PTR;
+typedef AEP_CHAR        *AEP_CHAR_PTR;
+typedef AEP_U32                 *AEP_U32_PTR;
+typedef AEP_U64                 *AEP_U64_PTR;
+typedef void            *AEP_VOID_PTR;
+/* Pointer to a AEP_VOID_PTR-- i.e., pointer to pointer to void */
+typedef AEP_VOID_PTR    *AEP_VOID_PTR_PTR;
+/*Used to identify an AEP connection handle*/
+typedef AEP_U32                                 AEP_CONNECTION_HNDL;
+/*Pointer to an AEP connection handle*/
+typedef AEP_CONNECTION_HNDL     *AEP_CONNECTION_HNDL_PTR;
+/*Used by an application (in conjunction with the apps process id) to 
+identify an individual transaction*/
+typedef AEP_U32                                 AEP_TRANSACTION_ID;
+/*Pointer to an applications transaction identifier*/
+typedef AEP_TRANSACTION_ID              *AEP_TRANSACTION_ID_PTR;
+/*Return value type*/
+typedef AEP_U32                                 AEP_RV;
+#define MAX_PROCESS_CONNECTIONS 256
+#define RAND_BLK_SIZE 1024
+typedef enum{
+        NotConnected=   0,
+        Connected=              1,
+        InUse=                  2
+} AEP_CONNECTION_STATE;
+typedef struct AEP_CONNECTION_ENTRY{
+        AEP_CONNECTION_STATE    conn_state;
+        AEP_CONNECTION_HNDL     conn_hndl;
+} AEP_CONNECTION_ENTRY;
+typedef AEP_RV t_AEP_OpenConnection(AEP_CONNECTION_HNDL_PTR phConnection);
+typedef AEP_RV t_AEP_CloseConnection(AEP_CONNECTION_HNDL hConnection);
+typedef AEP_RV t_AEP_ModExp(AEP_CONNECTION_HNDL hConnection,
+                            AEP_VOID_PTR pA, AEP_VOID_PTR pP,
+                            AEP_VOID_PTR pN,
+                            AEP_VOID_PTR pResult,
+                            AEP_TRANSACTION_ID* pidTransID);
+typedef AEP_RV t_AEP_ModExpCrt(AEP_CONNECTION_HNDL hConnection,
+                               AEP_VOID_PTR pA, AEP_VOID_PTR pP,
+                               AEP_VOID_PTR pQ,
+                               AEP_VOID_PTR pDmp1, AEP_VOID_PTR pDmq1,
+                               AEP_VOID_PTR pIqmp,
+                               AEP_VOID_PTR pResult,
+                               AEP_TRANSACTION_ID* pidTransID);
+#ifdef AEPRAND
+typedef AEP_RV t_AEP_GenRandom(AEP_CONNECTION_HNDL hConnection,
+                               AEP_U32 Len,
+                               AEP_U32 Type,
+                               AEP_VOID_PTR pResult,
+                               AEP_TRANSACTION_ID* pidTransID);
+#endif
+typedef AEP_RV t_AEP_Initialize(AEP_VOID_PTR pInitArgs);
+typedef AEP_RV t_AEP_Finalize();
+typedef AEP_RV t_AEP_SetBNCallBacks(AEP_RV (*GetBigNumSizeFunc)(),
+                                    AEP_RV (*MakeAEPBigNumFunc)(),
+                                    AEP_RV (*ConverAEPBigNumFunc)());
diff --git a/src/lib/libcrypto/engine/vendor_defns/atalla.h b/src/lib/libcrypto/engine/vendor_defns/atalla.h
new file mode 100644
index 0000000000..149970d441
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/atalla.h
@@ -0,0 +1,48 @@
+/* This header declares the necessary definitions for using the exponentiation
+ * acceleration capabilities of Atalla cards. The only cryptographic operation
+ * is performed by "ASI_RSAPrivateKeyOpFn" and this takes a structure that
+ * defines an "RSA private key". However, it is really only performing a
+ * regular mod_exp using the supplied modulus and exponent - no CRT form is
+ * being used. Hence, it is a generic mod_exp function in disguise, and we use
+ * it as such.
+ *
+ * Thanks to the people at Atalla for letting me know these definitions are
+ * fine and that they can be reproduced here.
+ *
+ * Geoff.
+ */
+typedef struct ItemStr
+        {
+        unsigned char *data;
+        int len;
+        } Item;
+typedef struct RSAPrivateKeyStr
+        {
+        void *reserved;
+        Item version;
+        Item modulus;
+        Item publicExponent;
+        Item privateExponent;
+        Item prime[2];
+        Item exponent[2];
+        Item coefficient;
+        } RSAPrivateKey;
+/* Predeclare the function pointer types that we dynamically load from the DSO.
+ * These use the same names and form that Ben's original support code had (in
+ * crypto/bn/bn_exp.c) unless of course I've inadvertently changed the style
+ * somewhere along the way!
+ */
+typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
+                                        unsigned int *ret_buf);
+typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
+typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
+                                        unsigned char *output,
+                                        unsigned char *input,
+                                        unsigned int modulus_len);
diff --git a/src/lib/libcrypto/engine/vendor_defns/cswift.h b/src/lib/libcrypto/engine/vendor_defns/cswift.h
new file mode 100644
index 0000000000..60079326bb
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/cswift.h
@@ -0,0 +1,234 @@
+/* Attribution notice: Rainbow have generously allowed me to reproduce
+ * the necessary definitions here from their API. This means the support
+ * can build independently of whether application builders have the
+ * API or hardware. This will allow developers to easily produce software
+ * that has latent hardware support for any users that have accelertors
+ * installed, without the developers themselves needing anything extra.
+ *
+ * I have only clipped the parts from the CryptoSwift header files that
+ * are (or seem) relevant to the CryptoSwift support code. This is
+ * simply to keep the file sizes reasonable.
+ * [Geoff]
+ */
+/* NB: These type widths do *not* seem right in general, in particular
+ * they're not terribly friendly to 64-bit architectures (unsigned long)
+ * will be 64-bit on IA-64 for a start. I'm leaving these alone as they
+ * agree with Rainbow's API and this will only be called into question
+ * on platforms with Rainbow support anyway! ;-) */
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+typedef long              SW_STATUS;              /* status           */
+typedef unsigned char     SW_BYTE;                /* 8 bit byte       */
+typedef unsigned short    SW_U16;                 /* 16 bit number    */
+#if defined(_IRIX)
+#include <sgidefs.h>
+typedef __uint32_t        SW_U32;
+#else
+typedef unsigned long     SW_U32;                 /* 32 bit integer   */
+#endif
+ 
+#if defined(OPENSSL_SYS_WIN32)
+  typedef struct _SW_U64 {
+      SW_U32 low32;
+      SW_U32 high32;
+  } SW_U64;                                         /* 64 bit integer   */
+#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
+  typedef longlong SW_U64
+#else /* Unix variants */
+  typedef struct _SW_U64 {
+      SW_U32 low32;
+      SW_U32 high32;
+  } SW_U64;                                         /* 64 bit integer   */
+#endif
+/* status codes */
+#define SW_OK                 (0L)
+#define SW_ERR_BASE           (-10000L)
+#define SW_ERR_NO_CARD        (SW_ERR_BASE-1) /* The Card is not present   */
+#define SW_ERR_CARD_NOT_READY (SW_ERR_BASE-2) /* The card has not powered  */
+                                              /*    up yet                 */
+#define SW_ERR_TIME_OUT       (SW_ERR_BASE-3) /* Execution of a command    */
+                                              /*    time out               */
+#define SW_ERR_NO_EXECUTE     (SW_ERR_BASE-4) /* The Card failed to        */
+                                              /*    execute the command    */
+#define SW_ERR_INPUT_NULL_PTR (SW_ERR_BASE-5) /* a required pointer is     */
+                                              /*    NULL                   */
+#define SW_ERR_INPUT_SIZE     (SW_ERR_BASE-6) /* size is invalid, too      */
+                                              /*    small, too large.      */
+#define SW_ERR_INVALID_HANDLE (SW_ERR_BASE-7) /* Invalid SW_ACC_CONTEXT    */
+                                              /*    handle                 */
+#define SW_ERR_PENDING        (SW_ERR_BASE-8) /* A request is already out- */
+                                              /*    standing at this       */
+                                              /*    context handle         */
+#define SW_ERR_AVAILABLE      (SW_ERR_BASE-9) /* A result is available.    */
+#define SW_ERR_NO_PENDING     (SW_ERR_BASE-10)/* No request is pending.    */
+#define SW_ERR_NO_MEMORY      (SW_ERR_BASE-11)/* Not enough memory         */
+#define SW_ERR_BAD_ALGORITHM  (SW_ERR_BASE-12)/* Invalid algorithm type    */
+                                              /*    in SW_PARAM structure  */
+#define SW_ERR_MISSING_KEY    (SW_ERR_BASE-13)/* No key is associated with */
+                                              /*    context.               */
+                                              /*    swAttachKeyParam() is  */
+                                              /*    not called.            */
+#define SW_ERR_KEY_CMD_MISMATCH \
+                              (SW_ERR_BASE-14)/* Cannot perform requested  */
+                                              /*    SW_COMMAND_CODE since  */
+                                              /*    key attached via       */
+                                              /*    swAttachKeyParam()     */
+                                              /*    cannot be used for this*/
+                                              /*    SW_COMMAND_CODE.       */
+#define SW_ERR_NOT_IMPLEMENTED \
+                              (SW_ERR_BASE-15)/* Not implemented           */
+#define SW_ERR_BAD_COMMAND    (SW_ERR_BASE-16)/* Bad command code          */
+#define SW_ERR_BAD_ITEM_SIZE  (SW_ERR_BASE-17)/* too small or too large in */
+                                              /*    the "initems" or       */
+                                              /*    "outitems".            */
+#define SW_ERR_BAD_ACCNUM     (SW_ERR_BASE-18)/* Bad accelerator number    */
+#define SW_ERR_SELFTEST_FAIL  (SW_ERR_BASE-19)/* At least one of the self  */
+                                              /*    test fail, look at the */
+                                              /*    selfTestBitmap in      */
+                                              /*    SW_ACCELERATOR_INFO for*/
+                                              /*    details.               */
+#define SW_ERR_MISALIGN       (SW_ERR_BASE-20)/* Certain alogrithms require*/
+                                              /*    key materials aligned  */
+                                              /*    in certain order, e.g. */
+                                              /*    128 bit for CRT        */
+#define SW_ERR_OUTPUT_NULL_PTR \
+                              (SW_ERR_BASE-21)/* a required pointer is     */
+                                              /*    NULL                   */
+#define SW_ERR_OUTPUT_SIZE \
+                              (SW_ERR_BASE-22)/* size is invalid, too      */
+                                              /*    small, too large.      */
+#define SW_ERR_FIRMWARE_CHECKSUM \
+                              (SW_ERR_BASE-23)/* firmware checksum mismatch*/
+                                              /*    download failed.       */
+#define SW_ERR_UNKNOWN_FIRMWARE \
+                              (SW_ERR_BASE-24)/* unknown firmware error    */
+#define SW_ERR_INTERRUPT      (SW_ERR_BASE-25)/* request is abort when     */
+                                              /*    it's waiting to be     */
+                                              /*    completed.             */
+#define SW_ERR_NVWRITE_FAIL   (SW_ERR_BASE-26)/* error in writing to Non-  */
+                                              /*    volatile memory        */
+#define SW_ERR_NVWRITE_RANGE  (SW_ERR_BASE-27)/* out of range error in     */
+                                              /*    writing to NV memory   */
+#define SW_ERR_RNG_ERROR      (SW_ERR_BASE-28)/* Random Number Generation  */
+                                              /*    failure                */
+#define SW_ERR_DSS_FAILURE    (SW_ERR_BASE-29)/* DSS Sign or Verify failure*/
+#define SW_ERR_MODEXP_FAILURE (SW_ERR_BASE-30)/* Failure in various math   */
+                                              /*    calculations           */
+#define SW_ERR_ONBOARD_MEMORY (SW_ERR_BASE-31)/* Error in accessing on -   */
+                                              /*    board memory           */
+#define SW_ERR_FIRMWARE_VERSION \
+                              (SW_ERR_BASE-32)/* Wrong version in firmware */
+                                              /*    update                 */
+#define SW_ERR_ZERO_WORKING_ACCELERATOR \
+                              (SW_ERR_BASE-44)/* All accelerators are bad  */
+  /* algorithm type */
+#define SW_ALG_CRT          1
+#define SW_ALG_EXP          2
+#define SW_ALG_DSA          3
+#define SW_ALG_NVDATA       4
+  /* command code */
+#define SW_CMD_MODEXP_CRT   1 /* perform Modular Exponentiation using  */
+                              /*  Chinese Remainder Theorem (CRT)      */
+#define SW_CMD_MODEXP       2 /* perform Modular Exponentiation        */
+#define SW_CMD_DSS_SIGN     3 /* perform DSS sign                      */
+#define SW_CMD_DSS_VERIFY   4 /* perform DSS verify                    */
+#define SW_CMD_RAND         5 /* perform random number generation      */
+#define SW_CMD_NVREAD       6 /* perform read to nonvolatile RAM       */
+#define SW_CMD_NVWRITE      7 /* perform write to nonvolatile RAM      */
+typedef SW_U32            SW_ALGTYPE;             /* alogrithm type   */
+typedef SW_U32            SW_STATE;               /* state            */
+typedef SW_U32            SW_COMMAND_CODE;        /* command code     */
+typedef SW_U32            SW_COMMAND_BITMAP[4];   /* bitmap           */
+typedef struct _SW_LARGENUMBER {
+    SW_U32    nbytes;       /* number of bytes in the buffer "value"  */
+    SW_BYTE*  value;        /* the large integer as a string of       */
+                            /*   bytes in network (big endian) order  */
+} SW_LARGENUMBER;               
+#if defined(OPENSSL_SYS_WIN32)
+    #include <windows.h>
+    typedef HANDLE          SW_OSHANDLE;          /* handle to kernel object */
+    #define SW_OS_INVALID_HANDLE  INVALID_HANDLE_VALUE
+    #define SW_CALLCONV _stdcall
+#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
+    /* async callback mechanisms */
+    /* swiftCallbackLevel */
+    #define SW_MAC_CALLBACK_LEVEL_NO         0          
+    #define SW_MAC_CALLBACK_LEVEL_HARDWARE   1  /* from the hardware ISR */
+    #define SW_MAC_CALLBACK_LEVEL_SECONDARY  2  /* as secondary ISR */
+    typedef int             SW_MAC_CALLBACK_LEVEL;
+    typedef int             SW_OSHANDLE;
+    #define SW_OS_INVALID_HANDLE  (-1)
+    #define SW_CALLCONV
+#else /* Unix variants */
+    typedef int             SW_OSHANDLE;          /* handle to driver */
+    #define SW_OS_INVALID_HANDLE  (-1)
+    #define SW_CALLCONV
+#endif 
+typedef struct _SW_CRT {
+    SW_LARGENUMBER  p;      /* prime number p                         */
+    SW_LARGENUMBER  q;      /* prime number q                         */
+    SW_LARGENUMBER  dmp1;   /* exponent1                              */
+    SW_LARGENUMBER  dmq1;   /* exponent2                              */
+    SW_LARGENUMBER  iqmp;   /* CRT coefficient                        */
+} SW_CRT;
+typedef struct _SW_EXP {
+    SW_LARGENUMBER  modulus; /* modulus                                */
+    SW_LARGENUMBER  exponent;/* exponent                               */
+} SW_EXP;
+typedef struct _SW_DSA {
+    SW_LARGENUMBER  p;      /*                                        */
+    SW_LARGENUMBER  q;      /*                                        */
+    SW_LARGENUMBER  g;      /*                                        */
+    SW_LARGENUMBER  key;    /* private/public key                     */
+} SW_DSA;
+typedef struct _SW_NVDATA {
+    SW_U32 accnum;          /* accelerator board number               */
+    SW_U32 offset;          /* offset in byte                         */
+} SW_NVDATA;
+typedef struct _SW_PARAM {
+    SW_ALGTYPE    type;     /* type of the alogrithm                  */
+    union {
+        SW_CRT    crt;
+        SW_EXP    exp;
+        SW_DSA    dsa;
+        SW_NVDATA nvdata;
+    } up;
+} SW_PARAM;
+typedef SW_U32 SW_CONTEXT_HANDLE; /* opaque context handle */
+/* Now the OpenSSL bits, these function types are the for the function
+ * pointers that will bound into the Rainbow shared libraries. */
+typedef SW_STATUS SW_CALLCONV t_swAcquireAccContext(SW_CONTEXT_HANDLE *hac);
+typedef SW_STATUS SW_CALLCONV t_swAttachKeyParam(SW_CONTEXT_HANDLE hac,
+                                                SW_PARAM *key_params);
+typedef SW_STATUS SW_CALLCONV t_swSimpleRequest(SW_CONTEXT_HANDLE hac,
+                                                SW_COMMAND_CODE cmd,
+                                                SW_LARGENUMBER pin[],
+                                                SW_U32 pin_count,
+                                                SW_LARGENUMBER pout[],
+                                                SW_U32 pout_count);
+typedef SW_STATUS SW_CALLCONV t_swReleaseAccContext(SW_CONTEXT_HANDLE hac);
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
diff --git a/src/lib/libcrypto/engine/vendor_defns/hw_4758_cca.h b/src/lib/libcrypto/engine/vendor_defns/hw_4758_cca.h
new file mode 100644
index 0000000000..296636e81a
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/hw_4758_cca.h
@@ -0,0 +1,149 @@
+/**********************************************************************/
+/*                                                                    */
+/*  Prototypes of the CCA verbs used by the 4758 CCA openssl driver   */
+/*                                                                    */
+/*  Maurice Gittens <maurice@gittens.nl>                              */
+/*                                                                    */
+/**********************************************************************/
+#ifndef __HW_4758_CCA__
+#define __HW_4758_CCA__
+/*
+ *  Only WIN32 support for now
+ */
+#if defined(WIN32)
+  #define CCA_LIB_NAME "CSUNSAPI"
+  #define CSNDPKX   "CSNDPKX_32"
+  #define CSNDKRR   "CSNDKRR_32"
+  #define CSNDPKE   "CSNDPKE_32"
+  #define CSNDPKD   "CSNDPKD_32"
+  #define CSNDDSV   "CSNDDSV_32"
+  #define CSNDDSG   "CSNDDSG_32"
+  #define CSNBRNG   "CSNBRNG_32"
+  #define SECURITYAPI __stdcall
+#else
+    /* Fixme!!         
+      Find out the values of these constants for other platforms.
+    */
+  #define CCA_LIB_NAME "CSUNSAPI"
+  #define CSNDPKX   "CSNDPKX"
+  #define CSNDKRR   "CSNDKRR"
+  #define CSNDPKE   "CSNDPKE"
+  #define CSNDPKD   "CSNDPKD"
+  #define CSNDDSV   "CSNDDSV"
+  #define CSNDDSG   "CSNDDSG"
+  #define CSNBRNG   "CSNBRNG"
+  #define SECURITYAPI
+#endif
+/*
+ * security API prototypes
+ */
+/* PKA Key Record Read */
+typedef void (SECURITYAPI *F_KEYRECORDREAD)
+             (long          * return_code,
+              long          * reason_code,
+              long          * exit_data_length,
+              unsigned char * exit_data,
+              long          * rule_array_count,
+              unsigned char * rule_array,
+              unsigned char * key_label,
+              long          * key_token_length,
+              unsigned char * key_token);
+/* Random Number Generate */
+typedef void (SECURITYAPI *F_RANDOMNUMBERGENERATE)
+             (long          * return_code,
+              long          * reason_code,
+              long          * exit_data_length,
+              unsigned char * exit_data,
+              unsigned char * form,
+              unsigned char * random_number);
+/* Digital Signature Generate */
+typedef void (SECURITYAPI *F_DIGITALSIGNATUREGENERATE)
+             (long          * return_code,
+              long          * reason_code,
+              long          * exit_data_length,
+              unsigned char * exit_data,
+              long          * rule_array_count,
+              unsigned char * rule_array,
+              long          * PKA_private_key_id_length,
+              unsigned char * PKA_private_key_id,
+              long          * hash_length,
+              unsigned char * hash,
+              long          * signature_field_length,
+              long          * signature_bit_length,
+              unsigned char * signature_field);
+/* Digital Signature Verify */
+typedef void (SECURITYAPI *F_DIGITALSIGNATUREVERIFY)(
+              long          * return_code,
+              long          * reason_code,
+              long          * exit_data_length,
+              unsigned char * exit_data,
+              long          * rule_array_count,
+              unsigned char * rule_array,
+              long          * PKA_public_key_id_length,
+              unsigned char * PKA_public_key_id,
+              long          * hash_length,
+              unsigned char * hash,
+              long          * signature_field_length,
+              unsigned char * signature_field);
+/* PKA Public Key Extract */
+typedef void (SECURITYAPI *F_PUBLICKEYEXTRACT)(
+              long          * return_code,
+              long          * reason_code,
+              long          * exit_data_length,
+              unsigned char * exit_data,
+              long          * rule_array_count,
+              unsigned char * rule_array,
+              long          * source_key_identifier_length,
+              unsigned char * source_key_identifier,
+              long          * target_key_token_length,
+              unsigned char * target_key_token);
+/* PKA Encrypt */
+typedef void   (SECURITYAPI *F_PKAENCRYPT)
+               (long          *  return_code,
+                 long          *  reason_code,
+                 long          *  exit_data_length,
+                 unsigned char *  exit_data,
+                 long          *  rule_array_count,
+                 unsigned char *  rule_array,
+                 long          *  key_value_length,
+                 unsigned char *  key_value,
+                 long          *  data_struct_length,
+                 unsigned char *  data_struct,
+                 long          *  RSA_public_key_length,
+                 unsigned char *  RSA_public_key,
+                 long          *  RSA_encipher_length,
+                 unsigned char *  RSA_encipher );
+/* PKA Decrypt */
+typedef void    (SECURITYAPI *F_PKADECRYPT)
+                (long          *  return_code,
+                 long          *  reason_code,
+                 long          *  exit_data_length,
+                 unsigned char *  exit_data,
+                 long          *  rule_array_count,
+                 unsigned char *  rule_array,
+                 long          *  enciphered_key_length,
+                 unsigned char *  enciphered_key,
+                 long          *  data_struct_length,
+                 unsigned char *  data_struct,
+                 long          *  RSA_private_key_length,
+                 unsigned char *  RSA_private_key,
+                 long          *  key_value_length,
+                 unsigned char *  key_value    );
+#endif
diff --git a/src/lib/libcrypto/engine/vendor_defns/hw_ubsec.h b/src/lib/libcrypto/engine/vendor_defns/hw_ubsec.h
new file mode 100644
index 0000000000..b6619d40f2
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/hw_ubsec.h
@@ -0,0 +1,100 @@
+/******************************************************************************
+ *
+ *  Copyright 2000
+ *  Broadcom Corporation
+ *  16215 Alton Parkway
+ *  PO Box 57013
+ *  Irvine CA 92619-7013
+ *
+ *****************************************************************************/
+/* 
+ * Broadcom Corporation uBSec SDK 
+ */
+/*
+ * Character device header file.
+ */
+/*
+ * Revision History:
+ *
+ * October 2000 JTT Created.
+ */
+#define MAX_PUBLIC_KEY_BITS (1024)
+#define MAX_PUBLIC_KEY_BYTES (1024/8)
+#define SHA_BIT_SIZE  (160)
+#define MAX_CRYPTO_KEY_LENGTH 24
+#define MAX_MAC_KEY_LENGTH 64
+#define UBSEC_CRYPTO_DEVICE_NAME ((unsigned char *)"/dev/ubscrypt")
+#define UBSEC_KEY_DEVICE_NAME ((unsigned char *)"/dev/ubskey")
+/* Math command types. */
+#define UBSEC_MATH_MODADD 0x0001
+#define UBSEC_MATH_MODSUB 0x0002
+#define UBSEC_MATH_MODMUL 0x0004
+#define UBSEC_MATH_MODEXP 0x0008
+#define UBSEC_MATH_MODREM 0x0010
+#define UBSEC_MATH_MODINV 0x0020
+typedef long ubsec_MathCommand_t;
+typedef long ubsec_RNGCommand_t;
+typedef struct ubsec_crypto_context_s {
+        unsigned int    flags;
+        unsigned char   crypto[MAX_CRYPTO_KEY_LENGTH];
+        unsigned char   auth[MAX_MAC_KEY_LENGTH];
+} ubsec_crypto_context_t, *ubsec_crypto_context_p;
+/* 
+ * Predeclare the function pointer types that we dynamically load from the DSO.
+ */
+typedef int t_UBSEC_ubsec_bytes_to_bits(unsigned char *n, int bytes);
+typedef int t_UBSEC_ubsec_bits_to_bytes(int bits);
+typedef int t_UBSEC_ubsec_open(unsigned char *device);
+typedef int t_UBSEC_ubsec_close(int fd);
+typedef int t_UBSEC_diffie_hellman_generate_ioctl (int fd,
+        unsigned char *x, int *x_len, unsigned char *y, int *y_len, 
+        unsigned char *g, int g_len, unsigned char *m, int m_len,
+        unsigned char *userX, int userX_len, int random_bits);
+typedef int t_UBSEC_diffie_hellman_agree_ioctl (int fd,
+        unsigned char *x, int x_len, unsigned char *y, int y_len, 
+        unsigned char *m, int m_len, unsigned char *k, int *k_len);
+typedef int t_UBSEC_rsa_mod_exp_ioctl (int fd,
+        unsigned char *x, int x_len, unsigned char *m, int m_len,
+        unsigned char *e, int e_len, unsigned char *y, int *y_len);
+typedef int t_UBSEC_rsa_mod_exp_crt_ioctl (int fd,
+        unsigned char *x, int x_len, unsigned char *qinv, int qinv_len,
+        unsigned char *edq, int edq_len, unsigned char *q, int q_len,
+        unsigned char *edp, int edp_len, unsigned char *p, int p_len,
+        unsigned char *y, int *y_len);
+typedef int t_UBSEC_dsa_sign_ioctl (int fd,
+        int hash, unsigned char *data, int data_len, 
+        unsigned char *rndom, int random_len, 
+        unsigned char *p, int p_len, unsigned char *q, int q_len,
+        unsigned char *g, int g_len, unsigned char *key, int key_len,
+        unsigned char *r, int *r_len, unsigned char *s, int *s_len);
+typedef int t_UBSEC_dsa_verify_ioctl (int fd,
+        int hash, unsigned char *data, int data_len,
+        unsigned char *p, int p_len, unsigned char *q, int q_len,
+        unsigned char *g, int g_len, unsigned char *key, int key_len,
+        unsigned char *r, int r_len, unsigned char *s, int s_len,
+        unsigned char *v, int *v_len);
+typedef int t_UBSEC_math_accelerate_ioctl(int fd, ubsec_MathCommand_t command,
+        unsigned char *ModN, int *ModN_len, unsigned char *ExpE, int *ExpE_len, 
+        unsigned char *ParamA, int *ParamA_len, unsigned char *ParamB, int *ParamB_len,
+        unsigned char *Result, int *Result_len);
+typedef int t_UBSEC_rng_ioctl(int fd, ubsec_RNGCommand_t command,
+        unsigned char *Result, int *Result_len);
+typedef int t_UBSEC_max_key_len_ioctl(int fd, int *max_key_len);
diff --git a/src/lib/libcrypto/engine/vendor_defns/hwcryptohook.h b/src/lib/libcrypto/engine/vendor_defns/hwcryptohook.h
new file mode 100644
index 0000000000..aaa4d4575e
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/hwcryptohook.h
@@ -0,0 +1,486 @@
+/*
+ * ModExp / RSA (with/without KM) plugin API
+ *
+ * The application will load a dynamic library which
+ * exports entrypoint(s) defined in this file.
+ *
+ * This set of entrypoints provides only a multithreaded,
+ * synchronous-within-each-thread, facility.
+ *
+ *
+ * This file is Copyright 1998-2000 nCipher Corporation Limited.
+ *
+ * Redistribution and use in source and binary forms, with opr without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the copyright notice,
+ *    this list of conditions, and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above
+ *    copyright notice, this list of conditions, and the following
+ *    disclaimer, in the documentation and/or other materials provided
+ *    with the distribution
+ *
+ * IN NO EVENT SHALL NCIPHER CORPORATION LIMITED (`NCIPHER') AND/OR
+ * ANY OTHER AUTHORS OR DISTRIBUTORS OF THIS FILE BE LIABLE for any
+ * damages arising directly or indirectly from this file, its use or
+ * this licence.  Without prejudice to the generality of the
+ * foregoing: all liability shall be excluded for direct, indirect,
+ * special, incidental, consequential or other damages or any loss of
+ * profits, business, revenue goodwill or anticipated savings;
+ * liability shall be excluded even if nCipher or anyone else has been
+ * advised of the possibility of damage.  In any event, if the
+ * exclusion of liability is not effective, the liability of nCipher
+ * or any author or distributor shall be limited to the lesser of the
+ * price paid and 1,000 pounds sterling. This licence only fails to
+ * exclude or limit liability for death or personal injury arising out
+ * of negligence, and only to the extent that such an exclusion or
+ * limitation is not effective.
+ *
+ * NCIPHER AND THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ALL
+ * AND ANY WARRANTIES (WHETHER EXPRESS OR IMPLIED), including, but not
+ * limited to, any implied warranties of merchantability, fitness for
+ * a particular purpose, satisfactory quality, and/or non-infringement
+ * of any third party rights.
+ *
+ * US Government use: This software and documentation is Commercial
+ * Computer Software and Computer Software Documentation, as defined in
+ * sub-paragraphs (a)(1) and (a)(5) of DFAR 252.227-7014, "Rights in
+ * Noncommercial Computer Software and Noncommercial Computer Software
+ * Documentation."  Use, duplication or disclosure by the Government is
+ * subject to the terms and conditions specified here.
+ *
+ * By using or distributing this file you will be accepting these
+ * terms and conditions, including the limitation of liability and
+ * lack of warranty.  If you do not wish to accept these terms and
+ * conditions, DO NOT USE THE FILE.
+ *
+ *
+ * The actual dynamically loadable plugin, and the library files for
+ * static linking, which are also provided in some distributions, are
+ * not covered by the licence described above.  You should have
+ * received a separate licence with terms and conditions for these
+ * library files; if you received the library files without a licence,
+ * please contact nCipher.
+ *
+ *
+ * $Id: hwcryptohook.h,v 1.1.1.1 2003/05/11 21:35:16 markus Exp $
+ */
+#ifndef HWCRYPTOHOOK_H
+#define HWCRYPTOHOOK_H
+#include <sys/types.h>
+#include <stdio.h>
+#ifndef HWCRYPTOHOOK_DECLARE_APPTYPES
+#define HWCRYPTOHOOK_DECLARE_APPTYPES 1
+#endif
+#define HWCRYPTOHOOK_ERROR_FAILED   -1
+#define HWCRYPTOHOOK_ERROR_FALLBACK -2
+#define HWCRYPTOHOOK_ERROR_MPISIZE  -3
+#if HWCRYPTOHOOK_DECLARE_APPTYPES
+/* These structs are defined by the application and opaque to the
+ * crypto plugin.  The application may define these as it sees fit.
+ * Default declarations are provided here, but the application may
+ *  #define HWCRYPTOHOOK_DECLARE_APPTYPES 0
+ * to prevent these declarations, and instead provide its own
+ * declarations of these types.  (Pointers to them must still be
+ * ordinary pointers to structs or unions, or the resulting combined
+ * program will have a type inconsistency.)
+ */
+typedef struct HWCryptoHook_MutexValue HWCryptoHook_Mutex;
+typedef struct HWCryptoHook_CondVarValue HWCryptoHook_CondVar;
+typedef struct HWCryptoHook_PassphraseContextValue HWCryptoHook_PassphraseContext;
+typedef struct HWCryptoHook_CallerContextValue HWCryptoHook_CallerContext;
+#endif /* HWCRYPTOHOOK_DECLARE_APPTYPES */
+/* These next two structs are opaque to the application.  The crypto
+ * plugin will return pointers to them; the caller simply manipulates
+ * the pointers.
+ */
+typedef struct HWCryptoHook_Context *HWCryptoHook_ContextHandle;
+typedef struct HWCryptoHook_RSAKey *HWCryptoHook_RSAKeyHandle;
+typedef struct {
+  char *buf;
+  size_t size;
+} HWCryptoHook_ErrMsgBuf;
+/* Used for error reporting.  When a HWCryptoHook function fails it
+ * will return a sentinel value (0 for pointer-valued functions, or a
+ * negative number, usually HWCRYPTOHOOK_ERROR_FAILED, for
+ * integer-valued ones).  It will, if an ErrMsgBuf is passed, also put
+ * an error message there.
+ * 
+ * size is the size of the buffer, and will not be modified.  If you
+ * pass 0 for size you must pass 0 for buf, and nothing will be
+ * recorded (just as if you passed 0 for the struct pointer).
+ * Messages written to the buffer will always be null-terminated, even
+ * when truncated to fit within size bytes.
+ *
+ * The contents of the buffer are not defined if there is no error.
+ */
+typedef struct HWCryptoHook_MPIStruct {
+  unsigned char *buf;
+  size_t size;
+} HWCryptoHook_MPI;
+/* When one of these is returned, a pointer is passed to the function.
+ * At call, size is the space available.  Afterwards it is updated to
+ * be set to the actual length (which may be more than the space available,
+ * if there was not enough room and the result was truncated).
+ * buf (the pointer) is not updated.
+ *
+ * size is in bytes and may be zero at call or return, but must be a
+ * multiple of the limb size.  Zero limbs at the MS end are not
+ * permitted.
+ */
+#define HWCryptoHook_InitFlags_FallbackModExp    0x0002UL
+#define HWCryptoHook_InitFlags_FallbackRSAImmed  0x0004UL
+/* Enable requesting fallback to software in case of problems with the
+ * hardware support.  This indicates to the crypto provider that the
+ * application is prepared to fall back to software operation if the
+ * ModExp* or RSAImmed* functions return HWCRYPTOHOOK_ERROR_FALLBACK.
+ * Without this flag those calls will never return
+ * HWCRYPTOHOOK_ERROR_FALLBACK.  The flag will also cause the crypto
+ * provider to avoid repeatedly attempting to contact dead hardware
+ * within a short interval, if appropriate.
+ */
+#define HWCryptoHook_InitFlags_SimpleForkCheck   0x0010UL
+/* Without _SimpleForkCheck the library is allowed to assume that the
+ * application will not fork and call the library in the child(ren).
+ *
+ * When it is specified, this is allowed.  However, after a fork
+ * neither parent nor child may unload any loaded keys or call
+ * _Finish.  Instead, they should call exit (or die with a signal)
+ * without calling _Finish.  After all the children have died the
+ * parent may unload keys or call _Finish.
+ *
+ * This flag only has any effect on UN*X platforms.
+ */
+typedef struct {
+  unsigned long flags;
+  void *logstream; /* usually a FILE*.  See below. */
+  size_t limbsize; /* bignum format - size of radix type, must be power of 2 */
+  int mslimbfirst; /* 0 or 1 */
+  int msbytefirst; /* 0 or 1; -1 = native */
+  /* All the callback functions should return 0 on success, or a
+   * nonzero integer (whose value will be visible in the error message
+   * put in the buffer passed to the call).
+   *
+   * If a callback is not available pass a null function pointer.
+   *
+   * The callbacks may not call down again into the crypto plugin.
+   */
+  
+  /* For thread-safety.  Set everything to 0 if you promise only to be
+   * singlethreaded.  maxsimultaneous is the number of calls to
+   * ModExp[Crt]/RSAImmed{Priv,Pub}/RSA.  If you don't know what to
+   * put there then say 0 and the hook library will use a default.
+   *
+   * maxmutexes is a small limit on the number of simultaneous mutexes
+   * which will be requested by the library.  If there is no small
+   * limit, set it to 0.  If the crypto plugin cannot create the
+   * advertised number of mutexes the calls to its functions may fail.
+   * If a low number of mutexes is advertised the plugin will try to
+   * do the best it can.  Making larger numbers of mutexes available
+   * may improve performance and parallelism by reducing contention
+   * over critical sections.  Unavailability of any mutexes, implying
+   * single-threaded operation, should be indicated by the setting
+   * mutex_init et al to 0.
+   */
+  int maxmutexes;
+  int maxsimultaneous;
+  size_t mutexsize;
+  int (*mutex_init)(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext *cactx);
+  int (*mutex_acquire)(HWCryptoHook_Mutex*);
+  void (*mutex_release)(HWCryptoHook_Mutex*);
+  void (*mutex_destroy)(HWCryptoHook_Mutex*);
+  /* For greater efficiency, can use condition vars internally for
+   * synchronisation.  In this case maxsimultaneous is ignored, but
+   * the other mutex stuff must be available.  In singlethreaded
+   * programs, set everything to 0.
+   */
+  size_t condvarsize;
+  int (*condvar_init)(HWCryptoHook_CondVar*, HWCryptoHook_CallerContext *cactx);
+  int (*condvar_wait)(HWCryptoHook_CondVar*, HWCryptoHook_Mutex*);
+  void (*condvar_signal)(HWCryptoHook_CondVar*);
+  void (*condvar_broadcast)(HWCryptoHook_CondVar*);
+  void (*condvar_destroy)(HWCryptoHook_CondVar*);
+  
+  /* The semantics of acquiring and releasing mutexes and broadcasting
+   * and waiting on condition variables are expected to be those from
+   * POSIX threads (pthreads).  The mutexes may be (in pthread-speak)
+   * fast mutexes, recursive mutexes, or nonrecursive ones.
+   * 
+   * The _release/_signal/_broadcast and _destroy functions must
+   * always succeed when given a valid argument; if they are given an
+   * invalid argument then the program (crypto plugin + application)
+   * has an internal error, and they should abort the program.
+   */
+  int (*getpassphrase)(const char *prompt_info,
+                       int *len_io, char *buf,
+                       HWCryptoHook_PassphraseContext *ppctx,
+                       HWCryptoHook_CallerContext *cactx);
+  /* Passphrases and the prompt_info, if they contain high-bit-set
+   * characters, are UTF-8.  The prompt_info may be a null pointer if
+   * no prompt information is available (it should not be an empty
+   * string).  It will not contain text like `enter passphrase';
+   * instead it might say something like `Operator Card for John
+   * Smith' or `SmartCard in nFast Module #1, Slot #1'.
+   *
+   * buf points to a buffer in which to return the passphrase; on
+   * entry *len_io is the length of the buffer.  It should be updated
+   * by the callback.  The returned passphrase should not be
+   * null-terminated by the callback.
+   */
+  
+  int (*getphystoken)(const char *prompt_info,
+                      const char *wrong_info,
+                      HWCryptoHook_PassphraseContext *ppctx,
+                      HWCryptoHook_CallerContext *cactx);
+  /* Requests that the human user physically insert a different
+   * smartcard, DataKey, etc.  The plugin should check whether the
+   * currently inserted token(s) are appropriate, and if they are it
+   * should not make this call.
+   *
+   * prompt_info is as before.  wrong_info is a description of the
+   * currently inserted token(s) so that the user is told what
+   * something is.  wrong_info, like prompt_info, may be null, but
+   * should not be an empty string.  Its contents should be
+   * syntactically similar to that of prompt_info. 
+   */
+  
+  /* Note that a single LoadKey operation might cause several calls to
+   * getpassphrase and/or requestphystoken.  If requestphystoken is
+   * not provided (ie, a null pointer is passed) then the plugin may
+   * not support loading keys for which authorisation by several cards
+   * is required.  If getpassphrase is not provided then cards with
+   * passphrases may not be supported.
+   *
+   * getpassphrase and getphystoken do not need to check that the
+   * passphrase has been entered correctly or the correct token
+   * inserted; the crypto plugin will do that.  If this is not the
+   * case then the crypto plugin is responsible for calling these
+   * routines again as appropriate until the correct token(s) and
+   * passphrase(s) are supplied as required, or until any retry limits
+   * implemented by the crypto plugin are reached.
+   *
+   * In either case, the application must allow the user to say `no'
+   * or `cancel' to indicate that they do not know the passphrase or
+   * have the appropriate token; this should cause the callback to
+   * return nonzero indicating error.
+   */
+  void (*logmessage)(void *logstream, const char *message);
+  /* A log message will be generated at least every time something goes
+   * wrong and an ErrMsgBuf is filled in (or would be if one was
+   * provided).  Other diagnostic information may be written there too,
+   * including more detailed reasons for errors which are reported in an
+   * ErrMsgBuf.
+   *
+   * When a log message is generated, this callback is called.  It
+   * should write a message to the relevant logging arrangements.
+   *
+   * The message string passed will be null-terminated and may be of arbitrary
+   * length.  It will not be prefixed by the time and date, nor by the
+   * name of the library that is generating it - if this is required,
+   * the logmessage callback must do it.  The message will not have a
+   * trailing newline (though it may contain internal newlines).
+   *
+   * If a null pointer is passed for logmessage a default function is
+   * used.  The default function treats logstream as a FILE* which has
+   * been converted to a void*.  If logstream is 0 it does nothing.
+   * Otherwise it prepends the date and time and library name and
+   * writes the message to logstream.  Each line will be prefixed by a
+   * descriptive string containing the date, time and identity of the
+   * crypto plugin.  Errors on the logstream are not reported
+   * anywhere, and the default function doesn't flush the stream, so
+   * the application must set the buffering how it wants it.
+   *
+   * The crypto plugin may also provide a facility to have copies of
+   * log messages sent elsewhere, and or for adjusting the verbosity
+   * of the log messages; any such facilities will be configured by
+   * external means.
+   */
+} HWCryptoHook_InitInfo;
+typedef
+HWCryptoHook_ContextHandle HWCryptoHook_Init_t(const HWCryptoHook_InitInfo *initinfo,
+                                               size_t initinfosize,
+                                               const HWCryptoHook_ErrMsgBuf *errors,
+                                               HWCryptoHook_CallerContext *cactx);
+extern HWCryptoHook_Init_t HWCryptoHook_Init;
+/* Caller should set initinfosize to the size of the HWCryptoHook struct,
+ * so it can be extended later.
+ *
+ * On success, a message for display or logging by the server,
+ * including the name and version number of the plugin, will be filled
+ * in into *errors; on failure *errors is used for error handling, as
+ * usual.
+ */
+/* All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED
+ * on most failures.  HWCRYPTOHOOK_ERROR_MPISIZE means at least one of
+ * the output MPI buffer(s) was too small; the sizes of all have been
+ * set to the desired size (and for those where the buffer was large
+ * enough, the value may have been copied in), and no error message
+ * has been recorded.
+ *
+ * You may pass 0 for the errors struct.  In any case, unless you set
+ * _NoStderr at init time then messages may be reported to stderr.
+ */
+/* The RSAImmed* functions (and key managed RSA) only work with
+ * modules which have an RSA patent licence - currently that means KM
+ * units; the ModExp* ones work with all modules, so you need a patent
+ * licence in the software in the US.  They are otherwise identical.
+ */
+typedef
+void HWCryptoHook_Finish_t(HWCryptoHook_ContextHandle hwctx);
+extern HWCryptoHook_Finish_t HWCryptoHook_Finish;
+/* You must not have any calls going or keys loaded when you call this. */
+typedef
+int HWCryptoHook_RandomBytes_t(HWCryptoHook_ContextHandle hwctx,
+                               unsigned char *buf, size_t len,
+                               const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_RandomBytes_t HWCryptoHook_RandomBytes;
+typedef
+int HWCryptoHook_ModExp_t(HWCryptoHook_ContextHandle hwctx,
+                          HWCryptoHook_MPI a,
+                          HWCryptoHook_MPI p,
+                          HWCryptoHook_MPI n,
+                          HWCryptoHook_MPI *r,
+                          const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_ModExp_t HWCryptoHook_ModExp;
+typedef
+int HWCryptoHook_RSAImmedPub_t(HWCryptoHook_ContextHandle hwctx,
+                               HWCryptoHook_MPI m,
+                               HWCryptoHook_MPI e,
+                               HWCryptoHook_MPI n,
+                               HWCryptoHook_MPI *r,
+                               const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_RSAImmedPub_t HWCryptoHook_RSAImmedPub;
+typedef
+int HWCryptoHook_ModExpCRT_t(HWCryptoHook_ContextHandle hwctx,
+                             HWCryptoHook_MPI a,
+                             HWCryptoHook_MPI p,
+                             HWCryptoHook_MPI q,
+                             HWCryptoHook_MPI dmp1,
+                             HWCryptoHook_MPI dmq1,
+                             HWCryptoHook_MPI iqmp,
+                             HWCryptoHook_MPI *r,
+                             const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_ModExpCRT_t HWCryptoHook_ModExpCRT;
+typedef
+int HWCryptoHook_RSAImmedPriv_t(HWCryptoHook_ContextHandle hwctx,
+                                HWCryptoHook_MPI m,
+                                HWCryptoHook_MPI p,
+                                HWCryptoHook_MPI q,
+                                HWCryptoHook_MPI dmp1,
+                                HWCryptoHook_MPI dmq1,
+                                HWCryptoHook_MPI iqmp,
+                                HWCryptoHook_MPI *r,
+                                const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv;
+/* The RSAImmed* and ModExp* functions may return E_FAILED or
+ * E_FALLBACK for failure.
+ *
+ * E_FAILED means the failure is permanent and definite and there
+ *    should be no attempt to fall back to software.  (Eg, for some
+ *    applications, which support only the acceleration-only
+ *    functions, the `key material' may actually be an encoded key
+ *    identifier, and doing the operation in software would give wrong
+ *    answers.)
+ *
+ * E_FALLBACK means that doing the computation in software would seem
+ *    reasonable.  If an application pays attention to this and is
+ *    able to fall back, it should also set the Fallback init flags.
+ */
+typedef
+int HWCryptoHook_RSALoadKey_t(HWCryptoHook_ContextHandle hwctx,
+                              const char *key_ident,
+                              HWCryptoHook_RSAKeyHandle *keyhandle_r,
+                              const HWCryptoHook_ErrMsgBuf *errors,
+                              HWCryptoHook_PassphraseContext *ppctx);
+extern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey;
+/* The key_ident is a null-terminated string configured by the
+ * user via the application's usual configuration mechanisms.
+ * It is provided to the user by the crypto provider's key management
+ * system.  The user must be able to enter at least any string of between
+ * 1 and 1023 characters inclusive, consisting of printable 7-bit
+ * ASCII characters.  The provider should avoid using
+ * any characters except alphanumerics and the punctuation
+ * characters  _ - + . / @ ~  (the user is expected to be able
+ * to enter these without quoting).  The string may be case-sensitive.
+ * The application may allow the user to enter other NULL-terminated strings,
+ * and the provider must cope (returning an error if the string is not
+ * valid).
+ *
+ * If the key does not exist, no error is recorded and 0 is returned;
+ * keyhandle_r will be set to 0 instead of to a key handle.
+ */
+typedef
+int HWCryptoHook_RSAGetPublicKey_t(HWCryptoHook_RSAKeyHandle k,
+                                   HWCryptoHook_MPI *n,
+                                   HWCryptoHook_MPI *e,
+                                   const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey;
+/* The crypto plugin will not store certificates.
+ *
+ * Although this function for acquiring the public key value is
+ * provided, it is not the purpose of this API to deal fully with the
+ * handling of the public key.
+ *
+ * It is expected that the crypto supplier's key generation program
+ * will provide general facilities for producing X.509
+ * self-certificates and certificate requests in PEM format.  These
+ * will be given to the user so that they can configure them in the
+ * application, send them to CAs, or whatever.
+ *
+ * In case this kind of certificate handling is not appropriate, the
+ * crypto supplier's key generation program should be able to be
+ * configured not to generate such a self-certificate or certificate
+ * request.  Then the application will need to do all of this, and
+ * will need to store and handle the public key and certificates
+ * itself.
+ */
+typedef
+int HWCryptoHook_RSAUnloadKey_t(HWCryptoHook_RSAKeyHandle k,
+                                const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_RSAUnloadKey_t HWCryptoHook_RSAUnloadKey;
+/* Might fail due to locking problems, or other serious internal problems. */
+typedef
+int HWCryptoHook_RSA_t(HWCryptoHook_MPI m,
+                       HWCryptoHook_RSAKeyHandle k,
+                       HWCryptoHook_MPI *r,
+                       const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_RSA_t HWCryptoHook_RSA;
+/* RSA private key operation (sign or decrypt) - raw, unpadded. */
+#endif /*HWCRYPTOHOOK_H*/
diff --git a/src/lib/libcrypto/engine/vendor_defns/sureware.h b/src/lib/libcrypto/engine/vendor_defns/sureware.h
new file mode 100644
index 0000000000..4bc22027f9
--- /dev/null
+++ b/src/lib/libcrypto/engine/vendor_defns/sureware.h
@@ -0,0 +1,239 @@
+/*
+* Written by Corinne Dive-Reclus(cdive@baltimore.com)
+*
+* Copyright@2001 Baltimore Technologies Ltd.
+*                                                                                                                                                                                               *       
+*               THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND                                                                                                                                                   *
+*               ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE                                   * 
+*               IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE                              *
+*               ARE DISCLAIMED.  IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE                                             *
+*               FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL                              *
+*               DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS                                 *
+*               OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)                                   *
+*               HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT                              *
+*               LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY                               *
+*               OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF                                  *
+*               SUCH DAMAGE.                                                                                                                                                    *
+*
+* 
+*/
+#ifdef WIN32
+#define SW_EXPORT       __declspec ( dllexport )
+#else
+#define SW_EXPORT
+#endif
+/*
+*       List of exposed SureWare errors
+*/
+#define SUREWAREHOOK_ERROR_FAILED               -1
+#define SUREWAREHOOK_ERROR_FALLBACK             -2
+#define SUREWAREHOOK_ERROR_UNIT_FAILURE -3
+#define SUREWAREHOOK_ERROR_DATA_SIZE -4
+#define SUREWAREHOOK_ERROR_INVALID_PAD -5
+/*
+* -----------------WARNING-----------------------------------
+* In all the following functions:
+* msg is a string with at least 24 bytes free.
+* A 24 bytes string will be concatenated to the existing content of msg. 
+*/
+/*
+*       SureWare Initialisation function
+*       in param threadsafe, if !=0, thread safe enabled
+*       return SureWareHOOK_ERROR_UNIT_FAILURE if failure, 1 if success
+*/
+typedef int SureWareHook_Init_t(char*const msg,int threadsafe);
+extern SW_EXPORT SureWareHook_Init_t SureWareHook_Init;
+/*
+*       SureWare Finish function
+*/
+typedef void SureWareHook_Finish_t();
+extern SW_EXPORT SureWareHook_Finish_t SureWareHook_Finish;
+/*
+*        PRE_CONDITION:
+*               DO NOT CALL ANY OF THE FOLLOWING FUNCTIONS IN CASE OF INIT FAILURE
+*/
+/*
+*       SureWare RAND Bytes function
+*       In case of failure, the content of buf is unpredictable.
+*       return 1 if success
+*                       SureWareHOOK_ERROR_FALLBACK if function not available in hardware
+*                       SureWareHOOK_ERROR_FAILED if error while processing
+*                       SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+*                       SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+*
+*       in/out param buf : a num bytes long buffer where random bytes will be put
+*       in param num : the number of bytes into buf
+*/
+typedef int SureWareHook_Rand_Bytes_t(char*const msg,unsigned char *buf, int num);
+extern SW_EXPORT SureWareHook_Rand_Bytes_t SureWareHook_Rand_Bytes;
+/*
+*       SureWare RAND Seed function
+*       Adds some seed to the Hardware Random Number Generator
+*       return 1 if success
+*                       SureWareHOOK_ERROR_FALLBACK if function not available in hardware
+*                       SureWareHOOK_ERROR_FAILED if error while processing
+*                       SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+*                       SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+*
+*       in param buf : the seed to add into the HRNG
+*       in param num : the number of bytes into buf
+*/
+typedef int SureWareHook_Rand_Seed_t(char*const msg,const void *buf, int num);
+extern SW_EXPORT SureWareHook_Rand_Seed_t SureWareHook_Rand_Seed;
+/*
+*       SureWare Load Private Key function
+*       return 1 if success
+*                       SureWareHOOK_ERROR_FAILED if error while processing
+*       No hardware is contact for this function.
+*
+*       in param key_id :the name of the private protected key file without the extension
+                                                ".sws"
+*       out param hptr : a pointer to a buffer allocated by SureWare_Hook
+*       out param num: the effective key length in bytes
+*       out param keytype: 1 if RSA 2 if DSA
+*/
+typedef int SureWareHook_Load_Privkey_t(char*const msg,const char *key_id,char **hptr,unsigned long *num,char *keytype);
+extern SW_EXPORT SureWareHook_Load_Privkey_t SureWareHook_Load_Privkey;
+/*
+*       SureWare Info Public Key function
+*       return 1 if success
+*                       SureWareHOOK_ERROR_FAILED if error while processing
+*       No hardware is contact for this function.
+*
+*       in param key_id :the name of the private protected key file without the extension
+                                                ".swp"
+*       out param hptr : a pointer to a buffer allocated by SureWare_Hook
+*       out param num: the effective key length in bytes
+*       out param keytype: 1 if RSA 2 if DSA
+*/
+typedef int SureWareHook_Info_Pubkey_t(char*const msg,const char *key_id,unsigned long *num,
+                                                                                char *keytype);
+extern SW_EXPORT SureWareHook_Info_Pubkey_t SureWareHook_Info_Pubkey;
+/*
+*       SureWare Load Public Key function
+*       return 1 if success
+*                       SureWareHOOK_ERROR_FAILED if error while processing
+*       No hardware is contact for this function.
+*
+*       in param key_id :the name of the public protected key file without the extension
+                                                ".swp"
+*       in param num : the bytes size of n and e
+*       out param n: where to write modulus in bn format
+*       out param e: where to write exponent in bn format
+*/
+typedef int SureWareHook_Load_Rsa_Pubkey_t(char*const msg,const char *key_id,unsigned long num,
+                                                                                unsigned long *n, unsigned long *e);
+extern SW_EXPORT SureWareHook_Load_Rsa_Pubkey_t SureWareHook_Load_Rsa_Pubkey;
+/*
+*       SureWare Load DSA Public Key function
+*       return 1 if success
+*                       SureWareHOOK_ERROR_FAILED if error while processing
+*       No hardware is contact for this function.
+*
+*       in param key_id :the name of the public protected key file without the extension
+                                                ".swp"
+*       in param num : the bytes size of n and e
+*       out param pub: where to write pub key in bn format
+*       out param p: where to write prime in bn format
+*       out param q: where to write sunprime (length 20 bytes) in bn format
+*       out param g: where to write base in bn format
+*/
+typedef int SureWareHook_Load_Dsa_Pubkey_t(char*const msg,const char *key_id,unsigned long num,
+                                                                                unsigned long *pub, unsigned long *p,unsigned long*q,
+                                                                                unsigned long *g);
+extern SW_EXPORT SureWareHook_Load_Dsa_Pubkey_t SureWareHook_Load_Dsa_Pubkey;
+/*
+*       SureWare Free function
+*       Destroy the key into the hardware if destroy==1
+*/
+typedef void SureWareHook_Free_t(char *p,int destroy);
+extern SW_EXPORT SureWareHook_Free_t SureWareHook_Free;
+#define SUREWARE_PKCS1_PAD 1
+#define SUREWARE_ISO9796_PAD 2
+#define SUREWARE_NO_PAD 0
+/*
+* SureWare RSA Private Decryption
+* return 1 if success
+*                       SureWareHOOK_ERROR_FAILED if error while processing
+*                       SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+*                       SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+*
+*       in param flen : byte size of from and to
+*       in param from : encrypted data buffer, should be a not-null valid pointer
+*       out param tlen: byte size of decrypted data, if error, unexpected value
+*       out param to : decrypted data buffer, should be a not-null valid pointer
+*   in param prsa: a protected key pointer, should be a not-null valid pointer
+*   int padding: padding id as follow
+*                                       SUREWARE_PKCS1_PAD
+*                                       SUREWARE_NO_PAD
+*
+*/
+typedef int SureWareHook_Rsa_Priv_Dec_t(char*const msg,int flen,unsigned char *from,
+                                                                                int *tlen,unsigned char *to,
+                                                                                char *prsa,int padding);
+extern SW_EXPORT SureWareHook_Rsa_Priv_Dec_t SureWareHook_Rsa_Priv_Dec;
+/*
+* SureWare RSA Signature
+* return 1 if success
+*                       SureWareHOOK_ERROR_FAILED if error while processing
+*                       SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+*                       SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+*
+*       in param flen : byte size of from and to
+*       in param from : encrypted data buffer, should be a not-null valid pointer
+*       out param tlen: byte size of decrypted data, if error, unexpected value
+*       out param to : decrypted data buffer, should be a not-null valid pointer
+*   in param prsa: a protected key pointer, should be a not-null valid pointer
+*   int padding: padding id as follow
+*                                       SUREWARE_PKCS1_PAD
+*                                       SUREWARE_ISO9796_PAD
+*
+*/
+typedef int SureWareHook_Rsa_Sign_t(char*const msg,int flen,unsigned char *from,
+                                                                                int *tlen,unsigned char *to,
+                                                                                char *prsa,int padding);
+extern SW_EXPORT SureWareHook_Rsa_Sign_t SureWareHook_Rsa_Sign;
+/*
+* SureWare DSA Signature
+* return 1 if success
+*                       SureWareHOOK_ERROR_FAILED if error while processing
+*                       SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+*                       SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+*
+*       in param flen : byte size of from and to
+*       in param from : encrypted data buffer, should be a not-null valid pointer
+*       out param to : decrypted data buffer, should be a 40bytes valid pointer
+*   in param pdsa: a protected key pointer, should be a not-null valid pointer
+*
+*/
+typedef int SureWareHook_Dsa_Sign_t(char*const msg,int flen,const unsigned char *from,
+                                                                                unsigned long *r,unsigned long *s,char *pdsa);
+extern SW_EXPORT SureWareHook_Dsa_Sign_t SureWareHook_Dsa_Sign;
+/*
+* SureWare Mod Exp
+* return 1 if success
+*                       SureWareHOOK_ERROR_FAILED if error while processing
+*                       SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+*                       SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+*
+*       mod and res are mlen bytes long.
+*       exp is elen bytes long
+*       data is dlen bytes long
+*       mlen,elen and dlen are all multiple of sizeof(unsigned long)
+*/
+typedef int SureWareHook_Mod_Exp_t(char*const msg,int mlen,const unsigned long *mod,
+                                                                        int elen,const unsigned long *exponent,
+                                                                        int dlen,unsigned long *data,
+                                                                        unsigned long *res);
+extern SW_EXPORT SureWareHook_Mod_Exp_t SureWareHook_Mod_Exp;
diff --git a/src/lib/libcrypto/err/Makefile b/src/lib/libcrypto/err/Makefile
new file mode 100644
index 0000000000..23e38409c8
--- /dev/null
+++ b/src/lib/libcrypto/err/Makefile
@@ -0,0 +1,109 @@
+#
+# OpenSSL/crypto/err/Makefile
+#
+DIR=    err
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=err.c err_all.c err_prn.c
+LIBOBJ=err.o err_all.o err_prn.o
+SRC= $(LIBSRC)
+EXHEADER= err.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+err.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/buffer.h
+err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+err.o: ../cryptlib.h err.c
+err_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+err_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+err_all.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+err_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+err_all.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+err_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+err_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+err_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+err_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+err_all.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+err_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem2.h
+err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+err_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+err_all.o: ../../include/openssl/ui.h ../../include/openssl/x509.h
+err_all.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+err_all.o: err_all.c
+err_prn.o: ../../e_os.h ../../include/openssl/bio.h
+err_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+err_prn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+err_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+err_prn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+err_prn.o: ../../include/openssl/symhacks.h ../cryptlib.h err_prn.c
diff --git a/src/lib/libcrypto/err/Makefile.ssl b/src/lib/libcrypto/err/Makefile.ssl
new file mode 100644
index 0000000000..b253061d07
--- /dev/null
+++ b/src/lib/libcrypto/err/Makefile.ssl
@@ -0,0 +1,119 @@
+#
+# SSLeay/crypto/err/Makefile
+#
+DIR=    err
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=err.c err_all.c err_prn.c
+LIBOBJ=err.o err_all.o err_prn.o
+SRC= $(LIBSRC)
+EXHEADER= err.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+err.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/buffer.h
+err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+err.o: ../../include/openssl/symhacks.h ../cryptlib.h err.c
+err_all.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+err_all.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+err_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+err_all.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+err_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+err_all.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+err_all.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+err_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+err_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+err_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+err_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+err_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+err_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+err_all.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+err_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem2.h
+err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+err_all.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+err_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+err_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+err_all.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+err_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+err_all.o: ../../include/openssl/x509v3.h err_all.c
+err_prn.o: ../../e_os.h ../../include/openssl/bio.h
+err_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+err_prn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+err_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+err_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+err_prn.o: ../cryptlib.h err_prn.c
diff --git a/src/lib/libcrypto/err/err.c b/src/lib/libcrypto/err/err.c
index b6ff070e8f..53687d79ab 100644
--- a/src/lib/libcrypto/err/err.c
+++ b/src/lib/libcrypto/err/err.c
@@ -112,9 +112,9 @@
 #include <stdio.h>
 #include <stdarg.h>
 #include <string.h>
-#include "cryptlib.h"
 #include <openssl/lhash.h>
 #include <openssl/crypto.h>
+#include "cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/bio.h>
 #include <openssl/err.h>
@@ -149,7 +149,7 @@ static ERR_STRING_DATA ERR_str_libraries[]=
 {ERR_PACK(ERR_LIB_DSO,0,0)              ,"DSO support routines"},
 {ERR_PACK(ERR_LIB_ENGINE,0,0)           ,"engine routines"},
 {ERR_PACK(ERR_LIB_OCSP,0,0)             ,"OCSP routines"},
-{ERR_PACK(ERR_LIB_CMS,0,0)              ,"CMS routines"},
+{ERR_PACK(ERR_LIB_FIPS,0,0)             ,"FIPS routines"},
 {0,NULL},
        };
@@ -168,6 +168,7 @@ static ERR_STRING_DATA ERR_str_functs[]=
 #endif
        {ERR_PACK(0,SYS_F_OPENDIR,0),           "opendir"},
        {ERR_PACK(0,SYS_F_FREAD,0),             "fread"},
+        {ERR_PACK(0,SYS_F_GETADDRINFO,0),       "getaddrinfo"},
        {0,NULL},
        };
@@ -209,7 +210,6 @@ static ERR_STRING_DATA ERR_str_reasons[]=
 {ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED      ,"called a function you should not call"},
 {ERR_R_PASSED_NULL_PARAMETER            ,"passed a null parameter"},
 {ERR_R_INTERNAL_ERROR                   ,"internal error"},
-{ERR_R_DISABLED                         ,"called a function that was disabled at compile-time"},
 {0,NULL},
        };
@@ -542,27 +542,16 @@ static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
 * will be returned for SYSerr(), which always gets an errno
 * value and never one of those 'standard' reason codes. */
-static void build_SYS_str_reasons(void)
+static void build_SYS_str_reasons()
        {
        /* OPENSSL_malloc cannot be used here, use static storage instead */
        static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON];
        int i;
        static int init = 1;
-        CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+        if (!init) return;
-        if (!init)
-                {
-                CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
-                return;
-                }
-        
-        CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
        CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-        if (!init)
-                {
-                CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-                return;
-                }
        for (i = 1; i <= NUM_SYS_STR_REASONS; i++)
                {
@@ -594,24 +583,13 @@ static void build_SYS_str_reasons(void)
 #endif
 #define err_clear_data(p,i) \
-        do { \
        if (((p)->err_data[i] != NULL) && \
                (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \
                {  \
                OPENSSL_free((p)->err_data[i]); \
                (p)->err_data[i]=NULL; \
                } \
-        (p)->err_data_flags[i]=0; \
+        (p)->err_data_flags[i]=0;
-        } while(0)
-#define err_clear(p,i) \
-        do { \
-        (p)->err_flags[i]=0; \
-        (p)->err_buffer[i]=0; \
-        err_clear_data(p,i); \
-        (p)->err_file[i]=NULL; \
-        (p)->err_line[i]= -1; \
-        } while(0)
 static void ERR_STATE_free(ERR_STATE *s)
        {
@@ -704,7 +682,6 @@ void ERR_put_error(int lib, int func, int reason, const char *file,
        es->top=(es->top+1)%ERR_NUM_ERRORS;
        if (es->top == es->bottom)
                es->bottom=(es->bottom+1)%ERR_NUM_ERRORS;
-        es->err_flags[es->top]=0;
        es->err_buffer[es->top]=ERR_PACK(lib,func,reason);
        es->err_file[es->top]=file;
        es->err_line[es->top]=line;
@@ -720,7 +697,10 @@ void ERR_clear_error(void)
        for (i=0; i<ERR_NUM_ERRORS; i++)
                {
-                err_clear(es,i);
+                es->err_buffer[i]=0;
+                err_clear_data(es,i);
+                es->err_file[i]=NULL;
+                es->err_line[i]= -1;
                }
        es->top=es->bottom=0;
        }
@@ -957,7 +937,7 @@ static unsigned long err_hash(const void *a_void)
        {
        unsigned long ret,l;
-        l=((const ERR_STRING_DATA *)a_void)->error;
+        l=((ERR_STRING_DATA *)a_void)->error;
        ret=l^ERR_GET_LIB(l)^ERR_GET_FUNC(l);
        return(ret^ret%19*13);
        }
@@ -965,21 +945,21 @@ static unsigned long err_hash(const void *a_void)
 /* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b) */
 static int err_cmp(const void *a_void, const void *b_void)
        {
-        return((int)(((const ERR_STRING_DATA *)a_void)->error -
+        return((int)(((ERR_STRING_DATA *)a_void)->error -
-                        ((const ERR_STRING_DATA *)b_void)->error));
+                        ((ERR_STRING_DATA *)b_void)->error));
        }
 /* static unsigned long pid_hash(ERR_STATE *a) */
 static unsigned long pid_hash(const void *a_void)
        {
-        return(((const ERR_STATE *)a_void)->pid*13);
+        return(((ERR_STATE *)a_void)->pid*13);
        }
 /* static int pid_cmp(ERR_STATE *a, ERR_STATE *b) */
 static int pid_cmp(const void *a_void, const void *b_void)
        {
-        return((int)((long)((const ERR_STATE *)a_void)->pid -
+        return((int)((long)((ERR_STATE *)a_void)->pid -
-                        (long)((const ERR_STATE *)b_void)->pid));
+                        (long)((ERR_STATE *)b_void)->pid));
        }
 void ERR_remove_state(unsigned long pid)
@@ -1089,7 +1069,7 @@ void ERR_add_error_data(int num, ...)
                                else
                                        str=p;
                                }
-                        BUF_strlcat(str,a,(size_t)s+1);
+                        BUF_strlcat(str,a,s+1);
                        }
                }
        ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING);
@@ -1097,33 +1077,3 @@ void ERR_add_error_data(int num, ...)
 err:
        va_end(args);
        }
-int ERR_set_mark(void)
-        {
-        ERR_STATE *es;
-        es=ERR_get_state();
-        if (es->bottom == es->top) return 0;
-        es->err_flags[es->top]|=ERR_FLAG_MARK;
-        return 1;
-        }
-int ERR_pop_to_mark(void)
-        {
-        ERR_STATE *es;
-        es=ERR_get_state();
-        while(es->bottom != es->top
-                && (es->err_flags[es->top] & ERR_FLAG_MARK) == 0)
-                {
-                err_clear(es,es->top);
-                es->top-=1;
-                if (es->top == -1) es->top=ERR_NUM_ERRORS-1;
-                }
-                
-        if (es->bottom == es->top) return 0;
-        es->err_flags[es->top]&=~ERR_FLAG_MARK;
-        return 1;
-        }
diff --git a/src/lib/libcrypto/err/err.h b/src/lib/libcrypto/err/err.h
index bf28fce492..2efa18866a 100644
--- a/src/lib/libcrypto/err/err.h
+++ b/src/lib/libcrypto/err/err.h
@@ -59,14 +59,11 @@
 #ifndef HEADER_ERR_H
 #define HEADER_ERR_H
-#include <openssl/e_os2.h>
 #ifndef OPENSSL_NO_FP_API
 #include <stdio.h>
 #include <stdlib.h>
 #endif
-#include <openssl/ossl_typ.h>
 #ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
@@ -89,13 +86,10 @@ extern "C" {
 #define ERR_TXT_MALLOCED        0x01
 #define ERR_TXT_STRING          0x02
-#define ERR_FLAG_MARK           0x01
 #define ERR_NUM_ERRORS  16
 typedef struct err_state_st
        {
        unsigned long pid;
-        int err_flags[ERR_NUM_ERRORS];
        unsigned long err_buffer[ERR_NUM_ERRORS];
        char *err_data[ERR_NUM_ERRORS];
        int err_data_flags[ERR_NUM_ERRORS];
@@ -137,10 +131,7 @@ typedef struct err_state_st
 #define ERR_LIB_OCSP            39
 #define ERR_LIB_UI              40
 #define ERR_LIB_COMP            41
-#define ERR_LIB_ECDSA           42
+#define ERR_LIB_FIPS            42
-#define ERR_LIB_ECDH            43
-#define ERR_LIB_STORE           44
-#define ERR_LIB_CMS             45
 #define ERR_LIB_USER            128
@@ -169,10 +160,7 @@ typedef struct err_state_st
 #define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__)
 #define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__)
 #define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)
-#define ECDSAerr(f,r)  ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__)
+#define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__)
-#define ECDHerr(f,r)  ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)
-#define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__)
-#define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__)
 /* Borland C seems too stupid to be able to shift and do longs in
 * the pre-processor :-( */
@@ -197,6 +185,7 @@ typedef struct err_state_st
 #define SYS_F_WSASTARTUP        9 /* Winsock stuff */
 #define SYS_F_OPENDIR           10
 #define SYS_F_FREAD             11
+#define SYS_F_GETADDRINFO       12
 /* reasons */
@@ -225,9 +214,6 @@ typedef struct err_state_st
 #define ERR_R_OCSP_LIB  ERR_LIB_OCSP     /* 39 */
 #define ERR_R_UI_LIB    ERR_LIB_UI       /* 40 */
 #define ERR_R_COMP_LIB  ERR_LIB_COMP     /* 41 */
-#define ERR_R_ECDSA_LIB ERR_LIB_ECDSA    /* 42 */
-#define ERR_R_ECDH_LIB  ERR_LIB_ECDH     /* 43 */
-#define ERR_R_STORE_LIB ERR_LIB_STORE    /* 44 */
 #define ERR_R_NESTED_ASN1_ERROR                 58
 #define ERR_R_BAD_ASN1_OBJECT_HEADER            59
@@ -242,7 +228,6 @@ typedef struct err_state_st
 #define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED       (2|ERR_R_FATAL)
 #define ERR_R_PASSED_NULL_PARAMETER             (3|ERR_R_FATAL)
 #define ERR_R_INTERNAL_ERROR                    (4|ERR_R_FATAL)
-#define ERR_R_DISABLED                          (5|ERR_R_FATAL)
 /* 99 is the maximum possible ERR_R_... code, higher values
 * are reserved for the individual libraries */
@@ -301,11 +286,8 @@ void ERR_release_err_state_table(LHASH **hash);
 int ERR_get_next_error_library(void);
-int ERR_set_mark(void);
+/* This opaque type encapsulates the low-level error-state functions */
-int ERR_pop_to_mark(void);
+typedef struct st_ERR_FNS ERR_FNS;
-/* Already defined in ossl_typ.h */
-/* typedef struct st_ERR_FNS ERR_FNS; */
 /* An application can use this function and provide the return value to loaded
 * modules that should use the application's ERR state/functionality */
 const ERR_FNS *ERR_get_implementation(void);
diff --git a/src/lib/libcrypto/err/err_all.c b/src/lib/libcrypto/err/err_all.c
index 5813060ce2..4dc9300892 100644
--- a/src/lib/libcrypto/err/err_all.c
+++ b/src/lib/libcrypto/err/err_all.c
@@ -73,12 +73,6 @@
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
-#ifndef OPENSSL_NO_ECDSA
-#include <openssl/ecdsa.h>
-#endif
-#ifndef OPENSSL_NO_ECDH
-#include <openssl/ecdh.h>
-#endif
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/pem2.h>
@@ -91,15 +85,16 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
-#include <openssl/ui.h>
 #include <openssl/ocsp.h>
 #include <openssl/err.h>
-#ifndef OPENSSL_NO_CMS
+#include <openssl/fips.h>
-#include <openssl/cms.h>
-#endif
 void ERR_load_crypto_strings(void)
        {
+        static int done=0;
+        if (done) return;
+        done=1;
 #ifndef OPENSSL_NO_ERR
        ERR_load_ERR_strings(); /* include error strings for SYSerr */
        ERR_load_BN_strings();
@@ -123,12 +118,6 @@ void ERR_load_crypto_strings(void)
 #ifndef OPENSSL_NO_EC
        ERR_load_EC_strings();
 #endif
-#ifndef OPENSSL_NO_ECDSA
-        ERR_load_ECDSA_strings();
-#endif
-#ifndef OPENSSL_NO_ECDH
-        ERR_load_ECDH_strings();
-#endif
        /* skip ERR_load_SSL_strings() because it is not in this library */
        ERR_load_BIO_strings();
        ERR_load_PKCS7_strings();       
@@ -141,8 +130,8 @@ void ERR_load_crypto_strings(void)
 #endif
        ERR_load_OCSP_strings();
        ERR_load_UI_strings();
-#ifndef OPENSSL_NO_CMS
-        ERR_load_CMS_strings();
 #endif
+#ifdef OPENSSL_FIPS
+        ERR_load_FIPS_strings();
 #endif
        }
diff --git a/src/lib/libcrypto/err/err_prn.c b/src/lib/libcrypto/err/err_prn.c
index 2224a901e5..81e34bd6ce 100644
--- a/src/lib/libcrypto/err/err_prn.c
+++ b/src/lib/libcrypto/err/err_prn.c
@@ -57,9 +57,9 @@
 */
 #include <stdio.h>
-#include "cryptlib.h"
 #include <openssl/lhash.h>
 #include <openssl/crypto.h>
+#include "cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/err.h>
@@ -86,12 +86,7 @@ void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),
 #ifndef OPENSSL_NO_FP_API
 static int print_fp(const char *str, size_t len, void *fp)
        {
-        BIO bio;
+        return fprintf((FILE *)fp, "%s", str);
-        BIO_set(&bio,BIO_s_file());
-        BIO_set_fp(&bio,fp,BIO_NOCLOSE);
-        return BIO_printf(&bio, "%s", str);
        }
 void ERR_print_errors_fp(FILE *fp)
        {
diff --git a/src/lib/libcrypto/err/openssl.ec b/src/lib/libcrypto/err/openssl.ec
index 1938f081ac..f8cd6937e7 100644
--- a/src/lib/libcrypto/err/openssl.ec
+++ b/src/lib/libcrypto/err/openssl.ec
@@ -27,16 +27,11 @@ L DSO		crypto/dso/dso.h		crypto/dso/dso_err.c
 L ENGINE        crypto/engine/engine.h          crypto/engine/eng_err.c
 L OCSP          crypto/ocsp/ocsp.h              crypto/ocsp/ocsp_err.c
 L UI            crypto/ui/ui.h                  crypto/ui/ui_err.c
-L COMP          crypto/comp/comp.h              crypto/comp/comp_err.c
+L FIPS          fips-1.0/fips.h                 fips-1.0/fips_err.h
-L ECDSA         crypto/ecdsa/ecdsa.h            crypto/ecdsa/ecs_err.c
-L ECDH          crypto/ecdh/ecdh.h              crypto/ecdh/ech_err.c
-L STORE         crypto/store/store.h            crypto/store/str_err.c
-L CMS           crypto/cms/cms.h                crypto/cms/cms_err.c
 # additional header files to be scanned for function names
 L NONE          crypto/x509/x509_vfy.h          NONE
 L NONE          crypto/ec/ec_lcl.h              NONE
-L NONE          crypto/cms/cms_lcl.h            NONE
 F RSAREF_F_RSA_BN2BIN
diff --git a/src/lib/libcrypto/evp/Makefile b/src/lib/libcrypto/evp/Makefile
new file mode 100644
index 0000000000..8f2555c7e5
--- /dev/null
+++ b/src/lib/libcrypto/evp/Makefile
@@ -0,0 +1,646 @@
+#
+# OpenSSL/crypto/evp/Makefile
+#
+DIR=    evp
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=evp_test.c
+TESTDATA=evptests.txt
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \
+        e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\
+        e_rc4.c e_aes.c names.c e_seed.c \
+        e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
+        m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c \
+        m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\
+        p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
+        bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
+        c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
+        evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \
+        e_old.c
+LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
+        e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\
+        e_rc4.o e_aes.o names.o e_seed.o \
+        e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \
+        m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o \
+        m_dss.o m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\
+        p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
+        bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
+        c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
+        evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \
+        e_old.o
+SRC= $(LIBSRC)
+EXHEADER= evp.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        cp $(TESTDATA) ../../test
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+bio_b64.o: ../../e_os.h ../../include/openssl/asn1.h
+bio_b64.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+bio_b64.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bio_b64.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+bio_b64.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+bio_b64.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_b64.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_b64.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_b64.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_b64.c
+bio_enc.o: ../../e_os.h ../../include/openssl/asn1.h
+bio_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+bio_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bio_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+bio_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+bio_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_enc.c
+bio_md.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bio_md.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bio_md.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_md.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+bio_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+bio_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_md.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+bio_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_md.o: ../cryptlib.h bio_md.c
+bio_ok.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bio_ok.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bio_ok.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_ok.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+bio_ok.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+bio_ok.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_ok.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+bio_ok.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bio_ok.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_ok.c
+c_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+c_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+c_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+c_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+c_all.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+c_all.o: ../../include/openssl/symhacks.h ../cryptlib.h c_all.c
+c_allc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+c_allc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+c_allc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+c_allc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+c_allc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+c_allc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+c_allc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_allc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+c_allc.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+c_allc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+c_allc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+c_allc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+c_allc.o: ../cryptlib.h c_allc.c
+c_alld.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+c_alld.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+c_alld.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+c_alld.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+c_alld.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+c_alld.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+c_alld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_alld.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+c_alld.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+c_alld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+c_alld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+c_alld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+c_alld.o: ../cryptlib.h c_alld.c
+digest.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+digest.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+digest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+digest.o: ../../include/openssl/symhacks.h ../cryptlib.h digest.c
+e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_aes.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+e_aes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_aes.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+e_aes.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_aes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_aes.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+e_aes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h e_aes.c
+e_aes.o: evp_locl.h
+e_bf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/buffer.h
+e_bf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+e_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_bf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_bf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_bf.o: ../../include/openssl/symhacks.h ../cryptlib.h e_bf.c evp_locl.h
+e_camellia.o: ../../include/openssl/opensslconf.h e_camellia.c
+e_cast.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_cast.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_cast.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+e_cast.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_cast.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_cast.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cast.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_cast.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_cast.o: ../../include/openssl/symhacks.h ../cryptlib.h e_cast.c evp_locl.h
+e_des.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_des.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+e_des.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_des.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_des.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+e_des.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_des.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_des.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+e_des.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_des.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_des.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des.c evp_locl.h
+e_des3.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_des3.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+e_des3.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_des3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_des3.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+e_des3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_des3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_des3.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+e_des3.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_des3.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_des3.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des3.c evp_locl.h
+e_idea.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_idea.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+e_idea.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_idea.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_idea.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_idea.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_idea.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_idea.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_idea.o: ../../include/openssl/symhacks.h ../cryptlib.h e_idea.c evp_locl.h
+e_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+e_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_null.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+e_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_null.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+e_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_null.o: ../cryptlib.h e_null.c
+e_old.o: e_old.c
+e_rc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_rc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+e_rc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_rc2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+e_rc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_rc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_rc2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+e_rc2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_rc2.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc2.c evp_locl.h
+e_rc4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_rc4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+e_rc4.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_rc4.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+e_rc4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_rc4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_rc4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc4.h
+e_rc4.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_rc4.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc4.c
+e_rc5.o: ../../e_os.h ../../include/openssl/bio.h
+e_rc5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+e_rc5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_rc5.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+e_rc5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_rc5.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_rc5.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc5.c
+e_seed.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_seed.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+e_seed.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_seed.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_seed.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_seed.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_seed.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_seed.o: ../../include/openssl/symhacks.h e_seed.c
+e_xcbc_d.o: ../../e_os.h ../../include/openssl/asn1.h
+e_xcbc_d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_xcbc_d.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+e_xcbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_xcbc_d.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+e_xcbc_d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_xcbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+e_xcbc_d.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_xcbc_d.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_xcbc_d.c
+encode.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+encode.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+encode.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+encode.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+encode.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+encode.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+encode.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+encode.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+encode.o: ../cryptlib.h encode.c
+evp_acnf.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_acnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+evp_acnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+evp_acnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_acnf.o: ../../include/openssl/opensslconf.h
+evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c
+evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+evp_enc.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+evp_enc.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+evp_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+evp_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_enc.c evp_locl.h
+evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+evp_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+evp_err.o: ../../include/openssl/symhacks.h evp_err.c
+evp_key.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_key.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+evp_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+evp_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+evp_key.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+evp_key.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+evp_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+evp_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_key.o: ../../include/openssl/ui.h ../../include/openssl/x509.h
+evp_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_key.c
+evp_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+evp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+evp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+evp_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+evp_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_lib.c
+evp_pbe.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_pbe.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+evp_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+evp_pbe.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+evp_pbe.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+evp_pbe.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+evp_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+evp_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+evp_pbe.o: ../cryptlib.h evp_pbe.c
+evp_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+evp_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+evp_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+evp_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+evp_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+evp_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+evp_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_pkey.o: ../../include/openssl/opensslconf.h
+evp_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+evp_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+evp_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+evp_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pkey.c
+m_dss.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_dss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+m_dss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+m_dss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+m_dss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+m_dss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_dss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_dss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_dss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_dss.o: ../cryptlib.h m_dss.c
+m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+m_dss1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+m_dss1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+m_dss1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_dss1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_dss1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_dss1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_dss1.o: ../cryptlib.h m_dss1.c
+m_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h
+m_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+m_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+m_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+m_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+m_ecdsa.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+m_ecdsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_ecdsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_ecdsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_ecdsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_ecdsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_ecdsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_ecdsa.o: ../cryptlib.h m_ecdsa.c
+m_md2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_md2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_md2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_md2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_md2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_md2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_md2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_md2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_md2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_md2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_md2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_md2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_md2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md2.c
+m_md4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_md4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_md4.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_md4.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_md4.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_md4.o: ../../include/openssl/lhash.h ../../include/openssl/md4.h
+m_md4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_md4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_md4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_md4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_md4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_md4.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_md4.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md4.c
+m_md5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_md5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_md5.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_md5.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_md5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_md5.o: ../../include/openssl/lhash.h ../../include/openssl/md5.h
+m_md5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_md5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_md5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_md5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_md5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_md5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_md5.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md5.c
+m_mdc2.o: ../../e_os.h ../../include/openssl/bio.h
+m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_mdc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_mdc2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+m_mdc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_mdc2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+m_mdc2.o: ../../include/openssl/symhacks.h ../cryptlib.h m_mdc2.c
+m_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_null.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_null.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_null.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_null.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+m_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_null.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_null.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_null.c
+m_ripemd.o: ../../e_os.h ../../include/openssl/asn1.h
+m_ripemd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+m_ripemd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+m_ripemd.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+m_ripemd.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+m_ripemd.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+m_ripemd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_ripemd.o: ../../include/openssl/opensslconf.h
+m_ripemd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_ripemd.o: ../../include/openssl/pkcs7.h ../../include/openssl/ripemd.h
+m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_ripemd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_ripemd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+m_ripemd.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_ripemd.c
+m_sha.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_sha.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_sha.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_sha.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_sha.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_sha.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_sha.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_sha.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_sha.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_sha.o: ../cryptlib.h m_sha.c
+m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_sha1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_sha1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_sha1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_sha1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_sha1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_sha1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_sha1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_sha1.o: ../cryptlib.h m_sha1.c
+names.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+names.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+names.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+names.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+names.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+names.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+names.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+names.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+names.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+names.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+names.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+names.o: ../../include/openssl/x509_vfy.h ../cryptlib.h names.c
+p5_crpt.o: ../../e_os.h ../../include/openssl/asn1.h
+p5_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p5_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p5_crpt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p5_crpt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p5_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+p5_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p5_crpt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p5_crpt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p5_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p5_crpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p5_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p5_crpt.o: ../cryptlib.h p5_crpt.c
+p5_crpt2.o: ../../e_os.h ../../include/openssl/asn1.h
+p5_crpt2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p5_crpt2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p5_crpt2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p5_crpt2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p5_crpt2.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
+p5_crpt2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p5_crpt2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p5_crpt2.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p5_crpt2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_crpt2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p5_crpt2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_crpt2.c
+p_dec.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p_dec.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p_dec.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_dec.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_dec.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p_dec.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_dec.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_dec.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p_dec.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_dec.c
+p_enc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p_enc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_enc.c
+p_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+p_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+p_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+p_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+p_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_lib.c
+p_open.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_open.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p_open.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p_open.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p_open.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_open.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p_open.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_open.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_open.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+p_open.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_open.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_open.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_open.o: ../cryptlib.h p_open.c
+p_seal.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_seal.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p_seal.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p_seal.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_seal.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_seal.c
+p_sign.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_sign.c
+p_verify.o: ../../e_os.h ../../include/openssl/asn1.h
+p_verify.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p_verify.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p_verify.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p_verify.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p_verify.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+p_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_verify.o: ../../include/openssl/opensslconf.h
+p_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_verify.c
diff --git a/src/lib/libcrypto/evp/Makefile.ssl b/src/lib/libcrypto/evp/Makefile.ssl
new file mode 100644
index 0000000000..f33aebd33a
--- /dev/null
+++ b/src/lib/libcrypto/evp/Makefile.ssl
@@ -0,0 +1,1059 @@
+#
+# SSLeay/crypto/evp/Makefile
+#
+DIR=    evp
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=evp_test.c
+TESTDATA=evptests.txt
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \
+        e_des.c e_bf.c e_idea.c e_des3.c \
+        e_rc4.c e_aes.c names.c \
+        e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
+        m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c \
+        m_dss.c m_dss1.c m_mdc2.c m_ripemd.c \
+        p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
+        bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
+        c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
+        evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c
+LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
+        e_des.o e_bf.o e_idea.o e_des3.o \
+        e_rc4.o e_aes.o names.o \
+        e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \
+        m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o \
+        m_dss.o m_dss1.o m_mdc2.o m_ripemd.o \
+        p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
+        bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
+        c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
+        evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o
+SRC= $(LIBSRC)
+EXHEADER= evp.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        cp $(TESTDATA) ../../test
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+bio_b64.o: ../../e_os.h ../../include/openssl/aes.h
+bio_b64.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bio_b64.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+bio_b64.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+bio_b64.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+bio_b64.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+bio_b64.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+bio_b64.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+bio_b64.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+bio_b64.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+bio_b64.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+bio_b64.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+bio_b64.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_b64.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+bio_b64.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+bio_b64.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+bio_b64.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+bio_b64.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_b64.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+bio_b64.o: ../cryptlib.h bio_b64.c
+bio_enc.o: ../../e_os.h ../../include/openssl/aes.h
+bio_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bio_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+bio_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+bio_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+bio_enc.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+bio_enc.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+bio_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+bio_enc.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+bio_enc.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+bio_enc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+bio_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+bio_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+bio_enc.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+bio_enc.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+bio_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+bio_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+bio_enc.o: ../cryptlib.h bio_enc.c
+bio_md.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+bio_md.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+bio_md.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+bio_md.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+bio_md.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+bio_md.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+bio_md.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_md.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+bio_md.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+bio_md.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+bio_md.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+bio_md.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_md.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_md.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+bio_md.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+bio_md.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+bio_md.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+bio_md.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+bio_md.o: ../../include/openssl/ui_compat.h ../cryptlib.h bio_md.c
+bio_ok.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+bio_ok.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+bio_ok.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+bio_ok.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+bio_ok.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+bio_ok.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+bio_ok.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_ok.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+bio_ok.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+bio_ok.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+bio_ok.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+bio_ok.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_ok.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_ok.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+bio_ok.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+bio_ok.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+bio_ok.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+bio_ok.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_ok.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+bio_ok.o: ../cryptlib.h bio_ok.c
+c_all.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+c_all.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+c_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+c_all.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+c_all.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+c_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+c_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+c_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+c_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+c_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+c_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+c_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+c_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+c_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+c_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+c_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+c_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+c_all.o: ../../include/openssl/ui_compat.h ../cryptlib.h c_all.c
+c_allc.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+c_allc.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+c_allc.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+c_allc.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+c_allc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+c_allc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+c_allc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+c_allc.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+c_allc.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+c_allc.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+c_allc.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+c_allc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_allc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+c_allc.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+c_allc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+c_allc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+c_allc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+c_allc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+c_allc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+c_allc.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+c_allc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_allc.c
+c_alld.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+c_alld.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+c_alld.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+c_alld.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+c_alld.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+c_alld.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+c_alld.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+c_alld.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+c_alld.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+c_alld.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+c_alld.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+c_alld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_alld.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+c_alld.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+c_alld.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+c_alld.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+c_alld.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+c_alld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+c_alld.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+c_alld.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+c_alld.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_alld.c
+digest.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+digest.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+digest.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+digest.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+digest.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+digest.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+digest.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+digest.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+digest.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+digest.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+digest.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+digest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+digest.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+digest.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+digest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+digest.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+digest.o: ../../include/openssl/ui_compat.h ../cryptlib.h digest.c
+e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_aes.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_aes.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+e_aes.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_aes.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+e_aes.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+e_aes.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_aes.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+e_aes.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+e_aes.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_aes.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_aes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_aes.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+e_aes.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_aes.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_aes.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_aes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_aes.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h e_aes.c
+e_aes.o: evp_locl.h
+e_bf.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_bf.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_bf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_bf.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_bf.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_bf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_bf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_bf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_bf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_bf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_bf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_bf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_bf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_bf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_bf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_bf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_bf.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_bf.c evp_locl.h
+e_cast.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_cast.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_cast.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_cast.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_cast.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_cast.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cast.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_cast.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_cast.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_cast.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_cast.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_cast.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cast.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_cast.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_cast.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_cast.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_cast.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_cast.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_cast.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_cast.c evp_locl.h
+e_des.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_des.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_des.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_des.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_des.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_des.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_des.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_des.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_des.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_des.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_des.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_des.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_des.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_des.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_des.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_des.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_des.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_des.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_des.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des.c evp_locl.h
+e_des3.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_des3.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_des3.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_des3.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_des3.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_des3.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_des3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_des3.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_des3.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_des3.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_des3.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_des3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_des3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_des3.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_des3.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_des3.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_des3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_des3.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_des3.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des3.c evp_locl.h
+e_idea.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_idea.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_idea.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_idea.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_idea.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_idea.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_idea.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_idea.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_idea.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_idea.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_idea.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_idea.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_idea.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_idea.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_idea.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_idea.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_idea.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_idea.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_idea.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_idea.c evp_locl.h
+e_null.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_null.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_null.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_null.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_null.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_null.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_null.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_null.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_null.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_null.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_null.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_null.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_null.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_null.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_null.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_null.c
+e_rc2.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_rc2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_rc2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_rc2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_rc2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_rc2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_rc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_rc2.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_rc2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_rc2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_rc2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_rc2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_rc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_rc2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_rc2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_rc2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_rc2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_rc2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_rc2.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_rc2.c evp_locl.h
+e_rc4.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_rc4.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_rc4.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_rc4.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_rc4.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_rc4.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_rc4.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_rc4.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_rc4.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_rc4.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_rc4.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_rc4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_rc4.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_rc4.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_rc4.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_rc4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_rc4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_rc4.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_rc4.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_rc4.c
+e_rc5.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_rc5.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_rc5.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_rc5.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_rc5.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_rc5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_rc5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_rc5.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_rc5.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_rc5.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_rc5.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_rc5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_rc5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_rc5.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_rc5.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_rc5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_rc5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_rc5.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_rc5.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_rc5.c evp_locl.h
+e_xcbc_d.o: ../../e_os.h ../../include/openssl/aes.h
+e_xcbc_d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_xcbc_d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_xcbc_d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_xcbc_d.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+e_xcbc_d.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+e_xcbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_xcbc_d.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+e_xcbc_d.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+e_xcbc_d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_xcbc_d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_xcbc_d.o: ../../include/openssl/opensslconf.h
+e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_xcbc_d.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_xcbc_d.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_xcbc_d.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_xcbc_d.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_xcbc_d.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_xcbc_d.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_xcbc_d.c
+encode.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+encode.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+encode.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+encode.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+encode.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+encode.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+encode.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+encode.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+encode.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+encode.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+encode.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+encode.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+encode.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+encode.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+encode.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+encode.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+encode.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+encode.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+encode.o: ../../include/openssl/ui_compat.h ../cryptlib.h encode.c
+evp_acnf.o: ../../e_os.h ../../include/openssl/aes.h
+evp_acnf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_acnf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_acnf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_acnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+evp_acnf.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+evp_acnf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+evp_acnf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+evp_acnf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+evp_acnf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+evp_acnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_acnf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+evp_acnf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+evp_acnf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+evp_acnf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_acnf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+evp_acnf.o: ../../include/openssl/ui_compat.h ../cryptlib.h evp_acnf.c
+evp_enc.o: ../../e_os.h ../../include/openssl/aes.h
+evp_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_enc.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+evp_enc.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+evp_enc.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+evp_enc.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+evp_enc.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+evp_enc.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+evp_enc.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+evp_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_enc.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+evp_enc.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+evp_enc.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h
+evp_err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+evp_err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+evp_err.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_err.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+evp_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_err.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+evp_err.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+evp_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+evp_err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+evp_err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+evp_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_err.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+evp_err.o: evp_err.c
+evp_key.o: ../../e_os.h ../../include/openssl/aes.h
+evp_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_key.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+evp_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+evp_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_key.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+evp_key.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+evp_key.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+evp_key.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+evp_key.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+evp_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+evp_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+evp_key.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+evp_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_key.c
+evp_lib.o: ../../e_os.h ../../include/openssl/aes.h
+evp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+evp_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+evp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+evp_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+evp_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+evp_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+evp_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+evp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_lib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+evp_lib.o: ../cryptlib.h evp_lib.c
+evp_pbe.o: ../../e_os.h ../../include/openssl/aes.h
+evp_pbe.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_pbe.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_pbe.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+evp_pbe.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+evp_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_pbe.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+evp_pbe.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+evp_pbe.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+evp_pbe.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+evp_pbe.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+evp_pbe.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+evp_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+evp_pbe.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+evp_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pbe.c
+evp_pkey.o: ../../e_os.h ../../include/openssl/aes.h
+evp_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_pkey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_pkey.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+evp_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+evp_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_pkey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+evp_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+evp_pkey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_pkey.o: ../../include/openssl/opensslconf.h
+evp_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+evp_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+evp_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+evp_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+evp_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+evp_pkey.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+evp_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pkey.c
+m_dss.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_dss.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_dss.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_dss.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_dss.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_dss.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_dss.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_dss.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_dss.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_dss.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_dss.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_dss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_dss.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_dss.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_dss.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_dss.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_dss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_dss.o: ../cryptlib.h m_dss.c
+m_dss1.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_dss1.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_dss1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_dss1.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_dss1.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_dss1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_dss1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_dss1.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_dss1.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_dss1.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_dss1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_dss1.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_dss1.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_dss1.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_dss1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_dss1.o: ../cryptlib.h m_dss1.c
+m_md2.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_md2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_md2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_md2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_md2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_md2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_md2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_md2.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_md2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_md2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_md2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_md2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_md2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_md2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_md2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_md2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_md2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_md2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_md2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_md2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_md2.o: ../cryptlib.h m_md2.c
+m_md4.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_md4.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_md4.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_md4.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_md4.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_md4.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_md4.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_md4.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_md4.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_md4.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_md4.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_md4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_md4.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_md4.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_md4.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_md4.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_md4.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_md4.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_md4.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_md4.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_md4.o: ../cryptlib.h m_md4.c
+m_md5.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_md5.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_md5.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_md5.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_md5.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_md5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_md5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_md5.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_md5.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_md5.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_md5.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_md5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_md5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_md5.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_md5.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_md5.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_md5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_md5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_md5.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_md5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_md5.o: ../cryptlib.h m_md5.c
+m_mdc2.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_mdc2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_mdc2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_mdc2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_mdc2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_mdc2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_mdc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_mdc2.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_mdc2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_mdc2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_mdc2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_mdc2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_mdc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_mdc2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_mdc2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_mdc2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_mdc2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_mdc2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_mdc2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_mdc2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_mdc2.o: ../cryptlib.h m_mdc2.c
+m_null.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_null.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_null.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_null.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_null.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_null.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_null.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_null.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_null.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_null.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_null.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_null.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_null.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_null.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_null.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_null.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_null.o: ../cryptlib.h m_null.c
+m_ripemd.o: ../../e_os.h ../../include/openssl/aes.h
+m_ripemd.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_ripemd.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+m_ripemd.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+m_ripemd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_ripemd.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+m_ripemd.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+m_ripemd.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_ripemd.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+m_ripemd.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+m_ripemd.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_ripemd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_ripemd.o: ../../include/openssl/opensslconf.h
+m_ripemd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_ripemd.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_ripemd.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_ripemd.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_ripemd.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_ripemd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_ripemd.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_ripemd.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_ripemd.o: ../cryptlib.h m_ripemd.c
+m_sha.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_sha.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_sha.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_sha.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_sha.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_sha.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_sha.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_sha.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_sha.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_sha.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_sha.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_sha.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_sha.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_sha.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_sha.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_sha.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_sha.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_sha.o: ../cryptlib.h m_sha.c
+m_sha1.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_sha1.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_sha1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_sha1.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_sha1.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_sha1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_sha1.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_sha1.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_sha1.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_sha1.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_sha1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_sha1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_sha1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_sha1.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_sha1.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_sha1.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_sha1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_sha1.o: ../cryptlib.h m_sha1.c
+names.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+names.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+names.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+names.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+names.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+names.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+names.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+names.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+names.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+names.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+names.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+names.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+names.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+names.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+names.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+names.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+names.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+names.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+names.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+names.o: ../cryptlib.h names.c
+p5_crpt.o: ../../e_os.h ../../include/openssl/aes.h
+p5_crpt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p5_crpt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p5_crpt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p5_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p5_crpt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p5_crpt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p5_crpt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p5_crpt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p5_crpt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p5_crpt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p5_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p5_crpt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p5_crpt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p5_crpt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p5_crpt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p5_crpt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p5_crpt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_crpt.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p5_crpt.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p5_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_crpt.c
+p5_crpt2.o: ../../e_os.h ../../include/openssl/aes.h
+p5_crpt2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p5_crpt2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p5_crpt2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p5_crpt2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p5_crpt2.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p5_crpt2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p5_crpt2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p5_crpt2.o: ../../include/openssl/hmac.h ../../include/openssl/idea.h
+p5_crpt2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p5_crpt2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p5_crpt2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p5_crpt2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p5_crpt2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p5_crpt2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p5_crpt2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p5_crpt2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p5_crpt2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p5_crpt2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p5_crpt2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p5_crpt2.o: ../cryptlib.h p5_crpt2.c
+p_dec.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p_dec.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p_dec.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_dec.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p_dec.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p_dec.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p_dec.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p_dec.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p_dec.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p_dec.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_dec.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p_dec.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p_dec.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p_dec.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_dec.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_dec.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p_dec.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p_dec.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_dec.c
+p_enc.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p_enc.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p_enc.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_enc.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p_enc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p_enc.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p_enc.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p_enc.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p_enc.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p_enc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p_enc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p_enc.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_enc.c
+p_lib.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+p_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_lib.c
+p_open.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p_open.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p_open.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_open.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p_open.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p_open.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_open.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p_open.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p_open.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p_open.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p_open.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p_open.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_open.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_open.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p_open.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p_open.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p_open.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_open.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_open.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p_open.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_open.o: ../cryptlib.h p_open.c
+p_seal.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p_seal.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p_seal.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_seal.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p_seal.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p_seal.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_seal.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p_seal.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p_seal.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p_seal.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p_seal.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p_seal.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p_seal.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p_seal.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_seal.c
+p_sign.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p_sign.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_sign.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p_sign.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p_sign.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p_sign.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_sign.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_sign.o: ../cryptlib.h p_sign.c
+p_verify.o: ../../e_os.h ../../include/openssl/aes.h
+p_verify.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_verify.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p_verify.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p_verify.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p_verify.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p_verify.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_verify.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p_verify.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p_verify.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_verify.o: ../../include/openssl/opensslconf.h
+p_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p_verify.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p_verify.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p_verify.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_verify.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_verify.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_verify.o: ../cryptlib.h p_verify.c
diff --git a/src/lib/libcrypto/evp/bio_b64.c b/src/lib/libcrypto/evp/bio_b64.c
index fa5cbc7eb1..33349c2f98 100644
--- a/src/lib/libcrypto/evp/bio_b64.c
+++ b/src/lib/libcrypto/evp/bio_b64.c
@@ -165,7 +165,7 @@ static int b64_read(BIO *b, char *out, int outl)
                {
                i=ctx->buf_len-ctx->buf_off;
                if (i > outl) i=outl;
-                OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf));
+                OPENSSL_assert(ctx->buf_off+i < sizeof ctx->buf);
                memcpy(out,&(ctx->buf[ctx->buf_off]),i);
                ret=i;
                out+=i;
diff --git a/src/lib/libcrypto/evp/bio_enc.c b/src/lib/libcrypto/evp/bio_enc.c
index f6ac94c6e1..b8cda1a9f0 100644
--- a/src/lib/libcrypto/evp/bio_enc.c
+++ b/src/lib/libcrypto/evp/bio_enc.c
@@ -405,8 +405,8 @@ EVP_CIPHER_ctx *c;
        }
 */
-void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
+void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, unsigned char *k,
-             const unsigned char *i, int e)
+             unsigned char *i, int e)
        {
        BIO_ENC_CTX *ctx;
diff --git a/src/lib/libcrypto/evp/bio_md.c b/src/lib/libcrypto/evp/bio_md.c
index d648ac6da6..f4aa41ac4b 100644
--- a/src/lib/libcrypto/evp/bio_md.c
+++ b/src/lib/libcrypto/evp/bio_md.c
@@ -153,7 +153,7 @@ static int md_write(BIO *b, const char *in, int inl)
                {
                if (ret > 0)
                        {
-                        EVP_DigestUpdate(ctx,(const unsigned char *)in,
+                        EVP_DigestUpdate(ctx,(unsigned char *)in,
                                (unsigned int)ret);
                        }
                }
@@ -192,13 +192,8 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
                        ret=0;
                break;
        case BIO_C_GET_MD_CTX:
-                if (b->init)
+                pctx=ptr;
-                        {
+                *pctx=ctx;
-                        pctx=ptr;
-                        *pctx=ctx;
-                        }
-                else
-                        ret=0;
                break;
        case BIO_C_SET_MD_CTX:
                if (b->init)
diff --git a/src/lib/libcrypto/evp/bio_ok.c b/src/lib/libcrypto/evp/bio_ok.c
new file mode 100644
index 0000000000..4e3f10141b
--- /dev/null
+++ b/src/lib/libcrypto/evp/bio_ok.c
@@ -0,0 +1,575 @@
+/* crypto/evp/bio_ok.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/*
+        From: Arne Ansper <arne@cyber.ee>
+        Why BIO_f_reliable?
+        I wrote function which took BIO* as argument, read data from it
+        and processed it. Then I wanted to store the input file in 
+        encrypted form. OK I pushed BIO_f_cipher to the BIO stack
+        and everything was OK. BUT if user types wrong password 
+        BIO_f_cipher outputs only garbage and my function crashes. Yes
+        I can and I should fix my function, but BIO_f_cipher is 
+        easy way to add encryption support to many existing applications
+        and it's hard to debug and fix them all. 
+        So I wanted another BIO which would catch the incorrect passwords and
+        file damages which cause garbage on BIO_f_cipher's output. 
+        The easy way is to push the BIO_f_md and save the checksum at 
+        the end of the file. However there are several problems with this
+        approach:
+        1) you must somehow separate checksum from actual data. 
+        2) you need lot's of memory when reading the file, because you 
+        must read to the end of the file and verify the checksum before
+        letting the application to read the data. 
+        
+        BIO_f_reliable tries to solve both problems, so that you can 
+        read and write arbitrary long streams using only fixed amount
+        of memory.
+        BIO_f_reliable splits data stream into blocks. Each block is prefixed
+        with it's length and suffixed with it's digest. So you need only 
+        several Kbytes of memory to buffer single block before verifying 
+        it's digest. 
+        BIO_f_reliable goes further and adds several important capabilities:
+        1) the digest of the block is computed over the whole stream 
+        -- so nobody can rearrange the blocks or remove or replace them.
+        2) to detect invalid passwords right at the start BIO_f_reliable 
+        adds special prefix to the stream. In order to avoid known plain-text
+        attacks this prefix is generated as follows:
+                *) digest is initialized with random seed instead of 
+                standardized one.
+                *) same seed is written to output
+                *) well-known text is then hashed and the output 
+                of the digest is also written to output.
+        reader can now read the seed from stream, hash the same string
+        and then compare the digest output.
+        Bad things: BIO_f_reliable knows what's going on in EVP_Digest. I 
+        initially wrote and tested this code on x86 machine and wrote the
+        digests out in machine-dependent order :( There are people using
+        this code and I cannot change this easily without making existing
+        data files unreadable.
+*/
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+static int ok_write(BIO *h, const char *buf, int num);
+static int ok_read(BIO *h, char *buf, int size);
+static long ok_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int ok_new(BIO *h);
+static int ok_free(BIO *data);
+static long ok_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+static void sig_out(BIO* b);
+static void sig_in(BIO* b);
+static void block_out(BIO* b);
+static void block_in(BIO* b);
+#define OK_BLOCK_SIZE   (1024*4)
+#define OK_BLOCK_BLOCK  4
+#define IOBS            (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE)
+#define WELLKNOWN "The quick brown fox jumped over the lazy dog's back."
+#ifndef L_ENDIAN
+#define swapem(x) \
+        ((unsigned long int)((((unsigned long int)(x) & 0x000000ffU) << 24) | \
+                             (((unsigned long int)(x) & 0x0000ff00U) <<  8) | \
+                             (((unsigned long int)(x) & 0x00ff0000U) >>  8) | \
+                             (((unsigned long int)(x) & 0xff000000U) >> 24)))
+#else
+#define swapem(x) (x)
+#endif
+typedef struct ok_struct
+        {
+        int buf_len;
+        int buf_off;
+        int buf_len_save;
+        int buf_off_save;
+        int cont;               /* <= 0 when finished */
+        int finished;
+        EVP_MD_CTX md;
+        int blockout;           /* output block is ready */ 
+        int sigio;              /* must process signature */
+        unsigned char buf[IOBS];
+        } BIO_OK_CTX;
+static BIO_METHOD methods_ok=
+        {
+        BIO_TYPE_CIPHER,"reliable",
+        ok_write,
+        ok_read,
+        NULL, /* ok_puts, */
+        NULL, /* ok_gets, */
+        ok_ctrl,
+        ok_new,
+        ok_free,
+        ok_callback_ctrl,
+        };
+BIO_METHOD *BIO_f_reliable(void)
+        {
+        return(&methods_ok);
+        }
+static int ok_new(BIO *bi)
+        {
+        BIO_OK_CTX *ctx;
+        ctx=(BIO_OK_CTX *)OPENSSL_malloc(sizeof(BIO_OK_CTX));
+        if (ctx == NULL) return(0);
+        ctx->buf_len=0;
+        ctx->buf_off=0;
+        ctx->buf_len_save=0;
+        ctx->buf_off_save=0;
+        ctx->cont=1;
+        ctx->finished=0;
+        ctx->blockout= 0;
+        ctx->sigio=1;
+        EVP_MD_CTX_init(&ctx->md);
+        bi->init=0;
+        bi->ptr=(char *)ctx;
+        bi->flags=0;
+        return(1);
+        }
+static int ok_free(BIO *a)
+        {
+        if (a == NULL) return(0);
+        EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md);
+        OPENSSL_cleanse(a->ptr,sizeof(BIO_OK_CTX));
+        OPENSSL_free(a->ptr);
+        a->ptr=NULL;
+        a->init=0;
+        a->flags=0;
+        return(1);
+        }
+        
+static int ok_read(BIO *b, char *out, int outl)
+        {
+        int ret=0,i,n;
+        BIO_OK_CTX *ctx;
+        if (out == NULL) return(0);
+        ctx=(BIO_OK_CTX *)b->ptr;
+        if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) return(0);
+        while(outl > 0)
+                {
+                /* copy clean bytes to output buffer */
+                if (ctx->blockout)
+                        {
+                        i=ctx->buf_len-ctx->buf_off;
+                        if (i > outl) i=outl;
+                        memcpy(out,&(ctx->buf[ctx->buf_off]),i);
+                        ret+=i;
+                        out+=i;
+                        outl-=i;
+                        ctx->buf_off+=i;
+                        /* all clean bytes are out */
+                        if (ctx->buf_len == ctx->buf_off)
+                                {
+                                ctx->buf_off=0;
+                                /* copy start of the next block into proper place */
+                                if(ctx->buf_len_save- ctx->buf_off_save > 0)
+                                        {
+                                        ctx->buf_len= ctx->buf_len_save- ctx->buf_off_save;
+                                        memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]),
+                                                        ctx->buf_len);
+                                        }
+                                else
+                                        {
+                                        ctx->buf_len=0;
+                                        }
+                                ctx->blockout= 0;
+                                }
+                        }
+        
+                /* output buffer full -- cancel */
+                if (outl == 0) break;
+                /* no clean bytes in buffer -- fill it */
+                n=IOBS- ctx->buf_len;
+                i=BIO_read(b->next_bio,&(ctx->buf[ctx->buf_len]),n);
+                if (i <= 0) break;      /* nothing new */
+                ctx->buf_len+= i;
+                /* no signature yet -- check if we got one */
+                if (ctx->sigio == 1) sig_in(b);
+                /* signature ok -- check if we got block */
+                if (ctx->sigio == 0) block_in(b);
+                /* invalid block -- cancel */
+                if (ctx->cont <= 0) break;
+                }
+        BIO_clear_retry_flags(b);
+        BIO_copy_next_retry(b);
+        return(ret);
+        }
+static int ok_write(BIO *b, const char *in, int inl)
+        {
+        int ret=0,n,i;
+        BIO_OK_CTX *ctx;
+        ctx=(BIO_OK_CTX *)b->ptr;
+        ret=inl;
+        if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) return(0);
+        if(ctx->sigio) sig_out(b);
+        do{
+                BIO_clear_retry_flags(b);
+                n=ctx->buf_len-ctx->buf_off;
+                while (ctx->blockout && n > 0)
+                        {
+                        i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
+                        if (i <= 0)
+                                {
+                                BIO_copy_next_retry(b);
+                                if(!BIO_should_retry(b))
+                                        ctx->cont= 0;
+                                return(i);
+                                }
+                        ctx->buf_off+=i;
+                        n-=i;
+                        }
+                /* at this point all pending data has been written */
+                ctx->blockout= 0;
+                if (ctx->buf_len == ctx->buf_off)
+                        {
+                        ctx->buf_len=OK_BLOCK_BLOCK;
+                        ctx->buf_off=0;
+                        }
+        
+                if ((in == NULL) || (inl <= 0)) return(0);
+                n= (inl+ ctx->buf_len > OK_BLOCK_SIZE+ OK_BLOCK_BLOCK) ? 
+                                OK_BLOCK_SIZE+ OK_BLOCK_BLOCK- ctx->buf_len : inl;
+                memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])),(unsigned char *)in,n);
+                ctx->buf_len+= n;
+                inl-=n;
+                in+=n;
+                if(ctx->buf_len >= OK_BLOCK_SIZE+ OK_BLOCK_BLOCK)
+                        {
+                        block_out(b);
+                        }
+        }while(inl > 0);
+        BIO_clear_retry_flags(b);
+        BIO_copy_next_retry(b);
+        return(ret);
+        }
+static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
+        {
+        BIO_OK_CTX *ctx;
+        EVP_MD *md;
+        const EVP_MD **ppmd;
+        long ret=1;
+        int i;
+        ctx=b->ptr;
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+                ctx->buf_len=0;
+                ctx->buf_off=0;
+                ctx->buf_len_save=0;
+                ctx->buf_off_save=0;
+                ctx->cont=1;
+                ctx->finished=0;
+                ctx->blockout= 0;
+                ctx->sigio=1;
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_EOF:      /* More to read */
+                if (ctx->cont <= 0)
+                        ret=1;
+                else
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_PENDING: /* More to read in buffer */
+        case BIO_CTRL_WPENDING: /* More to read in buffer */
+                ret=ctx->blockout ? ctx->buf_len-ctx->buf_off : 0;
+                if (ret <= 0)
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_FLUSH:
+                /* do a final write */
+                if(ctx->blockout == 0)
+                        block_out(b);
+                while (ctx->blockout)
+                        {
+                        i=ok_write(b,NULL,0);
+                        if (i < 0)
+                                {
+                                ret=i;
+                                break;
+                                }
+                        }
+                ctx->finished=1;
+                ctx->buf_off=ctx->buf_len=0;
+                ctx->cont=(int)ret;
+                
+                /* Finally flush the underlying BIO */
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_C_DO_STATE_MACHINE:
+                BIO_clear_retry_flags(b);
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                BIO_copy_next_retry(b);
+                break;
+        case BIO_CTRL_INFO:
+                ret=(long)ctx->cont;
+                break;
+        case BIO_C_SET_MD:
+                md=ptr;
+                EVP_DigestInit_ex(&ctx->md, md, NULL);
+                b->init=1;
+                break;
+        case BIO_C_GET_MD:
+                if (b->init)
+                        {
+                        ppmd=ptr;
+                        *ppmd=ctx->md.digest;
+                        }
+                else
+                        ret=0;
+                break;
+        default:
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+                }
+        return(ret);
+        }
+static long ok_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+        {
+        long ret=1;
+        if (b->next_bio == NULL) return(0);
+        switch (cmd)
+                {
+        default:
+                ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
+                break;
+                }
+        return(ret);
+        }
+static void longswap(void *_ptr, int len)
+{
+#ifndef L_ENDIAN
+        int i;
+        char *ptr=_ptr;
+        for(i= 0;i < len;i+= 4){
+                *((unsigned long *)&(ptr[i]))= swapem(*((unsigned long *)&(ptr[i])));
+        }
+#endif
+}
+static void sig_out(BIO* b)
+        {
+        BIO_OK_CTX *ctx;
+        EVP_MD_CTX *md;
+        ctx=b->ptr;
+        md=&ctx->md;
+        if(ctx->buf_len+ 2* md->digest->md_size > OK_BLOCK_SIZE) return;
+        EVP_DigestInit_ex(md, md->digest, NULL);
+        /* FIXME: there's absolutely no guarantee this makes any sense at all,
+         * particularly now EVP_MD_CTX has been restructured.
+         */
+        RAND_pseudo_bytes(md->md_data, md->digest->md_size);
+        memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size);
+        longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
+        ctx->buf_len+= md->digest->md_size;
+        EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN));
+        EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL);
+        ctx->buf_len+= md->digest->md_size;
+        ctx->blockout= 1;
+        ctx->sigio= 0;
+        }
+static void sig_in(BIO* b)
+        {
+        BIO_OK_CTX *ctx;
+        EVP_MD_CTX *md;
+        unsigned char tmp[EVP_MAX_MD_SIZE];
+        int ret= 0;
+        ctx=b->ptr;
+        md=&ctx->md;
+        if(ctx->buf_len- ctx->buf_off < 2* md->digest->md_size) return;
+        EVP_DigestInit_ex(md, md->digest, NULL);
+        memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size);
+        longswap(md->md_data, md->digest->md_size);
+        ctx->buf_off+= md->digest->md_size;
+        EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN));
+        EVP_DigestFinal_ex(md, tmp, NULL);
+        ret= memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0;
+        ctx->buf_off+= md->digest->md_size;
+        if(ret == 1)
+                {
+                ctx->sigio= 0;
+                if(ctx->buf_len != ctx->buf_off)
+                        {
+                        memmove(ctx->buf, &(ctx->buf[ctx->buf_off]), ctx->buf_len- ctx->buf_off);
+                        }
+                ctx->buf_len-= ctx->buf_off;
+                ctx->buf_off= 0;
+                }
+        else
+                {
+                ctx->cont= 0;
+                }
+        }
+static void block_out(BIO* b)
+        {
+        BIO_OK_CTX *ctx;
+        EVP_MD_CTX *md;
+        unsigned long tl;
+        ctx=b->ptr;
+        md=&ctx->md;
+        tl= ctx->buf_len- OK_BLOCK_BLOCK;
+        tl= swapem(tl);
+        memcpy(ctx->buf, &tl, OK_BLOCK_BLOCK);
+        tl= swapem(tl);
+        EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl);
+        EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL);
+        ctx->buf_len+= md->digest->md_size;
+        ctx->blockout= 1;
+        }
+static void block_in(BIO* b)
+        {
+        BIO_OK_CTX *ctx;
+        EVP_MD_CTX *md;
+        long tl= 0;
+        unsigned char tmp[EVP_MAX_MD_SIZE];
+        ctx=b->ptr;
+        md=&ctx->md;
+        memcpy(&tl, ctx->buf, OK_BLOCK_BLOCK);
+        tl= swapem(tl);
+        if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return;
+ 
+        EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl);
+        EVP_DigestFinal_ex(md, tmp, NULL);
+        if(memcmp(&(ctx->buf[tl+ OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == 0)
+                {
+                /* there might be parts from next block lurking around ! */
+                ctx->buf_off_save= tl+ OK_BLOCK_BLOCK+ md->digest->md_size;
+                ctx->buf_len_save= ctx->buf_len;
+                ctx->buf_off= OK_BLOCK_BLOCK;
+                ctx->buf_len= tl+ OK_BLOCK_BLOCK;
+                ctx->blockout= 1;
+                }
+        else
+                {
+                ctx->cont= 0;
+                }
+        }
diff --git a/src/lib/libcrypto/evp/c_all.c b/src/lib/libcrypto/evp/c_all.c
index a5da52e62d..fa60a73ead 100644
--- a/src/lib/libcrypto/evp/c_all.c
+++ b/src/lib/libcrypto/evp/c_all.c
@@ -74,12 +74,6 @@ void OpenSSL_add_all_algorithms(void)
 void OPENSSL_add_all_algorithms_noconf(void)
        {
-        /*
-         * For the moment OPENSSL_cpuid_setup does something
-         * only on IA-32, but we reserve the option for all
-         * platforms...
-         */
-        OPENSSL_cpuid_setup();
        OpenSSL_add_all_ciphers();
        OpenSSL_add_all_digests();
 #ifndef OPENSSL_NO_ENGINE
diff --git a/src/lib/libcrypto/evp/c_allc.c b/src/lib/libcrypto/evp/c_allc.c
new file mode 100644
index 0000000000..fc96812365
--- /dev/null
+++ b/src/lib/libcrypto/evp/c_allc.c
@@ -0,0 +1,188 @@
+/* crypto/evp/c_allc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/pkcs12.h>
+#include <openssl/objects.h>
+void OpenSSL_add_all_ciphers(void)
+        {
+#ifndef OPENSSL_NO_DES
+        EVP_add_cipher(EVP_des_cfb());
+        EVP_add_cipher(EVP_des_cfb1());
+        EVP_add_cipher(EVP_des_cfb8());
+        EVP_add_cipher(EVP_des_ede_cfb());
+        EVP_add_cipher(EVP_des_ede3_cfb());
+        EVP_add_cipher(EVP_des_ofb());
+        EVP_add_cipher(EVP_des_ede_ofb());
+        EVP_add_cipher(EVP_des_ede3_ofb());
+        EVP_add_cipher(EVP_desx_cbc());
+        EVP_add_cipher_alias(SN_desx_cbc,"DESX");
+        EVP_add_cipher_alias(SN_desx_cbc,"desx");
+        EVP_add_cipher(EVP_des_cbc());
+        EVP_add_cipher_alias(SN_des_cbc,"DES");
+        EVP_add_cipher_alias(SN_des_cbc,"des");
+        EVP_add_cipher(EVP_des_ede_cbc());
+        EVP_add_cipher(EVP_des_ede3_cbc());
+        EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3");
+        EVP_add_cipher_alias(SN_des_ede3_cbc,"des3");
+        EVP_add_cipher(EVP_des_ecb());
+        EVP_add_cipher(EVP_des_ede());
+        EVP_add_cipher(EVP_des_ede3());
+#endif
+#ifndef OPENSSL_NO_RC4
+        EVP_add_cipher(EVP_rc4());
+        EVP_add_cipher(EVP_rc4_40());
+#endif
+#ifndef OPENSSL_NO_IDEA
+        EVP_add_cipher(EVP_idea_ecb());
+        EVP_add_cipher(EVP_idea_cfb());
+        EVP_add_cipher(EVP_idea_ofb());
+        EVP_add_cipher(EVP_idea_cbc());
+        EVP_add_cipher_alias(SN_idea_cbc,"IDEA");
+        EVP_add_cipher_alias(SN_idea_cbc,"idea");
+#endif
+#ifndef OPENSSL_NO_RC2
+        EVP_add_cipher(EVP_rc2_ecb());
+        EVP_add_cipher(EVP_rc2_cfb());
+        EVP_add_cipher(EVP_rc2_ofb());
+        EVP_add_cipher(EVP_rc2_cbc());
+        EVP_add_cipher(EVP_rc2_40_cbc());
+        EVP_add_cipher(EVP_rc2_64_cbc());
+        EVP_add_cipher_alias(SN_rc2_cbc,"RC2");
+        EVP_add_cipher_alias(SN_rc2_cbc,"rc2");
+#endif
+#ifndef OPENSSL_NO_BF
+        EVP_add_cipher(EVP_bf_ecb());
+        EVP_add_cipher(EVP_bf_cfb());
+        EVP_add_cipher(EVP_bf_ofb());
+        EVP_add_cipher(EVP_bf_cbc());
+        EVP_add_cipher_alias(SN_bf_cbc,"BF");
+        EVP_add_cipher_alias(SN_bf_cbc,"bf");
+        EVP_add_cipher_alias(SN_bf_cbc,"blowfish");
+#endif
+#ifndef OPENSSL_NO_CAST
+        EVP_add_cipher(EVP_cast5_ecb());
+        EVP_add_cipher(EVP_cast5_cfb());
+        EVP_add_cipher(EVP_cast5_ofb());
+        EVP_add_cipher(EVP_cast5_cbc());
+        EVP_add_cipher_alias(SN_cast5_cbc,"CAST");
+        EVP_add_cipher_alias(SN_cast5_cbc,"cast");
+        EVP_add_cipher_alias(SN_cast5_cbc,"CAST-cbc");
+        EVP_add_cipher_alias(SN_cast5_cbc,"cast-cbc");
+#endif
+#ifndef OPENSSL_NO_RC5
+        EVP_add_cipher(EVP_rc5_32_12_16_ecb());
+        EVP_add_cipher(EVP_rc5_32_12_16_cfb());
+        EVP_add_cipher(EVP_rc5_32_12_16_ofb());
+        EVP_add_cipher(EVP_rc5_32_12_16_cbc());
+        EVP_add_cipher_alias(SN_rc5_cbc,"rc5");
+        EVP_add_cipher_alias(SN_rc5_cbc,"RC5");
+#endif
+#ifndef OPENSSL_NO_AES
+        EVP_add_cipher(EVP_aes_128_ecb());
+        EVP_add_cipher(EVP_aes_128_cbc());
+        EVP_add_cipher(EVP_aes_128_cfb());
+        EVP_add_cipher(EVP_aes_128_cfb1());
+        EVP_add_cipher(EVP_aes_128_cfb8());
+        EVP_add_cipher(EVP_aes_128_ofb());
+#if 0
+        EVP_add_cipher(EVP_aes_128_ctr());
+#endif
+        EVP_add_cipher_alias(SN_aes_128_cbc,"AES128");
+        EVP_add_cipher_alias(SN_aes_128_cbc,"aes128");
+        EVP_add_cipher(EVP_aes_192_ecb());
+        EVP_add_cipher(EVP_aes_192_cbc());
+        EVP_add_cipher(EVP_aes_192_cfb());
+        EVP_add_cipher(EVP_aes_192_cfb1());
+        EVP_add_cipher(EVP_aes_192_cfb8());
+        EVP_add_cipher(EVP_aes_192_ofb());
+#if 0
+        EVP_add_cipher(EVP_aes_192_ctr());
+#endif
+        EVP_add_cipher_alias(SN_aes_192_cbc,"AES192");
+        EVP_add_cipher_alias(SN_aes_192_cbc,"aes192");
+        EVP_add_cipher(EVP_aes_256_ecb());
+        EVP_add_cipher(EVP_aes_256_cbc());
+        EVP_add_cipher(EVP_aes_256_cfb());
+        EVP_add_cipher(EVP_aes_256_cfb1());
+        EVP_add_cipher(EVP_aes_256_cfb8());
+        EVP_add_cipher(EVP_aes_256_ofb());
+#if 0
+        EVP_add_cipher(EVP_aes_256_ctr());
+#endif
+        EVP_add_cipher_alias(SN_aes_256_cbc,"AES256");
+        EVP_add_cipher_alias(SN_aes_256_cbc,"aes256");
+#endif
+        PKCS12_PBE_add();
+        PKCS5_PBE_add();
+        }
diff --git a/src/lib/libcrypto/evp/c_alld.c b/src/lib/libcrypto/evp/c_alld.c
new file mode 100644
index 0000000000..929ea56a3e
--- /dev/null
+++ b/src/lib/libcrypto/evp/c_alld.c
@@ -0,0 +1,113 @@
+/* crypto/evp/c_alld.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/pkcs12.h>
+#include <openssl/objects.h>
+void OpenSSL_add_all_digests(void)
+        {
+#ifndef OPENSSL_NO_MD2
+        EVP_add_digest(EVP_md2());
+#endif
+#ifndef OPENSSL_NO_MD4
+        EVP_add_digest(EVP_md4());
+#endif
+#ifndef OPENSSL_NO_MD5
+        EVP_add_digest(EVP_md5());
+        EVP_add_digest_alias(SN_md5,"ssl2-md5");
+        EVP_add_digest_alias(SN_md5,"ssl3-md5");
+#endif
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
+        EVP_add_digest(EVP_sha());
+#ifndef OPENSSL_NO_DSA
+        EVP_add_digest(EVP_dss());
+#endif
+#endif
+#ifndef OPENSSL_NO_SHA
+        EVP_add_digest(EVP_sha1());
+        EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
+        EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
+#ifndef OPENSSL_NO_DSA
+        EVP_add_digest(EVP_dss1());
+        EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
+        EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
+        EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
+#endif
+#endif
+#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
+        EVP_add_digest(EVP_mdc2());
+#endif
+#ifndef OPENSSL_NO_RIPEMD
+        EVP_add_digest(EVP_ripemd160());
+        EVP_add_digest_alias(SN_ripemd160,"ripemd");
+        EVP_add_digest_alias(SN_ripemd160,"rmd160");
+#endif
+#ifdef OPENSSL_FIPS
+#ifndef OPENSSL_NO_SHA256
+        EVP_add_digest(EVP_sha224());
+        EVP_add_digest(EVP_sha256());
+#endif
+#ifndef OPENSSL_NO_SHA512
+        EVP_add_digest(EVP_sha384());
+        EVP_add_digest(EVP_sha512());
+#endif
+#endif
+        }
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c
index 762e6d3450..f21c63842c 100644
--- a/src/lib/libcrypto/evp/digest.c
+++ b/src/lib/libcrypto/evp/digest.c
@@ -137,6 +137,39 @@ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
        return EVP_DigestInit_ex(ctx, type, NULL);
        }
+#ifdef OPENSSL_FIPS
+/* The purpose of these is to trap programs that attempt to use non FIPS
+ * algorithms in FIPS mode and ignore the errors.
+ */
+static int bad_init(EVP_MD_CTX *ctx)
+        { FIPS_ERROR_IGNORED("Digest init"); return 0;}
+static int bad_update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+        { FIPS_ERROR_IGNORED("Digest update"); return 0;}
+static int bad_final(EVP_MD_CTX *ctx,unsigned char *md)
+        { FIPS_ERROR_IGNORED("Digest Final"); return 0;}
+static const EVP_MD bad_md =
+        {
+        0,
+        0,
+        0,
+        0,
+        bad_init,
+        bad_update,
+        bad_final,
+        NULL,
+        NULL,
+        NULL,
+        0,
+        {0,0,0,0},
+        };
+#endif
 int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
        {
        EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
@@ -159,7 +192,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
                        {
                        if (!ENGINE_init(impl))
                                {
-                                EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR);
+                                EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR);
                                return 0;
                                }
                        }
@@ -173,7 +206,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
                        if(!d)
                                {
                                /* Same comment from evp_enc.c */
-                                EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_INITIALIZATION_ERROR);
+                                EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR);
                                return 0;
                                }
                        /* We'll use the ENGINE's private digest definition */
@@ -189,12 +222,24 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
        else
        if(!ctx->digest)
                {
-                EVPerr(EVP_F_EVP_DIGESTINIT_EX,EVP_R_NO_DIGEST_SET);
+                EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET);
                return 0;
                }
 #endif
        if (ctx->digest != type)
                {
+#ifdef OPENSSL_FIPS
+                if (FIPS_mode())
+                        {
+                        if (!(type->flags & EVP_MD_FLAG_FIPS) 
+                         && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))
+                                {
+                                EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_DISABLED_FOR_FIPS);
+                                ctx->digest = &bad_md;
+                                return 0;
+                                }
+                        }
+#endif
                if (ctx->digest && ctx->digest->ctx_size)
                        OPENSSL_free(ctx->md_data);
                ctx->digest=type;
@@ -208,9 +253,9 @@ skip_to_init:
        }
 int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data,
-             size_t count)
+             unsigned int count)
        {
-        return ctx->digest->update(ctx,data,count);
+        return ctx->digest->update(ctx,data,(unsigned long)count);
        }
 /* The caller can assume that this removes any secret data from the context */
@@ -251,14 +296,14 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
        unsigned char *tmp_buf;
        if ((in == NULL) || (in->digest == NULL))
                {
-                EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,EVP_R_INPUT_NOT_INITIALIZED);
+                EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
                return 0;
                }
 #ifndef OPENSSL_NO_ENGINE
        /* Make sure it's safe to copy a digest context using an ENGINE */
        if (in->engine && !ENGINE_init(in->engine))
                {
-                EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_ENGINE_LIB);
+                EVPerr(EVP_F_EVP_MD_CTX_COPY,ERR_R_ENGINE_LIB);
                return 0;
                }
 #endif
@@ -285,7 +330,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
        return 1;
        }
-int EVP_Digest(const void *data, size_t count,
+int EVP_Digest(void *data, unsigned int count,
                unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl)
        {
        EVP_MD_CTX ctx;
diff --git a/src/lib/libcrypto/evp/e_acss.c b/src/lib/libcrypto/evp/e_acss.c
new file mode 100644
index 0000000000..a16b85c627
--- /dev/null
+++ b/src/lib/libcrypto/evp/e_acss.c
@@ -0,0 +1,85 @@
+/*      $Id: e_acss.c,v 1.2 2004/02/13 10:05:44 hshoexer Exp $  */
+/*
+ * Copyright (c) 2004 The OpenBSD project
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#ifndef OPENSSL_NO_ACSS
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "evp_locl.h"
+#include <openssl/acss.h>
+typedef struct {
+    ACSS_KEY ks;
+} EVP_ACSS_KEY;
+#define data(ctx) EVP_C_DATA(EVP_ACSS_KEY,ctx)
+static int acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                const unsigned char *iv, int enc);
+static int acss_ciph(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                const unsigned char *in, unsigned int inl);
+static int acss_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
+static const EVP_CIPHER acss_cipher = {
+        NID_undef,
+        1,5,0,
+        0,
+        acss_init_key,
+        acss_ciph,
+        NULL,
+        sizeof(EVP_ACSS_KEY),
+        NULL,
+        NULL,
+        acss_ctrl,
+        NULL
+};
+const
+EVP_CIPHER *EVP_acss(void)
+{
+        return(&acss_cipher);
+}
+static int
+acss_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                const unsigned char *iv, int enc)
+{
+        acss_setkey(&data(ctx)->ks,key,enc,ACSS_MODE1);
+        return 1;
+}
+static int
+acss_ciph(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
+                unsigned int inl)
+{
+        acss(&data(ctx)->ks,inl,in,out);
+        return 1;
+}
+static int
+acss_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+{
+        switch(type) {
+        case EVP_CTRL_SET_ACSS_MODE:
+                data(ctx)->ks.mode = arg;
+                return 1;
+        default:
+                return -1;
+        }
+}
+#endif
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c
index bd6c0a3a62..7b67984fa1 100644
--- a/src/lib/libcrypto/evp/e_aes.c
+++ b/src/lib/libcrypto/evp/e_aes.c
@@ -48,12 +48,10 @@
 *
 */
-#include <openssl/opensslconf.h>
 #ifndef OPENSSL_NO_AES
 #include <openssl/evp.h>
 #include <openssl/err.h>
 #include <string.h>
-#include <assert.h>
 #include <openssl/aes.h>
 #include "evp_locl.h"
@@ -69,32 +67,32 @@ typedef struct
 IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY,
                       NID_aes_128, 16, 16, 16, 128,
-                       0, aes_init_key, NULL, 
+                       EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, 
                       EVP_CIPHER_set_asn1_iv,
                       EVP_CIPHER_get_asn1_iv,
                       NULL)
 IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY,
                       NID_aes_192, 16, 24, 16, 128,
-                       0, aes_init_key, NULL, 
+                       EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, 
                       EVP_CIPHER_set_asn1_iv,
                       EVP_CIPHER_get_asn1_iv,
                       NULL)
 IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,
                       NID_aes_256, 16, 32, 16, 128,
-                       0, aes_init_key, NULL, 
+                       EVP_CIPH_FLAG_FIPS, aes_init_key, NULL, 
                       EVP_CIPHER_set_asn1_iv,
                       EVP_CIPHER_get_asn1_iv,
                       NULL)
-#define IMPLEMENT_AES_CFBR(ksize,cbits) IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16)
+#define IMPLEMENT_AES_CFBR(ksize,cbits,flags)   IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags)
-IMPLEMENT_AES_CFBR(128,1)
+IMPLEMENT_AES_CFBR(128,1,EVP_CIPH_FLAG_FIPS)
-IMPLEMENT_AES_CFBR(192,1)
+IMPLEMENT_AES_CFBR(192,1,EVP_CIPH_FLAG_FIPS)
-IMPLEMENT_AES_CFBR(256,1)
+IMPLEMENT_AES_CFBR(256,1,EVP_CIPH_FLAG_FIPS)
-IMPLEMENT_AES_CFBR(128,8)
+IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS)
-IMPLEMENT_AES_CFBR(192,8)
+IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS)
-IMPLEMENT_AES_CFBR(256,8)
+IMPLEMENT_AES_CFBR(256,8,EVP_CIPH_FLAG_FIPS)
 static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                   const unsigned char *iv, int enc)
diff --git a/src/lib/libcrypto/evp/e_bf.c b/src/lib/libcrypto/evp/e_bf.c
index cc224e5363..e74337567b 100644
--- a/src/lib/libcrypto/evp/e_bf.c
+++ b/src/lib/libcrypto/evp/e_bf.c
@@ -56,9 +56,9 @@
 * [including the GNU Public Licence.]
 */
+#ifndef OPENSSL_NO_BF
 #include <stdio.h>
 #include "cryptlib.h"
-#ifndef OPENSSL_NO_BF
 #include <openssl/evp.h>
 #include "evp_locl.h"
 #include <openssl/objects.h>
diff --git a/src/lib/libcrypto/evp/e_cast.c b/src/lib/libcrypto/evp/e_cast.c
index d77bcd9298..3400fef187 100644
--- a/src/lib/libcrypto/evp/e_cast.c
+++ b/src/lib/libcrypto/evp/e_cast.c
@@ -56,10 +56,10 @@
 * [including the GNU Public Licence.]
 */
+#ifndef OPENSSL_NO_CAST
 #include <stdio.h>
 #include "cryptlib.h"
-#ifndef OPENSSL_NO_CAST
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include "evp_locl.h"
diff --git a/src/lib/libcrypto/evp/e_des.c b/src/lib/libcrypto/evp/e_des.c
index 856323648c..46e2899825 100644
--- a/src/lib/libcrypto/evp/e_des.c
+++ b/src/lib/libcrypto/evp/e_des.c
@@ -63,11 +63,9 @@
 #include <openssl/objects.h>
 #include "evp_locl.h"
 #include <openssl/des.h>
-#include <openssl/rand.h>
 static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                        const unsigned char *iv, int enc);
-static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
 /* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */
@@ -129,48 +127,28 @@ static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
    }
 BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64,
-                        EVP_CIPH_RAND_KEY, des_init_key, NULL,
+                        EVP_CIPH_FLAG_FIPS, des_init_key, NULL,
                        EVP_CIPHER_set_asn1_iv,
                        EVP_CIPHER_get_asn1_iv,
-                        des_ctrl)
+                        NULL)
 BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1,
-                     EVP_CIPH_RAND_KEY, des_init_key,NULL,
+                     EVP_CIPH_FLAG_FIPS,des_init_key,NULL,
                     EVP_CIPHER_set_asn1_iv,
-                     EVP_CIPHER_get_asn1_iv,des_ctrl)
+                     EVP_CIPHER_get_asn1_iv,NULL)
 BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8,
-                     EVP_CIPH_RAND_KEY,des_init_key,NULL,
+                     EVP_CIPH_FLAG_FIPS,des_init_key,NULL,
                     EVP_CIPHER_set_asn1_iv,
-                     EVP_CIPHER_get_asn1_iv,des_ctrl)
+                     EVP_CIPHER_get_asn1_iv,NULL)
 static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                        const unsigned char *iv, int enc)
        {
        DES_cblock *deskey = (DES_cblock *)key;
-#ifdef EVP_CHECK_DES_KEY
-        if(DES_set_key_checked(deskey,ctx->cipher_data) != 0)
-                return 0;
-#else
        DES_set_key_unchecked(deskey,ctx->cipher_data);
-#endif
        return 1;
        }
-static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
-        {
-        
-        switch(type)
-                {
-        case EVP_CTRL_RAND_KEY:
-                if (RAND_bytes(ptr, 8) <= 0)
-                        return 0;
-                DES_set_odd_parity((DES_cblock *)ptr);
-                return 1;
-        default:
-                return -1;
-                }
-        }
 #endif
diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c
index ac148efab2..677322bf02 100644
--- a/src/lib/libcrypto/evp/e_des3.c
+++ b/src/lib/libcrypto/evp/e_des3.c
@@ -63,7 +63,6 @@
 #include <openssl/objects.h>
 #include "evp_locl.h"
 #include <openssl/des.h>
-#include <openssl/rand.h>
 static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                            const unsigned char *iv,int enc);
@@ -71,8 +70,6 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                             const unsigned char *iv,int enc);
-static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
 typedef struct
    {
    DES_key_schedule ks1;/* key schedule */
@@ -88,8 +85,7 @@ static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                              const unsigned char *in, unsigned int inl)
 {
        BLOCK_CIPHER_ecb_loop()
-                DES_ecb3_encrypt((const_DES_cblock *)(in + i),
+                DES_ecb3_encrypt(in + i,out + i, 
-                                 (DES_cblock *)(out + i),
                                 &data(ctx)->ks1, &data(ctx)->ks2,
                                 &data(ctx)->ks3,
                                 ctx->encrypt);
@@ -164,10 +160,10 @@ static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
    }
 BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
-                        EVP_CIPH_RAND_KEY, des_ede_init_key, NULL, 
+                        EVP_CIPH_FLAG_FIPS, des_ede_init_key, NULL, 
                        EVP_CIPHER_set_asn1_iv,
                        EVP_CIPHER_get_asn1_iv,
-                        des3_ctrl)
+                        NULL)
 #define des_ede3_cfb64_cipher des_ede_cfb64_cipher
 #define des_ede3_ofb_cipher des_ede_ofb_cipher
@@ -175,35 +171,28 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
 #define des_ede3_ecb_cipher des_ede_ecb_cipher
 BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
-                        EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, 
+                        EVP_CIPH_FLAG_FIPS, des_ede3_init_key, NULL, 
                        EVP_CIPHER_set_asn1_iv,
                        EVP_CIPHER_get_asn1_iv,
-                        des3_ctrl)
+                        NULL)
 BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,
-                     EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
+                     EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL,
                     EVP_CIPHER_set_asn1_iv,
-                     EVP_CIPHER_get_asn1_iv,
+                     EVP_CIPHER_get_asn1_iv,NULL)
-                     des3_ctrl)
 BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,
-                     EVP_CIPH_RAND_KEY, des_ede3_init_key,NULL,
+                     EVP_CIPH_FLAG_FIPS, des_ede3_init_key,NULL,
                     EVP_CIPHER_set_asn1_iv,
-                     EVP_CIPHER_get_asn1_iv,
+                     EVP_CIPHER_get_asn1_iv,NULL)
-                     des3_ctrl)
 static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                            const unsigned char *iv, int enc)
        {
        DES_cblock *deskey = (DES_cblock *)key;
-#ifdef EVP_CHECK_DES_KEY
-        if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1)
-                !! DES_set_key_checked(&deskey[1],&data(ctx)->ks2))
-                return 0;
-#else
        DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);
        DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);
-#endif
        memcpy(&data(ctx)->ks3,&data(ctx)->ks1,
               sizeof(data(ctx)->ks1));
        return 1;
@@ -224,39 +213,11 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        }
 #endif  /* KSSL_DEBUG */
-#ifdef EVP_CHECK_DES_KEY
-        if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1)
-                || DES_set_key_checked(&deskey[1],&data(ctx)->ks2)
-                || DES_set_key_checked(&deskey[2],&data(ctx)->ks3))
-                return 0;
-#else
        DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);
        DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);
        DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3);
-#endif
-        return 1;
-        }
-static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+        return 1;
-        {
-        DES_cblock *deskey = ptr;
-        switch(type)
-                {
-        case EVP_CTRL_RAND_KEY:
-                if (RAND_bytes(ptr, c->key_len) <= 0)
-                        return 0;
-                DES_set_odd_parity(deskey);
-                if (c->key_len >= 16)
-                        DES_set_odd_parity(deskey + 1);
-                if (c->key_len >= 24)
-                        DES_set_odd_parity(deskey + 2);
-                return 1;
-        default:
-                return -1;
-                }
        }
 const EVP_CIPHER *EVP_des_ede(void)
diff --git a/src/lib/libcrypto/evp/e_dsa.c b/src/lib/libcrypto/evp/e_dsa.c
new file mode 100644
index 0000000000..b96f2738b3
--- /dev/null
+++ b/src/lib/libcrypto/evp/e_dsa.c
@@ -0,0 +1,71 @@
+/* crypto/evp/e_dsa.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+static EVP_PKEY_METHOD dss_method=
+        {
+        DSA_sign,
+        DSA_verify,
+        {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3,NULL},
+        };
diff --git a/src/lib/libcrypto/evp/e_idea.c b/src/lib/libcrypto/evp/e_idea.c
index 48c33a774a..b9efa75ae7 100644
--- a/src/lib/libcrypto/evp/e_idea.c
+++ b/src/lib/libcrypto/evp/e_idea.c
@@ -56,10 +56,10 @@
 * [including the GNU Public Licence.]
 */
+#ifndef OPENSSL_NO_IDEA
 #include <stdio.h>
 #include "cryptlib.h"
-#ifndef OPENSSL_NO_IDEA
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include "evp_locl.h"
diff --git a/src/lib/libcrypto/evp/e_null.c b/src/lib/libcrypto/evp/e_null.c
index 5205259f18..a84b0f14b1 100644
--- a/src/lib/libcrypto/evp/e_null.c
+++ b/src/lib/libcrypto/evp/e_null.c
@@ -69,14 +69,13 @@ static const EVP_CIPHER n_cipher=
        {
        NID_undef,
        1,0,0,
-        0,
+        EVP_CIPH_FLAG_FIPS,
        null_init_key,
        null_cipher,
        NULL,
        0,
        NULL,
        NULL,
-        NULL,
        NULL
        };
@@ -96,7 +95,7 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             const unsigned char *in, unsigned int inl)
        {
        if (in != out)
-                memcpy((char *)out,(const char *)in,(size_t)inl);
+                memcpy((char *)out,(char *)in,(int)inl);
        return 1;
        }
diff --git a/src/lib/libcrypto/evp/e_rc2.c b/src/lib/libcrypto/evp/e_rc2.c
index d37726ffae..d42cbfd17e 100644
--- a/src/lib/libcrypto/evp/e_rc2.c
+++ b/src/lib/libcrypto/evp/e_rc2.c
@@ -56,11 +56,10 @@
 * [including the GNU Public Licence.]
 */
-#include <stdio.h>
-#include "cryptlib.h"
 #ifndef OPENSSL_NO_RC2
+#include <stdio.h>
+#include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include "evp_locl.h"
@@ -168,17 +167,16 @@ static int rc2_magic_to_meth(int i)
 static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
        {
        long num=0;
-        int i=0;
+        int i=0,l;
        int key_bits;
-        unsigned int l;
        unsigned char iv[EVP_MAX_IV_LENGTH];
        if (type != NULL)
                {
                l=EVP_CIPHER_CTX_iv_length(c);
-                OPENSSL_assert(l <= sizeof(iv));
+                OPENSSL_assert(l <= sizeof iv);
                i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l);
-                if (i != (int)l)
+                if (i != l)
                        return(-1);
                key_bits =rc2_magic_to_meth((int)num);
                if (!key_bits)
diff --git a/src/lib/libcrypto/evp/e_rc4.c b/src/lib/libcrypto/evp/e_rc4.c
index 67af850bea..8aa70585b9 100644
--- a/src/lib/libcrypto/evp/e_rc4.c
+++ b/src/lib/libcrypto/evp/e_rc4.c
@@ -56,13 +56,13 @@
 * [including the GNU Public Licence.]
 */
-#include <stdio.h>
-#include "cryptlib.h"
 #ifndef OPENSSL_NO_RC4
+#include <stdio.h>
+#include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
+#include "evp_locl.h"
 #include <openssl/rc4.h>
 /* FIXME: surely this is available elsewhere? */
@@ -90,7 +90,6 @@ static const EVP_CIPHER r4_cipher=
        sizeof(EVP_RC4_KEY),
        NULL,
        NULL,
-        NULL,
        NULL
        };
@@ -105,7 +104,6 @@ static const EVP_CIPHER r4_40_cipher=
        sizeof(EVP_RC4_KEY),
        NULL, 
        NULL,
-        NULL,
        NULL
        };
diff --git a/src/lib/libcrypto/evp/e_rc5.c b/src/lib/libcrypto/evp/e_rc5.c
new file mode 100644
index 0000000000..3c7713b181
--- /dev/null
+++ b/src/lib/libcrypto/evp/e_rc5.c
@@ -0,0 +1,125 @@
+/* crypto/evp/e_rc5.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef OPENSSL_NO_RC5
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "evp_locl.h"
+#include <openssl/rc5.h>
+static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                               const unsigned char *iv,int enc);
+static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
+typedef struct
+        {
+        int rounds;     /* number of rounds */
+        RC5_32_KEY ks;  /* key schedule */
+        } EVP_RC5_KEY;
+#define data(ctx)       EVP_C_DATA(EVP_RC5_KEY,ctx)
+IMPLEMENT_BLOCK_CIPHER(rc5_32_12_16, ks, RC5_32, EVP_RC5_KEY, NID_rc5,
+                       8, RC5_32_KEY_LENGTH, 8, 64,
+                       EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+                       r_32_12_16_init_key, NULL,
+                       NULL, NULL, rc5_ctrl)
+static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+        {
+        switch(type)
+                {
+        case EVP_CTRL_INIT:
+                data(c)->rounds = RC5_12_ROUNDS;
+                return 1;
+        case EVP_CTRL_GET_RC5_ROUNDS:
+                *(int *)ptr = data(c)->rounds;
+                return 1;
+                        
+        case EVP_CTRL_SET_RC5_ROUNDS:
+                switch(arg)
+                        {
+                case RC5_8_ROUNDS:
+                case RC5_12_ROUNDS:
+                case RC5_16_ROUNDS:
+                        data(c)->rounds = arg;
+                        return 1;
+                default:
+                        EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
+                        return 0;
+                        }
+        default:
+                return -1;
+                }
+        }
+static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                               const unsigned char *iv, int enc)
+        {
+        RC5_32_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
+                       key,data(ctx)->rounds);
+        return 1;
+        }
+#endif
diff --git a/src/lib/libcrypto/evp/e_seed.c b/src/lib/libcrypto/evp/e_seed.c
new file mode 100644
index 0000000000..8c1ec0d43a
--- /dev/null
+++ b/src/lib/libcrypto/evp/e_seed.c
@@ -0,0 +1,83 @@
+/* crypto/evp/e_seed.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <openssl/opensslconf.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <string.h>
+#include <assert.h>
+#ifndef OPENSSL_NO_SEED
+#include <openssl/seed.h>
+#include "evp_locl.h"
+static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc);
+typedef struct
+        {
+        SEED_KEY_SCHEDULE ks;
+        } EVP_SEED_KEY;
+IMPLEMENT_BLOCK_CIPHER(seed, ks, SEED, EVP_SEED_KEY, NID_seed,
+                       16, 16, 16, 128,
+                       0, seed_init_key, 0, 0, 0, 0)
+static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc)
+        {
+        SEED_set_key(key, ctx->cipher_data);
+        return 1;
+        }
+#endif
diff --git a/src/lib/libcrypto/evp/e_xcbc_d.c b/src/lib/libcrypto/evp/e_xcbc_d.c
index 8832da2433..a6f849e93d 100644
--- a/src/lib/libcrypto/evp/e_xcbc_d.c
+++ b/src/lib/libcrypto/evp/e_xcbc_d.c
@@ -56,11 +56,9 @@
 * [including the GNU Public Licence.]
 */
+#ifndef OPENSSL_NO_DES
 #include <stdio.h>
 #include "cryptlib.h"
-#ifndef OPENSSL_NO_DES
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/des.h>
@@ -91,7 +89,6 @@ static const EVP_CIPHER d_xcbc_cipher=
        sizeof(DESX_CBC_KEY),
        EVP_CIPHER_set_asn1_iv,
        EVP_CIPHER_get_asn1_iv,
-        NULL,
        NULL
        };
diff --git a/src/lib/libcrypto/evp/encode.c b/src/lib/libcrypto/evp/encode.c
index 5921f0d710..33e540087d 100644
--- a/src/lib/libcrypto/evp/encode.c
+++ b/src/lib/libcrypto/evp/encode.c
@@ -129,14 +129,14 @@ void EVP_EncodeInit(EVP_ENCODE_CTX *ctx)
        }
 void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
-             const unsigned char *in, int inl)
+             unsigned char *in, int inl)
        {
        int i,j;
        unsigned int total=0;
        *outl=0;
        if (inl == 0) return;
-        OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
+        OPENSSL_assert(ctx->length <= sizeof ctx->enc_data);
        if ((ctx->num+inl) < ctx->length)
                {
                memcpy(&(ctx->enc_data[ctx->num]),in,inl);
@@ -233,7 +233,7 @@ void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
 *  1 for full line
 */
 int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
-             const unsigned char *in, int inl)
+             unsigned char *in, int inl)
        {
        int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl;
        unsigned char *d;
@@ -259,7 +259,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
                /* only save the good data :-) */
                if (!B64_NOT_BASE64(v))
                        {
-                        OPENSSL_assert(n < (int)sizeof(ctx->enc_data));
+                        OPENSSL_assert(n < sizeof ctx->enc_data);
                        d[n++]=tmp;
                        ln++;
                        }
@@ -323,8 +323,8 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
                        if (n > 0)
                                {
                                v=EVP_DecodeBlock(out,d,n);
-                                n=0;
                                if (v < 0) { rv=0; goto end; }
+                                n=0;
                                ret+=(v-eof);
                                }
                        else
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index bdd3b7ecaa..f29e0ba8f0 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -75,6 +75,10 @@
 #include <openssl/bio.h>
 #endif
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 /*
 #define EVP_RC2_KEY_SIZE                16
 #define EVP_RC4_KEY_SIZE                16
@@ -82,7 +86,7 @@
 #define EVP_CAST5_KEY_SIZE              16
 #define EVP_RC5_32_12_16_KEY_SIZE       16
 */
-#define EVP_MAX_MD_SIZE                 64      /* longest known is SHA512 */
+#define EVP_MAX_MD_SIZE                 64      /* longest known SHA512 */
 #define EVP_MAX_KEY_LENGTH              32
 #define EVP_MAX_IV_LENGTH               16
 #define EVP_MAX_BLOCK_LENGTH            32
@@ -96,13 +100,11 @@
 #define EVP_PK_RSA      0x0001
 #define EVP_PK_DSA      0x0002
 #define EVP_PK_DH       0x0004
-#define EVP_PK_EC       0x0008
 #define EVP_PKT_SIGN    0x0010
 #define EVP_PKT_ENC     0x0020
 #define EVP_PKT_EXCH    0x0040
 #define EVP_PKS_RSA     0x0100
 #define EVP_PKS_DSA     0x0200
-#define EVP_PKS_EC      0x0400
 #define EVP_PKT_EXP     0x1000 /* <= 512 bit key */
 #define EVP_PKEY_NONE   NID_undef
@@ -114,7 +116,6 @@
 #define EVP_PKEY_DSA3   NID_dsaWithSHA1
 #define EVP_PKEY_DSA4   NID_dsaWithSHA1_2
 #define EVP_PKEY_DH     NID_dhKeyAgreement
-#define EVP_PKEY_EC     NID_X9_62_id_ecPublicKey
 #ifdef  __cplusplus
 extern "C" {
@@ -139,9 +140,6 @@ struct evp_pkey_st
 #ifndef OPENSSL_NO_DH
                struct dh_st *dh;       /* DH */
 #endif
-#ifndef OPENSSL_NO_EC
-                struct ec_key_st *ec;   /* ECC */
-#endif
                } pkey;
        int save_parameters;
        STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
@@ -227,58 +225,39 @@ struct env_md_st
        int md_size;
        unsigned long flags;
        int (*init)(EVP_MD_CTX *ctx);
-        int (*update)(EVP_MD_CTX *ctx,const void *data,size_t count);
+        int (*update)(EVP_MD_CTX *ctx,const void *data,unsigned long count);
        int (*final)(EVP_MD_CTX *ctx,unsigned char *md);
        int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from);
        int (*cleanup)(EVP_MD_CTX *ctx);
        /* FIXME: prototype these some day */
-        int (*sign)(int type, const unsigned char *m, unsigned int m_length,
+        int (*sign)();
-                    unsigned char *sigret, unsigned int *siglen, void *key);
+        int (*verify)();
-        int (*verify)(int type, const unsigned char *m, unsigned int m_length,
-                      const unsigned char *sigbuf, unsigned int siglen,
-                      void *key);
        int required_pkey_type[5]; /*EVP_PKEY_xxx */
        int block_size;
        int ctx_size; /* how big does the ctx->md_data need to be */
        } /* EVP_MD */;
-typedef int evp_sign_method(int type,const unsigned char *m,
-                            unsigned int m_length,unsigned char *sigret,
-                            unsigned int *siglen, void *key);
-typedef int evp_verify_method(int type,const unsigned char *m,
-                            unsigned int m_length,const unsigned char *sigbuf,
-                            unsigned int siglen, void *key);
 #define EVP_MD_FLAG_ONESHOT     0x0001 /* digest can only handle a single
                                        * block */
+#define EVP_MD_FLAG_FIPS        0x0400 /* Note if suitable for use in FIPS mode */
 #define EVP_PKEY_NULL_method    NULL,NULL,{0,0,0,0}
 #ifndef OPENSSL_NO_DSA
-#define EVP_PKEY_DSA_method     (evp_sign_method *)DSA_sign, \
+#define EVP_PKEY_DSA_method     DSA_sign,DSA_verify, \
-                                (evp_verify_method *)DSA_verify, \
                                {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \
                                        EVP_PKEY_DSA4,0}
 #else
 #define EVP_PKEY_DSA_method     EVP_PKEY_NULL_method
 #endif
-#ifndef OPENSSL_NO_ECDSA
-#define EVP_PKEY_ECDSA_method   (evp_sign_method *)ECDSA_sign, \
-                                (evp_verify_method *)ECDSA_verify, \
-                                 {EVP_PKEY_EC,0,0,0}
-#else   
-#define EVP_PKEY_ECDSA_method   EVP_PKEY_NULL_method
-#endif
 #ifndef OPENSSL_NO_RSA
-#define EVP_PKEY_RSA_method     (evp_sign_method *)RSA_sign, \
+#define EVP_PKEY_RSA_method     RSA_sign,RSA_verify, \
-                                (evp_verify_method *)RSA_verify, \
                                {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
 #define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \
-                                (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \
+                                RSA_sign_ASN1_OCTET_STRING, \
-                                (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \
+                                RSA_verify_ASN1_OCTET_STRING, \
                                {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
 #else
 #define EVP_PKEY_RSA_method     EVP_PKEY_NULL_method
@@ -304,6 +283,9 @@ struct env_md_ctx_st
 #define EVP_MD_CTX_FLAG_REUSE           0x0004 /* Don't free up ctx->md_data
                                                * in EVP_MD_CTX_cleanup */
+#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW  0x0008  /* Allow use of non FIPS digest
+                                                 * in FIPS mode */
 struct evp_cipher_st
        {
        int nid;
@@ -345,8 +327,10 @@ struct evp_cipher_st
 #define         EVP_CIPH_CUSTOM_KEY_LENGTH      0x80
 /* Don't use standard block padding */
 #define         EVP_CIPH_NO_PADDING             0x100
-/* cipher handles random key generation */
+/* Note if suitable for use in FIPS mode */
-#define         EVP_CIPH_RAND_KEY               0x200
+#define         EVP_CIPH_FLAG_FIPS              0x400
+/* Allow non FIPS cipher in FIPS mode */
+#define         EVP_CIPH_FLAG_NON_FIPS_ALLOW    0x800
 /* ctrl() values */
@@ -356,7 +340,7 @@ struct evp_cipher_st
 #define         EVP_CTRL_SET_RC2_KEY_BITS       0x3
 #define         EVP_CTRL_GET_RC5_ROUNDS         0x4
 #define         EVP_CTRL_SET_RC5_ROUNDS         0x5
-#define         EVP_CTRL_RAND_KEY               0x6
+#define         EVP_CTRL_SET_ACSS_MODE          0x6
 typedef struct evp_cipher_info_st
        {
@@ -418,47 +402,45 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                                        (char *)(dh))
 #endif
-#ifndef OPENSSL_NO_EC
-#define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\
-                                        (char *)(eckey))
-#endif
 /* Add some extra combinations */
 #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
 #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
 #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
 #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
-int EVP_MD_type(const EVP_MD *md);
+#define EVP_MD_type(e)                  ((e)->type)
 #define EVP_MD_nid(e)                   EVP_MD_type(e)
 #define EVP_MD_name(e)                  OBJ_nid2sn(EVP_MD_nid(e))
-int EVP_MD_pkey_type(const EVP_MD *md); 
+#define EVP_MD_pkey_type(e)             ((e)->pkey_type)
-int EVP_MD_size(const EVP_MD *md);
+#define EVP_MD_size(e)                  ((e)->md_size)
-int EVP_MD_block_size(const EVP_MD *md);
+#define EVP_MD_block_size(e)            ((e)->block_size)
-const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
+#define EVP_MD_CTX_md(e)                ((e)->digest)
-#define EVP_MD_CTX_size(e)              EVP_MD_size(EVP_MD_CTX_md(e))
+#define EVP_MD_CTX_size(e)              EVP_MD_size((e)->digest)
-#define EVP_MD_CTX_block_size(e)        EVP_MD_block_size(EVP_MD_CTX_md(e))
+#define EVP_MD_CTX_block_size(e)        EVP_MD_block_size((e)->digest)
-#define EVP_MD_CTX_type(e)              EVP_MD_type(EVP_MD_CTX_md(e))
+#define EVP_MD_CTX_type(e)              EVP_MD_type((e)->digest)
-int EVP_CIPHER_nid(const EVP_CIPHER *cipher);
+#define EVP_CIPHER_nid(e)               ((e)->nid)
 #define EVP_CIPHER_name(e)              OBJ_nid2sn(EVP_CIPHER_nid(e))
-int EVP_CIPHER_block_size(const EVP_CIPHER *cipher);
+#define EVP_CIPHER_block_size(e)        ((e)->block_size)
-int EVP_CIPHER_key_length(const EVP_CIPHER *cipher);
+#define EVP_CIPHER_key_length(e)        ((e)->key_len)
-int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher);
+#define EVP_CIPHER_iv_length(e)         ((e)->iv_len)
-unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher);
+#define EVP_CIPHER_flags(e)             ((e)->flags)
-#define EVP_CIPHER_mode(e)              (EVP_CIPHER_flags(e) & EVP_CIPH_MODE)
+#define EVP_CIPHER_mode(e)              (((e)->flags) & EVP_CIPH_MODE)
-const EVP_CIPHER * EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
+#define EVP_CIPHER_CTX_cipher(e)        ((e)->cipher)
-int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
+#define EVP_CIPHER_CTX_nid(e)           ((e)->cipher->nid)
-int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
+#define EVP_CIPHER_CTX_block_size(e)    ((e)->cipher->block_size)
-int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
+#define EVP_CIPHER_CTX_key_length(e)    ((e)->key_len)
-int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
+#define EVP_CIPHER_CTX_iv_length(e)     ((e)->cipher->iv_len)
-void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
+#define EVP_CIPHER_CTX_get_app_data(e)  ((e)->app_data)
-void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data);
+#define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d))
 #define EVP_CIPHER_CTX_type(c)         EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
-unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx);
+#define EVP_CIPHER_CTX_flags(e)         ((e)->cipher->flags)
-#define EVP_CIPHER_CTX_mode(e)          (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE)
+#define EVP_CIPHER_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
+#define EVP_CIPHER_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs))
+#define EVP_CIPHER_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs))
+#define EVP_CIPHER_CTX_mode(e)          ((e)->cipher->flags & EVP_CIPH_MODE)
 #define EVP_ENCODE_LENGTH(l)    (((l+2)/3*4)+(l/48+1)*2+80)
 #define EVP_DECODE_LENGTH(l)    ((l+3)/4*3+80)
@@ -483,10 +465,7 @@ void BIO_set_md(BIO *,const EVP_MD *md);
 #define BIO_get_cipher_status(b)        BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
 #define BIO_get_cipher_ctx(b,c_pp)      BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp)
-int EVP_Cipher(EVP_CIPHER_CTX *c,
+#define EVP_Cipher(c,o,i,l)     (c)->cipher->do_cipher((c),(o),(i),(l))
-                unsigned char *out,
-                const unsigned char *in,
-                unsigned int inl);
 #define EVP_add_cipher_alias(n,alias) \
        OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n))
@@ -502,14 +481,14 @@ int	EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
 EVP_MD_CTX *EVP_MD_CTX_create(void);
 void    EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
 int     EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
-void    EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
+#define EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
-void    EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
+#define EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs))
-int     EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx,int flags);
+#define EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs))
 int     EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
 int     EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,
-                         size_t cnt);
+                         unsigned int cnt);
 int     EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
-int     EVP_Digest(const void *data, size_t count,
+int     EVP_Digest(void *data, unsigned int count,
                unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl);
 int     EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
@@ -517,7 +496,7 @@ int	EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
 int     EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
 int     EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
-void    EVP_set_pw_prompt(const char *prompt);
+void    EVP_set_pw_prompt(char *prompt);
 char *  EVP_get_pw_prompt(void);
 int     EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
@@ -556,48 +535,43 @@ int	EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
 int     EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,
                EVP_PKEY *pkey);
-int     EVP_VerifyFinal(EVP_MD_CTX *ctx,const unsigned char *sigbuf,
+int     EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf,
                unsigned int siglen,EVP_PKEY *pkey);
-int     EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
+int     EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,unsigned char *ek,
-                const unsigned char *ek, int ekl, const unsigned char *iv,
+                int ekl,unsigned char *iv,EVP_PKEY *priv);
-                EVP_PKEY *priv);
 int     EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
-int     EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+int     EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,
-                 unsigned char **ek, int *ekl, unsigned char *iv,
+                int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
-                EVP_PKEY **pubk, int npubk);
 int     EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
 void    EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
-void    EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,
+void    EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,
-                const unsigned char *in,int inl);
+                int *outl,unsigned char *in,int inl);
 void    EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl);
 int     EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
 void    EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
 int     EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,
-                const unsigned char *in, int inl);
+                unsigned char *in, int inl);
 int     EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
                char *out, int *outl);
 int     EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
 void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
 int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
-EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
-void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a);
 int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
 int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad);
 int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
-int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key);
 #ifndef OPENSSL_NO_BIO
 BIO_METHOD *BIO_f_md(void);
 BIO_METHOD *BIO_f_base64(void);
 BIO_METHOD *BIO_f_cipher(void);
 BIO_METHOD *BIO_f_reliable(void);
-void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,const unsigned char *k,
+void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k,
-                const unsigned char *i, int enc);
+        unsigned char *i, int enc);
 #endif
 const EVP_MD *EVP_md_null(void);
@@ -615,8 +589,7 @@ const EVP_MD *EVP_sha(void);
 const EVP_MD *EVP_sha1(void);
 const EVP_MD *EVP_dss(void);
 const EVP_MD *EVP_dss1(void);
-const EVP_MD *EVP_ecdsa(void);
+#ifdef OPENSSL_FIPS
-#endif
 #ifndef OPENSSL_NO_SHA256
 const EVP_MD *EVP_sha224(void);
 const EVP_MD *EVP_sha256(void);
@@ -625,6 +598,8 @@ const EVP_MD *EVP_sha256(void);
 const EVP_MD *EVP_sha384(void);
 const EVP_MD *EVP_sha512(void);
 #endif
+#endif
+#endif
 #ifndef OPENSSL_NO_MDC2
 const EVP_MD *EVP_mdc2(void);
 #endif
@@ -742,36 +717,8 @@ const EVP_CIPHER *EVP_aes_256_ofb(void);
 const EVP_CIPHER *EVP_aes_256_ctr(void);
 #endif
 #endif
-#ifndef OPENSSL_NO_CAMELLIA
+#ifndef OPENSSL_NO_ACSS
-const EVP_CIPHER *EVP_camellia_128_ecb(void);
+const EVP_CIPHER *EVP_acss(void);
-const EVP_CIPHER *EVP_camellia_128_cbc(void);
-const EVP_CIPHER *EVP_camellia_128_cfb1(void);
-const EVP_CIPHER *EVP_camellia_128_cfb8(void);
-const EVP_CIPHER *EVP_camellia_128_cfb128(void);
-# define EVP_camellia_128_cfb EVP_camellia_128_cfb128
-const EVP_CIPHER *EVP_camellia_128_ofb(void);
-const EVP_CIPHER *EVP_camellia_192_ecb(void);
-const EVP_CIPHER *EVP_camellia_192_cbc(void);
-const EVP_CIPHER *EVP_camellia_192_cfb1(void);
-const EVP_CIPHER *EVP_camellia_192_cfb8(void);
-const EVP_CIPHER *EVP_camellia_192_cfb128(void);
-# define EVP_camellia_192_cfb EVP_camellia_192_cfb128
-const EVP_CIPHER *EVP_camellia_192_ofb(void);
-const EVP_CIPHER *EVP_camellia_256_ecb(void);
-const EVP_CIPHER *EVP_camellia_256_cbc(void);
-const EVP_CIPHER *EVP_camellia_256_cfb1(void);
-const EVP_CIPHER *EVP_camellia_256_cfb8(void);
-const EVP_CIPHER *EVP_camellia_256_cfb128(void);
-# define EVP_camellia_256_cfb EVP_camellia_256_cfb128
-const EVP_CIPHER *EVP_camellia_256_ofb(void);
-#endif
-#ifndef OPENSSL_NO_SEED
-const EVP_CIPHER *EVP_seed_ecb(void);
-const EVP_CIPHER *EVP_seed_cbc(void);
-const EVP_CIPHER *EVP_seed_cfb128(void);
-# define EVP_seed_cfb EVP_seed_cfb128
-const EVP_CIPHER *EVP_seed_ofb(void);
 #endif
 void OPENSSL_add_all_algorithms_noconf(void);
@@ -798,12 +745,10 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
 const EVP_MD *EVP_get_digestbyname(const char *name);
 void EVP_cleanup(void);
-int             EVP_PKEY_decrypt(unsigned char *dec_key,
+int             EVP_PKEY_decrypt(unsigned char *dec_key,unsigned char *enc_key,
-                        const unsigned char *enc_key,int enc_key_len,
+                        int enc_key_len,EVP_PKEY *private_key);
-                        EVP_PKEY *private_key);
 int             EVP_PKEY_encrypt(unsigned char *enc_key,
-                        const unsigned char *key,int key_len,
+                        unsigned char *key,int key_len,EVP_PKEY *pub_key);
-                        EVP_PKEY *pub_key);
 int             EVP_PKEY_type(int type);
 int             EVP_PKEY_bits(EVP_PKEY *pkey);
 int             EVP_PKEY_size(EVP_PKEY *pkey);
@@ -824,31 +769,24 @@ struct dh_st;
 int EVP_PKEY_set1_DH(EVP_PKEY *pkey,struct dh_st *key);
 struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
 #endif
-#ifndef OPENSSL_NO_EC
-struct ec_key_st;
-int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,struct ec_key_st *key);
-struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
-#endif
 EVP_PKEY *      EVP_PKEY_new(void);
 void            EVP_PKEY_free(EVP_PKEY *pkey);
+EVP_PKEY *      d2i_PublicKey(int type,EVP_PKEY **a, unsigned char **pp,
-EVP_PKEY *      d2i_PublicKey(int type,EVP_PKEY **a, const unsigned char **pp,
                        long length);
 int             i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);
-EVP_PKEY *      d2i_PrivateKey(int type,EVP_PKEY **a, const unsigned char **pp,
+EVP_PKEY *      d2i_PrivateKey(int type,EVP_PKEY **a, unsigned char **pp,
                        long length);
-EVP_PKEY *      d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
+EVP_PKEY *      d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp,
                        long length);
 int             i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);
-int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from);
+int EVP_PKEY_copy_parameters(EVP_PKEY *to,EVP_PKEY *from);
-int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey);
+int EVP_PKEY_missing_parameters(EVP_PKEY *pkey);
 int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode);
-int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b);
+int EVP_PKEY_cmp_parameters(EVP_PKEY *a,EVP_PKEY *b);
-int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
 int EVP_CIPHER_type(const EVP_CIPHER *ctx);
@@ -865,7 +803,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                         ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
                         int en_de);
 int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
-                           const unsigned char *salt, int saltlen, int iter,
+                           unsigned char *salt, int saltlen, int iter,
                           int keylen, unsigned char *out);
 int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                         ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
@@ -888,32 +826,30 @@ void ERR_load_EVP_strings(void);
 /* Error codes for the EVP functions. */
 /* Function codes. */
-#define EVP_F_AES_INIT_KEY                               133
+#define EVP_F_AES_INIT_KEY                               129
-#define EVP_F_CAMELLIA_INIT_KEY                          159
 #define EVP_F_D2I_PKEY                                   100
-#define EVP_F_DSAPKEY2PKCS8                              134
+#define EVP_F_EVP_ADD_CIPHER                             130
-#define EVP_F_DSA_PKEY2PKCS8                             135
+#define EVP_F_EVP_ADD_DIGEST                             131
-#define EVP_F_ECDSA_PKEY2PKCS8                           129
+#define EVP_F_EVP_CIPHERINIT                             123
-#define EVP_F_ECKEY_PKEY2PKCS8                           132
-#define EVP_F_EVP_CIPHERINIT_EX                          123
 #define EVP_F_EVP_CIPHER_CTX_CTRL                        124
 #define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH              122
-#define EVP_F_EVP_DECRYPTFINAL_EX                        101
+#define EVP_F_EVP_DECRYPTFINAL                           101
-#define EVP_F_EVP_DIGESTINIT_EX                          128
+#define EVP_F_EVP_DIGESTINIT                             128
-#define EVP_F_EVP_ENCRYPTFINAL_EX                        127
+#define EVP_F_EVP_ENCRYPTFINAL                           127
-#define EVP_F_EVP_MD_CTX_COPY_EX                         110
+#define EVP_F_EVP_GET_CIPHERBYNAME                       132
+#define EVP_F_EVP_GET_DIGESTBYNAME                       133
+#define EVP_F_EVP_MD_CTX_COPY                            110
 #define EVP_F_EVP_OPENINIT                               102
 #define EVP_F_EVP_PBE_ALG_ADD                            115
 #define EVP_F_EVP_PBE_CIPHERINIT                         116
 #define EVP_F_EVP_PKCS82PKEY                             111
-#define EVP_F_EVP_PKEY2PKCS8_BROKEN                      113
+#define EVP_F_EVP_PKCS8_SET_BROKEN                       112
+#define EVP_F_EVP_PKEY2PKCS8                             113
 #define EVP_F_EVP_PKEY_COPY_PARAMETERS                   103
 #define EVP_F_EVP_PKEY_DECRYPT                           104
 #define EVP_F_EVP_PKEY_ENCRYPT                           105
 #define EVP_F_EVP_PKEY_GET1_DH                           119
 #define EVP_F_EVP_PKEY_GET1_DSA                          120
-#define EVP_F_EVP_PKEY_GET1_ECDSA                        130
-#define EVP_F_EVP_PKEY_GET1_EC_KEY                       131
 #define EVP_F_EVP_PKEY_GET1_RSA                          121
 #define EVP_F_EVP_PKEY_NEW                               106
 #define EVP_F_EVP_RIJNDAEL                               126
@@ -921,32 +857,28 @@ void ERR_load_EVP_strings(void);
 #define EVP_F_EVP_VERIFYFINAL                            108
 #define EVP_F_PKCS5_PBE_KEYIVGEN                         117
 #define EVP_F_PKCS5_V2_PBE_KEYIVGEN                      118
-#define EVP_F_PKCS8_SET_BROKEN                           112
 #define EVP_F_RC2_MAGIC_TO_METH                          109
 #define EVP_F_RC5_CTRL                                   125
 /* Reason codes. */
-#define EVP_R_AES_KEY_SETUP_FAILED                       143
+#define EVP_R_AES_KEY_SETUP_FAILED                       140
-#define EVP_R_ASN1_LIB                                   140
 #define EVP_R_BAD_BLOCK_LENGTH                           136
 #define EVP_R_BAD_DECRYPT                                100
 #define EVP_R_BAD_KEY_LENGTH                             137
 #define EVP_R_BN_DECODE_ERROR                            112
 #define EVP_R_BN_PUBKEY_ERROR                            113
-#define EVP_R_CAMELLIA_KEY_SETUP_FAILED                  157
 #define EVP_R_CIPHER_PARAMETER_ERROR                     122
 #define EVP_R_CTRL_NOT_IMPLEMENTED                       132
 #define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED             133
 #define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH          138
 #define EVP_R_DECODE_ERROR                               114
 #define EVP_R_DIFFERENT_KEY_TYPES                        101
+#define EVP_R_DISABLED_FOR_FIPS                          141
 #define EVP_R_ENCODE_ERROR                               115
 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR                   119
 #define EVP_R_EXPECTING_AN_RSA_KEY                       127
 #define EVP_R_EXPECTING_A_DH_KEY                         128
 #define EVP_R_EXPECTING_A_DSA_KEY                        129
-#define EVP_R_EXPECTING_A_ECDSA_KEY                      141
-#define EVP_R_EXPECTING_A_EC_KEY                         142
 #define EVP_R_INITIALIZATION_ERROR                       134
 #define EVP_R_INPUT_NOT_INITIALIZED                      111
 #define EVP_R_INVALID_KEY_LENGTH                         130
@@ -971,7 +903,6 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_UNSUPPORTED_SALT_TYPE                      126
 #define EVP_R_WRONG_FINAL_BLOCK_LENGTH                   109
 #define EVP_R_WRONG_PUBLIC_KEY_TYPE                      110
-#define EVP_R_SEED_KEY_SETUP_FAILED                      162
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libcrypto/evp/evp_acnf.c b/src/lib/libcrypto/evp/evp_acnf.c
new file mode 100644
index 0000000000..ff3e311cc5
--- /dev/null
+++ b/src/lib/libcrypto/evp/evp_acnf.c
@@ -0,0 +1,73 @@
+/* evp_acnf.c */
+/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/conf.h>
+/* Load all algorithms and configure OpenSSL.
+ * This function is called automatically when
+ * OPENSSL_LOAD_CONF is set.
+ */
+void OPENSSL_add_all_algorithms_conf(void)
+        {
+        OPENSSL_add_all_algorithms_noconf();
+        OPENSSL_config(NULL);
+        }
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index a1904993bf..f549eeb437 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -60,13 +60,12 @@
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/err.h>
-#include <openssl/rand.h>
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
 #include "evp_locl.h"
-const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
+const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT;
 void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
        {
@@ -74,13 +73,6 @@ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
        /* ctx->cipher=NULL; */
        }
-EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
-        {
-        EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
-        if (ctx)
-                EVP_CIPHER_CTX_init(ctx);
-        return ctx;
-        }
 int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
             const unsigned char *key, const unsigned char *iv, int enc)
@@ -90,6 +82,48 @@ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
        return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
        }
+#ifdef OPENSSL_FIPS
+/* The purpose of these is to trap programs that attempt to use non FIPS
+ * algorithms in FIPS mode and ignore the errors.
+ */
+int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+            const unsigned char *iv, int enc)
+        { FIPS_ERROR_IGNORED("Cipher init"); return 0;}
+int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                 const unsigned char *in, unsigned int inl)
+        { FIPS_ERROR_IGNORED("Cipher update"); return 0;}
+/* NB: no cleanup because it is allowed after failed init */
+int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
+        { FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;}
+int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
+        { FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;}
+int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+        { FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;}
+static const EVP_CIPHER bad_cipher =
+        {
+        0,
+        0,
+        0,
+        0,
+        0,
+        bad_init,
+        bad_do_cipher,
+        NULL,
+        0,
+        bad_set_asn1,
+        bad_get_asn1,
+        bad_ctrl,
+        NULL
+        };
+#endif
 int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
             const unsigned char *key, const unsigned char *iv, int enc)
        {
@@ -124,7 +158,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                        {
                        if (!ENGINE_init(impl))
                                {
-                                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                                EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR);
                                return 0;
                                }
                        }
@@ -141,7 +175,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                                 * control history, is that we should at least
                                 * be able to avoid using US mispellings of
                                 * "initialisation"? */
-                                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                                EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR);
                                return 0;
                                }
                        /* We'll use the ENGINE's private cipher definition */
@@ -154,14 +188,13 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                else
                        ctx->engine = NULL;
 #endif
                ctx->cipher=cipher;
                if (ctx->cipher->ctx_size)
                        {
                        ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
                        if (!ctx->cipher_data)
                                {
-                                EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
+                                EVPerr(EVP_F_EVP_CIPHERINIT, ERR_R_MALLOC_FAILURE);
                                return 0;
                                }
                        }
@@ -175,14 +208,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                        {
                        if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
                                {
-                                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                                EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR);
                                return 0;
                                }
                        }
                }
        else if(!ctx->cipher)
                {
-                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
+                EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET);
                return 0;
                }
 #ifndef OPENSSL_NO_ENGINE
@@ -207,8 +240,7 @@ skip_to_init:
                        case EVP_CIPH_CBC_MODE:
-                        OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
+                        OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof ctx->iv);
-                                        (int)sizeof(ctx->iv));
                        if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
                        memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
                        break;
@@ -219,6 +251,24 @@ skip_to_init:
                }
        }
+#ifdef OPENSSL_FIPS
+        /* After 'key' is set no further parameters changes are permissible.
+         * So only check for non FIPS enabling at this point.
+         */
+        if (key && FIPS_mode())
+                {
+                if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS)
+                        & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
+                        {
+                        EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_DISABLED_FOR_FIPS);
+                        ERR_add_error_data(2, "cipher=",
+                                                EVP_CIPHER_name(ctx->cipher));
+                        ctx->cipher = &bad_cipher;
+                        return 0;
+                        }
+                }
+#endif
        if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
                if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
        }
@@ -295,7 +345,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
                }
        i=ctx->buf_len;
        bl=ctx->cipher->block_size;
-        OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
+        OPENSSL_assert(bl <= sizeof ctx->buf);
        if (i != 0)
                {
                if (i+inl < bl)
@@ -341,8 +391,7 @@ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        {
-        int n,ret;
+        int i,n,b,bl,ret;
-        unsigned int i, b, bl;
        b=ctx->cipher->block_size;
        OPENSSL_assert(b <= sizeof ctx->buf);
@@ -356,7 +405,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
                {
                if(bl)
                        {
-                        EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+                        EVPerr(EVP_F_EVP_ENCRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
                        return 0;
                        }
                *outl = 0;
@@ -378,8 +427,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
             const unsigned char *in, int inl)
        {
-        int fix_len;
+        int b, fix_len;
-        unsigned int b;
        if (inl == 0)
                {
@@ -432,8 +480,8 @@ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        {
-        int i,n;
+        int i,b;
-        unsigned int b;
+        int n;
        *outl=0;
        b=ctx->cipher->block_size;
@@ -441,7 +489,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
                {
                if(ctx->buf_len)
                        {
-                        EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+                        EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
                        return 0;
                        }
                *outl = 0;
@@ -451,21 +499,21 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
                {
                if (ctx->buf_len || !ctx->final_used)
                        {
-                        EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
+                        EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
                        return(0);
                        }
                OPENSSL_assert(b <= sizeof ctx->final);
                n=ctx->final[b-1];
-                if (n == 0 || n > (int)b)
+                if (n > b)
                        {
-                        EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
+                        EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
                        return(0);
                        }
                for (i=0; i<n; i++)
                        {
                        if (ctx->final[--b] != n)
                                {
-                                EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
+                                EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
                                return(0);
                                }
                        }
@@ -479,15 +527,6 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        return(1);
        }
-void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
-        {
-        if (ctx)
-                {
-                EVP_CIPHER_CTX_cleanup(ctx);
-                OPENSSL_free(ctx);
-                }
-        }
 int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
        {
        if (c->cipher != NULL)
@@ -551,13 +590,3 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
        }
        return ret;
 }
-int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
-        {
-        if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
-                return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
-        if (RAND_bytes(key, ctx->key_len) <= 0)
-                return 0;
-        return 1;
-        }
diff --git a/src/lib/libcrypto/evp/evp_err.c b/src/lib/libcrypto/evp/evp_err.c
index e8c9e8de9c..77eee070d3 100644
--- a/src/lib/libcrypto/evp/evp_err.c
+++ b/src/lib/libcrypto/evp/evp_err.c
@@ -71,31 +71,29 @@
 static ERR_STRING_DATA EVP_str_functs[]=
        {
 {ERR_FUNC(EVP_F_AES_INIT_KEY),  "AES_INIT_KEY"},
-{ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY),     "CAMELLIA_INIT_KEY"},
 {ERR_FUNC(EVP_F_D2I_PKEY),      "D2I_PKEY"},
-{ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"},
+{ERR_FUNC(EVP_F_EVP_ADD_CIPHER),        "EVP_add_cipher"},
-{ERR_FUNC(EVP_F_DSA_PKEY2PKCS8),        "DSA_PKEY2PKCS8"},
+{ERR_FUNC(EVP_F_EVP_ADD_DIGEST),        "EVP_add_digest"},
-{ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8),      "ECDSA_PKEY2PKCS8"},
+{ERR_FUNC(EVP_F_EVP_CIPHERINIT),        "EVP_CipherInit"},
-{ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8),      "ECKEY_PKEY2PKCS8"},
-{ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX),     "EVP_CipherInit_ex"},
 {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL),   "EVP_CIPHER_CTX_ctrl"},
 {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH), "EVP_CIPHER_CTX_set_key_length"},
-{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX),   "EVP_DecryptFinal_ex"},
+{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL),      "EVP_DecryptFinal"},
-{ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX),     "EVP_DigestInit_ex"},
+{ERR_FUNC(EVP_F_EVP_DIGESTINIT),        "EVP_DigestInit"},
-{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX),   "EVP_EncryptFinal_ex"},
+{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL),      "EVP_EncryptFinal"},
-{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX),    "EVP_MD_CTX_copy_ex"},
+{ERR_FUNC(EVP_F_EVP_GET_CIPHERBYNAME),  "EVP_get_cipherbyname"},
+{ERR_FUNC(EVP_F_EVP_GET_DIGESTBYNAME),  "EVP_get_digestbyname"},
+{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY),       "EVP_MD_CTX_copy"},
 {ERR_FUNC(EVP_F_EVP_OPENINIT),  "EVP_OpenInit"},
 {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD),       "EVP_PBE_alg_add"},
 {ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT),    "EVP_PBE_CipherInit"},
 {ERR_FUNC(EVP_F_EVP_PKCS82PKEY),        "EVP_PKCS82PKEY"},
-{ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN), "EVP_PKEY2PKCS8_broken"},
+{ERR_FUNC(EVP_F_EVP_PKCS8_SET_BROKEN),  "EVP_PKCS8_SET_BROKEN"},
+{ERR_FUNC(EVP_F_EVP_PKEY2PKCS8),        "EVP_PKEY2PKCS8"},
 {ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS),      "EVP_PKEY_copy_parameters"},
 {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT),      "EVP_PKEY_decrypt"},
 {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT),      "EVP_PKEY_encrypt"},
 {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH),      "EVP_PKEY_get1_DH"},
 {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA),     "EVP_PKEY_get1_DSA"},
-{ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA),   "EVP_PKEY_GET1_ECDSA"},
-{ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY),  "EVP_PKEY_get1_EC_KEY"},
 {ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA),     "EVP_PKEY_get1_RSA"},
 {ERR_FUNC(EVP_F_EVP_PKEY_NEW),  "EVP_PKEY_new"},
 {ERR_FUNC(EVP_F_EVP_RIJNDAEL),  "EVP_RIJNDAEL"},
@@ -103,7 +101,6 @@ static ERR_STRING_DATA EVP_str_functs[]=
 {ERR_FUNC(EVP_F_EVP_VERIFYFINAL),       "EVP_VerifyFinal"},
 {ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN),    "PKCS5_PBE_keyivgen"},
 {ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"},
-{ERR_FUNC(EVP_F_PKCS8_SET_BROKEN),      "PKCS8_set_broken"},
 {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH),     "RC2_MAGIC_TO_METH"},
 {ERR_FUNC(EVP_F_RC5_CTRL),      "RC5_CTRL"},
 {0,NULL}
@@ -112,26 +109,23 @@ static ERR_STRING_DATA EVP_str_functs[]=
 static ERR_STRING_DATA EVP_str_reasons[]=
        {
 {ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED)  ,"aes key setup failed"},
-{ERR_REASON(EVP_R_ASN1_LIB)              ,"asn1 lib"},
 {ERR_REASON(EVP_R_BAD_BLOCK_LENGTH)      ,"bad block length"},
 {ERR_REASON(EVP_R_BAD_DECRYPT)           ,"bad decrypt"},
 {ERR_REASON(EVP_R_BAD_KEY_LENGTH)        ,"bad key length"},
 {ERR_REASON(EVP_R_BN_DECODE_ERROR)       ,"bn decode error"},
 {ERR_REASON(EVP_R_BN_PUBKEY_ERROR)       ,"bn pubkey error"},
-{ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED),"camellia key setup failed"},
 {ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"},
 {ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED)  ,"ctrl not implemented"},
 {ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"},
 {ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"},
 {ERR_REASON(EVP_R_DECODE_ERROR)          ,"decode error"},
 {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES)   ,"different key types"},
+{ERR_REASON(EVP_R_DISABLED_FOR_FIPS)     ,"disabled for fips"},
 {ERR_REASON(EVP_R_ENCODE_ERROR)          ,"encode error"},
 {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
 {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY)  ,"expecting an rsa key"},
 {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY)    ,"expecting a dh key"},
 {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY)   ,"expecting a dsa key"},
-{ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"},
-{ERR_REASON(EVP_R_EXPECTING_A_EC_KEY)    ,"expecting a ec key"},
 {ERR_REASON(EVP_R_INITIALIZATION_ERROR)  ,"initialization error"},
 {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"},
 {ERR_REASON(EVP_R_INVALID_KEY_LENGTH)    ,"invalid key length"},
@@ -163,12 +157,15 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 void ERR_load_EVP_strings(void)
        {
-#ifndef OPENSSL_NO_ERR
+        static int init=1;
-        if (ERR_func_error_string(EVP_str_functs[0].error) == NULL)
+        if (init)
                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
                ERR_load_strings(0,EVP_str_functs);
                ERR_load_strings(0,EVP_str_reasons);
-                }
 #endif
+                }
        }
diff --git a/src/lib/libcrypto/evp/evp_key.c b/src/lib/libcrypto/evp/evp_key.c
index 361ea69ab6..f8650d5df6 100644
--- a/src/lib/libcrypto/evp/evp_key.c
+++ b/src/lib/libcrypto/evp/evp_key.c
@@ -66,7 +66,7 @@
 /* should be init to zeros. */
 static char prompt_string[80];
-void EVP_set_pw_prompt(const char *prompt)
+void EVP_set_pw_prompt(char *prompt)
        {
        if (prompt == NULL)
                prompt_string[0]='\0';
diff --git a/src/lib/libcrypto/evp/evp_lib.c b/src/lib/libcrypto/evp/evp_lib.c
index edb28ef38e..a63ba19317 100644
--- a/src/lib/libcrypto/evp/evp_lib.c
+++ b/src/lib/libcrypto/evp/evp_lib.c
@@ -68,7 +68,7 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
        if (c->cipher->set_asn1_parameters != NULL)
                ret=c->cipher->set_asn1_parameters(c,type);
        else
-                ret=-1;
+                return -1;
        return(ret);
        }
@@ -79,21 +79,20 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
        if (c->cipher->get_asn1_parameters != NULL)
                ret=c->cipher->get_asn1_parameters(c,type);
        else
-                ret=-1;
+                return -1;
        return(ret);
        }
 int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
        {
-        int i=0;
+        int i=0,l;
-        unsigned int l;
        if (type != NULL) 
                {
                l=EVP_CIPHER_CTX_iv_length(c);
-                OPENSSL_assert(l <= sizeof(c->iv));
+                OPENSSL_assert(l <= sizeof c->iv);
                i=ASN1_TYPE_get_octetstring(type,c->oiv,l);
-                if (i != (int)l)
+                if (i != l)
                        return(-1);
                else if (i > 0)
                        memcpy(c->iv,c->oiv,l);
@@ -103,13 +102,12 @@ int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
        {
-        int i=0;
+        int i=0,j;
-        unsigned int j;
        if (type != NULL)
                {
                j=EVP_CIPHER_CTX_iv_length(c);
-                OPENSSL_assert(j <= sizeof(c->iv));
+                OPENSSL_assert(j <= sizeof c->iv);
                i=ASN1_TYPE_set_octetstring(type,c->oiv,j);
                }
        return(i);
@@ -168,112 +166,3 @@ int EVP_CIPHER_type(const EVP_CIPHER *ctx)
        }
 }
-int EVP_CIPHER_block_size(const EVP_CIPHER *e)
-        {
-        return e->block_size;
-        }
-int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
-        {
-        return ctx->cipher->block_size;
-        }
-int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl)
-        {
-        return ctx->cipher->do_cipher(ctx,out,in,inl);
-        }
-const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx)
-        {
-        return ctx->cipher;
-        }
-unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher)
-        {
-        return cipher->flags;
-        }
-unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
-        {
-        return ctx->cipher->flags;
-        }
-void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
-        {
-        return ctx->app_data;
-        }
-void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data)
-        {
-        ctx->app_data = data;
-        }
-int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
-        {
-        return cipher->iv_len;
-        }
-int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
-        {
-        return ctx->cipher->iv_len;
-        }
-int EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
-        {
-        return cipher->key_len;
-        }
-int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
-        {
-        return ctx->key_len;
-        }
-int EVP_CIPHER_nid(const EVP_CIPHER *cipher)
-        {
-        return cipher->nid;
-        }
-int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx)
-        {
-        return ctx->cipher->nid;
-        }
-int EVP_MD_block_size(const EVP_MD *md) 
-        {
-        return md->block_size;
-        }
-int EVP_MD_type(const EVP_MD *md)
-        {
-        return md->type;
-        }
-int EVP_MD_pkey_type(const EVP_MD *md)
-        {
-        return md->pkey_type;
-        }
-int EVP_MD_size(const EVP_MD *md)
-        {
-        return md->md_size;
-        }
-const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx)
-        {
-        return ctx->digest;
-        }
-void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags)
-        {
-        ctx->flags |= flags;
-        }
-void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags)
-        {
-        ctx->flags &= ~flags;
-        }
-int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags)
-        {
-        return (ctx->flags & flags);
-        }
diff --git a/src/lib/libcrypto/evp/evp_locl.h b/src/lib/libcrypto/evp/evp_locl.h
index 073b0adcff..f8c5343620 100644
--- a/src/lib/libcrypto/evp/evp_locl.h
+++ b/src/lib/libcrypto/evp/evp_locl.h
@@ -65,7 +65,7 @@
        bl = ctx->cipher->block_size;\
        if(inl < bl) return 1;\
        inl -= bl; \
-        for(i=0; i <= inl; i+=bl) 
+        for(i=0; i <= inl; i+=bl) \
 #define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
 static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
@@ -92,7 +92,7 @@ static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const uns
 #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
 static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
 {\
-        cprefix##_cfb##cbits##_encrypt(in, out, (long)(cbits==1?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
+        cprefix##_cfb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
        return 1;\
 }
@@ -226,11 +226,27 @@ const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
 #define EVP_C_DATA(kstruct, ctx)        ((kstruct *)(ctx)->cipher_data)
-#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len) \
+#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,flags) \
        BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
        BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
                             NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
-                             0, cipher##_init_key, NULL, \
+                             flags, cipher##_init_key, NULL, \
                             EVP_CIPHER_set_asn1_iv, \
                             EVP_CIPHER_get_asn1_iv, \
                             NULL)
+#ifdef OPENSSL_FIPS
+#define RC2_set_key     private_RC2_set_key
+#define RC4_set_key     private_RC4_set_key
+#define CAST_set_key    private_CAST_set_key
+#define RC5_32_set_key  private_RC5_32_set_key
+#define BF_set_key      private_BF_set_key
+#define idea_set_encrypt_key private_idea_set_encrypt_key
+#define MD5_Init        private_MD5_Init
+#define MD4_Init        private_MD4_Init
+#define MD2_Init        private_MD2_Init
+#define MDC2_Init       private_MDC2_Init
+#define SHA_Init        private_SHA_Init
+#endif
diff --git a/src/lib/libcrypto/evp/evp_pbe.c b/src/lib/libcrypto/evp/evp_pbe.c
index c26d2de0f3..91e545a141 100644
--- a/src/lib/libcrypto/evp/evp_pbe.c
+++ b/src/lib/libcrypto/evp/evp_pbe.c
@@ -74,7 +74,7 @@ const EVP_MD *md;
 EVP_PBE_KEYGEN *keygen;
 } EVP_PBE_CTL;
-int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
+int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
             ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
 {
@@ -106,8 +106,7 @@ int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
 static int pbe_cmp(const char * const *a, const char * const *b)
 {
-        const EVP_PBE_CTL * const *pbe1 = (const EVP_PBE_CTL * const *) a,
+        EVP_PBE_CTL **pbe1 = (EVP_PBE_CTL **) a,  **pbe2 = (EVP_PBE_CTL **)b;
-                        * const *pbe2 = (const EVP_PBE_CTL * const *)b;
        return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid);
 }
diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c
index 0147f3e02a..47a69932a5 100644
--- a/src/lib/libcrypto/evp/evp_pkey.c
+++ b/src/lib/libcrypto/evp/evp_pkey.c
@@ -3,7 +3,7 @@
 * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -61,24 +61,14 @@
 #include "cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#include <openssl/bn.h>
 #ifndef OPENSSL_NO_DSA
 static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
 #endif
-#ifndef OPENSSL_NO_EC
-static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
-#endif
 /* Extract a private key from a PKCS8 structure */
-EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
+EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
 {
        EVP_PKEY *pkey = NULL;
 #ifndef OPENSSL_NO_RSA
@@ -86,24 +76,16 @@ EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
 #endif
 #ifndef OPENSSL_NO_DSA
        DSA *dsa = NULL;
-        ASN1_TYPE *t1, *t2;
        ASN1_INTEGER *privkey;
+        ASN1_TYPE *t1, *t2, *param = NULL;
        STACK_OF(ASN1_TYPE) *ndsa = NULL;
-#endif
-#ifndef OPENSSL_NO_EC
-        EC_KEY *eckey = NULL;
-        const unsigned char *p_tmp;
-#endif
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
-        ASN1_TYPE    *param = NULL;     
        BN_CTX *ctx = NULL;
        int plen;
 #endif
        X509_ALGOR *a;
-        const unsigned char *p;
+        unsigned char *p;
        const unsigned char *cp;
        int pkeylen;
-        int  nid;
        char obj_tmp[80];
        if(p8->pkey->type == V_ASN1_OCTET_STRING) {
@@ -120,8 +102,7 @@ EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
                return NULL;
        }
        a = p8->pkeyalg;
-        nid = OBJ_obj2nid(a->algorithm);
+        switch (OBJ_obj2nid(a->algorithm))
-        switch(nid)
        {
 #ifndef OPENSSL_NO_RSA
                case NID_rsaEncryption:
@@ -227,112 +208,6 @@ EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
                return NULL;
                break;
 #endif
-#ifndef OPENSSL_NO_EC
-                case NID_X9_62_id_ecPublicKey:
-                p_tmp = p;
-                /* extract the ec parameters */
-                param = p8->pkeyalg->parameter;
-                if (!param || ((param->type != V_ASN1_SEQUENCE) &&
-                    (param->type != V_ASN1_OBJECT)))
-                {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto ecerr;
-                }
-                if (param->type == V_ASN1_SEQUENCE)
-                {
-                        cp = p = param->value.sequence->data;
-                        plen = param->value.sequence->length;
-                        if (!(eckey = d2i_ECParameters(NULL, &cp, plen)))
-                        {
-                                EVPerr(EVP_F_EVP_PKCS82PKEY,
-                                        EVP_R_DECODE_ERROR);
-                                goto ecerr;
-                        }
-                }
-                else
-                {
-                        EC_GROUP *group;
-                        cp = p = param->value.object->data;
-                        plen = param->value.object->length;
-                        /* type == V_ASN1_OBJECT => the parameters are given
-                         * by an asn1 OID
-                         */
-                        if ((eckey = EC_KEY_new()) == NULL)
-                        {
-                                EVPerr(EVP_F_EVP_PKCS82PKEY,
-                                        ERR_R_MALLOC_FAILURE);
-                                goto ecerr;
-                        }
-                        group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));
-                        if (group == NULL)
-                                goto ecerr;
-                        EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
-                        if (EC_KEY_set_group(eckey, group) == 0)
-                                goto ecerr;
-                        EC_GROUP_free(group);
-                }
-                /* We have parameters now set private key */
-                if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen))
-                {
-                        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-                        goto ecerr;
-                }
-                /* calculate public key (if necessary) */
-                if (EC_KEY_get0_public_key(eckey) == NULL)
-                {
-                        const BIGNUM *priv_key;
-                        const EC_GROUP *group;
-                        EC_POINT *pub_key;
-                        /* the public key was not included in the SEC1 private
-                         * key => calculate the public key */
-                        group   = EC_KEY_get0_group(eckey);
-                        pub_key = EC_POINT_new(group);
-                        if (pub_key == NULL)
-                        {
-                                EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
-                                goto ecerr;
-                        }
-                        if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group)))
-                        {
-                                EC_POINT_free(pub_key);
-                                EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
-                                goto ecerr;
-                        }
-                        priv_key = EC_KEY_get0_private_key(eckey);
-                        if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx))
-                        {
-                                EC_POINT_free(pub_key);
-                                EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
-                                goto ecerr;
-                        }
-                        if (EC_KEY_set_public_key(eckey, pub_key) == 0)
-                        {
-                                EC_POINT_free(pub_key);
-                                EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
-                                goto ecerr;
-                        }
-                        EC_POINT_free(pub_key);
-                }
-                EVP_PKEY_assign_EC_KEY(pkey, eckey);
-                if (ctx)
-                        BN_CTX_free(ctx);
-                break;
-ecerr:
-                if (ctx)
-                        BN_CTX_free(ctx);
-                if (eckey)
-                        EC_KEY_free(eckey);
-                if (pkey)
-                        EVP_PKEY_free(pkey);
-                return NULL;
-#endif
                default:
                EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
                if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
@@ -356,17 +231,17 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
        PKCS8_PRIV_KEY_INFO *p8;
        if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {        
-                EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
+                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                return NULL;
        }
        p8->broken = broken;
        if (!ASN1_INTEGER_set(p8->version, 0)) {
-                EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
+                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                PKCS8_PRIV_KEY_INFO_free (p8);
                return NULL;
        }
        if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
-                EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
+                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                PKCS8_PRIV_KEY_INFO_free (p8);
                return NULL;
        }
@@ -379,9 +254,9 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
                p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
                p8->pkeyalg->parameter->type = V_ASN1_NULL;
-                if (!ASN1_pack_string_of (EVP_PKEY,pkey, i2d_PrivateKey,
+                if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey,
                                         &p8->pkey->value.octet_string)) {
-                        EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                        PKCS8_PRIV_KEY_INFO_free (p8);
                        return NULL;
                }
@@ -396,22 +271,13 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
                break;
 #endif
-#ifndef OPENSSL_NO_EC
-                case EVP_PKEY_EC:
-                if (!eckey_pkey2pkcs8(p8, pkey))
-                {
-                        PKCS8_PRIV_KEY_INFO_free(p8);
-                        return(NULL);
-                }
-                break;
-#endif
                default:
-                EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
+                EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
                PKCS8_PRIV_KEY_INFO_free (p8);
                return NULL;
        }
        RAND_add(p8->pkey->value.octet_string->data,
-                 p8->pkey->value.octet_string->length, 0.0);
+                 p8->pkey->value.octet_string->length, 0);
        return p8;
 }
@@ -431,8 +297,10 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
                break;
                default:
-                EVPerr(EVP_F_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
+                EVPerr(EVP_F_EVP_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
                return NULL;
+                break;
+                
        }
 }
@@ -449,24 +317,24 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
        p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
        len = i2d_DSAparams (pkey->pkey.dsa, NULL);
        if (!(p = OPENSSL_malloc(len))) {
-                EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                goto err;
        }
        q = p;
        i2d_DSAparams (pkey->pkey.dsa, &q);
        if (!(params = ASN1_STRING_new())) {
-                EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                goto err;
        }
        if (!ASN1_STRING_set(params, p, len)) {
-                EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                goto err;
        }
        OPENSSL_free(p);
        p = NULL;
        /* Get private key into integer */
        if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
-                EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
+                EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
                goto err;
        }
@@ -475,9 +343,9 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
                case PKCS8_OK:
                case PKCS8_NO_OCTET:
-                if (!ASN1_pack_string_of(ASN1_INTEGER,prkey, i2d_ASN1_INTEGER,
+                if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER,
                                         &p8->pkey->value.octet_string)) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                        goto err;
                }
@@ -495,39 +363,39 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
                params = NULL;
                p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
                if (!(ndsa = sk_ASN1_TYPE_new_null())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                        goto err;
                }
                if (!(ttmp = ASN1_TYPE_new())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                        goto err;
                }
                if (!(ttmp->value.integer =
                        BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
                        goto err;
                }
                ttmp->type = V_ASN1_INTEGER;
                if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                        goto err;
                }
                if (!(ttmp = ASN1_TYPE_new())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                        goto err;
                }
                ttmp->value.integer = prkey;
                prkey = NULL;
                ttmp->type = V_ASN1_INTEGER;
                if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                        goto err;
                }
                ttmp = NULL;
                if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                        goto err;
                }
@@ -535,7 +403,7 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
                                         &p8->pkey->value.octet_string->data,
                                         &p8->pkey->value.octet_string->length)) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                        goto err;
                }
                sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
@@ -545,36 +413,36 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
                p8->pkeyalg->parameter->type = V_ASN1_NULL;
                if (!(ndsa = sk_ASN1_TYPE_new_null())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                        goto err;
                }
                if (!(ttmp = ASN1_TYPE_new())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                        goto err;
                }
                ttmp->value.sequence = params;
                params = NULL;
                ttmp->type = V_ASN1_SEQUENCE;
                if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                        goto err;
                }
                if (!(ttmp = ASN1_TYPE_new())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                        goto err;
                }
                ttmp->value.integer = prkey;
                prkey = NULL;
                ttmp->type = V_ASN1_INTEGER;
                if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                        goto err;
                }
                ttmp = NULL;
                if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                        goto err;
                }
@@ -582,7 +450,7 @@ static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
                                         &p8->pkey->value.octet_string->data,
                                         &p8->pkey->value.octet_string->length)) {
-                        EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+                        EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
                        goto err;
                }
                sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
@@ -598,197 +466,3 @@ err:
        return 0;
 }
 #endif
-#ifndef OPENSSL_NO_EC
-static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
-{
-        EC_KEY          *ec_key;
-        const EC_GROUP  *group;
-        unsigned char   *p, *pp;
-        int             nid, i, ret = 0;
-        unsigned int    tmp_flags, old_flags;
-        ec_key = pkey->pkey.ec;
-        if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) 
-        {
-                EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS);
-                return 0;
-        }
-        /* set the ec parameters OID */
-        if (p8->pkeyalg->algorithm)
-                ASN1_OBJECT_free(p8->pkeyalg->algorithm);
-        p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey);
-        /* set the ec parameters */
-        if (p8->pkeyalg->parameter)
-        {
-                ASN1_TYPE_free(p8->pkeyalg->parameter);
-                p8->pkeyalg->parameter = NULL;
-        }
-        if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL)
-        {
-                EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        
-        if (EC_GROUP_get_asn1_flag(group)
-                     && (nid = EC_GROUP_get_curve_name(group)))
-        {
-                /* we have a 'named curve' => just set the OID */
-                p8->pkeyalg->parameter->type = V_ASN1_OBJECT;
-                p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid);
-        }
-        else    /* explicit parameters */
-        {
-                if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
-                {
-                        EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
-                        return 0;
-                }
-                if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
-                {
-                        EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
-                        return 0;
-                }       
-                pp = p;
-                if (!i2d_ECParameters(ec_key, &pp))
-                {
-                        EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
-                        OPENSSL_free(p);
-                        return 0;
-                }
-                p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
-                if ((p8->pkeyalg->parameter->value.sequence 
-                        = ASN1_STRING_new()) == NULL)
-                {
-                        EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB);
-                        OPENSSL_free(p);
-                        return 0;
-                }
-                ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i);
-                OPENSSL_free(p);
-        }
-        /* set the private key */
-        /* do not include the parameters in the SEC1 private key
-         * see PKCS#11 12.11 */
-        old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec);
-        tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;
-        EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags);
-        i = i2d_ECPrivateKey(pkey->pkey.ec, NULL);
-        if (!i)
-        {
-                EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
-                EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
-                return 0;
-        }
-        p = (unsigned char *) OPENSSL_malloc(i);
-        if (!p)
-        {
-                EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
-                EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        pp = p;
-        if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp))
-        {
-                EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
-                EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
-                OPENSSL_free(p);
-                return 0;
-        }
-        /* restore old encoding flags */
-        EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
-        switch(p8->broken) {
-                case PKCS8_OK:
-                p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
-                if (!p8->pkey->value.octet_string ||
-                    !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string,
-                    (const void *)p, i))
-                {
-                        EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
-                }
-                else
-                        ret = 1;
-                break;
-                case PKCS8_NO_OCTET:            /* RSA specific */
-                case PKCS8_NS_DB:               /* DSA specific */
-                case PKCS8_EMBEDDED_PARAM:      /* DSA specific */
-                default:
-                        EVPerr(EVP_F_ECKEY_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
-        }
-        OPENSSL_cleanse(p, (size_t)i);
-        OPENSSL_free(p);
-        return ret;
-}
-#endif
-/* EVP_PKEY attribute functions */
-int EVP_PKEY_get_attr_count(const EVP_PKEY *key)
-{
-        return X509at_get_attr_count(key->attributes);
-}
-int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid,
-                          int lastpos)
-{
-        return X509at_get_attr_by_NID(key->attributes, nid, lastpos);
-}
-int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj,
-                          int lastpos)
-{
-        return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos);
-}
-X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc)
-{
-        return X509at_get_attr(key->attributes, loc);
-}
-X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc)
-{
-        return X509at_delete_attr(key->attributes, loc);
-}
-int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr)
-{
-        if(X509at_add1_attr(&key->attributes, attr)) return 1;
-        return 0;
-}
-int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
-                        const ASN1_OBJECT *obj, int type,
-                        const unsigned char *bytes, int len)
-{
-        if(X509at_add1_attr_by_OBJ(&key->attributes, obj,
-                                type, bytes, len)) return 1;
-        return 0;
-}
-int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
-                        int nid, int type,
-                        const unsigned char *bytes, int len)
-{
-        if(X509at_add1_attr_by_NID(&key->attributes, nid,
-                                type, bytes, len)) return 1;
-        return 0;
-}
-int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
-                        const char *attrname, int type,
-                        const unsigned char *bytes, int len)
-{
-        if(X509at_add1_attr_by_txt(&key->attributes, attrname,
-                                type, bytes, len)) return 1;
-        return 0;
-}
diff --git a/src/lib/libcrypto/evp/evp_test.c b/src/lib/libcrypto/evp/evp_test.c
new file mode 100644
index 0000000000..a624cfd248
--- /dev/null
+++ b/src/lib/libcrypto/evp/evp_test.c
@@ -0,0 +1,422 @@
+/* Written by Ben Laurie, 2001 */
+/*
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <stdio.h>
+#include <string.h>
+#include "../e_os.h"
+#include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/err.h>
+#include <openssl/conf.h>
+static void hexdump(FILE *f,const char *title,const unsigned char *s,int l)
+    {
+    int n=0;
+    fprintf(f,"%s",title);
+    for( ; n < l ; ++n)
+        {
+        if((n%16) == 0)
+            fprintf(f,"\n%04x",n);
+        fprintf(f," %02x",s[n]);
+        }
+    fprintf(f,"\n");
+    }
+static int convert(unsigned char *s)
+    {
+    unsigned char *d;
+    for(d=s ; *s ; s+=2,++d)
+        {
+        unsigned int n;
+        if(!s[1])
+            {
+            fprintf(stderr,"Odd number of hex digits!");
+            EXIT(4);
+            }
+        sscanf((char *)s,"%2x",&n);
+        *d=(unsigned char)n;
+        }
+    return s-d;
+    }
+static char *sstrsep(char **string, const char *delim)
+    {
+    char isdelim[256];
+    char *token = *string;
+    if (**string == 0)
+        return NULL;
+    memset(isdelim, 0, 256);
+    isdelim[0] = 1;
+    while (*delim)
+        {
+        isdelim[(unsigned char)(*delim)] = 1;
+        delim++;
+        }
+    while (!isdelim[(unsigned char)(**string)])
+        {
+        (*string)++;
+        }
+    if (**string)
+        {
+        **string = 0;
+        (*string)++;
+        }
+    return token;
+    }
+static unsigned char *ustrsep(char **p,const char *sep)
+    { return (unsigned char *)sstrsep(p,sep); }
+static int test1_exit(int ec)
+        {
+        EXIT(ec);
+        return(0);              /* To keep some compilers quiet */
+        }
+static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
+                  const unsigned char *iv,int in,
+                  const unsigned char *plaintext,int pn,
+                  const unsigned char *ciphertext,int cn,
+                  int encdec,int multiplier)
+    {
+    EVP_CIPHER_CTX ctx;
+    unsigned char out[4096];
+    int outl,outl2;
+    printf("Testing cipher %s%s\n",EVP_CIPHER_name(c),
+           (encdec == 1 ? "(encrypt)" : (encdec == 0 ? "(decrypt)" : "(encrypt/decrypt)")));
+    hexdump(stdout,"Key",key,kn);
+    if(in)
+        hexdump(stdout,"IV",iv,in);
+    hexdump(stdout,"Plaintext",plaintext,pn);
+    hexdump(stdout,"Ciphertext",ciphertext,cn);
+    
+    if(kn != c->key_len)
+        {
+        fprintf(stderr,"Key length doesn't match, got %d expected %d\n",kn,
+                c->key_len);
+        test1_exit(5);
+        }
+    EVP_CIPHER_CTX_init(&ctx);
+    if (encdec != 0)
+        {
+        if(!EVP_EncryptInit_ex(&ctx,c,NULL,key,iv))
+            {
+            fprintf(stderr,"EncryptInit failed\n");
+            ERR_print_errors_fp(stderr);
+            test1_exit(10);
+            }
+        EVP_CIPHER_CTX_set_padding(&ctx,0);
+        if(!EVP_EncryptUpdate(&ctx,out,&outl,plaintext,pn*multiplier))
+            {
+            fprintf(stderr,"Encrypt failed\n");
+            ERR_print_errors_fp(stderr);
+            test1_exit(6);
+            }
+        if(!EVP_EncryptFinal_ex(&ctx,out+outl,&outl2))
+            {
+            fprintf(stderr,"EncryptFinal failed\n");
+            ERR_print_errors_fp(stderr);
+            test1_exit(7);
+            }
+        if(outl+outl2 != cn*multiplier)
+            {
+            fprintf(stderr,"Ciphertext length mismatch got %d expected %d\n",
+                    outl+outl2,cn);
+            test1_exit(8);
+            }
+        if(memcmp(out,ciphertext,cn))
+            {
+            fprintf(stderr,"Ciphertext mismatch\n");
+            hexdump(stderr,"Got",out,cn);
+            hexdump(stderr,"Expected",ciphertext,cn);
+            test1_exit(9);
+            }
+        }
+    if (encdec <= 0)
+        {
+        if(!EVP_DecryptInit_ex(&ctx,c,NULL,key,iv))
+            {
+            fprintf(stderr,"DecryptInit failed\n");
+            ERR_print_errors_fp(stderr);
+            test1_exit(11);
+            }
+        EVP_CIPHER_CTX_set_padding(&ctx,0);
+        if(!EVP_DecryptUpdate(&ctx,out,&outl,ciphertext,cn*multiplier))
+            {
+            fprintf(stderr,"Decrypt failed\n");
+            ERR_print_errors_fp(stderr);
+            test1_exit(6);
+            }
+        if(!EVP_DecryptFinal_ex(&ctx,out+outl,&outl2))
+            {
+            fprintf(stderr,"DecryptFinal failed\n");
+            ERR_print_errors_fp(stderr);
+            test1_exit(7);
+            }
+        if(outl+outl2 != cn*multiplier)
+            {
+            fprintf(stderr,"Plaintext length mismatch got %d expected %d\n",
+                    outl+outl2,cn);
+            test1_exit(8);
+            }
+        if(memcmp(out,plaintext,cn))
+            {
+            fprintf(stderr,"Plaintext mismatch\n");
+            hexdump(stderr,"Got",out,cn);
+            hexdump(stderr,"Expected",plaintext,cn);
+            test1_exit(9);
+            }
+        }
+    EVP_CIPHER_CTX_cleanup(&ctx);
+    printf("\n");
+    }
+static int test_cipher(const char *cipher,const unsigned char *key,int kn,
+                       const unsigned char *iv,int in,
+                       const unsigned char *plaintext,int pn,
+                       const unsigned char *ciphertext,int cn,
+                       int encdec,int multiplier)
+    {
+    const EVP_CIPHER *c;
+    c=EVP_get_cipherbyname(cipher);
+    if(!c)
+        return 0;
+    test1(c,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec,multiplier);
+    return 1;
+    }
+static int test_digest(const char *digest,
+                       const unsigned char *plaintext,int pn,
+                       const unsigned char *ciphertext, unsigned int cn)
+    {
+    const EVP_MD *d;
+    EVP_MD_CTX ctx;
+    unsigned char md[EVP_MAX_MD_SIZE];
+    unsigned int mdn;
+    d=EVP_get_digestbyname(digest);
+    if(!d)
+        return 0;
+    printf("Testing digest %s\n",EVP_MD_name(d));
+    hexdump(stdout,"Plaintext",plaintext,pn);
+    hexdump(stdout,"Digest",ciphertext,cn);
+    EVP_MD_CTX_init(&ctx);
+    if(!EVP_DigestInit_ex(&ctx,d, NULL))
+        {
+        fprintf(stderr,"DigestInit failed\n");
+        ERR_print_errors_fp(stderr);
+        EXIT(100);
+        }
+    if(!EVP_DigestUpdate(&ctx,plaintext,pn))
+        {
+        fprintf(stderr,"DigestUpdate failed\n");
+        ERR_print_errors_fp(stderr);
+        EXIT(101);
+        }
+    if(!EVP_DigestFinal_ex(&ctx,md,&mdn))
+        {
+        fprintf(stderr,"DigestFinal failed\n");
+        ERR_print_errors_fp(stderr);
+        EXIT(101);
+        }
+    EVP_MD_CTX_cleanup(&ctx);
+    if(mdn != cn)
+        {
+        fprintf(stderr,"Digest length mismatch, got %d expected %d\n",mdn,cn);
+        EXIT(102);
+        }
+    if(memcmp(md,ciphertext,cn))
+        {
+        fprintf(stderr,"Digest mismatch\n");
+        hexdump(stderr,"Got",md,cn);
+        hexdump(stderr,"Expected",ciphertext,cn);
+        EXIT(103);
+        }
+    printf("\n");
+    EVP_MD_CTX_cleanup(&ctx);
+    return 1;
+    }
+int main(int argc,char **argv)
+    {
+    const char *szTestFile;
+    FILE *f;
+    if(argc != 2)
+        {
+        fprintf(stderr,"%s <test file>\n",argv[0]);
+        EXIT(1);
+        }
+    CRYPTO_malloc_debug_init();
+    CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+    szTestFile=argv[1];
+    f=fopen(szTestFile,"r");
+    if(!f)
+        {
+        perror(szTestFile);
+        EXIT(2);
+        }
+    /* Load up the software EVP_CIPHER and EVP_MD definitions */
+    OpenSSL_add_all_ciphers();
+    OpenSSL_add_all_digests();
+#ifndef OPENSSL_NO_ENGINE
+    /* Load all compiled-in ENGINEs */
+    ENGINE_load_builtin_engines();
+#endif
+#if 0
+    OPENSSL_config();
+#endif
+#ifndef OPENSSL_NO_ENGINE
+    /* Register all available ENGINE implementations of ciphers and digests.
+     * This could perhaps be changed to "ENGINE_register_all_complete()"? */
+    ENGINE_register_all_ciphers();
+    ENGINE_register_all_digests();
+    /* If we add command-line options, this statement should be switchable.
+     * It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use if
+     * they weren't already initialised. */
+    /* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */
+#endif
+    for( ; ; )
+        {
+        char line[4096];
+        char *p;
+        char *cipher;
+        unsigned char *iv,*key,*plaintext,*ciphertext;
+        int encdec;
+        int kn,in,pn,cn;
+        int multiplier=1;
+        if(!fgets((char *)line,sizeof line,f))
+            break;
+        if(line[0] == '#' || line[0] == '\n')
+            continue;
+        p=line;
+        cipher=sstrsep(&p,":"); 
+        key=ustrsep(&p,":");
+        iv=ustrsep(&p,":");
+        plaintext=ustrsep(&p,":");
+        ciphertext=ustrsep(&p,":");
+        if (p[-1] == '\n') {
+            p[-1] = '\0';
+            encdec = -1;
+        } else {
+            encdec = atoi(sstrsep(&p,"\n"));
+        }
+              
+        kn=convert(key);
+        in=convert(iv);
+        pn=convert(plaintext);
+        cn=convert(ciphertext);
+        if(strchr(cipher,'*'))
+            {
+            p=cipher;
+            sstrsep(&p,"*");
+            multiplier=atoi(sstrsep(&p,"*"));
+            }
+        if(!test_cipher(cipher,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec,
+                        multiplier)
+           && !test_digest(cipher,plaintext,pn,ciphertext,cn))
+            {
+            fprintf(stderr,"Can't find %s\n",cipher);
+            EXIT(3);
+            }
+        }
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_cleanup();
+#endif
+    EVP_cleanup();
+    CRYPTO_cleanup_all_ex_data();
+    ERR_remove_state(0);
+    ERR_free_strings();
+    CRYPTO_mem_leaks_fp(stderr);
+    return 0;
+    }
diff --git a/src/lib/libcrypto/evp/evptests.txt b/src/lib/libcrypto/evp/evptests.txt
new file mode 100644
index 0000000000..dfe91a5bc0
--- /dev/null
+++ b/src/lib/libcrypto/evp/evptests.txt
@@ -0,0 +1,288 @@
+#cipher:key:iv:plaintext:ciphertext:0/1(decrypt/encrypt)
+#digest:::input:output
+# SHA(1) tests (from shatest.c)
+SHA1:::616263:a9993e364706816aba3e25717850c26c9cd0d89d
+# MD5 tests (from md5test.c)
+MD5::::d41d8cd98f00b204e9800998ecf8427e
+MD5:::61:0cc175b9c0f1b6a831c399e269772661
+MD5:::616263:900150983cd24fb0d6963f7d28e17f72
+MD5:::6d65737361676520646967657374:f96b697d7cb7938d525a2f31aaf161d0
+MD5:::6162636465666768696a6b6c6d6e6f707172737475767778797a:c3fcd3d76192e4007dfb496cca67e13b
+MD5:::4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839:d174ab98d277d9f5a5611c2c9f419d9f
+MD5:::3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930:57edf4a22be3c955ac49da2e2107b67a
+# AES 128 ECB tests (from FIPS-197 test vectors, encrypt)
+AES-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:69C4E0D86A7B0430D8CDB78070B4C55A:1
+# AES 192 ECB tests (from FIPS-197 test vectors, encrypt)
+AES-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:DDA97CA4864CDFE06EAF70A0EC0D7191:1
+# AES 256 ECB tests (from FIPS-197 test vectors, encrypt)
+AES-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:8EA2B7CA516745BFEAFC49904B496089:1
+# AES 128 ECB tests (from NIST test vectors, encrypt)
+#AES-128-ECB:00000000000000000000000000000000::00000000000000000000000000000000:C34C052CC0DA8D73451AFE5F03BE297F:1
+# AES 128 ECB tests (from NIST test vectors, decrypt)
+#AES-128-ECB:00000000000000000000000000000000::44416AC2D1F53C583303917E6BE9EBE0:00000000000000000000000000000000:0
+# AES 192 ECB tests (from NIST test vectors, decrypt)
+#AES-192-ECB:000000000000000000000000000000000000000000000000::48E31E9E256718F29229319C19F15BA4:00000000000000000000000000000000:0
+# AES 256 ECB tests (from NIST test vectors, decrypt)
+#AES-256-ECB:0000000000000000000000000000000000000000000000000000000000000000::058CCFFDBBCB382D1F6F56585D8A4ADE:00000000000000000000000000000000:0
+# AES 128 CBC tests (from NIST test vectors, encrypt)
+#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:8A05FC5E095AF4848A08D328D3688E3D:1
+# AES 192 CBC tests (from NIST test vectors, encrypt)
+#AES-192-CBC:000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:7BD966D53AD8C1BB85D2ADFAE87BB104:1
+# AES 256 CBC tests (from NIST test vectors, encrypt)
+#AES-256-CBC:0000000000000000000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:FE3C53653E2F45B56FCD88B2CC898FF0:1
+# AES 128 CBC tests (from NIST test vectors, decrypt)
+#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:FACA37E0B0C85373DF706E73F7C9AF86:00000000000000000000000000000000:0
+# AES tests from NIST document SP800-38A
+# For all ECB encrypts and decrypts, the transformed sequence is
+#   AES-bits-ECB:key::plaintext:ciphertext:encdec
+# ECB-AES128.Encrypt and ECB-AES128.Decrypt
+AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:3AD77BB40D7A3660A89ECAF32466EF97
+AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:F5D3D58503B9699DE785895A96FDBAAF
+AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:43B1CD7F598ECE23881B00E3ED030688
+AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:7B0C785E27E8AD3F8223207104725DD4
+# ECB-AES192.Encrypt and ECB-AES192.Decrypt 
+AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:BD334F1D6E45F25FF712A214571FA5CC
+AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:974104846D0AD3AD7734ECB3ECEE4EEF
+AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:EF7AFD2270E2E60ADCE0BA2FACE6444E
+AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:9A4B41BA738D6C72FB16691603C18E0E
+# ECB-AES256.Encrypt and ECB-AES256.Decrypt 
+AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:F3EED1BDB5D2A03C064B5A7E3DB181F8
+AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:591CCB10D410ED26DC5BA74A31362870
+AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:B6ED21B99CA6F4F9F153E7B1BEAFED1D
+AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:23304B7A39F9F3FF067D8D8F9E24ECC7
+# For all CBC encrypts and decrypts, the transformed sequence is
+#   AES-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec
+# CBC-AES128.Encrypt and CBC-AES128.Decrypt 
+AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:7649ABAC8119B246CEE98E9B12E9197D
+AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:7649ABAC8119B246CEE98E9B12E9197D:AE2D8A571E03AC9C9EB76FAC45AF8E51:5086CB9B507219EE95DB113A917678B2
+AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:5086CB9B507219EE95DB113A917678B2:30C81C46A35CE411E5FBC1191A0A52EF:73BED6B8E3C1743B7116E69E22229516
+AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:73BED6B8E3C1743B7116E69E22229516:F69F2445DF4F9B17AD2B417BE66C3710:3FF1CAA1681FAC09120ECA307586E1A7
+# CBC-AES192.Encrypt and CBC-AES192.Decrypt 
+AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:4F021DB243BC633D7178183A9FA071E8
+AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:4F021DB243BC633D7178183A9FA071E8:AE2D8A571E03AC9C9EB76FAC45AF8E51:B4D9ADA9AD7DEDF4E5E738763F69145A
+AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:B4D9ADA9AD7DEDF4E5E738763F69145A:30C81C46A35CE411E5FBC1191A0A52EF:571B242012FB7AE07FA9BAAC3DF102E0
+AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:571B242012FB7AE07FA9BAAC3DF102E0:F69F2445DF4F9B17AD2B417BE66C3710:08B0E27988598881D920A9E64F5615CD
+# CBC-AES256.Encrypt and CBC-AES256.Decrypt 
+AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:F58C4C04D6E5F1BA779EABFB5F7BFBD6
+AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:F58C4C04D6E5F1BA779EABFB5F7BFBD6:AE2D8A571E03AC9C9EB76FAC45AF8E51:9CFC4E967EDB808D679F777BC6702C7D
+AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:9CFC4E967EDB808D679F777BC6702C7D:30C81C46A35CE411E5FBC1191A0A52EF:39F23369A9D9BACFA530E26304231461
+AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39F23369A9D9BACFA530E26304231461:F69F2445DF4F9B17AD2B417BE66C3710:B2EB05E2C39BE9FCDA6C19078C6A9D1B
+# CFB1-AES128.Encrypt
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:00:00:1
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:00020406080a0c0e10121416181a1c1e:80:80:1
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0004080c1014181c2024282c3034383d:80:80:1
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0008101820283038404850586068707b:00:00:1
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:00102030405060708090a0b0c0d0e0f6:80:80:1
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0020406080a0c0e10121416181a1c1ed:00:00:1
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:004080c1014181c2024282c3034383da:80:00:1
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:008101820283038404850586068707b4:80:00:1
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0102030405060708090a0b0c0d0e0f68:80:80:1
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:020406080a0c0e10121416181a1c1ed1:80:00:1
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:04080c1014181c2024282c3034383da2:00:80:1
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:08101820283038404850586068707b45:00:80:1
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:102030405060708090a0b0c0d0e0f68b:00:00:1
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:20406080a0c0e10121416181a1c1ed16:00:00:1
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:4080c1014181c2024282c3034383da2c:00:80:1
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:8101820283038404850586068707b459:80:80:1
+# all of the above packed into one...
+# in: 0110 1011 1100 0001 = 6bc1
+# out: 0110 1000 1011 0011 = 68b3
+AES-128-CFB1*8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6bc1:68b3:1
+# CFB1-AES128.Decrypt
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:00:00:0
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:00020406080a0c0e10121416181a1c1e:80:80:0
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0004080c1014181c2024282c3034383d:80:80:0
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0008101820283038404850586068707b:00:00:0
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:00102030405060708090a0b0c0d0e0f6:80:80:0
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0020406080a0c0e10121416181a1c1ed:00:00:0
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:004080c1014181c2024282c3034383da:80:00:0
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:008101820283038404850586068707b4:80:00:0
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:0102030405060708090a0b0c0d0e0f68:80:80:0
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:020406080a0c0e10121416181a1c1ed1:80:00:0
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:04080c1014181c2024282c3034383da2:00:80:0
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:08101820283038404850586068707b45:00:80:0
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:102030405060708090a0b0c0d0e0f68b:00:00:0
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:20406080a0c0e10121416181a1c1ed16:00:00:0
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:4080c1014181c2024282c3034383da2c:00:80:0
+AES-128-CFB1:2b7e151628aed2a6abf7158809cf4f3c:8101820283038404850586068707b459:80:80:0
+# all of the above packed into one...
+# in: 0110 1000 1011 0011 = 68b3
+# out: 0110 1011 1100 0001 = 6bc1
+AES-128-CFB1*8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6bc1:68b3:0
+# TODO: CFB1-AES192 and 256
+# CFB8-AES128.Encrypt
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6b:3b:1
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0102030405060708090a0b0c0d0e0f3b:c1:79:1
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:02030405060708090a0b0c0d0e0f3b79:be:42:1
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:030405060708090a0b0c0d0e0f3b7942:e2:4c:1
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0405060708090a0b0c0d0e0f3b79424c:2e:9c:1
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:05060708090a0b0c0d0e0f3b79424c9c:40:0d:1
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:060708090a0b0c0d0e0f3b79424c9c0d:9f:d4:1
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0708090a0b0c0d0e0f3b79424c9c0dd4:96:36:1
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:08090a0b0c0d0e0f3b79424c9c0dd436:e9:ba:1
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:090a0b0c0d0e0f3b79424c9c0dd436ba:3d:ce:1
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0a0b0c0d0e0f3b79424c9c0dd436bace:7e:9e:1
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0b0c0d0e0f3b79424c9c0dd436bace9e:11:0e:1
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0c0d0e0f3b79424c9c0dd436bace9e0e:73:d4:1
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0d0e0f3b79424c9c0dd436bace9e0ed4:93:58:1
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0e0f3b79424c9c0dd436bace9e0ed458:17:6a:1
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0f3b79424c9c0dd436bace9e0ed4586a:2a:4f:1
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:3b79424c9c0dd436bace9e0ed4586a4f:ae:32:1
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:79424c9c0dd436bace9e0ed4586a4f32:2d:b9:1
+# all of the above packed into one
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6bc1bee22e409f96e93d7e117393172aae2d:3b79424c9c0dd436bace9e0ed4586a4f32b9:1
+# CFB8-AES128.Decrypt
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6b:3b:0
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0102030405060708090a0b0c0d0e0f3b:c1:79:0
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:02030405060708090a0b0c0d0e0f3b79:be:42:0
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:030405060708090a0b0c0d0e0f3b7942:e2:4c:0
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0405060708090a0b0c0d0e0f3b79424c:2e:9c:0
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:05060708090a0b0c0d0e0f3b79424c9c:40:0d:0
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:060708090a0b0c0d0e0f3b79424c9c0d:9f:d4:0
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0708090a0b0c0d0e0f3b79424c9c0dd4:96:36:0
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:08090a0b0c0d0e0f3b79424c9c0dd436:e9:ba:0
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:090a0b0c0d0e0f3b79424c9c0dd436ba:3d:ce:0
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0a0b0c0d0e0f3b79424c9c0dd436bace:7e:9e:0
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0b0c0d0e0f3b79424c9c0dd436bace9e:11:0e:0
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0c0d0e0f3b79424c9c0dd436bace9e0e:73:d4:0
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0d0e0f3b79424c9c0dd436bace9e0ed4:93:58:0
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0e0f3b79424c9c0dd436bace9e0ed458:17:6a:0
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:0f3b79424c9c0dd436bace9e0ed4586a:2a:4f:0
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:3b79424c9c0dd436bace9e0ed4586a4f:ae:32:0
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:79424c9c0dd436bace9e0ed4586a4f32:2d:b9:0
+# all of the above packed into one
+AES-128-CFB8:2b7e151628aed2a6abf7158809cf4f3c:000102030405060708090a0b0c0d0e0f:6bc1bee22e409f96e93d7e117393172aae2d:3b79424c9c0dd436bace9e0ed4586a4f32b9:0
+# TODO: 192 and 256 bit keys
+# For all CFB128 encrypts and decrypts, the transformed sequence is
+#   AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec
+# CFB128-AES128.Encrypt 
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:1
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:1
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:1
+# CFB128-AES128.Decrypt 
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:0
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:0
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:0
+# CFB128-AES192.Encrypt
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:1
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:1
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:1
+# CFB128-AES192.Decrypt
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:0
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:0
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:0
+# CFB128-AES256.Encrypt 
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:1
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:1
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:1
+# CFB128-AES256.Decrypt 
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:0
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:0
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:0
+# For all OFB encrypts and decrypts, the transformed sequence is
+#   AES-bits-CFB:key:IV/output':plaintext:ciphertext:encdec
+# OFB-AES128.Encrypt 
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1 
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:1 
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:1 
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:1 
+# OFB-AES128.Decrypt 
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:0
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:0
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:0
+# OFB-AES192.Encrypt 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:1 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:1 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:1 
+# OFB-AES192.Decrypt 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:0 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:0 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:0 
+# OFB-AES256.Encrypt 
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:1
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:1
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:1
+# OFB-AES256.Decrypt 
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:0
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:0
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:0
+# DES ECB tests (from destest)
+DES-ECB:0000000000000000::0000000000000000:8CA64DE9C1B123A7
+DES-ECB:FFFFFFFFFFFFFFFF::FFFFFFFFFFFFFFFF:7359B2163E4EDC58
+DES-ECB:3000000000000000::1000000000000001:958E6E627A05557B
+DES-ECB:1111111111111111::1111111111111111:F40379AB9E0EC533
+DES-ECB:0123456789ABCDEF::1111111111111111:17668DFC7292532D
+DES-ECB:1111111111111111::0123456789ABCDEF:8A5AE1F81AB8F2DD
+DES-ECB:FEDCBA9876543210::0123456789ABCDEF:ED39D950FA74BCC4
+# DESX-CBC tests (from destest)
+DESX-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:846B2914851E9A2954732F8AA0A611C115CDC2D7951B1053A63C5E03B21AA3C4
+# DES EDE3 CBC tests (from destest)
+DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675
+# DES CFB1 from FIPS 81
+# plaintext: 0100 1110 0110 1111 0111 0111 = 4e6f77
+# ciphertext: 1100 1101 0001 1110 1100 1001 = cd1ec9
+DES-CFB1*8:0123456789abcdef:1234567890abcdef:4e6f77:cd1ec9
+# DES CFB8 from FIPS 81
+DES-CFB8:0123456789abcdef:1234567890abcdef:4e6f7720697320746865:f31fda07011462ee187f
+# RC4 tests (from rc4test)
+RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596
+RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879
+RC4:00000000000000000000000000000000::0000000000000000:de188941a3375d3a
+RC4:ef012345ef012345ef012345ef012345::0000000000000000000000000000000000000000:d6a141a7ec3c38dfbd615a1162e1c7ba36b67858
+RC4:0123456789abcdef0123456789abcdef::123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678:66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf
+RC4:ef012345ef012345ef012345ef012345::00000000000000000000:d6a141a7ec3c38dfbd61
diff --git a/src/lib/libcrypto/evp/m_dss.c b/src/lib/libcrypto/evp/m_dss.c
index a948c77fa4..d393eb3400 100644
--- a/src/lib/libcrypto/evp/m_dss.c
+++ b/src/lib/libcrypto/evp/m_dss.c
@@ -61,16 +61,12 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
 #ifndef OPENSSL_NO_SHA
 static int init(EVP_MD_CTX *ctx)
        { return SHA1_Init(ctx->md_data); }
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
        { return SHA1_Update(ctx->md_data,data,count); }
 static int final(EVP_MD_CTX *ctx,unsigned char *md)
@@ -81,7 +77,7 @@ static const EVP_MD dsa_md=
        NID_dsaWithSHA,
        NID_dsaWithSHA,
        SHA_DIGEST_LENGTH,
-        0,
+        EVP_MD_FLAG_FIPS,
        init,
        update,
        final,
diff --git a/src/lib/libcrypto/evp/m_dss1.c b/src/lib/libcrypto/evp/m_dss1.c
index c12e13972b..23b90d0538 100644
--- a/src/lib/libcrypto/evp/m_dss1.c
+++ b/src/lib/libcrypto/evp/m_dss1.c
@@ -56,23 +56,25 @@
 * [including the GNU Public Licence.]
 */
+#ifndef OPENSSL_NO_SHA
 #include <stdio.h>
 #include "cryptlib.h"
-#ifndef OPENSSL_NO_SHA
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
 static int init(EVP_MD_CTX *ctx)
        { return SHA1_Init(ctx->md_data); }
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+#ifndef OPENSSL_FIPS
        { return SHA1_Update(ctx->md_data,data,count); }
+#else
+        {
+        OPENSSL_assert(sizeof(count)<=sizeof(size_t));
+        return SHA1_Update(ctx->md_data,data,count);
+        }
+#endif
 static int final(EVP_MD_CTX *ctx,unsigned char *md)
        { return SHA1_Final(md,ctx->md_data); }
@@ -82,7 +84,7 @@ static const EVP_MD dss1_md=
        NID_dsa,
        NID_dsaWithSHA1,
        SHA_DIGEST_LENGTH,
-        0,
+        EVP_MD_FLAG_FIPS,
        init,
        update,
        final,
diff --git a/src/lib/libcrypto/evp/m_md2.c b/src/lib/libcrypto/evp/m_md2.c
new file mode 100644
index 0000000000..0df48e5199
--- /dev/null
+++ b/src/lib/libcrypto/evp/m_md2.c
@@ -0,0 +1,97 @@
+/* crypto/evp/m_md2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef OPENSSL_NO_MD2
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include "evp_locl.h"
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/md2.h>
+static int init(EVP_MD_CTX *ctx)
+        { return MD2_Init(ctx->md_data); }
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+        { return MD2_Update(ctx->md_data,data,count); }
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+        { return MD2_Final(md,ctx->md_data); }
+static const EVP_MD md2_md=
+        {
+        NID_md2,
+        NID_md2WithRSAEncryption,
+        MD2_DIGEST_LENGTH,
+        0,
+        init,
+        update,
+        final,
+        NULL,
+        NULL,
+        EVP_PKEY_RSA_method,
+        MD2_BLOCK,
+        sizeof(EVP_MD *)+sizeof(MD2_CTX),
+        };
+const EVP_MD *EVP_md2(void)
+        {
+        return(&md2_md);
+        }
+#endif
diff --git a/src/lib/libcrypto/evp/m_md4.c b/src/lib/libcrypto/evp/m_md4.c
index 1e0b7c5b42..0605e4b707 100644
--- a/src/lib/libcrypto/evp/m_md4.c
+++ b/src/lib/libcrypto/evp/m_md4.c
@@ -56,23 +56,19 @@
 * [including the GNU Public Licence.]
 */
+#ifndef OPENSSL_NO_MD4
 #include <stdio.h>
 #include "cryptlib.h"
-#ifndef OPENSSL_NO_MD4
 #include <openssl/evp.h>
+#include "evp_locl.h"
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/md4.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
 static int init(EVP_MD_CTX *ctx)
        { return MD4_Init(ctx->md_data); }
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
        { return MD4_Update(ctx->md_data,data,count); }
 static int final(EVP_MD_CTX *ctx,unsigned char *md)
diff --git a/src/lib/libcrypto/evp/m_md5.c b/src/lib/libcrypto/evp/m_md5.c
index 63c142119e..752615d473 100644
--- a/src/lib/libcrypto/evp/m_md5.c
+++ b/src/lib/libcrypto/evp/m_md5.c
@@ -56,23 +56,19 @@
 * [including the GNU Public Licence.]
 */
+#ifndef OPENSSL_NO_MD5
 #include <stdio.h>
 #include "cryptlib.h"
-#ifndef OPENSSL_NO_MD5
 #include <openssl/evp.h>
+#include "evp_locl.h"
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/md5.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
 static int init(EVP_MD_CTX *ctx)
        { return MD5_Init(ctx->md_data); }
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
        { return MD5_Update(ctx->md_data,data,count); }
 static int final(EVP_MD_CTX *ctx,unsigned char *md)
diff --git a/src/lib/libcrypto/evp/m_mdc2.c b/src/lib/libcrypto/evp/m_mdc2.c
new file mode 100644
index 0000000000..62de1336b8
--- /dev/null
+++ b/src/lib/libcrypto/evp/m_mdc2.c
@@ -0,0 +1,97 @@
+/* crypto/evp/m_mdc2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef OPENSSL_NO_MDC2
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include "evp_locl.h"
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/mdc2.h>
+static int init(EVP_MD_CTX *ctx)
+        { return MDC2_Init(ctx->md_data); }
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+        { return MDC2_Update(ctx->md_data,data,count); }
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+        { return MDC2_Final(md,ctx->md_data); }
+static const EVP_MD mdc2_md=
+        {
+        NID_mdc2,
+        NID_mdc2WithRSA,
+        MDC2_DIGEST_LENGTH,
+        0,
+        init,
+        update,
+        final,
+        NULL,
+        NULL,
+        EVP_PKEY_RSA_ASN1_OCTET_STRING_method,
+        MDC2_BLOCK,
+        sizeof(EVP_MD *)+sizeof(MDC2_CTX),
+        };
+const EVP_MD *EVP_mdc2(void)
+        {
+        return(&mdc2_md);
+        }
+#endif
diff --git a/src/lib/libcrypto/evp/m_null.c b/src/lib/libcrypto/evp/m_null.c
index cb0721699d..f6f0a1d2c0 100644
--- a/src/lib/libcrypto/evp/m_null.c
+++ b/src/lib/libcrypto/evp/m_null.c
@@ -65,7 +65,7 @@
 static int init(EVP_MD_CTX *ctx)
        { return 1; }
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
        { return 1; }
 static int final(EVP_MD_CTX *ctx,unsigned char *md)
diff --git a/src/lib/libcrypto/evp/m_ripemd.c b/src/lib/libcrypto/evp/m_ripemd.c
index a1d60ee78d..64725528dc 100644
--- a/src/lib/libcrypto/evp/m_ripemd.c
+++ b/src/lib/libcrypto/evp/m_ripemd.c
@@ -56,23 +56,18 @@
 * [including the GNU Public Licence.]
 */
+#ifndef OPENSSL_NO_RIPEMD
 #include <stdio.h>
 #include "cryptlib.h"
-#ifndef OPENSSL_NO_RIPEMD
 #include <openssl/ripemd.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
 static int init(EVP_MD_CTX *ctx)
        { return RIPEMD160_Init(ctx->md_data); }
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
        { return RIPEMD160_Update(ctx->md_data,data,count); }
 static int final(EVP_MD_CTX *ctx,unsigned char *md)
diff --git a/src/lib/libcrypto/evp/m_sha.c b/src/lib/libcrypto/evp/m_sha.c
new file mode 100644
index 0000000000..ed54909b16
--- /dev/null
+++ b/src/lib/libcrypto/evp/m_sha.c
@@ -0,0 +1,99 @@
+/* crypto/evp/m_sha.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
+#include <stdio.h>
+#include "cryptlib.h"
+/* Including sha.h prior evp.h masks FIPS SHA declarations, but that's
+ * exactly what we want to achieve here... */
+#include <openssl/sha.h>
+#include <openssl/evp.h>
+#include "evp_locl.h"
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+static int init(EVP_MD_CTX *ctx)
+        { return SHA_Init(ctx->md_data); }
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+        { return SHA_Update(ctx->md_data,data,count); }
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+        { return SHA_Final(md,ctx->md_data); }
+static const EVP_MD sha_md=
+        {
+        NID_sha,
+        NID_shaWithRSAEncryption,
+        SHA_DIGEST_LENGTH,
+        0,
+        init,
+        update,
+        final,
+        NULL,
+        NULL,
+        EVP_PKEY_RSA_method,
+        SHA_CBLOCK,
+        sizeof(EVP_MD *)+sizeof(SHA_CTX),
+        };
+const EVP_MD *EVP_sha(void)
+        {
+        return(&sha_md);
+        }
+#endif
diff --git a/src/lib/libcrypto/evp/m_sha1.c b/src/lib/libcrypto/evp/m_sha1.c
index 4679b1c463..60da93873c 100644
--- a/src/lib/libcrypto/evp/m_sha1.c
+++ b/src/lib/libcrypto/evp/m_sha1.c
@@ -56,23 +56,25 @@
 * [including the GNU Public Licence.]
 */
+#ifndef OPENSSL_NO_SHA
 #include <stdio.h>
 #include "cryptlib.h"
-#ifndef OPENSSL_NO_SHA
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
 static int init(EVP_MD_CTX *ctx)
        { return SHA1_Init(ctx->md_data); }
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+#ifndef OPENSSL_FIPS
        { return SHA1_Update(ctx->md_data,data,count); }
+#else
+        {
+        OPENSSL_assert(sizeof(count)<=sizeof(size_t));
+        return SHA1_Update(ctx->md_data,data,count);
+        }
+#endif
 static int final(EVP_MD_CTX *ctx,unsigned char *md)
        { return SHA1_Final(md,ctx->md_data); }
@@ -82,7 +84,7 @@ static const EVP_MD sha1_md=
        NID_sha1,
        NID_sha1WithRSAEncryption,
        SHA_DIGEST_LENGTH,
-        0,
+        EVP_MD_FLAG_FIPS,
        init,
        update,
        final,
@@ -99,6 +101,7 @@ const EVP_MD *EVP_sha1(void)
        }
 #endif
+#ifdef OPENSSL_FIPS
 #ifndef OPENSSL_NO_SHA256
 static int init224(EVP_MD_CTX *ctx)
        { return SHA224_Init(ctx->md_data); }
@@ -109,8 +112,11 @@ static int init256(EVP_MD_CTX *ctx)
 * SHA256 functions even in SHA224 context. This is what happens
 * there anyway, so we can spare few CPU cycles:-)
 */
-static int update256(EVP_MD_CTX *ctx,const void *data,size_t count)
+static int update256(EVP_MD_CTX *ctx,const void *data,unsigned long count)
-        { return SHA256_Update(ctx->md_data,data,count); }
+        {
+        OPENSSL_assert(sizeof(count)<=sizeof(size_t));
+        return SHA256_Update(ctx->md_data,data,count);
+        }
 static int final256(EVP_MD_CTX *ctx,unsigned char *md)
        { return SHA256_Final(md,ctx->md_data); }
@@ -119,7 +125,7 @@ static const EVP_MD sha224_md=
        NID_sha224,
        NID_sha224WithRSAEncryption,
        SHA224_DIGEST_LENGTH,
-        0,
+        EVP_MD_FLAG_FIPS,
        init224,
        update256,
        final256,
@@ -138,7 +144,7 @@ static const EVP_MD sha256_md=
        NID_sha256,
        NID_sha256WithRSAEncryption,
        SHA256_DIGEST_LENGTH,
-        0,
+        EVP_MD_FLAG_FIPS,
        init256,
        update256,
        final256,
@@ -151,7 +157,7 @@ static const EVP_MD sha256_md=
 const EVP_MD *EVP_sha256(void)
        { return(&sha256_md); }
-#endif  /* ifndef OPENSSL_NO_SHA256 */
+#endif /* ifndef OPENSSL_NO_SHA256 */
 #ifndef OPENSSL_NO_SHA512
 static int init384(EVP_MD_CTX *ctx)
@@ -159,8 +165,11 @@ static int init384(EVP_MD_CTX *ctx)
 static int init512(EVP_MD_CTX *ctx)
        { return SHA512_Init(ctx->md_data); }
 /* See comment in SHA224/256 section */
-static int update512(EVP_MD_CTX *ctx,const void *data,size_t count)
+static int update512(EVP_MD_CTX *ctx,const void *data,unsigned long count)
-        { return SHA512_Update(ctx->md_data,data,count); }
+        {
+        OPENSSL_assert(sizeof(count)<=sizeof(size_t));
+        return SHA512_Update(ctx->md_data,data,count);
+        }
 static int final512(EVP_MD_CTX *ctx,unsigned char *md)
        { return SHA512_Final(md,ctx->md_data); }
@@ -169,7 +178,7 @@ static const EVP_MD sha384_md=
        NID_sha384,
        NID_sha384WithRSAEncryption,
        SHA384_DIGEST_LENGTH,
-        0,
+        EVP_MD_FLAG_FIPS,
        init384,
        update512,
        final512,
@@ -188,7 +197,7 @@ static const EVP_MD sha512_md=
        NID_sha512,
        NID_sha512WithRSAEncryption,
        SHA512_DIGEST_LENGTH,
-        0,
+        EVP_MD_FLAG_FIPS,
        init512,
        update512,
        final512,
@@ -201,4 +210,5 @@ static const EVP_MD sha512_md=
 const EVP_MD *EVP_sha512(void)
        { return(&sha512_md); }
-#endif  /* ifndef OPENSSL_NO_SHA512 */
+#endif /* ifndef OPENSSL_NO_SHA512 */
+#endif /* ifdef OPENSSL_FIPS */
diff --git a/src/lib/libcrypto/evp/names.c b/src/lib/libcrypto/evp/names.c
index 88c1e780dd..7712453046 100644
--- a/src/lib/libcrypto/evp/names.c
+++ b/src/lib/libcrypto/evp/names.c
@@ -61,14 +61,17 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 int EVP_add_cipher(const EVP_CIPHER *c)
        {
        int r;
-        r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);
+        r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(char *)c);
        if (r == 0) return(0);
-        r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);
+        r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(char *)c);
        return(r);
        }
@@ -78,9 +81,9 @@ int EVP_add_digest(const EVP_MD *md)
        const char *name;
        name=OBJ_nid2sn(md->type);
-        r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md);
+        r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(char *)md);
        if (r == 0) return(0);
-        r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(const char *)md);
+        r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(char *)md);
        if (r == 0) return(0);
        if (md->type != md->pkey_type)
diff --git a/src/lib/libcrypto/evp/openbsd_hw.c b/src/lib/libcrypto/evp/openbsd_hw.c
new file mode 100644
index 0000000000..3831a5731e
--- /dev/null
+++ b/src/lib/libcrypto/evp/openbsd_hw.c
@@ -0,0 +1,446 @@
+/* Written by Ben Laurie, 2001 */
+/*
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/rsa.h>
+#include "evp_locl.h"
+/* This stuff should now all be supported through
+ * crypto/engine/hw_openbsd_dev_crypto.c unless I botched it up */
+static void *dummy=&dummy;
+#if 0
+/* check flag after OpenSSL headers to ensure make depend works */
+#ifdef OPENSSL_OPENBSD_DEV_CRYPTO
+#include <fcntl.h>
+#include <stdio.h>
+#include <errno.h>
+#include <sys/ioctl.h>
+#include <crypto/cryptodev.h>
+#include <unistd.h>
+#include <assert.h>
+/* longest key supported in hardware */
+#define MAX_HW_KEY      24
+#define MAX_HW_IV       8
+#define MD5_DIGEST_LENGTH       16
+#define MD5_CBLOCK              64
+static int fd;
+static int dev_failed;
+typedef struct session_op session_op;
+#define CDATA(ctx) EVP_C_DATA(session_op,ctx)
+static void err(const char *str)
+    {
+    fprintf(stderr,"%s: errno %d\n",str,errno);
+    }
+static int dev_crypto_init(session_op *ses)
+    {
+    if(dev_failed)
+        return 0;
+    if(!fd)
+        {
+        int cryptodev_fd;
+        if ((cryptodev_fd=open("/dev/crypto",O_RDWR,0)) < 0)
+            {
+            err("/dev/crypto");
+            dev_failed=1;
+            return 0;
+            }
+        if (ioctl(cryptodev_fd,CRIOGET,&fd) == -1)
+            {
+            err("CRIOGET failed");
+            close(cryptodev_fd);
+            dev_failed=1;
+            return 0;
+            }
+        close(cryptodev_fd);
+        }
+    assert(ses);
+    memset(ses,'\0',sizeof *ses);
+    return 1;
+    }
+static int dev_crypto_cleanup(EVP_CIPHER_CTX *ctx)
+    {
+    if(ioctl(fd,CIOCFSESSION,&CDATA(ctx)->ses) == -1)
+        err("CIOCFSESSION failed");
+    OPENSSL_free(CDATA(ctx)->key);
+    return 1;
+    }
+static int dev_crypto_init_key(EVP_CIPHER_CTX *ctx,int cipher,
+                               const unsigned char *key,int klen)
+    {
+    if(!dev_crypto_init(CDATA(ctx)))
+        return 0;
+    CDATA(ctx)->key=OPENSSL_malloc(MAX_HW_KEY);
+    assert(ctx->cipher->iv_len <= MAX_HW_IV);
+    memcpy(CDATA(ctx)->key,key,klen);
+    
+    CDATA(ctx)->cipher=cipher;
+    CDATA(ctx)->keylen=klen;
+    if (ioctl(fd,CIOCGSESSION,CDATA(ctx)) == -1)
+        {
+        err("CIOCGSESSION failed");
+        return 0;
+        }
+    return 1;
+    }
+static int dev_crypto_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
+                             const unsigned char *in,unsigned int inl)
+    {
+    struct crypt_op cryp;
+    unsigned char lb[MAX_HW_IV];
+    if(!inl)
+        return 1;
+    assert(CDATA(ctx));
+    assert(!dev_failed);
+    memset(&cryp,'\0',sizeof cryp);
+    cryp.ses=CDATA(ctx)->ses;
+    cryp.op=ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+    cryp.flags=0;
+    cryp.len=inl;
+    assert((inl&(ctx->cipher->block_size-1)) == 0);
+    cryp.src=(caddr_t)in;
+    cryp.dst=(caddr_t)out;
+    cryp.mac=0;
+    if(ctx->cipher->iv_len)
+        cryp.iv=(caddr_t)ctx->iv;
+    if(!ctx->encrypt)
+        memcpy(lb,&in[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len);
+    if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
+        {
+        if(errno == EINVAL) /* buffers are misaligned */
+            {
+            unsigned int cinl=0;
+            char *cin=NULL;
+            char *cout=NULL;
+            /* NB: this can only make cinl != inl with stream ciphers */
+            cinl=(inl+3)/4*4;
+            if(((unsigned long)in&3) || cinl != inl)
+                {
+                cin=OPENSSL_malloc(cinl);
+                memcpy(cin,in,inl);
+                cryp.src=cin;
+                }
+            if(((unsigned long)out&3) || cinl != inl)
+                {
+                cout=OPENSSL_malloc(cinl);
+                cryp.dst=cout;
+                }
+            cryp.len=cinl;
+            if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
+                {
+                err("CIOCCRYPT(2) failed");
+                printf("src=%p dst=%p\n",cryp.src,cryp.dst);
+                abort();
+                return 0;
+                }
+                
+            if(cout)
+                {
+                memcpy(out,cout,inl);
+                OPENSSL_free(cout);
+                }
+            if(cin)
+                OPENSSL_free(cin);
+            }
+        else 
+            {       
+            err("CIOCCRYPT failed");
+            abort();
+            return 0;
+            }
+        }
+    if(ctx->encrypt)
+        memcpy(ctx->iv,&out[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len);
+    else
+        memcpy(ctx->iv,lb,ctx->cipher->iv_len);
+    return 1;
+    }
+static int dev_crypto_des_ede3_init_key(EVP_CIPHER_CTX *ctx,
+                                        const unsigned char *key,
+                                        const unsigned char *iv, int enc)
+    { return dev_crypto_init_key(ctx,CRYPTO_3DES_CBC,key,24); }
+#define dev_crypto_des_ede3_cbc_cipher dev_crypto_cipher
+BLOCK_CIPHER_def_cbc(dev_crypto_des_ede3, session_op, NID_des_ede3, 8, 24, 8,
+                     0, dev_crypto_des_ede3_init_key,
+                     dev_crypto_cleanup, 
+                     EVP_CIPHER_set_asn1_iv,
+                     EVP_CIPHER_get_asn1_iv,
+                     NULL)
+static int dev_crypto_rc4_init_key(EVP_CIPHER_CTX *ctx,
+                                        const unsigned char *key,
+                                        const unsigned char *iv, int enc)
+    { return dev_crypto_init_key(ctx,CRYPTO_ARC4,key,16); }
+static const EVP_CIPHER r4_cipher=
+    {
+    NID_rc4,
+    1,16,0,     /* FIXME: key should be up to 256 bytes */
+    EVP_CIPH_VARIABLE_LENGTH,
+    dev_crypto_rc4_init_key,
+    dev_crypto_cipher,
+    dev_crypto_cleanup,
+    sizeof(session_op),
+    NULL,
+    NULL,
+    NULL
+    };
+const EVP_CIPHER *EVP_dev_crypto_rc4(void)
+    { return &r4_cipher; }
+typedef struct
+    {
+    session_op sess;
+    char *data;
+    int len;
+    unsigned char md[EVP_MAX_MD_SIZE];
+    } MD_DATA;
+static int dev_crypto_init_digest(MD_DATA *md_data,int mac)
+    {
+    if(!dev_crypto_init(&md_data->sess))
+        return 0;
+    md_data->len=0;
+    md_data->data=NULL;
+    md_data->sess.mac=mac;
+    if (ioctl(fd,CIOCGSESSION,&md_data->sess) == -1)
+        {
+        err("CIOCGSESSION failed");
+        return 0;
+        }
+    return 1;
+    }
+static int dev_crypto_cleanup_digest(MD_DATA *md_data)
+    {
+    if (ioctl(fd,CIOCFSESSION,&md_data->sess.ses) == -1)
+        {
+        err("CIOCFSESSION failed");
+        return 0;
+        }
+    return 1;
+    }
+/* FIXME: if device can do chained MACs, then don't accumulate */
+/* FIXME: move accumulation to the framework */
+static int dev_crypto_md5_init(EVP_MD_CTX *ctx)
+    { return dev_crypto_init_digest(ctx->md_data,CRYPTO_MD5); }
+static int do_digest(int ses,unsigned char *md,const void *data,int len)
+    {
+    struct crypt_op cryp;
+    static unsigned char md5zero[16]=
+        {
+        0xd4,0x1d,0x8c,0xd9,0x8f,0x00,0xb2,0x04,
+        0xe9,0x80,0x09,0x98,0xec,0xf8,0x42,0x7e
+        };
+    /* some cards can't do zero length */
+    if(!len)
+        {
+        memcpy(md,md5zero,16);
+        return 1;
+        }
+    memset(&cryp,'\0',sizeof cryp);
+    cryp.ses=ses;
+    cryp.op=COP_ENCRYPT;/* required to do the MAC rather than check it */
+    cryp.len=len;
+    cryp.src=(caddr_t)data;
+    cryp.dst=(caddr_t)data; // FIXME!!!
+    cryp.mac=(caddr_t)md;
+    if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
+        {
+        if(errno == EINVAL) /* buffer is misaligned */
+            {
+            char *dcopy;
+            dcopy=OPENSSL_malloc(len);
+            memcpy(dcopy,data,len);
+            cryp.src=dcopy;
+            cryp.dst=cryp.src; // FIXME!!!
+            if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
+                {
+                err("CIOCCRYPT(MAC2) failed");
+                abort();
+                return 0;
+                }
+            OPENSSL_free(dcopy);
+            }
+        else
+            {
+            err("CIOCCRYPT(MAC) failed");
+            abort();
+            return 0;
+            }
+        }
+    //    printf("done\n");
+    return 1;
+    }
+static int dev_crypto_md5_update(EVP_MD_CTX *ctx,const void *data,
+                                 unsigned long len)
+    {
+    MD_DATA *md_data=ctx->md_data;
+    if(ctx->flags&EVP_MD_CTX_FLAG_ONESHOT)
+        return do_digest(md_data->sess.ses,md_data->md,data,len);
+    md_data->data=OPENSSL_realloc(md_data->data,md_data->len+len);
+    memcpy(md_data->data+md_data->len,data,len);
+    md_data->len+=len;
+    return 1;
+    }   
+static int dev_crypto_md5_final(EVP_MD_CTX *ctx,unsigned char *md)
+    {
+    int ret;
+    MD_DATA *md_data=ctx->md_data;
+    if(ctx->flags&EVP_MD_CTX_FLAG_ONESHOT)
+        {
+        memcpy(md,md_data->md,MD5_DIGEST_LENGTH);
+        ret=1;
+        }
+    else
+        {
+        ret=do_digest(md_data->sess.ses,md,md_data->data,md_data->len);
+        OPENSSL_free(md_data->data);
+        md_data->data=NULL;
+        md_data->len=0;
+        }
+    return ret;
+    }
+static int dev_crypto_md5_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
+    {
+    const MD_DATA *from_md=from->md_data;
+    MD_DATA *to_md=to->md_data;
+    // How do we copy sessions?
+    assert(from->digest->flags&EVP_MD_FLAG_ONESHOT);
+    to_md->data=OPENSSL_malloc(from_md->len);
+    memcpy(to_md->data,from_md->data,from_md->len);
+    return 1;
+    }
+static int dev_crypto_md5_cleanup(EVP_MD_CTX *ctx)
+    {
+    return dev_crypto_cleanup_digest(ctx->md_data);
+    }
+static const EVP_MD md5_md=
+    {
+    NID_md5,
+    NID_md5WithRSAEncryption,
+    MD5_DIGEST_LENGTH,
+    EVP_MD_FLAG_ONESHOT,        // XXX: set according to device info...
+    dev_crypto_md5_init,
+    dev_crypto_md5_update,
+    dev_crypto_md5_final,
+    dev_crypto_md5_copy,
+    dev_crypto_md5_cleanup,
+    EVP_PKEY_RSA_method,
+    MD5_CBLOCK,
+    sizeof(MD_DATA),
+    };
+const EVP_MD *EVP_dev_crypto_md5(void)
+    { return &md5_md; }
+#endif
+#endif
diff --git a/src/lib/libcrypto/evp/p5_crpt.c b/src/lib/libcrypto/evp/p5_crpt.c
index 48d50014a0..a1874e83b2 100644
--- a/src/lib/libcrypto/evp/p5_crpt.c
+++ b/src/lib/libcrypto/evp/p5_crpt.c
@@ -110,18 +110,12 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
        int i;
        PBEPARAM *pbe;
        int saltlen, iter;
-        unsigned char *salt;
+        unsigned char *salt, *pbuf;
-        const unsigned char *pbuf;
        /* Extract useful info from parameter */
-        if (param == NULL || param->type != V_ASN1_SEQUENCE ||
-            param->value.sequence == NULL) {
-                EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
-                return 0;
-        }
        pbuf = param->value.sequence->data;
-        if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
+        if (!param || (param->type != V_ASN1_SEQUENCE) ||
+           !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) {
                EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
                return 0;
        }
@@ -146,7 +140,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
                EVP_DigestFinal_ex (&ctx, md_tmp, NULL);
        }
        EVP_MD_CTX_cleanup(&ctx);
-        OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp));
+        OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= sizeof md_tmp);
        memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
        OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16);
        memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c
index c969d5a206..1d5fabc4b2 100644
--- a/src/lib/libcrypto/evp/p5_crpt2.c
+++ b/src/lib/libcrypto/evp/p5_crpt2.c
@@ -55,10 +55,10 @@
 * Hudson (tjh@cryptsoft.com).
 *
 */
+#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA)
 #include <stdio.h>
 #include <stdlib.h>
 #include "cryptlib.h"
-#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA)
 #include <openssl/x509.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
@@ -77,7 +77,7 @@
 */
 int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
-                           const unsigned char *salt, int saltlen, int iter,
+                           unsigned char *salt, int saltlen, int iter,
                           int keylen, unsigned char *out)
 {
        unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4];
@@ -148,23 +148,16 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                         ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md,
                         int en_de)
 {
-        unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
+        unsigned char *pbuf, *salt, key[EVP_MAX_KEY_LENGTH];
-        const unsigned char *pbuf;
+        int saltlen, keylen, iter, plen;
-        int saltlen, iter, plen;
-        unsigned int keylen;
        PBE2PARAM *pbe2 = NULL;
        const EVP_CIPHER *cipher;
        PBKDF2PARAM *kdf = NULL;
-        if (param == NULL || param->type != V_ASN1_SEQUENCE ||
-            param->value.sequence == NULL) {
-                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
-                return 0;
-        }
        pbuf = param->value.sequence->data;
        plen = param->value.sequence->length;
-        if(!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
+        if(!param || (param->type != V_ASN1_SEQUENCE) ||
+                                   !(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
                return 0;
        }
@@ -220,7 +213,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
        /* Now check the parameters of the kdf */
-        if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){
+        if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != keylen)){
                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
                                                EVP_R_UNSUPPORTED_KEYLENGTH);
                goto err;
diff --git a/src/lib/libcrypto/evp/p_dec.c b/src/lib/libcrypto/evp/p_dec.c
index f64901f653..8af620400e 100644
--- a/src/lib/libcrypto/evp/p_dec.c
+++ b/src/lib/libcrypto/evp/p_dec.c
@@ -66,7 +66,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
-int EVP_PKEY_decrypt(unsigned char *key, const unsigned char *ek, int ekl,
+int EVP_PKEY_decrypt(unsigned char *key, unsigned char *ek, int ekl,
             EVP_PKEY *priv)
        {
        int ret= -1;
diff --git a/src/lib/libcrypto/evp/p_enc.c b/src/lib/libcrypto/evp/p_enc.c
index c2dfdc52ad..656883b996 100644
--- a/src/lib/libcrypto/evp/p_enc.c
+++ b/src/lib/libcrypto/evp/p_enc.c
@@ -66,7 +66,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
-int EVP_PKEY_encrypt(unsigned char *ek, const unsigned char *key, int key_len,
+int EVP_PKEY_encrypt(unsigned char *ek, unsigned char *key, int key_len,
             EVP_PKEY *pubk)
        {
        int ret=0;
diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c
index 22155ecf62..215b94292a 100644
--- a/src/lib/libcrypto/evp/p_lib.c
+++ b/src/lib/libcrypto/evp/p_lib.c
@@ -58,60 +58,24 @@
 #include <stdio.h>
 #include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/err.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/asn1_mac.h>
 #include <openssl/x509.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
 static void EVP_PKEY_free_it(EVP_PKEY *x);
 int EVP_PKEY_bits(EVP_PKEY *pkey)
        {
-        if (0)
-                return 0;
 #ifndef OPENSSL_NO_RSA
-        else if (pkey->type == EVP_PKEY_RSA)
+        if (pkey->type == EVP_PKEY_RSA)
                return(BN_num_bits(pkey->pkey.rsa->n));
+        else
 #endif
 #ifndef OPENSSL_NO_DSA
-        else if (pkey->type == EVP_PKEY_DSA)
+                if (pkey->type == EVP_PKEY_DSA)
                return(BN_num_bits(pkey->pkey.dsa->p));
 #endif
-#ifndef OPENSSL_NO_EC
-        else if (pkey->type == EVP_PKEY_EC)
-                {
-                BIGNUM *order = BN_new();
-                const EC_GROUP *group;
-                int ret;
-                if (!order)
-                        {
-                        ERR_clear_error();
-                        return 0;
-                        }
-                group = EC_KEY_get0_group(pkey->pkey.ec);
-                if (!EC_GROUP_get_order(group, order, NULL))
-                        {
-                        ERR_clear_error();
-                        return 0;
-                        }
-                ret = BN_num_bits(order);
-                BN_free(order);
-                return ret;
-                }
-#endif
        return(0);
        }
@@ -128,11 +92,6 @@ int EVP_PKEY_size(EVP_PKEY *pkey)
                if (pkey->type == EVP_PKEY_DSA)
                return(DSA_size(pkey->pkey.dsa));
 #endif
-#ifndef OPENSSL_NO_ECDSA
-                if (pkey->type == EVP_PKEY_EC)
-                return(ECDSA_size(pkey->pkey.ec));
-#endif
        return(0);
        }
@@ -148,20 +107,10 @@ int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
                return(ret);
                }
 #endif
-#ifndef OPENSSL_NO_EC
-        if (pkey->type == EVP_PKEY_EC)
-                {
-                int ret = pkey->save_parameters;
-                if (mode >= 0)
-                        pkey->save_parameters = mode;
-                return(ret);
-                }
-#endif
        return(0);
        }
-int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+int EVP_PKEY_copy_parameters(EVP_PKEY *to, EVP_PKEY *from)
        {
        if (to->type != from->type)
                {
@@ -192,23 +141,12 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
                to->pkey.dsa->g=a;
                }
 #endif
-#ifndef OPENSSL_NO_EC
-        if (to->type == EVP_PKEY_EC)
-                {
-                EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec));
-                if (group == NULL)
-                        goto err;
-                if (EC_KEY_set_group(to->pkey.ec, group) == 0)
-                        goto err;
-                EC_GROUP_free(group);
-                }
-#endif
        return(1);
 err:
        return(0);
        }
-int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey)
+int EVP_PKEY_missing_parameters(EVP_PKEY *pkey)
        {
 #ifndef OPENSSL_NO_DSA
        if (pkey->type == EVP_PKEY_DSA)
@@ -220,18 +158,10 @@ int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey)
                        return(1);
                }
 #endif
-#ifndef OPENSSL_NO_EC
-        if (pkey->type == EVP_PKEY_EC)
-                {
-                if (EC_KEY_get0_group(pkey->pkey.ec) == NULL)
-                        return(1);
-                }
-#endif
        return(0);
        }
-int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
+int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b)
        {
 #ifndef OPENSSL_NO_DSA
        if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA))
@@ -244,72 +174,9 @@ int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
                        return(1);
                }
 #endif
-#ifndef OPENSSL_NO_EC
-        if (a->type == EVP_PKEY_EC && b->type == EVP_PKEY_EC)
-                {
-                const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec),
-                               *group_b = EC_KEY_get0_group(b->pkey.ec);
-                if (EC_GROUP_cmp(group_a, group_b, NULL))
-                        return 0;
-                else
-                        return 1;
-                }
-#endif
        return(-1);
        }
-int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
-        {
-        if (a->type != b->type)
-                return -1;
-        if (EVP_PKEY_cmp_parameters(a, b) == 0)
-                return 0;
-        switch (a->type)
-                {
-#ifndef OPENSSL_NO_RSA
-        case EVP_PKEY_RSA:
-                if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0
-                        || BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0)
-                        return 0;
-                break;
-#endif
-#ifndef OPENSSL_NO_DSA
-        case EVP_PKEY_DSA:
-                if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0)
-                        return 0;
-                break;
-#endif
-#ifndef OPENSSL_NO_EC
-        case EVP_PKEY_EC:
-                {
-                int  r;
-                const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec);
-                const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec),
-                               *pb = EC_KEY_get0_public_key(b->pkey.ec);
-                r = EC_POINT_cmp(group, pa, pb, NULL);
-                if (r != 0)
-                        {
-                        if (r == 1)
-                                return 0;
-                        else
-                                return -2;
-                        }
-                }
-                break;
-#endif
-#ifndef OPENSSL_NO_DH
-        case EVP_PKEY_DH:
-                return -2;
-#endif
-        default:
-                return -2;
-                }
-        return 1;
-        }
 EVP_PKEY *EVP_PKEY_new(void)
        {
        EVP_PKEY *ret;
@@ -379,29 +246,6 @@ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
 }
 #endif
-#ifndef OPENSSL_NO_EC
-int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
-{
-        int ret = EVP_PKEY_assign_EC_KEY(pkey,key);
-        if (ret)
-                EC_KEY_up_ref(key);
-        return ret;
-}
-EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
-{
-        if (pkey->type != EVP_PKEY_EC)
-        {
-                EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY);
-                return NULL;
-        }
-        EC_KEY_up_ref(pkey->pkey.ec);
-        return pkey->pkey.ec;
-}
-#endif
 #ifndef OPENSSL_NO_DH
 int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
@@ -438,8 +282,6 @@ int EVP_PKEY_type(int type)
                return(EVP_PKEY_DSA);
        case EVP_PKEY_DH:
                return(EVP_PKEY_DH);
-        case EVP_PKEY_EC:
-                return(EVP_PKEY_EC);
        default:
                return(NID_undef);
                }
@@ -464,8 +306,6 @@ void EVP_PKEY_free(EVP_PKEY *x)
                }
 #endif
        EVP_PKEY_free_it(x);
-        if (x->attributes)
-                sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
        OPENSSL_free(x);
        }
@@ -487,11 +327,6 @@ static void EVP_PKEY_free_it(EVP_PKEY *x)
                DSA_free(x->pkey.dsa);
                break;
 #endif
-#ifndef OPENSSL_NO_EC
-        case EVP_PKEY_EC:
-                EC_KEY_free(x->pkey.ec);
-                break;
-#endif
 #ifndef OPENSSL_NO_DH
        case EVP_PKEY_DH:
                DH_free(x->pkey.dh);
diff --git a/src/lib/libcrypto/evp/p_open.c b/src/lib/libcrypto/evp/p_open.c
index 9935206d0f..5a933d1cda 100644
--- a/src/lib/libcrypto/evp/p_open.c
+++ b/src/lib/libcrypto/evp/p_open.c
@@ -56,19 +56,15 @@
 * [including the GNU Public Licence.]
 */
+#ifndef OPENSSL_NO_RSA
 #include <stdio.h>
 #include "cryptlib.h"
-#ifndef OPENSSL_NO_RSA
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
-#include <openssl/rsa.h>
-int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *ek,
-        const unsigned char *ek, int ekl, const unsigned char *iv,
+             int ekl, unsigned char *iv, EVP_PKEY *priv)
-        EVP_PKEY *priv)
        {
        unsigned char *key=NULL;
        int i,size=0,ret=0;
diff --git a/src/lib/libcrypto/evp/p_seal.c b/src/lib/libcrypto/evp/p_seal.c
index 8cc8fcb0bd..37e547fe72 100644
--- a/src/lib/libcrypto/evp/p_seal.c
+++ b/src/lib/libcrypto/evp/p_seal.c
@@ -78,7 +78,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek
        }
        if ((npubk <= 0) || !pubk)
                return 1;
-        if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
+        if (RAND_bytes(key,EVP_MAX_KEY_LENGTH) <= 0)
                return 0;
        if (EVP_CIPHER_CTX_iv_length(ctx))
                RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx));
diff --git a/src/lib/libcrypto/evp/p_verify.c b/src/lib/libcrypto/evp/p_verify.c
index 21a40a375e..d854d743a5 100644
--- a/src/lib/libcrypto/evp/p_verify.c
+++ b/src/lib/libcrypto/evp/p_verify.c
@@ -62,7 +62,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
-int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
+int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf,
             unsigned int siglen, EVP_PKEY *pkey)
        {
        unsigned char m[EVP_MAX_MD_SIZE];
diff --git a/src/lib/libcrypto/ex_data.c b/src/lib/libcrypto/ex_data.c
index 3b11e7a556..5b2e345c27 100644
--- a/src/lib/libcrypto/ex_data.c
+++ b/src/lib/libcrypto/ex_data.c
@@ -138,8 +138,12 @@
 *
 */
-#include "cryptlib.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
 #include <openssl/lhash.h>
+#include "cryptlib.h"
 /* What an "implementation of ex_data functionality" looks like */
 struct st_CRYPTO_EX_DATA_IMPL
@@ -283,7 +287,7 @@ static void def_cleanup_util_cb(CRYPTO_EX_DATA_FUNCS *funcs)
 /* This callback is used in lh_doall to destroy all EX_CLASS_ITEM values from
 * "ex_data" prior to the ex_data hash table being itself destroyed. Doesn't do
 * any locking. */
-static void def_cleanup_cb(void *a_void)
+static void def_cleanup_cb(const void *a_void)
        {
        EX_CLASS_ITEM *item = (EX_CLASS_ITEM *)a_void;
        sk_CRYPTO_EX_DATA_FUNCS_pop_free(item->meth, def_cleanup_util_cb);
@@ -354,7 +358,7 @@ static int def_add_index(EX_CLASS_ITEM *item, long argl, void *argp,
                        }
                }
        toret = item->meth_num++;
-        (void)sk_CRYPTO_EX_DATA_FUNCS_set(item->meth, toret, a);
+        sk_CRYPTO_EX_DATA_FUNCS_set(item->meth, toret, a);
 err:
        CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
        return toret;
diff --git a/src/lib/libcrypto/hmac/Makefile b/src/lib/libcrypto/hmac/Makefile
new file mode 100644
index 0000000000..01f10c396f
--- /dev/null
+++ b/src/lib/libcrypto/hmac/Makefile
@@ -0,0 +1,85 @@
+#
+# OpenSSL/crypto/md/Makefile
+#
+DIR=    hmac
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=hmactest.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=hmac.c
+LIBOBJ=hmac.o
+SRC= $(LIBSRC)
+EXHEADER= hmac.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+hmac.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+hmac.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+hmac.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
+hmac.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+hmac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+hmac.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+hmac.o: ../../include/openssl/symhacks.h ../cryptlib.h hmac.c
diff --git a/src/lib/libcrypto/hmac/Makefile.ssl b/src/lib/libcrypto/hmac/Makefile.ssl
new file mode 100644
index 0000000000..f1c07322c4
--- /dev/null
+++ b/src/lib/libcrypto/hmac/Makefile.ssl
@@ -0,0 +1,101 @@
+#
+# SSLeay/crypto/md/Makefile
+#
+DIR=    hmac
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=hmactest.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=hmac.c
+LIBOBJ=hmac.o
+SRC= $(LIBSRC)
+EXHEADER= hmac.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+hmac.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+hmac.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+hmac.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+hmac.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+hmac.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+hmac.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+hmac.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
+hmac.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hmac.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hmac.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hmac.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hmac.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+hmac.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+hmac.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+hmac.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+hmac.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+hmac.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hmac.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+hmac.o: ../cryptlib.h hmac.c
diff --git a/src/lib/libcrypto/hmac/hmac.c b/src/lib/libcrypto/hmac/hmac.c
index c45e001492..6c110bd52b 100644
--- a/src/lib/libcrypto/hmac/hmac.c
+++ b/src/lib/libcrypto/hmac/hmac.c
@@ -58,8 +58,10 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include "cryptlib.h"
 #include <openssl/hmac.h>
+#include "cryptlib.h"
+#ifndef OPENSSL_FIPS
 void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
                  const EVP_MD *md, ENGINE *impl)
@@ -79,7 +81,7 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
                {
                reset=1;
                j=EVP_MD_block_size(md);
-                OPENSSL_assert(j <= (int)sizeof(ctx->key));
+                OPENSSL_assert(j <= sizeof ctx->key);
                if (j < len)
                        {
                        EVP_DigestInit_ex(&ctx->md_ctx,md, impl);
@@ -89,7 +91,7 @@ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
                        }
                else
                        {
-                        OPENSSL_assert(len>=0 && len<=(int)sizeof(ctx->key));
+                        OPENSSL_assert(len <= sizeof ctx->key);
                        memcpy(ctx->key,key,len);
                        ctx->key_length=len;
                        }
@@ -121,7 +123,7 @@ void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
        HMAC_Init_ex(ctx,key,len,md, NULL);
        }
-void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
+void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len)
        {
        EVP_DigestUpdate(&ctx->md_ctx,data,len);
        }
@@ -156,7 +158,7 @@ void HMAC_CTX_cleanup(HMAC_CTX *ctx)
        }
 unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
-                    const unsigned char *d, size_t n, unsigned char *md,
+                    const unsigned char *d, int n, unsigned char *md,
                    unsigned int *md_len)
        {
        HMAC_CTX c;
@@ -171,3 +173,11 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
        return(md);
        }
+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
+        {
+        EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
+        EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
+        EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
+        }
+#endif
diff --git a/src/lib/libcrypto/hmac/hmac.h b/src/lib/libcrypto/hmac/hmac.h
index 719fc408ac..c6489c04c8 100644
--- a/src/lib/libcrypto/hmac/hmac.h
+++ b/src/lib/libcrypto/hmac/hmac.h
@@ -58,15 +58,17 @@
 #ifndef HEADER_HMAC_H
 #define HEADER_HMAC_H
-#include <openssl/opensslconf.h>
 #ifdef OPENSSL_NO_HMAC
 #error HMAC is disabled.
 #endif
 #include <openssl/evp.h>
-#define HMAC_MAX_MD_CBLOCK      128     /* largest known is SHA512 */
+#ifdef OPENSSL_FIPS
+#define HMAC_MAX_MD_CBLOCK      128
+#else
+#define HMAC_MAX_MD_CBLOCK      64
+#endif
 #ifdef  __cplusplus
 extern "C" {
@@ -94,12 +96,13 @@ void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
               const EVP_MD *md); /* deprecated */
 void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
                  const EVP_MD *md, ENGINE *impl);
-void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len);
+void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
 void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
 unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
-                    const unsigned char *d, size_t n, unsigned char *md,
+                    const unsigned char *d, int n, unsigned char *md,
                    unsigned int *md_len);
+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libcrypto/hmac/hmactest.c b/src/lib/libcrypto/hmac/hmactest.c
new file mode 100644
index 0000000000..1b906b81af
--- /dev/null
+++ b/src/lib/libcrypto/hmac/hmactest.c
@@ -0,0 +1,175 @@
+/* crypto/hmac/hmactest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "../e_os.h"
+#ifdef OPENSSL_NO_HMAC
+int main(int argc, char *argv[])
+{
+    printf("No HMAC support\n");
+    return(0);
+}
+#else
+#include <openssl/hmac.h>
+#ifndef OPENSSL_NO_MD5
+#include <openssl/md5.h>
+#endif
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+#ifndef OPENSSL_NO_MD5
+static struct test_st
+        {
+        unsigned char key[16];
+        int key_len;
+        unsigned char data[64];
+        int data_len;
+        unsigned char *digest;
+        } test[4]={
+        {       "",
+                0,
+                "More text test vectors to stuff up EBCDIC machines :-)",
+                54,
+                (unsigned char *)"e9139d1e6ee064ef8cf514fc7dc83e86",
+        },{     {0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,
+                 0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,},
+                16,
+                "Hi There",
+                8,
+                (unsigned char *)"9294727a3638bb1c13f48ef8158bfc9d",
+        },{     "Jefe",
+                4,
+                "what do ya want for nothing?",
+                28,
+                (unsigned char *)"750c783e6ab0b503eaa86e310a5db738",
+        },{
+                {0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,
+                 0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,},
+                16,
+                {0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+                 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+                 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+                 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+                 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+                 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,
+                 0xdd,0xdd},
+                50,
+                (unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6",
+        },
+        };
+#endif
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+        {
+#ifndef OPENSSL_NO_MD5
+        int i;
+        char *p;
+#endif
+        int err=0;
+#ifdef OPENSSL_NO_MD5
+        printf("test skipped: MD5 disabled\n");
+#else
+#ifdef CHARSET_EBCDIC
+        ebcdic2ascii(test[0].data, test[0].data, test[0].data_len);
+        ebcdic2ascii(test[1].data, test[1].data, test[1].data_len);
+        ebcdic2ascii(test[2].key,  test[2].key,  test[2].key_len);
+        ebcdic2ascii(test[2].data, test[2].data, test[2].data_len);
+#endif
+        for (i=0; i<4; i++)
+                {
+                p=pt(HMAC(EVP_md5(),
+                        test[i].key, test[i].key_len,
+                        test[i].data, test[i].data_len,
+                        NULL,NULL));
+                if (strcmp(p,(char *)test[i].digest) != 0)
+                        {
+                        printf("error calculating HMAC on %d entry'\n",i);
+                        printf("got %s instead of %s\n",p,test[i].digest);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                }
+#endif /* OPENSSL_NO_MD5 */
+        EXIT(err);
+        return(0);
+        }
+#ifndef OPENSSL_NO_MD5
+static char *pt(unsigned char *md)
+        {
+        int i;
+        static char buf[80];
+        for (i=0; i<MD5_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
+#endif
+#endif
diff --git a/src/lib/libcrypto/idea/Makefile b/src/lib/libcrypto/idea/Makefile
new file mode 100644
index 0000000000..b2e7add666
--- /dev/null
+++ b/src/lib/libcrypto/idea/Makefile
@@ -0,0 +1,86 @@
+#
+# OpenSSL/crypto/idea/Makefile
+#
+DIR=    idea
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=ideatest.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
+LIBOBJ=i_cbc.o i_cfb64.o i_ofb64.o i_ecb.o i_skey.o
+SRC= $(LIBSRC)
+EXHEADER= idea.h
+HEADER= idea_lcl.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+i_cbc.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_cbc.o: i_cbc.c idea_lcl.h
+i_cfb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_cfb64.o: i_cfb64.c idea_lcl.h
+i_ecb.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_ecb.o: ../../include/openssl/opensslv.h i_ecb.c idea_lcl.h
+i_ofb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_ofb64.o: i_ofb64.c idea_lcl.h
+i_skey.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_skey.o: i_skey.c idea_lcl.h
diff --git a/src/lib/libcrypto/idea/Makefile.ssl b/src/lib/libcrypto/idea/Makefile.ssl
new file mode 100644
index 0000000000..fa016ea399
--- /dev/null
+++ b/src/lib/libcrypto/idea/Makefile.ssl
@@ -0,0 +1,91 @@
+#
+# SSLeay/crypto/idea/Makefile
+#
+DIR=    idea
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=ideatest.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
+LIBOBJ=i_cbc.o i_cfb64.o i_ofb64.o i_ecb.o i_skey.o
+SRC= $(LIBSRC)
+EXHEADER= idea.h
+HEADER= idea_lcl.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+i_cbc.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_cbc.o: i_cbc.c idea_lcl.h
+i_cfb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_cfb64.o: i_cfb64.c idea_lcl.h
+i_ecb.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_ecb.o: ../../include/openssl/opensslv.h i_ecb.c idea_lcl.h
+i_ofb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_ofb64.o: i_ofb64.c idea_lcl.h
+i_skey.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_skey.o: i_skey.c idea_lcl.h
diff --git a/src/lib/libcrypto/idea/idea.h b/src/lib/libcrypto/idea/idea.h
index bf97a37e39..bf41844fd7 100644
--- a/src/lib/libcrypto/idea/idea.h
+++ b/src/lib/libcrypto/idea/idea.h
@@ -59,8 +59,6 @@
 #ifndef HEADER_IDEA_H
 #define HEADER_IDEA_H
-#include <openssl/opensslconf.h> /* IDEA_INT, OPENSSL_NO_IDEA */
 #ifdef OPENSSL_NO_IDEA
 #error IDEA is disabled.
 #endif
@@ -68,6 +66,7 @@
 #define IDEA_ENCRYPT    1
 #define IDEA_DECRYPT    0
+#include <openssl/opensslconf.h> /* IDEA_INT */
 #define IDEA_BLOCK      8
 #define IDEA_KEY_LENGTH 16
@@ -83,8 +82,12 @@ typedef struct idea_key_st
 const char *idea_options(void);
 void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
        IDEA_KEY_SCHEDULE *ks);
+#ifdef OPENSSL_FIPS
+void private_idea_set_encrypt_key(const unsigned char *key,
+                                                IDEA_KEY_SCHEDULE *ks);
+#endif
 void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
-void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
+void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
 void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,
        long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc);
 void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out,
diff --git a/src/lib/libcrypto/idea/ideatest.c b/src/lib/libcrypto/idea/ideatest.c
new file mode 100644
index 0000000000..e6ffc7025e
--- /dev/null
+++ b/src/lib/libcrypto/idea/ideatest.c
@@ -0,0 +1,235 @@
+/* crypto/idea/ideatest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "../e_os.h"
+#ifdef OPENSSL_NO_IDEA
+int main(int argc, char *argv[])
+{
+    printf("No IDEA support\n");
+    return(0);
+}
+#else
+#include <openssl/idea.h>
+unsigned char k[16]={
+        0x00,0x01,0x00,0x02,0x00,0x03,0x00,0x04,
+        0x00,0x05,0x00,0x06,0x00,0x07,0x00,0x08};
+unsigned char in[8]={0x00,0x00,0x00,0x01,0x00,0x02,0x00,0x03};
+unsigned char  c[8]={0x11,0xFB,0xED,0x2B,0x01,0x98,0x6D,0xE5};
+unsigned char out[80];
+char *text="Hello to all people out there";
+static unsigned char cfb_key[16]={
+        0xe1,0xf0,0xc3,0xd2,0xa5,0xb4,0x87,0x96,
+        0x69,0x78,0x4b,0x5a,0x2d,0x3c,0x0f,0x1e,
+        };
+static unsigned char cfb_iv[80]={0x34,0x12,0x78,0x56,0xab,0x90,0xef,0xcd};
+static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
+#define CFB_TEST_SIZE 24
+static unsigned char plain[CFB_TEST_SIZE]=
+        {
+        0x4e,0x6f,0x77,0x20,0x69,0x73,
+        0x20,0x74,0x68,0x65,0x20,0x74,
+        0x69,0x6d,0x65,0x20,0x66,0x6f,
+        0x72,0x20,0x61,0x6c,0x6c,0x20
+        };
+static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
+        0x59,0xD8,0xE2,0x65,0x00,0x58,0x6C,0x3F,
+        0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
+        0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
+/*      0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
+        0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
+        0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
+        }; 
+static int cfb64_test(unsigned char *cfb_cipher);
+static char *pt(unsigned char *p);
+int main(int argc, char *argv[])
+        {
+        int i,err=0;
+        IDEA_KEY_SCHEDULE key,dkey; 
+        unsigned char iv[8];
+        idea_set_encrypt_key(k,&key);
+        idea_ecb_encrypt(in,out,&key);
+        if (memcmp(out,c,8) != 0)
+                {
+                printf("ecb idea error encrypting\n");
+                printf("got     :");
+                for (i=0; i<8; i++)
+                        printf("%02X ",out[i]);
+                printf("\n");
+                printf("expected:");
+                for (i=0; i<8; i++)
+                        printf("%02X ",c[i]);
+                err=20;
+                printf("\n");
+                }
+        idea_set_decrypt_key(&key,&dkey);
+        idea_ecb_encrypt(c,out,&dkey);
+        if (memcmp(out,in,8) != 0)
+                {
+                printf("ecb idea error decrypting\n");
+                printf("got     :");
+                for (i=0; i<8; i++)
+                        printf("%02X ",out[i]);
+                printf("\n");
+                printf("expected:");
+                for (i=0; i<8; i++)
+                        printf("%02X ",in[i]);
+                printf("\n");
+                err=3;
+                }
+        if (err == 0) printf("ecb idea ok\n");
+        memcpy(iv,k,8);
+        idea_cbc_encrypt((unsigned char *)text,out,strlen(text)+1,&key,iv,1);
+        memcpy(iv,k,8);
+        idea_cbc_encrypt(out,out,8,&dkey,iv,0);
+        idea_cbc_encrypt(&(out[8]),&(out[8]),strlen(text)+1-8,&dkey,iv,0);
+        if (memcmp(text,out,strlen(text)+1) != 0)
+                {
+                printf("cbc idea bad\n");
+                err=4;
+                }
+        else
+                printf("cbc idea ok\n");
+        printf("cfb64 idea ");
+        if (cfb64_test(cfb_cipher64))
+                {
+                printf("bad\n");
+                err=5;
+                }
+        else
+                printf("ok\n");
+#ifdef OPENSSL_SYS_NETWARE
+    if (err) printf("ERROR: %d\n", err);
+#endif
+        EXIT(err);
+        return(err);
+        }
+static int cfb64_test(unsigned char *cfb_cipher)
+        {
+        IDEA_KEY_SCHEDULE eks,dks;
+        int err=0,i,n;
+        idea_set_encrypt_key(cfb_key,&eks);
+        idea_set_decrypt_key(&eks,&dks);
+        memcpy(cfb_tmp,cfb_iv,8);
+        n=0;
+        idea_cfb64_encrypt(plain,cfb_buf1,(long)12,&eks,
+                cfb_tmp,&n,IDEA_ENCRYPT);
+        idea_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
+                (long)CFB_TEST_SIZE-12,&eks,
+                cfb_tmp,&n,IDEA_ENCRYPT);
+        if (memcmp(cfb_cipher,cfb_buf1,CFB_TEST_SIZE) != 0)
+                {
+                err=1;
+                printf("idea_cfb64_encrypt encrypt error\n");
+                for (i=0; i<CFB_TEST_SIZE; i+=8)
+                        printf("%s\n",pt(&(cfb_buf1[i])));
+                }
+        memcpy(cfb_tmp,cfb_iv,8);
+        n=0;
+        idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,&eks,
+                cfb_tmp,&n,IDEA_DECRYPT);
+        idea_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
+                (long)CFB_TEST_SIZE-17,&dks,
+                cfb_tmp,&n,IDEA_DECRYPT);
+        if (memcmp(plain,cfb_buf2,CFB_TEST_SIZE) != 0)
+                {
+                err=1;
+                printf("idea_cfb_encrypt decrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf2[i])));
+                }
+        return(err);
+        }
+static char *pt(unsigned char *p)
+        {
+        static char bufs[10][20];
+        static int bnum=0;
+        char *ret;
+        int i;
+        static char *f="0123456789ABCDEF";
+        ret= &(bufs[bnum++][0]);
+        bnum%=10;
+        for (i=0; i<8; i++)
+                {
+                ret[i*2]=f[(p[i]>>4)&0xf];
+                ret[i*2+1]=f[p[i]&0xf];
+                }
+        ret[16]='\0';
+        return(ret);
+        }
+#endif
diff --git a/src/lib/libcrypto/idea/version b/src/lib/libcrypto/idea/version
new file mode 100644
index 0000000000..3f22293795
--- /dev/null
+++ b/src/lib/libcrypto/idea/version
@@ -0,0 +1,12 @@
+1.1 07/12/95 - eay
+        Many thanks to Rhys Weatherley <rweather@us.oracle.com>
+        for pointing out that I was assuming little endian byte
+        order for all quantities what idea actually used
+        bigendian.  No where in the spec does it mention
+        this, it is all in terms of 16 bit numbers and even the example
+        does not use byte streams for the input example :-(.
+        If you byte swap each pair of input, keys and iv, the functions
+        would produce the output as the old version :-(.
+1.0 ??/??/95 - eay
+        First version.
diff --git a/src/lib/libcrypto/install.com b/src/lib/libcrypto/install.com
new file mode 100644
index 0000000000..b3d155e964
--- /dev/null
+++ b/src/lib/libcrypto/install.com
@@ -0,0 +1,138 @@
+$! INSTALL.COM -- Installs the files in a given directory tree
+$!
+$! Author: Richard Levitte <richard@levitte.org>
+$! Time of creation: 22-MAY-1998 10:13
+$!
+$! P1   root of the directory tree
+$!
+$       IF P1 .EQS. ""
+$       THEN
+$           WRITE SYS$OUTPUT "First argument missing."
+$           WRITE SYS$OUTPUT "Should be the directory where you want things installed."
+$           EXIT
+$       ENDIF
+$
+$       ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
+$       ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
+$       ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
+                   - "[000000." - "][" - "[" - "]"
+$       ROOT = ROOT_DEV + "[" + ROOT_DIR
+$
+$       DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
+$       DEFINE/NOLOG WRK_SSLVLIB WRK_SSLROOT:[VAX_LIB]
+$       DEFINE/NOLOG WRK_SSLALIB WRK_SSLROOT:[ALPHA_LIB]
+$       DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
+$
+$       IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
+           CREATE/DIR/LOG WRK_SSLROOT:[000000]
+$       IF F$PARSE("WRK_SSLVLIB:") .EQS. "" THEN -
+           CREATE/DIR/LOG WRK_SSLVLIB:
+$       IF F$PARSE("WRK_SSLALIB:") .EQS. "" THEN -
+           CREATE/DIR/LOG WRK_SSLALIB:
+$       IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
+           CREATE/DIR/LOG WRK_SSLINCLUDE:
+$
+$       SDIRS := ,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,-
+                 DES,RC2,RC4,RC5,IDEA,BF,CAST,-
+                 BN,EC,RSA,DSA,DH,DSO,ENGINE,AES,-
+                 BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,-
+                 EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,-
+                 UI,KRB5
+$       EXHEADER_ := crypto.h,tmdiff.h,opensslv.h,opensslconf.h,ebcdic.h,-
+                symhacks.h,ossl_typ.h
+$       EXHEADER_MD2 := md2.h
+$       EXHEADER_MD4 := md4.h
+$       EXHEADER_MD5 := md5.h
+$       EXHEADER_SHA := sha.h
+$       EXHEADER_MDC2 := mdc2.h
+$       EXHEADER_HMAC := hmac.h
+$       EXHEADER_RIPEMD := ripemd.h
+$       EXHEADER_DES := des.h,des_old.h
+$       EXHEADER_RC2 := rc2.h
+$       EXHEADER_RC4 := rc4.h
+$       EXHEADER_RC5 := rc5.h
+$       EXHEADER_IDEA := idea.h
+$       EXHEADER_BF := blowfish.h
+$       EXHEADER_CAST := cast.h
+$       EXHEADER_BN := bn.h
+$       EXHEADER_EC := ec.h
+$       EXHEADER_RSA := rsa.h
+$       EXHEADER_DSA := dsa.h
+$       EXHEADER_DH := dh.h
+$       EXHEADER_DSO := dso.h
+$       EXHEADER_ENGINE := engine.h
+$       EXHEADER_AES := aes.h
+$       EXHEADER_BUFFER := buffer.h
+$       EXHEADER_BIO := bio.h
+$       EXHEADER_STACK := stack.h,safestack.h
+$       EXHEADER_LHASH := lhash.h
+$       EXHEADER_RAND := rand.h
+$       EXHEADER_ERR := err.h
+$       EXHEADER_OBJECTS := objects.h,obj_mac.h
+$       EXHEADER_EVP := evp.h
+$       EXHEADER_ASN1 := asn1.h,asn1_mac.h,asn1t.h
+$       EXHEADER_PEM := pem.h,pem2.h
+$       EXHEADER_X509 := x509.h,x509_vfy.h
+$       EXHEADER_X509V3 := x509v3.h
+$       EXHEADER_CONF := conf.h,conf_api.h
+$       EXHEADER_TXT_DB := txt_db.h
+$       EXHEADER_PKCS7 := pkcs7.h
+$       EXHEADER_PKCS12 := pkcs12.h
+$       EXHEADER_COMP := comp.h
+$       EXHEADER_OCSP := ocsp.h
+$       EXHEADER_UI := ui.h,ui_compat.h
+$       EXHEADER_KRB5 := krb5_asn.h
+$       LIBS := LIBCRYPTO
+$
+$       VEXE_DIR := [-.VAX.EXE.CRYPTO]
+$       AEXE_DIR := [-.AXP.EXE.CRYPTO]
+$
+$       I = 0
+$ LOOP_SDIRS: 
+$       D = F$EDIT(F$ELEMENT(I, ",", SDIRS),"TRIM")
+$       I = I + 1
+$       IF D .EQS. "," THEN GOTO LOOP_SDIRS_END
+$       tmp = EXHEADER_'D'
+$       IF D .EQS. ""
+$       THEN
+$         COPY 'tmp' WRK_SSLINCLUDE: /LOG
+$       ELSE
+$         COPY [.'D']'tmp' WRK_SSLINCLUDE: /LOG
+$       ENDIF
+$       SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'tmp'
+$       GOTO LOOP_SDIRS
+$ LOOP_SDIRS_END:
+$
+$       I = 0
+$ LOOP_LIB: 
+$       E = F$EDIT(F$ELEMENT(I, ",", LIBS),"TRIM")
+$       I = I + 1
+$       IF E .EQS. "," THEN GOTO LOOP_LIB_END
+$       SET NOON
+$       IF F$SEARCH(VEXE_DIR+E+".OLB") .NES. ""
+$       THEN
+$         COPY 'VEXE_DIR''E'.OLB WRK_SSLVLIB:'E'.OLB/log
+$         SET FILE/PROT=W:RE WRK_SSLVLIB:'E'.OLB
+$       ENDIF
+$       ! Preparing for the time when we have shareable images
+$       IF F$SEARCH(VEXE_DIR+E+".EXE") .NES. ""
+$       THEN
+$         COPY 'VEXE_DIR''E'.EXE WRK_SSLVLIB:'E'.EXE/log
+$         SET FILE/PROT=W:RE WRK_SSLVLIB:'E'.EXE
+$       ENDIF
+$       IF F$SEARCH(AEXE_DIR+E+".OLB") .NES. ""
+$       THEN
+$         COPY 'AEXE_DIR''E'.OLB WRK_SSLALIB:'E'.OLB/log
+$         SET FILE/PROT=W:RE WRK_SSLALIB:'E'.OLB
+$       ENDIF
+$       ! Preparing for the time when we have shareable images
+$       IF F$SEARCH(AEXE_DIR+E+".EXE") .NES. ""
+$       THEN
+$         COPY 'AEXE_DIR''E'.EXE WRK_SSLALIB:'E'.EXE/log
+$         SET FILE/PROT=W:RE WRK_SSLALIB:'E'.EXE
+$       ENDIF
+$       SET ON
+$       GOTO LOOP_LIB
+$ LOOP_LIB_END:
+$
+$       EXIT
diff --git a/src/lib/libcrypto/krb5/Makefile b/src/lib/libcrypto/krb5/Makefile
new file mode 100644
index 0000000000..14077390d6
--- /dev/null
+++ b/src/lib/libcrypto/krb5/Makefile
@@ -0,0 +1,84 @@
+#
+# OpenSSL/krb5/Makefile
+#
+DIR=    krb5
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile README
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= krb5_asn.c
+LIBOBJ= krb5_asn.o
+SRC= $(LIBSRC)
+EXHEADER= krb5_asn.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+krb5_asn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+krb5_asn.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+krb5_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/krb5_asn.h
+krb5_asn.o: ../../include/openssl/opensslconf.h
+krb5_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+krb5_asn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+krb5_asn.o: ../../include/openssl/symhacks.h krb5_asn.c
diff --git a/src/lib/libcrypto/krb5/Makefile.ssl b/src/lib/libcrypto/krb5/Makefile.ssl
new file mode 100644
index 0000000000..d9224c0f09
--- /dev/null
+++ b/src/lib/libcrypto/krb5/Makefile.ssl
@@ -0,0 +1,90 @@
+#
+# OpenSSL/krb5/Makefile.ssl
+#
+DIR=    krb5
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile README
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= krb5_asn.c
+LIBOBJ= krb5_asn.o
+SRC= $(LIBSRC)
+EXHEADER= krb5_asn.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+krb5_asn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+krb5_asn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+krb5_asn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+krb5_asn.o: ../../include/openssl/krb5_asn.h
+krb5_asn.o: ../../include/openssl/opensslconf.h
+krb5_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+krb5_asn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+krb5_asn.o: ../../include/openssl/symhacks.h krb5_asn.c
diff --git a/src/lib/libcrypto/krb5/krb5_asn.h b/src/lib/libcrypto/krb5/krb5_asn.h
index 41725d0dc4..3329477b07 100644
--- a/src/lib/libcrypto/krb5/krb5_asn.h
+++ b/src/lib/libcrypto/krb5/krb5_asn.h
@@ -225,7 +225,7 @@ DECLARE_STACK_OF(KRB5_AUTHENTBODY)
 **      void name##_free(type *a);
 **      DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) =
 **       DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) =
-**        type *d2i_##name(type **a, const unsigned char **in, long len);
+**        type *d2i_##name(type **a, unsigned char **in, long len);
 **        int i2d_##name(type *a, unsigned char **out);
 **        DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it
 */
diff --git a/src/lib/libcrypto/lhash/Makefile b/src/lib/libcrypto/lhash/Makefile
new file mode 100644
index 0000000000..82bddac474
--- /dev/null
+++ b/src/lib/libcrypto/lhash/Makefile
@@ -0,0 +1,88 @@
+#
+# OpenSSL/crypto/lhash/Makefile
+#
+DIR=    lhash
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=lhash.c lh_stats.c
+LIBOBJ=lhash.o lh_stats.o
+SRC= $(LIBSRC)
+EXHEADER= lhash.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+lh_stats.o: ../../e_os.h ../../include/openssl/bio.h
+lh_stats.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+lh_stats.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+lh_stats.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+lh_stats.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+lh_stats.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+lh_stats.o: ../../include/openssl/symhacks.h ../cryptlib.h lh_stats.c
+lhash.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+lhash.o: ../../include/openssl/e_os2.h ../../include/openssl/lhash.h
+lhash.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+lhash.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+lhash.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h lhash.c
diff --git a/src/lib/libcrypto/lhash/Makefile.ssl b/src/lib/libcrypto/lhash/Makefile.ssl
new file mode 100644
index 0000000000..60e7ee3393
--- /dev/null
+++ b/src/lib/libcrypto/lhash/Makefile.ssl
@@ -0,0 +1,93 @@
+#
+# SSLeay/crypto/lhash/Makefile
+#
+DIR=    lhash
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=lhash.c lh_stats.c
+LIBOBJ=lhash.o lh_stats.o
+SRC= $(LIBSRC)
+EXHEADER= lhash.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+lh_stats.o: ../../e_os.h ../../include/openssl/bio.h
+lh_stats.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+lh_stats.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+lh_stats.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+lh_stats.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+lh_stats.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+lh_stats.o: ../cryptlib.h lh_stats.c
+lhash.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+lhash.o: ../../include/openssl/e_os2.h ../../include/openssl/lhash.h
+lhash.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+lhash.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+lhash.o: ../../include/openssl/symhacks.h lhash.c
diff --git a/src/lib/libcrypto/lhash/lh_test.c b/src/lib/libcrypto/lhash/lh_test.c
new file mode 100644
index 0000000000..85700c859b
--- /dev/null
+++ b/src/lib/libcrypto/lhash/lh_test.c
@@ -0,0 +1,88 @@
+/* crypto/lhash/lh_test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/lhash.h>
+main()
+        {
+        LHASH *conf;
+        char buf[256];
+        int i;
+        conf=lh_new(lh_strhash,strcmp);
+        for (;;)
+                {
+                char *p;
+                buf[0]='\0';
+                fgets(buf,256,stdin);
+                if (buf[0] == '\0') break;
+                i=strlen(buf);
+                p=OPENSSL_malloc(i+1);
+                memcpy(p,buf,i+1);
+                lh_insert(conf,p);
+                }
+        lh_node_stats(conf,stdout);
+        lh_stats(conf,stdout);
+        lh_node_usage_stats(conf,stdout);
+        exit(0);
+        }
diff --git a/src/lib/libcrypto/lhash/lhash.c b/src/lib/libcrypto/lhash/lhash.c
index 04ea80203c..0a16fcf27d 100644
--- a/src/lib/libcrypto/lhash/lhash.c
+++ b/src/lib/libcrypto/lhash/lhash.c
@@ -100,7 +100,7 @@
 #include <openssl/crypto.h>
 #include <openssl/lhash.h>
-const char lh_version[]="lhash" OPENSSL_VERSION_PTEXT;
+const char *lh_version="lhash" OPENSSL_VERSION_PTEXT;
 #undef MIN_NODES 
 #define MIN_NODES       16
@@ -176,11 +176,11 @@ void lh_free(LHASH *lh)
        OPENSSL_free(lh);
        }
-void *lh_insert(LHASH *lh, void *data)
+void *lh_insert(LHASH *lh, const void *data)
        {
        unsigned long hash;
        LHASH_NODE *nn,**rn;
-        void *ret;
+        const void *ret;
        lh->error=0;
        if (lh->up_load <= (lh->num_items*LH_LOAD_MULT/lh->num_nodes))
@@ -211,14 +211,14 @@ void *lh_insert(LHASH *lh, void *data)
                (*rn)->data=data;
                lh->num_replace++;
                }
-        return(ret);
+        return((void *)ret);
        }
 void *lh_delete(LHASH *lh, const void *data)
        {
        unsigned long hash;
        LHASH_NODE *nn,**rn;
-        void *ret;
+        const void *ret;
        lh->error=0;
        rn=getrn(lh,data,&hash);
@@ -242,14 +242,14 @@ void *lh_delete(LHASH *lh, const void *data)
                (lh->down_load >= (lh->num_items*LH_LOAD_MULT/lh->num_nodes)))
                contract(lh);
-        return(ret);
+        return((void *)ret);
        }
 void *lh_retrieve(LHASH *lh, const void *data)
        {
        unsigned long hash;
        LHASH_NODE **rn;
-        void *ret;
+        const void *ret;
        lh->error=0;
        rn=getrn(lh,data,&hash);
@@ -264,7 +264,7 @@ void *lh_retrieve(LHASH *lh, const void *data)
                ret= (*rn)->data;
                lh->num_retrieve++;
                }
-        return(ret);
+        return((void *)ret);
        }
 static void doall_util_fn(LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func,
@@ -339,7 +339,7 @@ static void expand(LHASH *lh)
                {
                j=(int)lh->num_alloc_nodes*2;
                n=(LHASH_NODE **)OPENSSL_realloc(lh->b,
-                        (int)(sizeof(LHASH_NODE *)*j));
+                        (unsigned int)sizeof(LHASH_NODE *)*j);
                if (n == NULL)
                        {
 /*                      fputs("realloc error in lhash",stderr); */
@@ -401,7 +401,7 @@ static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash)
        {
        LHASH_NODE **ret,*n1;
        unsigned long hash,nn;
-        LHASH_COMP_FN_TYPE cf;
+        int (*cf)();
        hash=(*(lh->hash))(data);
        lh->num_hash_calls++;
diff --git a/src/lib/libcrypto/lhash/lhash.h b/src/lib/libcrypto/lhash/lhash.h
index d392d0cd80..dee8207333 100644
--- a/src/lib/libcrypto/lhash/lhash.h
+++ b/src/lib/libcrypto/lhash/lhash.h
@@ -63,7 +63,6 @@
 #ifndef HEADER_LHASH_H
 #define HEADER_LHASH_H
-#include <openssl/e_os2.h>
 #ifndef OPENSSL_NO_FP_API
 #include <stdio.h>
 #endif
@@ -78,7 +77,7 @@ extern "C" {
 typedef struct lhash_node_st
        {
-        void *data;
+        const void *data;
        struct lhash_node_st *next;
 #ifndef OPENSSL_NO_HASH_COMP
        unsigned long hash;
@@ -87,8 +86,8 @@ typedef struct lhash_node_st
 typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *);
 typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *);
-typedef void (*LHASH_DOALL_FN_TYPE)(void *);
+typedef void (*LHASH_DOALL_FN_TYPE)(const void *);
-typedef void (*LHASH_DOALL_ARG_FN_TYPE)(void *, void *);
+typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, void *);
 /* Macros for declaring and implementing type-safe wrappers for LHASH callbacks.
 * This way, callbacks can be provided to LHASH structures without function
@@ -118,18 +117,18 @@ typedef void (*LHASH_DOALL_ARG_FN_TYPE)(void *, void *);
 /* Third: "doall" functions */
 #define DECLARE_LHASH_DOALL_FN(f_name,o_type) \
-        void f_name##_LHASH_DOALL(void *);
+        void f_name##_LHASH_DOALL(const void *);
 #define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \
-        void f_name##_LHASH_DOALL(void *arg) { \
+        void f_name##_LHASH_DOALL(const void *arg) { \
                o_type a = (o_type)arg; \
                f_name(a); }
 #define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL
 /* Fourth: "doall_arg" functions */
 #define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \
-        void f_name##_LHASH_DOALL_ARG(void *, void *);
+        void f_name##_LHASH_DOALL_ARG(const void *, void *);
 #define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \
-        void f_name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \
+        void f_name##_LHASH_DOALL_ARG(const void *arg1, void *arg2) { \
                o_type a = (o_type)arg1; \
                a_type b = (a_type)arg2; \
                f_name(a,b); }
@@ -173,7 +172,7 @@ typedef struct lhash_st
 LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c);
 void lh_free(LHASH *lh);
-void *lh_insert(LHASH *lh, void *data);
+void *lh_insert(LHASH *lh, const void *data);
 void *lh_delete(LHASH *lh, const void *data);
 void *lh_retrieve(LHASH *lh, const void *data);
 void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func);
diff --git a/src/lib/libcrypto/lhash/num.pl b/src/lib/libcrypto/lhash/num.pl
new file mode 100644
index 0000000000..30fedf9cd5
--- /dev/null
+++ b/src/lib/libcrypto/lhash/num.pl
@@ -0,0 +1,17 @@
+#!/usr/local/bin/perl
+#node     10 ->   4
+while (<>)
+        {
+        next unless /^node/;
+        chop;
+        @a=split;
+        $num{$a[3]}++;
+        }
+@a=sort {$a <=> $b } keys %num;
+foreach (0 .. $a[$#a])
+        {
+        printf "%4d:%4d\n",$_,$num{$_};
+        }
diff --git a/src/lib/libcrypto/md2/Makefile b/src/lib/libcrypto/md2/Makefile
new file mode 100644
index 0000000000..17f878aeb7
--- /dev/null
+++ b/src/lib/libcrypto/md2/Makefile
@@ -0,0 +1,89 @@
+#
+# OpenSSL/crypto/md/Makefile
+#
+DIR=    md2
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=md2test.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md2_dgst.c md2_one.c
+LIBOBJ=md2_dgst.o md2_one.o
+SRC= $(LIBSRC)
+EXHEADER= md2.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+md2_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h
+md2_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+md2_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+md2_dgst.o: ../../include/openssl/symhacks.h md2_dgst.c
+md2_one.o: ../../e_os.h ../../include/openssl/bio.h
+md2_one.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+md2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+md2_one.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+md2_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+md2_one.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+md2_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+md2_one.o: ../cryptlib.h md2_one.c
diff --git a/src/lib/libcrypto/md2/Makefile.ssl b/src/lib/libcrypto/md2/Makefile.ssl
new file mode 100644
index 0000000000..3206924c90
--- /dev/null
+++ b/src/lib/libcrypto/md2/Makefile.ssl
@@ -0,0 +1,93 @@
+#
+# SSLeay/crypto/md/Makefile
+#
+DIR=    md2
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=md2test.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md2_dgst.c md2_one.c
+LIBOBJ=md2_dgst.o md2_one.o
+SRC= $(LIBSRC)
+EXHEADER= md2.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+md2_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h
+md2_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+md2_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+md2_dgst.o: md2_dgst.c
+md2_one.o: ../../e_os.h ../../include/openssl/bio.h
+md2_one.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+md2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+md2_one.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+md2_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+md2_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+md2_one.o: ../../include/openssl/symhacks.h ../cryptlib.h md2_one.c
diff --git a/src/lib/libcrypto/md2/md2.c b/src/lib/libcrypto/md2/md2.c
new file mode 100644
index 0000000000..f4d6f62264
--- /dev/null
+++ b/src/lib/libcrypto/md2/md2.c
@@ -0,0 +1,124 @@
+/* crypto/md2/md2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/md2.h>
+#define BUFSIZE 1024*16
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+int read(int, void *, unsigned int);
+void exit(int);
+int main(int argc, char *argv[])
+        {
+        int i,err=0;
+        FILE *IN;
+        if (argc == 1)
+                {
+                do_fp(stdin);
+                }
+        else
+                {
+                for (i=1; i<argc; i++)
+                        {
+                        IN=fopen(argv[i],"r");
+                        if (IN == NULL)
+                                {
+                                perror(argv[i]);
+                                err++;
+                                continue;
+                                }
+                        printf("MD2(%s)= ",argv[i]);
+                        do_fp(IN);
+                        fclose(IN);
+                        }
+                }
+        exit(err);
+        return(err);
+        }
+void do_fp(FILE *f)
+        {
+        MD2_CTX c;
+        unsigned char md[MD2_DIGEST_LENGTH];
+        int fd,i;
+        static unsigned char buf[BUFSIZE];
+        fd=fileno(f);
+        MD2_Init(&c);
+        for (;;)
+                {
+                i=read(fd,buf,BUFSIZE);
+                if (i <= 0) break;
+                MD2_Update(&c,buf,(unsigned long)i);
+                }
+        MD2_Final(&(md[0]),&c);
+        pt(md);
+        }
+void pt(unsigned char *md)
+        {
+        int i;
+        for (i=0; i<MD2_DIGEST_LENGTH; i++)
+                printf("%02x",md[i]);
+        printf("\n");
+        }
diff --git a/src/lib/libcrypto/md2/md2.h b/src/lib/libcrypto/md2/md2.h
new file mode 100644
index 0000000000..d0ef9da08e
--- /dev/null
+++ b/src/lib/libcrypto/md2/md2.h
@@ -0,0 +1,94 @@
+/* crypto/md/md2.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_MD2_H
+#define HEADER_MD2_H
+#ifdef OPENSSL_NO_MD2
+#error MD2 is disabled.
+#endif
+#define MD2_DIGEST_LENGTH       16
+#define MD2_BLOCK               16
+#include <openssl/opensslconf.h> /* MD2_INT */
+#ifdef  __cplusplus
+extern "C" {
+#endif
+typedef struct MD2state_st
+        {
+        int num;
+        unsigned char data[MD2_BLOCK];
+        MD2_INT cksm[MD2_BLOCK];
+        MD2_INT state[MD2_BLOCK];
+        } MD2_CTX;
+const char *MD2_options(void);
+#ifdef OPENSSL_FIPS
+int private_MD2_Init(MD2_CTX *c);
+#endif
+int MD2_Init(MD2_CTX *c);
+int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len);
+int MD2_Final(unsigned char *md, MD2_CTX *c);
+unsigned char *MD2(const unsigned char *d, unsigned long n,unsigned char *md);
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/md2/md2_dgst.c b/src/lib/libcrypto/md2/md2_dgst.c
new file mode 100644
index 0000000000..8124acd687
--- /dev/null
+++ b/src/lib/libcrypto/md2/md2_dgst.c
@@ -0,0 +1,229 @@
+/* crypto/md2/md2_dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/md2.h>
+#include <openssl/opensslv.h>
+#include <openssl/crypto.h>
+#include <openssl/fips.h>
+#include <openssl/err.h>
+const char *MD2_version="MD2" OPENSSL_VERSION_PTEXT;
+/* Implemented from RFC1319 The MD2 Message-Digest Algorithm
+ */
+#define UCHAR   unsigned char
+static void md2_block(MD2_CTX *c, const unsigned char *d);
+/* The magic S table - I have converted it to hex since it is
+ * basically just a random byte string. */
+static MD2_INT S[256]={
+        0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01,
+        0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13,
+        0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C,
+        0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, 0x82, 0xCA,
+        0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16,
+        0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12,
+        0xBE, 0x4E, 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49,
+        0xA0, 0xFB, 0xF5, 0x8E, 0xBB, 0x2F, 0xEE, 0x7A,
+        0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2, 0x07, 0x3F,
+        0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21,
+        0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27,
+        0x35, 0x3E, 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03,
+        0xFF, 0x19, 0x30, 0xB3, 0x48, 0xA5, 0xB5, 0xD1,
+        0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56, 0xAA, 0xC6,
+        0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6,
+        0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1,
+        0x45, 0x9D, 0x70, 0x59, 0x64, 0x71, 0x87, 0x20,
+        0x86, 0x5B, 0xCF, 0x65, 0xE6, 0x2D, 0xA8, 0x02,
+        0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0, 0xB9, 0xF6,
+        0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F,
+        0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A,
+        0xC3, 0x5C, 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26,
+        0x2C, 0x53, 0x0D, 0x6E, 0x85, 0x28, 0x84, 0x09,
+        0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81, 0x4D, 0x52,
+        0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA,
+        0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A,
+        0x78, 0x88, 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D,
+        0xE9, 0xCB, 0xD5, 0xFE, 0x3B, 0x00, 0x1D, 0x39,
+        0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58, 0xD0, 0xE4,
+        0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A,
+        0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A,
+        0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14,
+        };
+const char *MD2_options(void)
+        {
+        if (sizeof(MD2_INT) == 1)
+                return("md2(char)");
+        else
+                return("md2(int)");
+        }
+FIPS_NON_FIPS_MD_Init(MD2)
+        {
+        c->num=0;
+        memset(c->state,0,sizeof c->state);
+        memset(c->cksm,0,sizeof c->cksm);
+        memset(c->data,0,sizeof c->data);
+        return 1;
+        }
+int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len)
+        {
+        register UCHAR *p;
+        if (len == 0) return 1;
+        p=c->data;
+        if (c->num != 0)
+                {
+                if ((c->num+len) >= MD2_BLOCK)
+                        {
+                        memcpy(&(p[c->num]),data,MD2_BLOCK-c->num);
+                        md2_block(c,c->data);
+                        data+=(MD2_BLOCK - c->num);
+                        len-=(MD2_BLOCK - c->num);
+                        c->num=0;
+                        /* drop through and do the rest */
+                        }
+                else
+                        {
+                        memcpy(&(p[c->num]),data,(int)len);
+                        /* data+=len; */
+                        c->num+=(int)len;
+                        return 1;
+                        }
+                }
+        /* we now can process the input data in blocks of MD2_BLOCK
+         * chars and save the leftovers to c->data. */
+        while (len >= MD2_BLOCK)
+                {
+                md2_block(c,data);
+                data+=MD2_BLOCK;
+                len-=MD2_BLOCK;
+                }
+        memcpy(p,data,(int)len);
+        c->num=(int)len;
+        return 1;
+        }
+static void md2_block(MD2_CTX *c, const unsigned char *d)
+        {
+        register MD2_INT t,*sp1,*sp2;
+        register int i,j;
+        MD2_INT state[48];
+        sp1=c->state;
+        sp2=c->cksm;
+        j=sp2[MD2_BLOCK-1];
+        for (i=0; i<16; i++)
+                {
+                state[i]=sp1[i];
+                state[i+16]=t=d[i];
+                state[i+32]=(t^sp1[i]);
+                j=sp2[i]^=S[t^j];
+                }
+        t=0;
+        for (i=0; i<18; i++)
+                {
+                for (j=0; j<48; j+=8)
+                        {
+                        t= state[j+ 0]^=S[t];
+                        t= state[j+ 1]^=S[t];
+                        t= state[j+ 2]^=S[t];
+                        t= state[j+ 3]^=S[t];
+                        t= state[j+ 4]^=S[t];
+                        t= state[j+ 5]^=S[t];
+                        t= state[j+ 6]^=S[t];
+                        t= state[j+ 7]^=S[t];
+                        }
+                t=(t+i)&0xff;
+                }
+        memcpy(sp1,state,16*sizeof(MD2_INT));
+        OPENSSL_cleanse(state,48*sizeof(MD2_INT));
+        }
+int MD2_Final(unsigned char *md, MD2_CTX *c)
+        {
+        int i,v;
+        register UCHAR *cp;
+        register MD2_INT *p1,*p2;
+        cp=c->data;
+        p1=c->state;
+        p2=c->cksm;
+        v=MD2_BLOCK-c->num;
+        for (i=c->num; i<MD2_BLOCK; i++)
+                cp[i]=(UCHAR)v;
+        md2_block(c,cp);
+        for (i=0; i<MD2_BLOCK; i++)
+                cp[i]=(UCHAR)p2[i];
+        md2_block(c,cp);
+        for (i=0; i<16; i++)
+                md[i]=(UCHAR)(p1[i]&0xff);
+        memset((char *)&c,0,sizeof(c));
+        return 1;
+        }
diff --git a/src/lib/libcrypto/md2/md2_one.c b/src/lib/libcrypto/md2/md2_one.c
new file mode 100644
index 0000000000..8c36ba5779
--- /dev/null
+++ b/src/lib/libcrypto/md2/md2_one.c
@@ -0,0 +1,94 @@
+/* crypto/md2/md2_one.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/md2.h>
+/* This is a separate file so that #defines in cryptlib.h can
+ * map my MD functions to different names */
+unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md)
+        {
+        MD2_CTX c;
+        static unsigned char m[MD2_DIGEST_LENGTH];
+        if (md == NULL) md=m;
+        if (!MD2_Init(&c))
+                return NULL;
+#ifndef CHARSET_EBCDIC
+        MD2_Update(&c,d,n);
+#else
+        {
+                char temp[1024];
+                unsigned long chunk;
+                while (n > 0)
+                {
+                        chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
+                        ebcdic2ascii(temp, d, chunk);
+                        MD2_Update(&c,temp,chunk);
+                        n -= chunk;
+                        d += chunk;
+                }
+        }
+#endif
+        MD2_Final(md,&c);
+        OPENSSL_cleanse(&c,sizeof(c));  /* Security consideration */
+        return(md);
+        }
diff --git a/src/lib/libcrypto/md2/md2test.c b/src/lib/libcrypto/md2/md2test.c
new file mode 100644
index 0000000000..9c1e28b6ce
--- /dev/null
+++ b/src/lib/libcrypto/md2/md2test.c
@@ -0,0 +1,139 @@
+/* crypto/md2/md2test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "../e_os.h"
+#ifdef OPENSSL_NO_MD2
+int main(int argc, char *argv[])
+{
+    printf("No MD2 support\n");
+    return(0);
+}
+#else
+#include <openssl/evp.h>
+#include <openssl/md2.h>
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+static char *test[]={
+        "",
+        "a",
+        "abc",
+        "message digest",
+        "abcdefghijklmnopqrstuvwxyz",
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+        "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+        NULL,
+        };
+static char *ret[]={
+        "8350e5a3e24c153df2275c9f80692773",
+        "32ec01ec4a6dac72c0ab96fb34c0b5d1",
+        "da853b0d3f88d99b30283a69e6ded6bb",
+        "ab4f496bfb2a530b219ff33031fe06b0",
+        "4e8ddff3650292ab5a4108c3aa47940b",
+        "da33def2a42df13975352846c30338cd",
+        "d5976f79d83d3a0dc9806c3c66f3efd8",
+        };
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+        {
+        int i,err=0;
+        char **P,**R;
+        char *p;
+        unsigned char md[MD2_DIGEST_LENGTH];
+        P=test;
+        R=ret;
+        i=1;
+        while (*P != NULL)
+                {
+                EVP_Digest((unsigned char *)*P,(unsigned long)strlen(*P),md,NULL,EVP_md2(), NULL);
+                p=pt(md);
+                if (strcmp(p,*R) != 0)
+                        {
+                        printf("error calculating MD2 on '%s'\n",*P);
+                        printf("got %s instead of %s\n",p,*R);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                i++;
+                R++;
+                P++;
+                }
+        EXIT(err);
+        }
+static char *pt(unsigned char *md)
+        {
+        int i;
+        static char buf[80];
+        for (i=0; i<MD2_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
+#endif
diff --git a/src/lib/libcrypto/md32_common.h b/src/lib/libcrypto/md32_common.h
index 089c450290..733da6acaf 100644
--- a/src/lib/libcrypto/md32_common.h
+++ b/src/lib/libcrypto/md32_common.h
@@ -1,6 +1,6 @@
 /* crypto/md32_common.h */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -47,6 +47,10 @@
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
 */
 /*
@@ -72,27 +76,40 @@
 *              typedef struct {
 *                      ...
 *                      HASH_LONG       Nl,Nh;
- *                      either {
 *                      HASH_LONG       data[HASH_LBLOCK];
- *                      unsigned char   data[HASH_CBLOCK];
+ *                      int             num;
- *                      };
- *                      unsigned int    num;
 *                      ...
 *                      } HASH_CTX;
- *      data[] vector is expected to be zeroed upon first call to
- *      HASH_UPDATE.
 * HASH_UPDATE
 *      name of "Update" function, implemented here.
 * HASH_TRANSFORM
 *      name of "Transform" function, implemented here.
 * HASH_FINAL
 *      name of "Final" function, implemented here.
+ * HASH_BLOCK_HOST_ORDER
+ *      name of "block" function treating *aligned* input message
+ *      in host byte order, implemented externally.
 * HASH_BLOCK_DATA_ORDER
- *      name of "block" function capable of treating *unaligned* input
+ *      name of "block" function treating *unaligned* input message
- *      message in original (data) byte order, implemented externally.
+ *      in original (data) byte order, implemented externally (it
+ *      actually is optional if data and host are of the same
+ *      "endianess").
 * HASH_MAKE_STRING
 *      macro convering context variables to an ASCII hash string.
 *
+ * Optional macros:
+ *
+ * B_ENDIAN or L_ENDIAN
+ *      defines host byte-order.
+ * HASH_LONG_LOG2
+ *      defaults to 2 if not states otherwise.
+ * HASH_LBLOCK
+ *      assumed to be HASH_CBLOCK/4 if not stated otherwise.
+ * HASH_BLOCK_DATA_ORDER_ALIGNED
+ *      alternative "block" function capable of treating
+ *      aligned input message in original (data) order,
+ *      implemented externally.
+ *
 * MD5 example:
 *
 *      #define DATA_ORDER_IS_LITTLE_ENDIAN
@@ -101,14 +118,20 @@
 *      #define HASH_LONG_LOG2          MD5_LONG_LOG2
 *      #define HASH_CTX                MD5_CTX
 *      #define HASH_CBLOCK             MD5_CBLOCK
+ *      #define HASH_LBLOCK             MD5_LBLOCK
 *      #define HASH_UPDATE             MD5_Update
 *      #define HASH_TRANSFORM          MD5_Transform
 *      #define HASH_FINAL              MD5_Final
+ *      #define HASH_BLOCK_HOST_ORDER   md5_block_host_order
 *      #define HASH_BLOCK_DATA_ORDER   md5_block_data_order
 *
 *                                      <appro@fy.chalmers.se>
 */
+#include <openssl/crypto.h>
+#include <openssl/fips.h>
+#include <openssl/err.h>
 #if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
 #error "DATA_ORDER must be defined!"
 #endif
@@ -133,16 +156,34 @@
 #error "HASH_FINAL must be defined!"
 #endif
+#ifndef HASH_BLOCK_HOST_ORDER
+#error "HASH_BLOCK_HOST_ORDER must be defined!"
+#endif
+#if 0
+/*
+ * Moved below as it's required only if HASH_BLOCK_DATA_ORDER_ALIGNED
+ * isn't defined.
+ */
 #ifndef HASH_BLOCK_DATA_ORDER
 #error "HASH_BLOCK_DATA_ORDER must be defined!"
 #endif
+#endif
+#ifndef HASH_LBLOCK
+#define HASH_LBLOCK     (HASH_CBLOCK/4)
+#endif
+#ifndef HASH_LONG_LOG2
+#define HASH_LONG_LOG2  2
+#endif
 /*
 * Engage compiler specific rotate intrinsic function if available.
 */
 #undef ROTATE
 #ifndef PEDANTIC
-# if defined(_MSC_VER) || defined(__ICC)
+# if 0 /* defined(_MSC_VER) */
 #  define ROTATE(a,n)   _lrotl(a,n)
 # elif defined(__MWERKS__)
 #  if defined(__POWERPC__)
@@ -158,6 +199,7 @@
   * Some GNU C inline assembler templates. Note that these are
   * rotates by *constant* number of bits! But that's exactly
   * what we need here...
+   *
   *                                    <appro@fy.chalmers.se>
   */
 #  if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
@@ -169,8 +211,7 @@
                                : "cc");                \
                           ret;                         \
                        })
-#  elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \
+#  elif defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
-        defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__)
 #   define ROTATE(a,n)  ({ register unsigned int ret;   \
                                asm (                   \
                                "rlwinm %0,%1,%2,0,31"  \
@@ -178,100 +219,194 @@
                                : "r"(a), "I"(n));      \
                           ret;                         \
                        })
-#  elif defined(__s390x__)
+#  endif
-#   define ROTATE(a,n) ({ register unsigned int ret;    \
+# endif
-                                asm ("rll %0,%1,%2"     \
-                                : "=r"(ret)             \
+/*
-                                : "r"(a), "I"(n));      \
+ * Engage compiler specific "fetch in reverse byte order"
-                          ret;                          \
+ * intrinsic function if available.
+ */
+# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+  /* some GNU C inline assembler templates by <appro@fy.chalmers.se> */
+#  if (defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)) && !defined(I386_ONLY)
+#   define BE_FETCH32(a)        ({ register unsigned int l=(a);\
+                                asm (                   \
+                                "bswapl %0"             \
+                                : "=r"(l) : "0"(l));    \
+                          l;                            \
+                        })
+#  elif defined(__powerpc)
+#   define LE_FETCH32(a)        ({ register unsigned int l;     \
+                                asm (                   \
+                                "lwbrx %0,0,%1"         \
+                                : "=r"(l)               \
+                                : "r"(a));              \
+                           l;                           \
+                        })
+#  elif defined(__sparc) && defined(OPENSSL_SYS_ULTRASPARC)
+#  define LE_FETCH32(a) ({ register unsigned int l;             \
+                                asm (                           \
+                                "lda [%1]#ASI_PRIMARY_LITTLE,%0"\
+                                : "=r"(l)                       \
+                                : "r"(a));                      \
+                           l;                                   \
                        })
 #  endif
 # endif
 #endif /* PEDANTIC */
+#if HASH_LONG_LOG2==2   /* Engage only if sizeof(HASH_LONG)== 4 */
+/* A nice byte order reversal from Wei Dai <weidai@eskimo.com> */
+#ifdef ROTATE
+/* 5 instructions with rotate instruction, else 9 */
+#define REVERSE_FETCH32(a,l)    (                                       \
+                l=*(const HASH_LONG *)(a),                              \
+                ((ROTATE(l,8)&0x00FF00FF)|(ROTATE((l&0x00FF00FF),24)))  \
+                                )
+#else
+/* 6 instructions with rotate instruction, else 8 */
+#define REVERSE_FETCH32(a,l)    (                               \
+                l=*(const HASH_LONG *)(a),                      \
+                l=(((l>>8)&0x00FF00FF)|((l&0x00FF00FF)<<8)),    \
+                ROTATE(l,16)                                    \
+                                )
+/*
+ * Originally the middle line started with l=(((l&0xFF00FF00)>>8)|...
+ * It's rewritten as above for two reasons:
+ *      - RISCs aren't good at long constants and have to explicitely
+ *        compose 'em with several (well, usually 2) instructions in a
+ *        register before performing the actual operation and (as you
+ *        already realized:-) having same constant should inspire the
+ *        compiler to permanently allocate the only register for it;
+ *      - most modern CPUs have two ALUs, but usually only one has
+ *        circuitry for shifts:-( this minor tweak inspires compiler
+ *        to schedule shift instructions in a better way...
+ *
+ *                              <appro@fy.chalmers.se>
+ */
+#endif
+#endif
 #ifndef ROTATE
 #define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
 #endif
-#if defined(DATA_ORDER_IS_BIG_ENDIAN)
+/*
+ * Make some obvious choices. E.g., HASH_BLOCK_DATA_ORDER_ALIGNED
-#ifndef PEDANTIC
+ * and HASH_BLOCK_HOST_ORDER ought to be the same if input data
-# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+ * and host are of the same "endianess". It's possible to mask
-#  if ((defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)) || \
+ * this with blank #define HASH_BLOCK_DATA_ORDER though...
-      (defined(__x86_64) || defined(__x86_64__))
+ *
-#   if !defined(B_ENDIAN)
+ *                              <appro@fy.chalmers.se>
-    /*
+ */
-     * This gives ~30-40% performance improvement in SHA-256 compiled
+#if defined(B_ENDIAN)
-     * with gcc [on P4]. Well, first macro to be frank. We can pull
+#  if defined(DATA_ORDER_IS_BIG_ENDIAN)
-     * this trick on x86* platforms only, because these CPUs can fetch
+#    if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2
-     * unaligned data without raising an exception.
+#      define HASH_BLOCK_DATA_ORDER_ALIGNED     HASH_BLOCK_HOST_ORDER
-     */
+#    endif
-#   define HOST_c2l(c,l)        ({ unsigned int r=*((const unsigned int *)(c)); \
+#  elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
-                                   asm ("bswapl %0":"=r"(r):"0"(r));    \
+#    ifndef HOST_FETCH32
-                                   (c)+=4; (l)=r;                       })
+#      ifdef LE_FETCH32
-#   define HOST_l2c(l,c)        ({ unsigned int r=(l);                  \
+#        define HOST_FETCH32(p,l)       LE_FETCH32(p)
-                                   asm ("bswapl %0":"=r"(r):"0"(r));    \
+#      elif defined(REVERSE_FETCH32)
-                                   *((unsigned int *)(c))=r; (c)+=4; r; })
+#        define HOST_FETCH32(p,l)       REVERSE_FETCH32(p,l)
-#   endif
+#      endif
+#    endif
 #  endif
-# endif
+#elif defined(L_ENDIAN)
+#  if defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+#    if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2
+#      define HASH_BLOCK_DATA_ORDER_ALIGNED     HASH_BLOCK_HOST_ORDER
+#    endif
+#  elif defined(DATA_ORDER_IS_BIG_ENDIAN)
+#    ifndef HOST_FETCH32
+#      ifdef BE_FETCH32
+#        define HOST_FETCH32(p,l)       BE_FETCH32(p)
+#      elif defined(REVERSE_FETCH32)
+#        define HOST_FETCH32(p,l)       REVERSE_FETCH32(p,l)
+#      endif
+#    endif
+#  endif
+#endif
+#if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
+#ifndef HASH_BLOCK_DATA_ORDER
+#error "HASH_BLOCK_DATA_ORDER must be defined!"
 #endif
-#if defined(__s390__) || defined(__s390x__)
-# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
-# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
 #endif
-#ifndef HOST_c2l
+#if defined(DATA_ORDER_IS_BIG_ENDIAN)
 #define HOST_c2l(c,l)   (l =(((unsigned long)(*((c)++)))<<24),          \
                         l|=(((unsigned long)(*((c)++)))<<16),          \
                         l|=(((unsigned long)(*((c)++)))<< 8),          \
                         l|=(((unsigned long)(*((c)++)))    ),          \
                         l)
-#endif
+#define HOST_p_c2l(c,l,n)       {                                       \
-#ifndef HOST_l2c
+                        switch (n) {                                    \
+                        case 0: l =((unsigned long)(*((c)++)))<<24;     \
+                        case 1: l|=((unsigned long)(*((c)++)))<<16;     \
+                        case 2: l|=((unsigned long)(*((c)++)))<< 8;     \
+                        case 3: l|=((unsigned long)(*((c)++)));         \
+                                } }
+#define HOST_p_c2l_p(c,l,sc,len) {                                      \
+                        switch (sc) {                                   \
+                        case 0: l =((unsigned long)(*((c)++)))<<24;     \
+                                if (--len == 0) break;                  \
+                        case 1: l|=((unsigned long)(*((c)++)))<<16;     \
+                                if (--len == 0) break;                  \
+                        case 2: l|=((unsigned long)(*((c)++)))<< 8;     \
+                                } }
+/* NOTE the pointer is not incremented at the end of this */
+#define HOST_c2l_p(c,l,n)       {                                       \
+                        l=0; (c)+=n;                                    \
+                        switch (n) {                                    \
+                        case 3: l =((unsigned long)(*(--(c))))<< 8;     \
+                        case 2: l|=((unsigned long)(*(--(c))))<<16;     \
+                        case 1: l|=((unsigned long)(*(--(c))))<<24;     \
+                                } }
 #define HOST_l2c(l,c)   (*((c)++)=(unsigned char)(((l)>>24)&0xff),      \
                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
                         *((c)++)=(unsigned char)(((l)    )&0xff),      \
                         l)
-#endif
 #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
-#ifndef PEDANTIC
-# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-#  if defined(__s390x__)
-#   define HOST_c2l(c,l)        ({ asm ("lrv    %0,0(%1)"               \
-                                        :"=r"(l) : "r"(c));             \
-                                   (c)+=4; (l);                         })
-#   define HOST_l2c(l,c)        ({ asm ("strv   %0,0(%1)"               \
-                                        : : "r"(l),"r"(c) : "memory");  \
-                                   (c)+=4; (l);                         })
-#  endif
-# endif
-#endif
-#if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
-# ifndef B_ENDIAN
-   /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */
-#  define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, l)
-#  define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, l)
-# endif
-#endif
-#ifndef HOST_c2l
 #define HOST_c2l(c,l)   (l =(((unsigned long)(*((c)++)))    ),          \
                         l|=(((unsigned long)(*((c)++)))<< 8),          \
                         l|=(((unsigned long)(*((c)++)))<<16),          \
                         l|=(((unsigned long)(*((c)++)))<<24),          \
                         l)
-#endif
+#define HOST_p_c2l(c,l,n)       {                                       \
-#ifndef HOST_l2c
+                        switch (n) {                                    \
+                        case 0: l =((unsigned long)(*((c)++)));         \
+                        case 1: l|=((unsigned long)(*((c)++)))<< 8;     \
+                        case 2: l|=((unsigned long)(*((c)++)))<<16;     \
+                        case 3: l|=((unsigned long)(*((c)++)))<<24;     \
+                                } }
+#define HOST_p_c2l_p(c,l,sc,len) {                                      \
+                        switch (sc) {                                   \
+                        case 0: l =((unsigned long)(*((c)++)));         \
+                                if (--len == 0) break;                  \
+                        case 1: l|=((unsigned long)(*((c)++)))<< 8;     \
+                                if (--len == 0) break;                  \
+                        case 2: l|=((unsigned long)(*((c)++)))<<16;     \
+                                } }
+/* NOTE the pointer is not incremented at the end of this */
+#define HOST_c2l_p(c,l,n)       {                                       \
+                        l=0; (c)+=n;                                    \
+                        switch (n) {                                    \
+                        case 3: l =((unsigned long)(*(--(c))))<<16;     \
+                        case 2: l|=((unsigned long)(*(--(c))))<< 8;     \
+                        case 1: l|=((unsigned long)(*(--(c))));         \
+                                } }
 #define HOST_l2c(l,c)   (*((c)++)=(unsigned char)(((l)    )&0xff),      \
                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
                         *((c)++)=(unsigned char)(((l)>>24)&0xff),      \
                         l)
-#endif
 #endif
@@ -279,60 +414,118 @@
 * Time for some action:-)
 */
-int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len)
+int HASH_UPDATE (HASH_CTX *c, const void *data_, unsigned long len)
        {
        const unsigned char *data=data_;
-        unsigned char *p;
+        register HASH_LONG * p;
-        HASH_LONG l;
+        register unsigned long l;
-        size_t n;
+        int sw,sc,ew,ec;
        if (len==0) return 1;
-        l=(c->Nl+(((HASH_LONG)len)<<3))&0xffffffffUL;
+        l=(c->Nl+(len<<3))&0xffffffffL;
        /* 95-05-24 eay Fixed a bug with the overflow handling, thanks to
         * Wei Dai <weidai@eskimo.com> for pointing it out. */
        if (l < c->Nl) /* overflow */
                c->Nh++;
-        c->Nh+=(len>>29);       /* might cause compiler warning on 16-bit */
+        c->Nh+=(len>>29);
        c->Nl=l;
-        n = c->num;
+        if (c->num != 0)
-        if (n != 0)
                {
-                p=(unsigned char *)c->data;
+                p=c->data;
+                sw=c->num>>2;
+                sc=c->num&0x03;
-                if ((n+len) >= HASH_CBLOCK)
+                if ((c->num+len) >= HASH_CBLOCK)
                        {
-                        memcpy (p+n,data,HASH_CBLOCK-n);
+                        l=p[sw]; HOST_p_c2l(data,l,sc); p[sw++]=l;
-                        HASH_BLOCK_DATA_ORDER (c,p,1);
+                        for (; sw<HASH_LBLOCK; sw++)
-                        n      = HASH_CBLOCK-n;
+                                {
-                        data  += n;
+                                HOST_c2l(data,l); p[sw]=l;
-                        len   -= n;
+                                }
-                        c->num = 0;
+                        HASH_BLOCK_HOST_ORDER (c,p,1);
-                        memset (p,0,HASH_CBLOCK);       /* keep it zeroed */
+                        len-=(HASH_CBLOCK-c->num);
+                        c->num=0;
+                        /* drop through and do the rest */
                        }
                else
                        {
-                        memcpy (p+n,data,len);
+                        c->num+=len;
-                        c->num += (unsigned int)len;
+                        if ((sc+len) < 4) /* ugly, add char's to a word */
+                                {
+                                l=p[sw]; HOST_p_c2l_p(data,l,sc,len); p[sw]=l;
+                                }
+                        else
+                                {
+                                ew=(c->num>>2);
+                                ec=(c->num&0x03);
+                                if (sc)
+                                        l=p[sw];
+                                HOST_p_c2l(data,l,sc);
+                                p[sw++]=l;
+                                for (; sw < ew; sw++)
+                                        {
+                                        HOST_c2l(data,l); p[sw]=l;
+                                        }
+                                if (ec)
+                                        {
+                                        HOST_c2l_p(data,l,ec); p[sw]=l;
+                                        }
+                                }
                        return 1;
                        }
                }
-        n = len/HASH_CBLOCK;
+        sw=len/HASH_CBLOCK;
-        if (n > 0)
+        if (sw > 0)
                {
-                HASH_BLOCK_DATA_ORDER (c,data,n);
+#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
-                n    *= HASH_CBLOCK;
+                /*
-                data += n;
+                 * Note that HASH_BLOCK_DATA_ORDER_ALIGNED gets defined
-                len  -= n;
+                 * only if sizeof(HASH_LONG)==4.
+                 */
+                if ((((unsigned long)data)%4) == 0)
+                        {
+                        /* data is properly aligned so that we can cast it: */
+                        HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,sw);
+                        sw*=HASH_CBLOCK;
+                        data+=sw;
+                        len-=sw;
+                        }
+                else
+#if !defined(HASH_BLOCK_DATA_ORDER)
+                        while (sw--)
+                                {
+                                memcpy (p=c->data,data,HASH_CBLOCK);
+                                HASH_BLOCK_DATA_ORDER_ALIGNED(c,p,1);
+                                data+=HASH_CBLOCK;
+                                len-=HASH_CBLOCK;
+                                }
+#endif
+#endif
+#if defined(HASH_BLOCK_DATA_ORDER)
+                        {
+                        HASH_BLOCK_DATA_ORDER(c,data,sw);
+                        sw*=HASH_CBLOCK;
+                        data+=sw;
+                        len-=sw;
+                        }
+#endif
                }
-        if (len != 0)
+        if (len!=0)
                {
-                p = (unsigned char *)c->data;
+                p = c->data;
                c->num = len;
-                memcpy (p,data,len);
+                ew=len>>2;      /* words to copy */
+                ec=len&0x03;
+                for (; ew; ew--,p++)
+                        {
+                        HOST_c2l(data,l); *p=l;
+                        }
+                HOST_c2l_p(data,l,ec);
+                *p=l;
                }
        return 1;
        }
@@ -340,38 +533,81 @@ int HASH_UPDATE (HASH_CTX *c, const void *data_, size_t len)
 void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data)
        {
+#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
+        if ((((unsigned long)data)%4) == 0)
+                /* data is properly aligned so that we can cast it: */
+                HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,1);
+        else
+#if !defined(HASH_BLOCK_DATA_ORDER)
+                {
+                memcpy (c->data,data,HASH_CBLOCK);
+                HASH_BLOCK_DATA_ORDER_ALIGNED (c,c->data,1);
+                }
+#endif
+#endif
+#if defined(HASH_BLOCK_DATA_ORDER)
        HASH_BLOCK_DATA_ORDER (c,data,1);
+#endif
        }
 int HASH_FINAL (unsigned char *md, HASH_CTX *c)
        {
-        unsigned char *p = (unsigned char *)c->data;
+        register HASH_LONG *p;
-        size_t n = c->num;
+        register unsigned long l;
+        register int i,j;
+        static const unsigned char end[4]={0x80,0x00,0x00,0x00};
+        const unsigned char *cp=end;
+#if 0
+        if(FIPS_mode() && !FIPS_md5_allowed())
+            {
+            FIPSerr(FIPS_F_HASH_FINAL,FIPS_R_NON_FIPS_METHOD);
+            return 0;
+            }
+#endif
-        p[n] = 0x80; /* there is always room for one */
+        /* c->num should definitly have room for at least one more byte. */
-        n++;
+        p=c->data;
+        i=c->num>>2;
+        j=c->num&0x03;
+#if 0
+        /* purify often complains about the following line as an
+         * Uninitialized Memory Read.  While this can be true, the
+         * following p_c2l macro will reset l when that case is true.
+         * This is because j&0x03 contains the number of 'valid' bytes
+         * already in p[i].  If and only if j&0x03 == 0, the UMR will
+         * occur but this is also the only time p_c2l will do
+         * l= *(cp++) instead of l|= *(cp++)
+         * Many thanks to Alex Tang <altitude@cic.net> for pickup this
+         * 'potential bug' */
+#ifdef PURIFY
+        if (j==0) p[i]=0; /* Yeah, but that's not the way to fix it:-) */
+#endif
+        l=p[i];
+#else
+        l = (j==0) ? 0 : p[i];
+#endif
+        HOST_p_c2l(cp,l,j); p[i++]=l; /* i is the next 'undefined word' */
-        if (n > (HASH_CBLOCK-8))
+        if (i>(HASH_LBLOCK-2)) /* save room for Nl and Nh */
                {
-                memset (p+n,0,HASH_CBLOCK-n);
+                if (i<HASH_LBLOCK) p[i]=0;
-                n=0;
+                HASH_BLOCK_HOST_ORDER (c,p,1);
-                HASH_BLOCK_DATA_ORDER (c,p,1);
+                i=0;
                }
-        memset (p+n,0,HASH_CBLOCK-8-n);
+        for (; i<(HASH_LBLOCK-2); i++)
+                p[i]=0;
-        p += HASH_CBLOCK-8;
 #if   defined(DATA_ORDER_IS_BIG_ENDIAN)
-        (void)HOST_l2c(c->Nh,p);
+        p[HASH_LBLOCK-2]=c->Nh;
-        (void)HOST_l2c(c->Nl,p);
+        p[HASH_LBLOCK-1]=c->Nl;
 #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
-        (void)HOST_l2c(c->Nl,p);
+        p[HASH_LBLOCK-2]=c->Nl;
-        (void)HOST_l2c(c->Nh,p);
+        p[HASH_LBLOCK-1]=c->Nh;
 #endif
-        p -= HASH_CBLOCK;
+        HASH_BLOCK_HOST_ORDER (c,p,1);
-        HASH_BLOCK_DATA_ORDER (c,p,1);
-        c->num=0;
-        memset (p,0,HASH_CBLOCK);
 #ifndef HASH_MAKE_STRING
 #error "HASH_MAKE_STRING must be defined!"
@@ -379,6 +615,11 @@ int HASH_FINAL (unsigned char *md, HASH_CTX *c)
        HASH_MAKE_STRING(c,md);
 #endif
+        c->num=0;
+        /* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
+         * but I'm not worried :-)
+        OPENSSL_cleanse((void *)c,sizeof(HASH_CTX));
+         */
        return 1;
        }
diff --git a/src/lib/libcrypto/md4/Makefile b/src/lib/libcrypto/md4/Makefile
new file mode 100644
index 0000000000..ef97bb0cbe
--- /dev/null
+++ b/src/lib/libcrypto/md4/Makefile
@@ -0,0 +1,86 @@
+#
+# OpenSSL/crypto/md4/Makefile
+#
+DIR=    md4
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=md4test.c
+APPS=md4.c
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md4_dgst.c md4_one.c
+LIBOBJ=md4_dgst.o md4_one.o
+SRC= $(LIBSRC)
+EXHEADER= md4.h
+HEADER= md4_locl.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f asm/mx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md4.h
+md4_dgst.o: ../../include/openssl/opensslconf.h
+md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_dgst.c
+md4_dgst.o: md4_locl.h
+md4_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+md4_one.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
+md4_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+md4_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+md4_one.o: ../../include/openssl/symhacks.h md4_one.c
diff --git a/src/lib/libcrypto/md4/Makefile.ssl b/src/lib/libcrypto/md4/Makefile.ssl
new file mode 100644
index 0000000000..7d2e8d8d3b
--- /dev/null
+++ b/src/lib/libcrypto/md4/Makefile.ssl
@@ -0,0 +1,91 @@
+#
+# SSLeay/crypto/md4/Makefile
+#
+DIR=    md4
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=md4test.c
+APPS=md4.c
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md4_dgst.c md4_one.c
+LIBOBJ=md4_dgst.o md4_one.o
+SRC= $(LIBSRC)
+EXHEADER= md4.h
+HEADER= md4_locl.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f asm/mx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md4.h
+md4_dgst.o: ../../include/openssl/opensslconf.h
+md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_dgst.c
+md4_dgst.o: md4_locl.h
+md4_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+md4_one.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
+md4_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+md4_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+md4_one.o: md4_one.c
diff --git a/src/lib/libcrypto/md4/md4.c b/src/lib/libcrypto/md4/md4.c
new file mode 100644
index 0000000000..141415ad4d
--- /dev/null
+++ b/src/lib/libcrypto/md4/md4.c
@@ -0,0 +1,127 @@
+/* crypto/md4/md4.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/md4.h>
+#define BUFSIZE 1024*16
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+#if !defined(_OSD_POSIX) && !defined(__DJGPP__)
+int read(int, void *, unsigned int);
+#endif
+int main(int argc, char **argv)
+        {
+        int i,err=0;
+        FILE *IN;
+        if (argc == 1)
+                {
+                do_fp(stdin);
+                }
+        else
+                {
+                for (i=1; i<argc; i++)
+                        {
+                        IN=fopen(argv[i],"r");
+                        if (IN == NULL)
+                                {
+                                perror(argv[i]);
+                                err++;
+                                continue;
+                                }
+                        printf("MD4(%s)= ",argv[i]);
+                        do_fp(IN);
+                        fclose(IN);
+                        }
+                }
+        exit(err);
+        }
+void do_fp(FILE *f)
+        {
+        MD4_CTX c;
+        unsigned char md[MD4_DIGEST_LENGTH];
+        int fd;
+        int i;
+        static unsigned char buf[BUFSIZE];
+        fd=fileno(f);
+        MD4_Init(&c);
+        for (;;)
+                {
+                i=read(fd,buf,sizeof buf);
+                if (i <= 0) break;
+                MD4_Update(&c,buf,(unsigned long)i);
+                }
+        MD4_Final(&(md[0]),&c);
+        pt(md);
+        }
+void pt(unsigned char *md)
+        {
+        int i;
+        for (i=0; i<MD4_DIGEST_LENGTH; i++)
+                printf("%02x",md[i]);
+        printf("\n");
+        }
diff --git a/src/lib/libcrypto/md4/md4.h b/src/lib/libcrypto/md4/md4.h
index 5598c93a4f..7e761efb62 100644
--- a/src/lib/libcrypto/md4/md4.h
+++ b/src/lib/libcrypto/md4/md4.h
@@ -60,7 +60,6 @@
 #define HEADER_MD4_H
 #include <openssl/e_os2.h>
-#include <stddef.h>
 #ifdef  __cplusplus
 extern "C" {
@@ -102,13 +101,16 @@ typedef struct MD4state_st
        MD4_LONG A,B,C,D;
        MD4_LONG Nl,Nh;
        MD4_LONG data[MD4_LBLOCK];
-        unsigned int num;
+        int num;
        } MD4_CTX;
+#ifdef OPENSSL_FIPS
+int private_MD4_Init(MD4_CTX *c);
+#endif
 int MD4_Init(MD4_CTX *c);
-int MD4_Update(MD4_CTX *c, const void *data, size_t len);
+int MD4_Update(MD4_CTX *c, const void *data, unsigned long len);
 int MD4_Final(unsigned char *md, MD4_CTX *c);
-unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md);
+unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md);
 void MD4_Transform(MD4_CTX *c, const unsigned char *b);
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libcrypto/md4/md4_dgst.c b/src/lib/libcrypto/md4/md4_dgst.c
index cfef94af39..ee7cc72262 100644
--- a/src/lib/libcrypto/md4/md4_dgst.c
+++ b/src/lib/libcrypto/md4/md4_dgst.c
@@ -60,7 +60,7 @@
 #include "md4_locl.h"
 #include <openssl/opensslv.h>
-const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT;
+const char *MD4_version="MD4" OPENSSL_VERSION_PTEXT;
 /* Implemented from RFC1186 The MD4 Message-Digest Algorithm
 */
@@ -70,7 +70,7 @@ const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT;
 #define INIT_DATA_C (unsigned long)0x98badcfeL
 #define INIT_DATA_D (unsigned long)0x10325476L
-int MD4_Init(MD4_CTX *c)
+FIPS_NON_FIPS_MD_Init(MD4)
        {
        c->A=INIT_DATA_A;
        c->B=INIT_DATA_B;
@@ -82,11 +82,84 @@ int MD4_Init(MD4_CTX *c)
        return 1;
        }
+#ifndef md4_block_host_order
+void md4_block_host_order (MD4_CTX *c, const void *data, int num)
+        {
+        const MD4_LONG *X=data;
+        register unsigned MD32_REG_T A,B,C,D;
+        A=c->A;
+        B=c->B;
+        C=c->C;
+        D=c->D;
+        for (;num--;X+=HASH_LBLOCK)
+                {
+        /* Round 0 */
+        R0(A,B,C,D,X[ 0], 3,0);
+        R0(D,A,B,C,X[ 1], 7,0);
+        R0(C,D,A,B,X[ 2],11,0);
+        R0(B,C,D,A,X[ 3],19,0);
+        R0(A,B,C,D,X[ 4], 3,0);
+        R0(D,A,B,C,X[ 5], 7,0);
+        R0(C,D,A,B,X[ 6],11,0);
+        R0(B,C,D,A,X[ 7],19,0);
+        R0(A,B,C,D,X[ 8], 3,0);
+        R0(D,A,B,C,X[ 9], 7,0);
+        R0(C,D,A,B,X[10],11,0);
+        R0(B,C,D,A,X[11],19,0);
+        R0(A,B,C,D,X[12], 3,0);
+        R0(D,A,B,C,X[13], 7,0);
+        R0(C,D,A,B,X[14],11,0);
+        R0(B,C,D,A,X[15],19,0);
+        /* Round 1 */
+        R1(A,B,C,D,X[ 0], 3,0x5A827999L);
+        R1(D,A,B,C,X[ 4], 5,0x5A827999L);
+        R1(C,D,A,B,X[ 8], 9,0x5A827999L);
+        R1(B,C,D,A,X[12],13,0x5A827999L);
+        R1(A,B,C,D,X[ 1], 3,0x5A827999L);
+        R1(D,A,B,C,X[ 5], 5,0x5A827999L);
+        R1(C,D,A,B,X[ 9], 9,0x5A827999L);
+        R1(B,C,D,A,X[13],13,0x5A827999L);
+        R1(A,B,C,D,X[ 2], 3,0x5A827999L);
+        R1(D,A,B,C,X[ 6], 5,0x5A827999L);
+        R1(C,D,A,B,X[10], 9,0x5A827999L);
+        R1(B,C,D,A,X[14],13,0x5A827999L);
+        R1(A,B,C,D,X[ 3], 3,0x5A827999L);
+        R1(D,A,B,C,X[ 7], 5,0x5A827999L);
+        R1(C,D,A,B,X[11], 9,0x5A827999L);
+        R1(B,C,D,A,X[15],13,0x5A827999L);
+        /* Round 2 */
+        R2(A,B,C,D,X[ 0], 3,0x6ED9EBA1);
+        R2(D,A,B,C,X[ 8], 9,0x6ED9EBA1);
+        R2(C,D,A,B,X[ 4],11,0x6ED9EBA1);
+        R2(B,C,D,A,X[12],15,0x6ED9EBA1);
+        R2(A,B,C,D,X[ 2], 3,0x6ED9EBA1);
+        R2(D,A,B,C,X[10], 9,0x6ED9EBA1);
+        R2(C,D,A,B,X[ 6],11,0x6ED9EBA1);
+        R2(B,C,D,A,X[14],15,0x6ED9EBA1);
+        R2(A,B,C,D,X[ 1], 3,0x6ED9EBA1);
+        R2(D,A,B,C,X[ 9], 9,0x6ED9EBA1);
+        R2(C,D,A,B,X[ 5],11,0x6ED9EBA1);
+        R2(B,C,D,A,X[13],15,0x6ED9EBA1);
+        R2(A,B,C,D,X[ 3], 3,0x6ED9EBA1);
+        R2(D,A,B,C,X[11], 9,0x6ED9EBA1);
+        R2(C,D,A,B,X[ 7],11,0x6ED9EBA1);
+        R2(B,C,D,A,X[15],15,0x6ED9EBA1);
+        A = c->A += A;
+        B = c->B += B;
+        C = c->C += C;
+        D = c->D += D;
+                }
+        }
+#endif
 #ifndef md4_block_data_order
 #ifdef X
 #undef X
 #endif
-void md4_block_data_order (MD4_CTX *c, const void *data_, size_t num)
+void md4_block_data_order (MD4_CTX *c, const void *data_, int num)
        {
        const unsigned char *data=data_;
        register unsigned MD32_REG_T A,B,C,D,l;
@@ -167,3 +240,19 @@ void md4_block_data_order (MD4_CTX *c, const void *data_, size_t num)
                }
        }
 #endif
+#ifdef undef
+int printit(unsigned long *l)
+        {
+        int i,ii;
+        for (i=0; i<2; i++)
+                {
+                for (ii=0; ii<8; ii++)
+                        {
+                        fprintf(stderr,"%08lx ",l[i*8+ii]);
+                        }
+                fprintf(stderr,"\n");
+                }
+        }
+#endif
diff --git a/src/lib/libcrypto/md4/md4_locl.h b/src/lib/libcrypto/md4/md4_locl.h
index c8085b0ead..a8d31d7a73 100644
--- a/src/lib/libcrypto/md4/md4_locl.h
+++ b/src/lib/libcrypto/md4/md4_locl.h
@@ -65,13 +65,41 @@
 #define MD4_LONG_LOG2 2 /* default to 32 bits */
 #endif
-void md4_block_data_order (MD4_CTX *c, const void *p,size_t num);
+void md4_block_host_order (MD4_CTX *c, const void *p,int num);
+void md4_block_data_order (MD4_CTX *c, const void *p,int num);
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+/*
+ * *_block_host_order is expected to handle aligned data while
+ * *_block_data_order - unaligned. As algorithm and host (x86)
+ * are in this case of the same "endianness" these two are
+ * otherwise indistinguishable. But normally you don't want to
+ * call the same function because unaligned access in places
+ * where alignment is expected is usually a "Bad Thing". Indeed,
+ * on RISCs you get punished with BUS ERROR signal or *severe*
+ * performance degradation. Intel CPUs are in turn perfectly
+ * capable of loading unaligned data without such drastic side
+ * effect. Yes, they say it's slower than aligned load, but no
+ * exception is generated and therefore performance degradation
+ * is *incomparable* with RISCs. What we should weight here is
+ * costs of unaligned access against costs of aligning data.
+ * According to my measurements allowing unaligned access results
+ * in ~9% performance improvement on Pentium II operating at
+ * 266MHz. I won't be surprised if the difference will be higher
+ * on faster systems:-)
+ *
+ *                              <appro@fy.chalmers.se>
+ */
+#define md4_block_data_order md4_block_host_order
+#endif
 #define DATA_ORDER_IS_LITTLE_ENDIAN
 #define HASH_LONG               MD4_LONG
+#define HASH_LONG_LOG2          MD4_LONG_LOG2
 #define HASH_CTX                MD4_CTX
 #define HASH_CBLOCK             MD4_CBLOCK
+#define HASH_LBLOCK             MD4_LBLOCK
 #define HASH_UPDATE             MD4_Update
 #define HASH_TRANSFORM          MD4_Transform
 #define HASH_FINAL              MD4_Final
@@ -82,7 +110,21 @@ void md4_block_data_order (MD4_CTX *c, const void *p,size_t num);
        ll=(c)->C; HOST_l2c(ll,(s));    \
        ll=(c)->D; HOST_l2c(ll,(s));    \
        } while (0)
+#define HASH_BLOCK_HOST_ORDER   md4_block_host_order
+#if !defined(L_ENDIAN) || defined(md4_block_data_order)
 #define HASH_BLOCK_DATA_ORDER   md4_block_data_order
+/*
+ * Little-endians (Intel and Alpha) feel better without this.
+ * It looks like memcpy does better job than generic
+ * md4_block_data_order on copying-n-aligning input data.
+ * But frankly speaking I didn't expect such result on Alpha.
+ * On the other hand I've got this with egcs-1.0.2 and if
+ * program is compiled with another (better?) compiler it
+ * might turn out other way around.
+ *
+ *                              <appro@fy.chalmers.se>
+ */
+#endif
 #include "md32_common.h"
diff --git a/src/lib/libcrypto/md4/md4_one.c b/src/lib/libcrypto/md4/md4_one.c
index bb64362638..50f79352f6 100644
--- a/src/lib/libcrypto/md4/md4_one.c
+++ b/src/lib/libcrypto/md4/md4_one.c
@@ -65,7 +65,7 @@
 #include <openssl/ebcdic.h>
 #endif
-unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md)
+unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md)
        {
        MD4_CTX c;
        static unsigned char m[MD4_DIGEST_LENGTH];
diff --git a/src/lib/libcrypto/md4/md4s.cpp b/src/lib/libcrypto/md4/md4s.cpp
new file mode 100644
index 0000000000..c0ec97fc9f
--- /dev/null
+++ b/src/lib/libcrypto/md4/md4s.cpp
@@ -0,0 +1,78 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/md4.h>
+extern "C" {
+void md4_block_x86(MD4_CTX *ctx, unsigned char *buffer,int num);
+}
+void main(int argc,char *argv[])
+        {
+        unsigned char buffer[64*256];
+        MD4_CTX ctx;
+        unsigned long s1,s2,e1,e2;
+        unsigned char k[16];
+        unsigned long data[2];
+        unsigned char iv[8];
+        int i,num=0,numm;
+        int j=0;
+        if (argc >= 2)
+                num=atoi(argv[1]);
+        if (num == 0) num=16;
+        if (num > 250) num=16;
+        numm=num+2;
+        num*=64;
+        numm*=64;
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<10; i++) /**/
+                        {
+                        md4_block_x86(&ctx,buffer,numm);
+                        GetTSC(s1);
+                        md4_block_x86(&ctx,buffer,numm);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        md4_block_x86(&ctx,buffer,num);
+                        GetTSC(e2);
+                        md4_block_x86(&ctx,buffer,num);
+                        }
+                printf("md4 (%d bytes) %d %d (%.2f)\n",num,
+                        e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
+                }
+        }
diff --git a/src/lib/libcrypto/md4/md4test.c b/src/lib/libcrypto/md4/md4test.c
new file mode 100644
index 0000000000..21a77d96f7
--- /dev/null
+++ b/src/lib/libcrypto/md4/md4test.c
@@ -0,0 +1,136 @@
+/* crypto/md4/md4test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "../e_os.h"
+#ifdef OPENSSL_NO_MD4
+int main(int argc, char *argv[])
+{
+    printf("No MD4 support\n");
+    return(0);
+}
+#else
+#include <openssl/evp.h>
+#include <openssl/md4.h>
+static char *test[]={
+        "",
+        "a",
+        "abc",
+        "message digest",
+        "abcdefghijklmnopqrstuvwxyz",
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+        "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+        NULL,
+        };
+static char *ret[]={
+"31d6cfe0d16ae931b73c59d7e0c089c0",
+"bde52cb31de33e46245e05fbdbd6fb24",
+"a448017aaf21d8525fc10ae87aa6729d",
+"d9130a8164549fe818874806e1c7014b",
+"d79e1c308aa5bbcdeea8ed63df412da9",
+"043f8582f241db351ce627e153e7f0e4",
+"e33b4ddc9c38f2199c3e7b164fcc0536",
+};
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+        {
+        int i,err=0;
+        unsigned char **P,**R;
+        char *p;
+        unsigned char md[MD4_DIGEST_LENGTH];
+        P=(unsigned char **)test;
+        R=(unsigned char **)ret;
+        i=1;
+        while (*P != NULL)
+                {
+                EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md4(), NULL);
+                p=pt(md);
+                if (strcmp(p,(char *)*R) != 0)
+                        {
+                        printf("error calculating MD4 on '%s'\n",*P);
+                        printf("got %s instead of %s\n",p,*R);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                i++;
+                R++;
+                P++;
+                }
+        EXIT(err);
+        return(0);
+        }
+static char *pt(unsigned char *md)
+        {
+        int i;
+        static char buf[80];
+        for (i=0; i<MD4_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
+#endif
diff --git a/src/lib/libcrypto/md5/Makefile b/src/lib/libcrypto/md5/Makefile
new file mode 100644
index 0000000000..ceb00e8956
--- /dev/null
+++ b/src/lib/libcrypto/md5/Makefile
@@ -0,0 +1,102 @@
+#
+# OpenSSL/crypto/md5/Makefile
+#
+DIR=    md5
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=-I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+MD5_ASM_OBJ=
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+GENERAL=Makefile
+TEST=md5test.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md5_dgst.c md5_one.c
+LIBOBJ=md5_dgst.o md5_one.o $(MD5_ASM_OBJ)
+SRC= $(LIBSRC)
+EXHEADER= md5.h
+HEADER= md5_locl.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+# ELF
+mx86-elf.s: asm/md5-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) md5-586.pl elf $(CFLAGS) > ../$@)
+# COFF
+mx86-cof.s: asm/md5-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) md5-586.pl coff $(CFLAGS) > ../$@)
+# a.out
+mx86-out.s: asm/md5-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) md5-586.pl a.out $(CFLAGS) > ../$@)
+md5-x86_64.s:   asm/md5-x86_64.pl;      $(PERL) asm/md5-x86_64.pl $@
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md5.h
+md5_dgst.o: ../../include/openssl/opensslconf.h
+md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_dgst.c
+md5_dgst.o: md5_locl.h
+md5_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+md5_one.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
+md5_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+md5_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+md5_one.o: ../../include/openssl/symhacks.h md5_one.c
diff --git a/src/lib/libcrypto/md5/Makefile.ssl b/src/lib/libcrypto/md5/Makefile.ssl
new file mode 100644
index 0000000000..2361775a2d
--- /dev/null
+++ b/src/lib/libcrypto/md5/Makefile.ssl
@@ -0,0 +1,127 @@
+#
+# SSLeay/crypto/md5/Makefile
+#
+DIR=    md5
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=-I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+MD5_ASM_OBJ=
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+GENERAL=Makefile
+TEST=md5test.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md5_dgst.c md5_one.c
+LIBOBJ=md5_dgst.o md5_one.o $(MD5_ASM_OBJ)
+SRC= $(LIBSRC)
+EXHEADER= md5.h
+HEADER= md5_locl.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+# elf
+asm/mx86-elf.s: asm/md5-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) md5-586.pl elf $(CFLAGS) > mx86-elf.s)
+# a.out
+asm/mx86-out.o: asm/mx86unix.cpp
+        $(CPP) -DOUT asm/mx86unix.cpp | as -o asm/mx86-out.o
+# bsdi
+asm/mx86bsdi.o: asm/mx86unix.cpp
+        $(CPP) -DBSDI asm/mx86unix.cpp | sed 's/ :/:/' | as -o asm/mx86bsdi.o
+asm/mx86unix.cpp: asm/md5-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) md5-586.pl cpp >mx86unix.cpp)
+asm/md5-sparcv8plus.o: asm/md5-sparcv9.S
+        $(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -c \
+                -o asm/md5-sparcv8plus.o asm/md5-sparcv9.S
+# Old GNU assembler doesn't understand V9 instructions, so we
+# hire /usr/ccs/bin/as to do the job. Note that option is called
+# *-gcc27, but even gcc 2>=8 users may experience similar problem
+# if they didn't bother to upgrade GNU assembler. Such users should
+# not choose this option, but be adviced to *remove* GNU assembler
+# or upgrade it.
+asm/md5-sparcv8plus-gcc27.o: asm/md5-sparcv9.S
+        $(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -E asm/md5-sparcv9.S | \
+                /usr/ccs/bin/as -xarch=v8plus - -o asm/md5-sparcv8plus-gcc27.o
+asm/md5-sparcv9.o: asm/md5-sparcv9.S
+        $(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -c \
+                -o asm/md5-sparcv9.o asm/md5-sparcv9.S
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f asm/mx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md5.h
+md5_dgst.o: ../../include/openssl/opensslconf.h
+md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_dgst.c
+md5_dgst.o: md5_locl.h
+md5_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+md5_one.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
+md5_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+md5_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+md5_one.o: md5_one.c
diff --git a/src/lib/libcrypto/md5/asm/md5-586.pl b/src/lib/libcrypto/md5/asm/md5-586.pl
index 76ac235f7d..fa3fa3bed5 100644
--- a/src/lib/libcrypto/md5/asm/md5-586.pl
+++ b/src/lib/libcrypto/md5/asm/md5-586.pl
@@ -29,7 +29,7 @@ $X="esi";
 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9,  # R3
 );
-&md5_block("md5_block_asm_data_order");
+&md5_block("md5_block_asm_host_order");
 &asm_finish();
 sub Np
diff --git a/src/lib/libcrypto/md5/asm/md5-sparcv9.S b/src/lib/libcrypto/md5/asm/md5-sparcv9.S
new file mode 100644
index 0000000000..db45aa4c97
--- /dev/null
+++ b/src/lib/libcrypto/md5/asm/md5-sparcv9.S
@@ -0,0 +1,1031 @@
+.ident  "md5-sparcv9.S, Version 1.0"
+.ident  "SPARC V9 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+.file   "md5-sparcv9.S"
+/*
+ * ====================================================================
+ * Copyright (c) 1999 Andy Polyakov <appro@fy.chalmers.se>.
+ *
+ * Rights for redistribution and usage in source and binary forms are
+ * granted as long as above copyright notices are retained. Warranty
+ * of any kind is (of course:-) disclaimed.
+ * ====================================================================
+ */
+/*
+ * This is my modest contribution to OpenSSL project (see
+ * http://www.openssl.org/ for more information about it) and is an
+ * assembler implementation of MD5 block hash function. I've hand-coded
+ * this for the sole reason to reach UltraSPARC-specific "load in
+ * little-endian byte order" instruction. This gives up to 15%
+ * performance improvement for cases when input message is aligned at
+ * 32 bits boundary. The module was tested under both 32 *and* 64 bit
+ * kernels. For updates see http://fy.chalmers.se/~appro/hpe/.
+ *
+ * To compile with SC4.x/SC5.x:
+ *
+ *      cc -xarch=v[9|8plus] -DOPENSSL_SYSNAME_ULTRASPARC -DMD5_BLOCK_DATA_ORDER \
+ *              -c md5-sparcv9.S
+ *
+ * and with gcc:
+ *
+ *      gcc -mcpu=ultrasparc -DOPENSSL_SYSNAME_ULTRASPARC -DMD5_BLOCK_DATA_ORDER \
+ *              -c md5-sparcv9.S
+ *
+ * or if above fails (it does if you have gas):
+ *
+ *      gcc -E -DOPENSSL_SYSNAMEULTRASPARC -DMD5_BLOCK_DATA_ORDER md5_block.sparc.S | \
+ *              as -xarch=v8plus /dev/fd/0 -o md5-sparcv9.o
+ */
+#include <openssl/e_os2.h>
+#define A       %o0
+#define B       %o1
+#define C       %o2
+#define D       %o3
+#define T1      %o4
+#define T2      %o5
+#define R0      %l0
+#define R1      %l1
+#define R2      %l2
+#define R3      %l3
+#define R4      %l4
+#define R5      %l5
+#define R6      %l6
+#define R7      %l7
+#define R8      %i3
+#define R9      %i4
+#define R10     %i5
+#define R11     %g1
+#define R12     %g2
+#define R13     %g3
+#define RX      %g4
+#define Aptr    %i0+0
+#define Bptr    %i0+4
+#define Cptr    %i0+8
+#define Dptr    %i0+12
+#define Aval    R5      /* those not used at the end of the last round */
+#define Bval    R6
+#define Cval    R7
+#define Dval    R8
+#if defined(MD5_BLOCK_DATA_ORDER)
+# if defined(OPENSSL_SYSNAME_ULTRASPARC)
+#  define       LOAD                    lda
+#  define       X(i)                    [%i1+i*4]%asi
+#  define       md5_block               md5_block_asm_data_order_aligned
+#  define       ASI_PRIMARY_LITTLE      0x88
+# else
+#  error "MD5_BLOCK_DATA_ORDER is supported only on UltraSPARC!"
+# endif
+#else
+# define        LOAD                    ld
+# define        X(i)                    [%i1+i*4]
+# define        md5_block               md5_block_asm_host_order
+#endif
+.section        ".text",#alloc,#execinstr
+#if defined(__SUNPRO_C) && defined(__sparcv9)
+  /* They've said -xarch=v9 at command line */
+  .register     %g2,#scratch
+  .register     %g3,#scratch
+# define        FRAME   -192
+#elif defined(__GNUC__) && defined(__arch64__)
+  /* They've said -m64 at command line */
+  .register     %g2,#scratch
+  .register     %g3,#scratch
+# define        FRAME   -192
+#else
+# define        FRAME   -96
+#endif
+.align  32
+.global md5_block
+md5_block:
+        save    %sp,FRAME,%sp
+        ld      [Dptr],D
+        ld      [Cptr],C
+        ld      [Bptr],B
+        ld      [Aptr],A
+#ifdef ASI_PRIMARY_LITTLE
+        rd      %asi,%o7        ! How dare I? Well, I just do:-)
+        wr      %g0,ASI_PRIMARY_LITTLE,%asi
+#endif
+        LOAD    X(0),R0
+.Lmd5_block_loop:
+!!!!!!!!Round 0
+        xor     C,D,T1
+        sethi   %hi(0xd76aa478),T2
+        and     T1,B,T1
+        or      T2,%lo(0xd76aa478),T2   !=
+        xor     T1,D,T1
+        add     T1,R0,T1
+        LOAD    X(1),R1
+        add     T1,T2,T1                !=
+        add     A,T1,A
+        sll     A,7,T2
+        srl     A,32-7,A
+        or      A,T2,A                  !=
+         xor     B,C,T1
+        add     A,B,A
+        sethi   %hi(0xe8c7b756),T2
+        and     T1,A,T1                 !=
+        or      T2,%lo(0xe8c7b756),T2
+        xor     T1,C,T1
+        LOAD    X(2),R2
+        add     T1,R1,T1                !=
+        add     T1,T2,T1
+        add     D,T1,D
+        sll     D,12,T2
+        srl     D,32-12,D               !=
+        or      D,T2,D
+         xor     A,B,T1
+        add     D,A,D
+        sethi   %hi(0x242070db),T2      !=
+        and     T1,D,T1
+        or      T2,%lo(0x242070db),T2
+        xor     T1,B,T1
+        add     T1,R2,T1                !=
+        LOAD    X(3),R3
+        add     T1,T2,T1
+        add     C,T1,C
+        sll     C,17,T2                 !=
+        srl     C,32-17,C
+        or      C,T2,C
+         xor     D,A,T1
+        add     C,D,C                   !=
+        sethi   %hi(0xc1bdceee),T2
+        and     T1,C,T1
+        or      T2,%lo(0xc1bdceee),T2
+        xor     T1,A,T1                 !=
+        add     T1,R3,T1
+        LOAD    X(4),R4
+        add     T1,T2,T1
+        add     B,T1,B                  !=
+        sll     B,22,T2
+        srl     B,32-22,B
+        or      B,T2,B
+         xor     C,D,T1                 !=
+        add     B,C,B
+        sethi   %hi(0xf57c0faf),T2
+        and     T1,B,T1
+        or      T2,%lo(0xf57c0faf),T2   !=
+        xor     T1,D,T1
+        add     T1,R4,T1
+        LOAD    X(5),R5
+        add     T1,T2,T1                !=
+        add     A,T1,A
+        sll     A,7,T2
+        srl     A,32-7,A
+        or      A,T2,A                  !=
+         xor     B,C,T1
+        add     A,B,A
+        sethi   %hi(0x4787c62a),T2
+        and     T1,A,T1                 !=
+        or      T2,%lo(0x4787c62a),T2
+        xor     T1,C,T1
+        LOAD    X(6),R6
+        add     T1,R5,T1                !=
+        add     T1,T2,T1
+        add     D,T1,D
+        sll     D,12,T2
+        srl     D,32-12,D               !=
+        or      D,T2,D
+         xor     A,B,T1
+        add     D,A,D
+        sethi   %hi(0xa8304613),T2      !=
+        and     T1,D,T1
+        or      T2,%lo(0xa8304613),T2
+        xor     T1,B,T1
+        add     T1,R6,T1                !=
+        LOAD    X(7),R7
+        add     T1,T2,T1
+        add     C,T1,C
+        sll     C,17,T2                 !=
+        srl     C,32-17,C
+        or      C,T2,C
+         xor     D,A,T1
+        add     C,D,C                   !=
+        sethi   %hi(0xfd469501),T2
+        and     T1,C,T1
+        or      T2,%lo(0xfd469501),T2
+        xor     T1,A,T1                 !=
+        add     T1,R7,T1
+        LOAD    X(8),R8
+        add     T1,T2,T1
+        add     B,T1,B                  !=
+        sll     B,22,T2
+        srl     B,32-22,B
+        or      B,T2,B
+         xor     C,D,T1                 !=
+        add     B,C,B
+        sethi   %hi(0x698098d8),T2
+        and     T1,B,T1
+        or      T2,%lo(0x698098d8),T2   !=
+        xor     T1,D,T1
+        add     T1,R8,T1
+        LOAD    X(9),R9
+        add     T1,T2,T1                !=
+        add     A,T1,A
+        sll     A,7,T2
+        srl     A,32-7,A
+        or      A,T2,A                  !=
+         xor     B,C,T1
+        add     A,B,A
+        sethi   %hi(0x8b44f7af),T2
+        and     T1,A,T1                 !=
+        or      T2,%lo(0x8b44f7af),T2
+        xor     T1,C,T1
+        LOAD    X(10),R10
+        add     T1,R9,T1                !=
+        add     T1,T2,T1
+        add     D,T1,D
+        sll     D,12,T2
+        srl     D,32-12,D               !=
+        or      D,T2,D
+         xor     A,B,T1
+        add     D,A,D
+        sethi   %hi(0xffff5bb1),T2      !=
+        and     T1,D,T1
+        or      T2,%lo(0xffff5bb1),T2
+        xor     T1,B,T1
+        add     T1,R10,T1               !=
+        LOAD    X(11),R11
+        add     T1,T2,T1
+        add     C,T1,C
+        sll     C,17,T2                 !=
+        srl     C,32-17,C
+        or      C,T2,C
+         xor     D,A,T1
+        add     C,D,C                   !=
+        sethi   %hi(0x895cd7be),T2
+        and     T1,C,T1
+        or      T2,%lo(0x895cd7be),T2
+        xor     T1,A,T1                 !=
+        add     T1,R11,T1
+        LOAD    X(12),R12
+        add     T1,T2,T1
+        add     B,T1,B                  !=
+        sll     B,22,T2
+        srl     B,32-22,B
+        or      B,T2,B
+         xor     C,D,T1                 !=
+        add     B,C,B
+        sethi   %hi(0x6b901122),T2
+        and     T1,B,T1
+        or      T2,%lo(0x6b901122),T2   !=
+        xor     T1,D,T1
+        add     T1,R12,T1
+        LOAD    X(13),R13
+        add     T1,T2,T1                !=
+        add     A,T1,A
+        sll     A,7,T2
+        srl     A,32-7,A
+        or      A,T2,A                  !=
+         xor     B,C,T1
+        add     A,B,A
+        sethi   %hi(0xfd987193),T2
+        and     T1,A,T1                 !=
+        or      T2,%lo(0xfd987193),T2
+        xor     T1,C,T1
+        LOAD    X(14),RX
+        add     T1,R13,T1               !=
+        add     T1,T2,T1
+        add     D,T1,D
+        sll     D,12,T2
+        srl     D,32-12,D               !=
+        or      D,T2,D
+         xor     A,B,T1
+        add     D,A,D
+        sethi   %hi(0xa679438e),T2      !=
+        and     T1,D,T1
+        or      T2,%lo(0xa679438e),T2
+        xor     T1,B,T1
+        add     T1,RX,T1                !=
+        LOAD    X(15),RX
+        add     T1,T2,T1
+        add     C,T1,C
+        sll     C,17,T2                 !=
+        srl     C,32-17,C
+        or      C,T2,C
+         xor     D,A,T1
+        add     C,D,C                   !=
+        sethi   %hi(0x49b40821),T2
+        and     T1,C,T1
+        or      T2,%lo(0x49b40821),T2
+        xor     T1,A,T1                 !=
+        add     T1,RX,T1
+        !pre-LOADed     X(1),R1
+        add     T1,T2,T1
+        add     B,T1,B
+        sll     B,22,T2                 !=
+        srl     B,32-22,B
+        or      B,T2,B
+        add     B,C,B
+!!!!!!!!Round 1
+        xor     B,C,T1                  !=
+        sethi   %hi(0xf61e2562),T2
+        and     T1,D,T1
+        or      T2,%lo(0xf61e2562),T2
+        xor     T1,C,T1                 !=
+        add     T1,R1,T1
+        !pre-LOADed     X(6),R6
+        add     T1,T2,T1
+        add     A,T1,A
+        sll     A,5,T2                  !=
+        srl     A,32-5,A
+        or      A,T2,A
+        add     A,B,A
+        xor     A,B,T1                  !=
+        sethi   %hi(0xc040b340),T2
+        and     T1,C,T1
+        or      T2,%lo(0xc040b340),T2
+        xor     T1,B,T1                 !=
+        add     T1,R6,T1
+        !pre-LOADed     X(11),R11
+        add     T1,T2,T1
+        add     D,T1,D
+        sll     D,9,T2                  !=
+        srl     D,32-9,D
+        or      D,T2,D
+        add     D,A,D
+        xor     D,A,T1                  !=
+        sethi   %hi(0x265e5a51),T2
+        and     T1,B,T1
+        or      T2,%lo(0x265e5a51),T2
+        xor     T1,A,T1                 !=
+        add     T1,R11,T1
+        !pre-LOADed     X(0),R0
+        add     T1,T2,T1
+        add     C,T1,C
+        sll     C,14,T2                 !=
+        srl     C,32-14,C
+        or      C,T2,C
+        add     C,D,C
+        xor     C,D,T1                  !=
+        sethi   %hi(0xe9b6c7aa),T2
+        and     T1,A,T1
+        or      T2,%lo(0xe9b6c7aa),T2
+        xor     T1,D,T1                 !=
+        add     T1,R0,T1
+        !pre-LOADed     X(5),R5
+        add     T1,T2,T1
+        add     B,T1,B
+        sll     B,20,T2                 !=
+        srl     B,32-20,B
+        or      B,T2,B
+        add     B,C,B
+        xor     B,C,T1                  !=
+        sethi   %hi(0xd62f105d),T2
+        and     T1,D,T1
+        or      T2,%lo(0xd62f105d),T2
+        xor     T1,C,T1                 !=
+        add     T1,R5,T1
+        !pre-LOADed     X(10),R10
+        add     T1,T2,T1
+        add     A,T1,A
+        sll     A,5,T2                  !=
+        srl     A,32-5,A
+        or      A,T2,A
+        add     A,B,A
+        xor     A,B,T1                  !=
+        sethi   %hi(0x02441453),T2
+        and     T1,C,T1
+        or      T2,%lo(0x02441453),T2
+        xor     T1,B,T1                 !=
+        add     T1,R10,T1
+        LOAD    X(15),RX
+        add     T1,T2,T1
+        add     D,T1,D                  !=
+        sll     D,9,T2
+        srl     D,32-9,D
+        or      D,T2,D
+        add     D,A,D                   !=
+        xor     D,A,T1
+        sethi   %hi(0xd8a1e681),T2
+        and     T1,B,T1
+        or      T2,%lo(0xd8a1e681),T2   !=
+        xor     T1,A,T1
+        add     T1,RX,T1
+        !pre-LOADed     X(4),R4
+        add     T1,T2,T1
+        add     C,T1,C                  !=
+        sll     C,14,T2
+        srl     C,32-14,C
+        or      C,T2,C
+        add     C,D,C                   !=
+        xor     C,D,T1
+        sethi   %hi(0xe7d3fbc8),T2
+        and     T1,A,T1
+        or      T2,%lo(0xe7d3fbc8),T2   !=
+        xor     T1,D,T1
+        add     T1,R4,T1
+        !pre-LOADed     X(9),R9
+        add     T1,T2,T1
+        add     B,T1,B                  !=
+        sll     B,20,T2
+        srl     B,32-20,B
+        or      B,T2,B
+        add     B,C,B                   !=
+        xor     B,C,T1
+        sethi   %hi(0x21e1cde6),T2
+        and     T1,D,T1
+        or      T2,%lo(0x21e1cde6),T2   !=
+        xor     T1,C,T1
+        add     T1,R9,T1
+        LOAD    X(14),RX
+        add     T1,T2,T1                !=
+        add     A,T1,A
+        sll     A,5,T2
+        srl     A,32-5,A
+        or      A,T2,A                  !=
+        add     A,B,A
+        xor     A,B,T1
+        sethi   %hi(0xc33707d6),T2
+        and     T1,C,T1                 !=
+        or      T2,%lo(0xc33707d6),T2
+        xor     T1,B,T1
+        add     T1,RX,T1
+        !pre-LOADed     X(3),R3
+        add     T1,T2,T1                !=
+        add     D,T1,D
+        sll     D,9,T2
+        srl     D,32-9,D
+        or      D,T2,D                  !=
+        add     D,A,D
+        xor     D,A,T1
+        sethi   %hi(0xf4d50d87),T2
+        and     T1,B,T1                 !=
+        or      T2,%lo(0xf4d50d87),T2
+        xor     T1,A,T1
+        add     T1,R3,T1
+        !pre-LOADed     X(8),R8
+        add     T1,T2,T1                !=
+        add     C,T1,C
+        sll     C,14,T2
+        srl     C,32-14,C
+        or      C,T2,C                  !=
+        add     C,D,C
+        xor     C,D,T1
+        sethi   %hi(0x455a14ed),T2
+        and     T1,A,T1                 !=
+        or      T2,%lo(0x455a14ed),T2
+        xor     T1,D,T1
+        add     T1,R8,T1
+        !pre-LOADed     X(13),R13
+        add     T1,T2,T1                !=
+        add     B,T1,B
+        sll     B,20,T2
+        srl     B,32-20,B
+        or      B,T2,B                  !=
+        add     B,C,B
+        xor     B,C,T1
+        sethi   %hi(0xa9e3e905),T2
+        and     T1,D,T1                 !=
+        or      T2,%lo(0xa9e3e905),T2
+        xor     T1,C,T1
+        add     T1,R13,T1
+        !pre-LOADed     X(2),R2
+        add     T1,T2,T1                !=
+        add     A,T1,A
+        sll     A,5,T2
+        srl     A,32-5,A
+        or      A,T2,A                  !=
+        add     A,B,A
+        xor     A,B,T1
+        sethi   %hi(0xfcefa3f8),T2
+        and     T1,C,T1                 !=
+        or      T2,%lo(0xfcefa3f8),T2
+        xor     T1,B,T1
+        add     T1,R2,T1
+        !pre-LOADed     X(7),R7
+        add     T1,T2,T1                !=
+        add     D,T1,D
+        sll     D,9,T2
+        srl     D,32-9,D
+        or      D,T2,D                  !=
+        add     D,A,D
+        xor     D,A,T1
+        sethi   %hi(0x676f02d9),T2
+        and     T1,B,T1                 !=
+        or      T2,%lo(0x676f02d9),T2
+        xor     T1,A,T1
+        add     T1,R7,T1
+        !pre-LOADed     X(12),R12
+        add     T1,T2,T1                !=
+        add     C,T1,C
+        sll     C,14,T2
+        srl     C,32-14,C
+        or      C,T2,C                  !=
+        add     C,D,C
+        xor     C,D,T1
+        sethi   %hi(0x8d2a4c8a),T2
+        and     T1,A,T1                 !=
+        or      T2,%lo(0x8d2a4c8a),T2
+        xor     T1,D,T1
+        add     T1,R12,T1
+        !pre-LOADed     X(5),R5
+        add     T1,T2,T1                !=
+        add     B,T1,B
+        sll     B,20,T2
+        srl     B,32-20,B
+        or      B,T2,B                  !=
+        add     B,C,B
+!!!!!!!!Round 2
+        xor     B,C,T1
+        sethi   %hi(0xfffa3942),T2
+        xor     T1,D,T1                 !=
+        or      T2,%lo(0xfffa3942),T2
+        add     T1,R5,T1
+        !pre-LOADed     X(8),R8
+        add     T1,T2,T1
+        add     A,T1,A                  !=
+        sll     A,4,T2
+        srl     A,32-4,A
+        or      A,T2,A
+        add     A,B,A                   !=
+        xor     A,B,T1
+        sethi   %hi(0x8771f681),T2
+        xor     T1,C,T1
+        or      T2,%lo(0x8771f681),T2   !=
+        add     T1,R8,T1
+        !pre-LOADed     X(11),R11
+        add     T1,T2,T1
+        add     D,T1,D
+        sll     D,11,T2                 !=
+        srl     D,32-11,D
+        or      D,T2,D
+        add     D,A,D
+        xor     D,A,T1                  !=
+        sethi   %hi(0x6d9d6122),T2
+        xor     T1,B,T1
+        or      T2,%lo(0x6d9d6122),T2
+        add     T1,R11,T1               !=
+        LOAD    X(14),RX
+        add     T1,T2,T1
+        add     C,T1,C
+        sll     C,16,T2                 !=
+        srl     C,32-16,C
+        or      C,T2,C
+        add     C,D,C
+        xor     C,D,T1                  !=
+        sethi   %hi(0xfde5380c),T2
+        xor     T1,A,T1
+        or      T2,%lo(0xfde5380c),T2
+        add     T1,RX,T1                !=
+        !pre-LOADed     X(1),R1
+        add     T1,T2,T1
+        add     B,T1,B
+        sll     B,23,T2
+        srl     B,32-23,B               !=
+        or      B,T2,B
+        add     B,C,B
+        xor     B,C,T1
+        sethi   %hi(0xa4beea44),T2      !=
+        xor     T1,D,T1
+        or      T2,%lo(0xa4beea44),T2
+        add     T1,R1,T1
+        !pre-LOADed     X(4),R4
+        add     T1,T2,T1                !=
+        add     A,T1,A
+        sll     A,4,T2
+        srl     A,32-4,A
+        or      A,T2,A                  !=
+        add     A,B,A
+        xor     A,B,T1
+        sethi   %hi(0x4bdecfa9),T2
+        xor     T1,C,T1                 !=
+        or      T2,%lo(0x4bdecfa9),T2
+        add     T1,R4,T1
+        !pre-LOADed     X(7),R7
+        add     T1,T2,T1
+        add     D,T1,D                  !=
+        sll     D,11,T2
+        srl     D,32-11,D
+        or      D,T2,D
+        add     D,A,D                   !=
+        xor     D,A,T1
+        sethi   %hi(0xf6bb4b60),T2
+        xor     T1,B,T1
+        or      T2,%lo(0xf6bb4b60),T2   !=
+        add     T1,R7,T1
+        !pre-LOADed     X(10),R10
+        add     T1,T2,T1
+        add     C,T1,C
+        sll     C,16,T2                 !=
+        srl     C,32-16,C
+        or      C,T2,C
+        add     C,D,C
+        xor     C,D,T1                  !=
+        sethi   %hi(0xbebfbc70),T2
+        xor     T1,A,T1
+        or      T2,%lo(0xbebfbc70),T2
+        add     T1,R10,T1               !=
+        !pre-LOADed     X(13),R13
+        add     T1,T2,T1
+        add     B,T1,B
+        sll     B,23,T2
+        srl     B,32-23,B               !=
+        or      B,T2,B
+        add     B,C,B
+        xor     B,C,T1
+        sethi   %hi(0x289b7ec6),T2      !=
+        xor     T1,D,T1
+        or      T2,%lo(0x289b7ec6),T2
+        add     T1,R13,T1
+        !pre-LOADed     X(0),R0
+        add     T1,T2,T1                !=
+        add     A,T1,A
+        sll     A,4,T2
+        srl     A,32-4,A
+        or      A,T2,A                  !=
+        add     A,B,A
+        xor     A,B,T1
+        sethi   %hi(0xeaa127fa),T2
+        xor     T1,C,T1                 !=
+        or      T2,%lo(0xeaa127fa),T2
+        add     T1,R0,T1
+        !pre-LOADed     X(3),R3
+        add     T1,T2,T1
+        add     D,T1,D                  !=
+        sll     D,11,T2
+        srl     D,32-11,D
+        or      D,T2,D
+        add     D,A,D                   !=
+        xor     D,A,T1
+        sethi   %hi(0xd4ef3085),T2
+        xor     T1,B,T1
+        or      T2,%lo(0xd4ef3085),T2   !=
+        add     T1,R3,T1
+        !pre-LOADed     X(6),R6
+        add     T1,T2,T1
+        add     C,T1,C
+        sll     C,16,T2                 !=
+        srl     C,32-16,C
+        or      C,T2,C
+        add     C,D,C
+        xor     C,D,T1                  !=
+        sethi   %hi(0x04881d05),T2
+        xor     T1,A,T1
+        or      T2,%lo(0x04881d05),T2
+        add     T1,R6,T1                !=
+        !pre-LOADed     X(9),R9
+        add     T1,T2,T1
+        add     B,T1,B
+        sll     B,23,T2
+        srl     B,32-23,B               !=
+        or      B,T2,B
+        add     B,C,B
+        xor     B,C,T1
+        sethi   %hi(0xd9d4d039),T2      !=
+        xor     T1,D,T1
+        or      T2,%lo(0xd9d4d039),T2
+        add     T1,R9,T1
+        !pre-LOADed     X(12),R12
+        add     T1,T2,T1                !=
+        add     A,T1,A
+        sll     A,4,T2
+        srl     A,32-4,A
+        or      A,T2,A                  !=
+        add     A,B,A
+        xor     A,B,T1
+        sethi   %hi(0xe6db99e5),T2
+        xor     T1,C,T1                 !=
+        or      T2,%lo(0xe6db99e5),T2
+        add     T1,R12,T1
+        LOAD    X(15),RX
+        add     T1,T2,T1                !=
+        add     D,T1,D
+        sll     D,11,T2
+        srl     D,32-11,D
+        or      D,T2,D                  !=
+        add     D,A,D
+        xor     D,A,T1
+        sethi   %hi(0x1fa27cf8),T2
+        xor     T1,B,T1                 !=
+        or      T2,%lo(0x1fa27cf8),T2
+        add     T1,RX,T1
+        !pre-LOADed     X(2),R2
+        add     T1,T2,T1
+        add     C,T1,C                  !=
+        sll     C,16,T2
+        srl     C,32-16,C
+        or      C,T2,C
+        add     C,D,C                   !=
+        xor     C,D,T1
+        sethi   %hi(0xc4ac5665),T2
+        xor     T1,A,T1
+        or      T2,%lo(0xc4ac5665),T2   !=
+        add     T1,R2,T1
+        !pre-LOADed     X(0),R0
+        add     T1,T2,T1
+        add     B,T1,B
+        sll     B,23,T2                 !=
+        srl     B,32-23,B
+        or      B,T2,B
+        add     B,C,B
+!!!!!!!!Round 3
+        orn     B,D,T1                  !=
+        sethi   %hi(0xf4292244),T2
+        xor     T1,C,T1
+        or      T2,%lo(0xf4292244),T2
+        add     T1,R0,T1                !=
+        !pre-LOADed     X(7),R7
+        add     T1,T2,T1
+        add     A,T1,A
+        sll     A,6,T2
+        srl     A,32-6,A                !=
+        or      A,T2,A
+        add     A,B,A
+        orn     A,C,T1
+        sethi   %hi(0x432aff97),T2      !=
+        xor     T1,B,T1
+        or      T2,%lo(0x432aff97),T2
+        LOAD    X(14),RX
+        add     T1,R7,T1                !=
+        add     T1,T2,T1
+        add     D,T1,D
+        sll     D,10,T2
+        srl     D,32-10,D               !=
+        or      D,T2,D
+        add     D,A,D
+        orn     D,B,T1
+        sethi   %hi(0xab9423a7),T2      !=
+        xor     T1,A,T1
+        or      T2,%lo(0xab9423a7),T2
+        add     T1,RX,T1
+        !pre-LOADed     X(5),R5
+        add     T1,T2,T1                !=
+        add     C,T1,C
+        sll     C,15,T2
+        srl     C,32-15,C
+        or      C,T2,C                  !=
+        add     C,D,C
+        orn     C,A,T1
+        sethi   %hi(0xfc93a039),T2
+        xor     T1,D,T1                 !=
+        or      T2,%lo(0xfc93a039),T2
+        add     T1,R5,T1
+        !pre-LOADed     X(12),R12
+        add     T1,T2,T1
+        add     B,T1,B                  !=
+        sll     B,21,T2
+        srl     B,32-21,B
+        or      B,T2,B
+        add     B,C,B                   !=
+        orn     B,D,T1
+        sethi   %hi(0x655b59c3),T2
+        xor     T1,C,T1
+        or      T2,%lo(0x655b59c3),T2   !=
+        add     T1,R12,T1
+        !pre-LOADed     X(3),R3
+        add     T1,T2,T1
+        add     A,T1,A
+        sll     A,6,T2                  !=
+        srl     A,32-6,A
+        or      A,T2,A
+        add     A,B,A
+        orn     A,C,T1                  !=
+        sethi   %hi(0x8f0ccc92),T2
+        xor     T1,B,T1
+        or      T2,%lo(0x8f0ccc92),T2
+        add     T1,R3,T1                !=
+        !pre-LOADed     X(10),R10
+        add     T1,T2,T1
+        add     D,T1,D
+        sll     D,10,T2
+        srl     D,32-10,D               !=
+        or      D,T2,D
+        add     D,A,D
+        orn     D,B,T1
+        sethi   %hi(0xffeff47d),T2      !=
+        xor     T1,A,T1
+        or      T2,%lo(0xffeff47d),T2
+        add     T1,R10,T1
+        !pre-LOADed     X(1),R1
+        add     T1,T2,T1                !=
+        add     C,T1,C
+        sll     C,15,T2
+        srl     C,32-15,C
+        or      C,T2,C                  !=
+        add     C,D,C
+        orn     C,A,T1
+        sethi   %hi(0x85845dd1),T2
+        xor     T1,D,T1                 !=
+        or      T2,%lo(0x85845dd1),T2
+        add     T1,R1,T1
+        !pre-LOADed     X(8),R8
+        add     T1,T2,T1
+        add     B,T1,B                  !=
+        sll     B,21,T2
+        srl     B,32-21,B
+        or      B,T2,B
+        add     B,C,B                   !=
+        orn     B,D,T1
+        sethi   %hi(0x6fa87e4f),T2
+        xor     T1,C,T1
+        or      T2,%lo(0x6fa87e4f),T2   !=
+        add     T1,R8,T1
+        LOAD    X(15),RX
+        add     T1,T2,T1
+        add     A,T1,A                  !=
+        sll     A,6,T2
+        srl     A,32-6,A
+        or      A,T2,A
+        add     A,B,A                   !=
+        orn     A,C,T1
+        sethi   %hi(0xfe2ce6e0),T2
+        xor     T1,B,T1
+        or      T2,%lo(0xfe2ce6e0),T2   !=
+        add     T1,RX,T1
+        !pre-LOADed     X(6),R6
+        add     T1,T2,T1
+        add     D,T1,D
+        sll     D,10,T2                 !=
+        srl     D,32-10,D
+        or      D,T2,D
+        add     D,A,D
+        orn     D,B,T1                  !=
+        sethi   %hi(0xa3014314),T2
+        xor     T1,A,T1
+        or      T2,%lo(0xa3014314),T2
+        add     T1,R6,T1                !=
+        !pre-LOADed     X(13),R13
+        add     T1,T2,T1
+        add     C,T1,C
+        sll     C,15,T2
+        srl     C,32-15,C               !=
+        or      C,T2,C
+        add     C,D,C
+        orn     C,A,T1
+        sethi   %hi(0x4e0811a1),T2      !=
+        xor     T1,D,T1
+        or      T2,%lo(0x4e0811a1),T2
+        !pre-LOADed     X(4),R4
+         ld      [Aptr],Aval
+        add     T1,R13,T1               !=
+        add     T1,T2,T1
+        add     B,T1,B
+        sll     B,21,T2
+        srl     B,32-21,B               !=
+        or      B,T2,B
+        add     B,C,B
+        orn     B,D,T1
+        sethi   %hi(0xf7537e82),T2      !=
+        xor     T1,C,T1
+        or      T2,%lo(0xf7537e82),T2
+        !pre-LOADed     X(11),R11
+         ld      [Dptr],Dval
+        add     T1,R4,T1                !=
+        add     T1,T2,T1
+        add     A,T1,A
+        sll     A,6,T2
+        srl     A,32-6,A                !=
+        or      A,T2,A
+        add     A,B,A
+        orn     A,C,T1
+        sethi   %hi(0xbd3af235),T2      !=
+        xor     T1,B,T1
+        or      T2,%lo(0xbd3af235),T2
+        !pre-LOADed     X(2),R2
+         ld      [Cptr],Cval
+        add     T1,R11,T1               !=
+        add     T1,T2,T1
+        add     D,T1,D
+        sll     D,10,T2
+        srl     D,32-10,D               !=
+        or      D,T2,D
+        add     D,A,D
+        orn     D,B,T1
+        sethi   %hi(0x2ad7d2bb),T2      !=
+        xor     T1,A,T1
+        or      T2,%lo(0x2ad7d2bb),T2
+        !pre-LOADed     X(9),R9
+         ld      [Bptr],Bval
+        add     T1,R2,T1                !=
+         add     Aval,A,Aval
+        add     T1,T2,T1
+         st      Aval,[Aptr]
+        add     C,T1,C                  !=
+        sll     C,15,T2
+         add     Dval,D,Dval
+        srl     C,32-15,C
+        or      C,T2,C                  !=
+         st      Dval,[Dptr]
+        add     C,D,C
+        orn     C,A,T1
+        sethi   %hi(0xeb86d391),T2      !=
+        xor     T1,D,T1
+        or      T2,%lo(0xeb86d391),T2
+        add     T1,R9,T1
+        !pre-LOADed     X(0),R0
+         mov     Aval,A                 !=
+        add     T1,T2,T1
+         mov     Dval,D
+        add     B,T1,B
+        sll     B,21,T2                 !=
+         add     Cval,C,Cval
+        srl     B,32-21,B
+         st      Cval,[Cptr]
+        or      B,T2,B                  !=
+        add     B,C,B
+        deccc   %i2
+        mov     Cval,C
+        add     B,Bval,B                !=
+        inc     64,%i1
+        nop
+        st      B,[Bptr]
+        nop                             !=
+#ifdef  OPENSSL_SYSNAME_ULTRASPARC
+        bg,a,pt %icc,.Lmd5_block_loop
+#else
+        bg,a    .Lmd5_block_loop
+#endif
+        LOAD    X(0),R0
+#ifdef ASI_PRIMARY_LITTLE
+        wr      %g0,%o7,%asi
+#endif
+        ret
+        restore %g0,0,%o0
+.type   md5_block,#function
+.size   md5_block,(.-md5_block)
diff --git a/src/lib/libcrypto/md5/md5.c b/src/lib/libcrypto/md5/md5.c
new file mode 100644
index 0000000000..563733abc5
--- /dev/null
+++ b/src/lib/libcrypto/md5/md5.c
@@ -0,0 +1,127 @@
+/* crypto/md5/md5.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/md5.h>
+#define BUFSIZE 1024*16
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+#if !defined(_OSD_POSIX) && !defined(__DJGPP__)
+int read(int, void *, unsigned int);
+#endif
+int main(int argc, char **argv)
+        {
+        int i,err=0;
+        FILE *IN;
+        if (argc == 1)
+                {
+                do_fp(stdin);
+                }
+        else
+                {
+                for (i=1; i<argc; i++)
+                        {
+                        IN=fopen(argv[i],"r");
+                        if (IN == NULL)
+                                {
+                                perror(argv[i]);
+                                err++;
+                                continue;
+                                }
+                        printf("MD5(%s)= ",argv[i]);
+                        do_fp(IN);
+                        fclose(IN);
+                        }
+                }
+        exit(err);
+        }
+void do_fp(FILE *f)
+        {
+        MD5_CTX c;
+        unsigned char md[MD5_DIGEST_LENGTH];
+        int fd;
+        int i;
+        static unsigned char buf[BUFSIZE];
+        fd=fileno(f);
+        MD5_Init(&c);
+        for (;;)
+                {
+                i=read(fd,buf,BUFSIZE);
+                if (i <= 0) break;
+                MD5_Update(&c,buf,(unsigned long)i);
+                }
+        MD5_Final(&(md[0]),&c);
+        pt(md);
+        }
+void pt(unsigned char *md)
+        {
+        int i;
+        for (i=0; i<MD5_DIGEST_LENGTH; i++)
+                printf("%02x",md[i]);
+        printf("\n");
+        }
diff --git a/src/lib/libcrypto/md5/md5.h b/src/lib/libcrypto/md5/md5.h
index dbdc0e1abc..c663dd1816 100644
--- a/src/lib/libcrypto/md5/md5.h
+++ b/src/lib/libcrypto/md5/md5.h
@@ -60,7 +60,6 @@
 #define HEADER_MD5_H
 #include <openssl/e_os2.h>
-#include <stddef.h>
 #ifdef  __cplusplus
 extern "C" {
@@ -102,13 +101,16 @@ typedef struct MD5state_st
        MD5_LONG A,B,C,D;
        MD5_LONG Nl,Nh;
        MD5_LONG data[MD5_LBLOCK];
-        unsigned int num;
+        int num;
        } MD5_CTX;
+#ifdef OPENSSL_FIPS
+int private_MD5_Init(MD5_CTX *c);
+#endif
 int MD5_Init(MD5_CTX *c);
-int MD5_Update(MD5_CTX *c, const void *data, size_t len);
+int MD5_Update(MD5_CTX *c, const void *data, unsigned long len);
 int MD5_Final(unsigned char *md, MD5_CTX *c);
-unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md);
+unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md);
 void MD5_Transform(MD5_CTX *c, const unsigned char *b);
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libcrypto/md5/md5_dgst.c b/src/lib/libcrypto/md5/md5_dgst.c
index b96e332ba4..54b33c6509 100644
--- a/src/lib/libcrypto/md5/md5_dgst.c
+++ b/src/lib/libcrypto/md5/md5_dgst.c
@@ -60,7 +60,7 @@
 #include "md5_locl.h"
 #include <openssl/opensslv.h>
-const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT;
+const char *MD5_version="MD5" OPENSSL_VERSION_PTEXT;
 /* Implemented from RFC1321 The MD5 Message-Digest Algorithm
 */
@@ -70,7 +70,7 @@ const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT;
 #define INIT_DATA_C (unsigned long)0x98badcfeL
 #define INIT_DATA_D (unsigned long)0x10325476L
-int MD5_Init(MD5_CTX *c)
+FIPS_NON_FIPS_MD_Init(MD5)
        {
        c->A=INIT_DATA_A;
        c->B=INIT_DATA_B;
@@ -82,11 +82,101 @@ int MD5_Init(MD5_CTX *c)
        return 1;
        }
+#ifndef md5_block_host_order
+void md5_block_host_order (MD5_CTX *c, const void *data, int num)
+        {
+        const MD5_LONG *X=data;
+        register unsigned MD32_REG_T A,B,C,D;
+        A=c->A;
+        B=c->B;
+        C=c->C;
+        D=c->D;
+        for (;num--;X+=HASH_LBLOCK)
+                {
+        /* Round 0 */
+        R0(A,B,C,D,X[ 0], 7,0xd76aa478L);
+        R0(D,A,B,C,X[ 1],12,0xe8c7b756L);
+        R0(C,D,A,B,X[ 2],17,0x242070dbL);
+        R0(B,C,D,A,X[ 3],22,0xc1bdceeeL);
+        R0(A,B,C,D,X[ 4], 7,0xf57c0fafL);
+        R0(D,A,B,C,X[ 5],12,0x4787c62aL);
+        R0(C,D,A,B,X[ 6],17,0xa8304613L);
+        R0(B,C,D,A,X[ 7],22,0xfd469501L);
+        R0(A,B,C,D,X[ 8], 7,0x698098d8L);
+        R0(D,A,B,C,X[ 9],12,0x8b44f7afL);
+        R0(C,D,A,B,X[10],17,0xffff5bb1L);
+        R0(B,C,D,A,X[11],22,0x895cd7beL);
+        R0(A,B,C,D,X[12], 7,0x6b901122L);
+        R0(D,A,B,C,X[13],12,0xfd987193L);
+        R0(C,D,A,B,X[14],17,0xa679438eL);
+        R0(B,C,D,A,X[15],22,0x49b40821L);
+        /* Round 1 */
+        R1(A,B,C,D,X[ 1], 5,0xf61e2562L);
+        R1(D,A,B,C,X[ 6], 9,0xc040b340L);
+        R1(C,D,A,B,X[11],14,0x265e5a51L);
+        R1(B,C,D,A,X[ 0],20,0xe9b6c7aaL);
+        R1(A,B,C,D,X[ 5], 5,0xd62f105dL);
+        R1(D,A,B,C,X[10], 9,0x02441453L);
+        R1(C,D,A,B,X[15],14,0xd8a1e681L);
+        R1(B,C,D,A,X[ 4],20,0xe7d3fbc8L);
+        R1(A,B,C,D,X[ 9], 5,0x21e1cde6L);
+        R1(D,A,B,C,X[14], 9,0xc33707d6L);
+        R1(C,D,A,B,X[ 3],14,0xf4d50d87L);
+        R1(B,C,D,A,X[ 8],20,0x455a14edL);
+        R1(A,B,C,D,X[13], 5,0xa9e3e905L);
+        R1(D,A,B,C,X[ 2], 9,0xfcefa3f8L);
+        R1(C,D,A,B,X[ 7],14,0x676f02d9L);
+        R1(B,C,D,A,X[12],20,0x8d2a4c8aL);
+        /* Round 2 */
+        R2(A,B,C,D,X[ 5], 4,0xfffa3942L);
+        R2(D,A,B,C,X[ 8],11,0x8771f681L);
+        R2(C,D,A,B,X[11],16,0x6d9d6122L);
+        R2(B,C,D,A,X[14],23,0xfde5380cL);
+        R2(A,B,C,D,X[ 1], 4,0xa4beea44L);
+        R2(D,A,B,C,X[ 4],11,0x4bdecfa9L);
+        R2(C,D,A,B,X[ 7],16,0xf6bb4b60L);
+        R2(B,C,D,A,X[10],23,0xbebfbc70L);
+        R2(A,B,C,D,X[13], 4,0x289b7ec6L);
+        R2(D,A,B,C,X[ 0],11,0xeaa127faL);
+        R2(C,D,A,B,X[ 3],16,0xd4ef3085L);
+        R2(B,C,D,A,X[ 6],23,0x04881d05L);
+        R2(A,B,C,D,X[ 9], 4,0xd9d4d039L);
+        R2(D,A,B,C,X[12],11,0xe6db99e5L);
+        R2(C,D,A,B,X[15],16,0x1fa27cf8L);
+        R2(B,C,D,A,X[ 2],23,0xc4ac5665L);
+        /* Round 3 */
+        R3(A,B,C,D,X[ 0], 6,0xf4292244L);
+        R3(D,A,B,C,X[ 7],10,0x432aff97L);
+        R3(C,D,A,B,X[14],15,0xab9423a7L);
+        R3(B,C,D,A,X[ 5],21,0xfc93a039L);
+        R3(A,B,C,D,X[12], 6,0x655b59c3L);
+        R3(D,A,B,C,X[ 3],10,0x8f0ccc92L);
+        R3(C,D,A,B,X[10],15,0xffeff47dL);
+        R3(B,C,D,A,X[ 1],21,0x85845dd1L);
+        R3(A,B,C,D,X[ 8], 6,0x6fa87e4fL);
+        R3(D,A,B,C,X[15],10,0xfe2ce6e0L);
+        R3(C,D,A,B,X[ 6],15,0xa3014314L);
+        R3(B,C,D,A,X[13],21,0x4e0811a1L);
+        R3(A,B,C,D,X[ 4], 6,0xf7537e82L);
+        R3(D,A,B,C,X[11],10,0xbd3af235L);
+        R3(C,D,A,B,X[ 2],15,0x2ad7d2bbL);
+        R3(B,C,D,A,X[ 9],21,0xeb86d391L);
+        A = c->A += A;
+        B = c->B += B;
+        C = c->C += C;
+        D = c->D += D;
+                }
+        }
+#endif
 #ifndef md5_block_data_order
 #ifdef X
 #undef X
 #endif
-void md5_block_data_order (MD5_CTX *c, const void *data_, size_t num)
+void md5_block_data_order (MD5_CTX *c, const void *data_, int num)
        {
        const unsigned char *data=data_;
        register unsigned MD32_REG_T A,B,C,D,l;
@@ -184,3 +274,19 @@ void md5_block_data_order (MD5_CTX *c, const void *data_, size_t num)
                }
        }
 #endif
+#ifdef undef
+int printit(unsigned long *l)
+        {
+        int i,ii;
+        for (i=0; i<2; i++)
+                {
+                for (ii=0; ii<8; ii++)
+                        {
+                        fprintf(stderr,"%08lx ",l[i*8+ii]);
+                        }
+                fprintf(stderr,"\n");
+                }
+        }
+#endif
diff --git a/src/lib/libcrypto/md5/md5_locl.h b/src/lib/libcrypto/md5/md5_locl.h
index 84e81b960d..9e360da732 100644
--- a/src/lib/libcrypto/md5/md5_locl.h
+++ b/src/lib/libcrypto/md5/md5_locl.h
@@ -66,19 +66,49 @@
 #endif
 #ifdef MD5_ASM
-# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || \
+# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
-     defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
+#  define md5_block_host_order md5_block_asm_host_order
-#  define md5_block_data_order md5_block_asm_data_order
+# elif defined(__sparc) && defined(OPENSSL_SYS_ULTRASPARC)
+   void md5_block_asm_data_order_aligned (MD5_CTX *c, const MD5_LONG *p,int num);
+#  define HASH_BLOCK_DATA_ORDER_ALIGNED md5_block_asm_data_order_aligned
 # endif
 #endif
-void md5_block_data_order (MD5_CTX *c, const void *p,size_t num);
+void md5_block_host_order (MD5_CTX *c, const void *p,int num);
+void md5_block_data_order (MD5_CTX *c, const void *p,int num);
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+/*
+ * *_block_host_order is expected to handle aligned data while
+ * *_block_data_order - unaligned. As algorithm and host (x86)
+ * are in this case of the same "endianness" these two are
+ * otherwise indistinguishable. But normally you don't want to
+ * call the same function because unaligned access in places
+ * where alignment is expected is usually a "Bad Thing". Indeed,
+ * on RISCs you get punished with BUS ERROR signal or *severe*
+ * performance degradation. Intel CPUs are in turn perfectly
+ * capable of loading unaligned data without such drastic side
+ * effect. Yes, they say it's slower than aligned load, but no
+ * exception is generated and therefore performance degradation
+ * is *incomparable* with RISCs. What we should weight here is
+ * costs of unaligned access against costs of aligning data.
+ * According to my measurements allowing unaligned access results
+ * in ~9% performance improvement on Pentium II operating at
+ * 266MHz. I won't be surprised if the difference will be higher
+ * on faster systems:-)
+ *
+ *                              <appro@fy.chalmers.se>
+ */
+#define md5_block_data_order md5_block_host_order
+#endif
 #define DATA_ORDER_IS_LITTLE_ENDIAN
 #define HASH_LONG               MD5_LONG
+#define HASH_LONG_LOG2          MD5_LONG_LOG2
 #define HASH_CTX                MD5_CTX
 #define HASH_CBLOCK             MD5_CBLOCK
+#define HASH_LBLOCK             MD5_LBLOCK
 #define HASH_UPDATE             MD5_Update
 #define HASH_TRANSFORM          MD5_Transform
 #define HASH_FINAL              MD5_Final
@@ -89,7 +119,21 @@ void md5_block_data_order (MD5_CTX *c, const void *p,size_t num);
        ll=(c)->C; HOST_l2c(ll,(s));    \
        ll=(c)->D; HOST_l2c(ll,(s));    \
        } while (0)
+#define HASH_BLOCK_HOST_ORDER   md5_block_host_order
+#if !defined(L_ENDIAN) || defined(md5_block_data_order)
 #define HASH_BLOCK_DATA_ORDER   md5_block_data_order
+/*
+ * Little-endians (Intel and Alpha) feel better without this.
+ * It looks like memcpy does better job than generic
+ * md5_block_data_order on copying-n-aligning input data.
+ * But frankly speaking I didn't expect such result on Alpha.
+ * On the other hand I've got this with egcs-1.0.2 and if
+ * program is compiled with another (better?) compiler it
+ * might turn out other way around.
+ *
+ *                              <appro@fy.chalmers.se>
+ */
+#endif
 #include "md32_common.h"
diff --git a/src/lib/libcrypto/md5/md5_one.c b/src/lib/libcrypto/md5/md5_one.c
index 43fee89379..44c6c455d1 100644
--- a/src/lib/libcrypto/md5/md5_one.c
+++ b/src/lib/libcrypto/md5/md5_one.c
@@ -65,7 +65,7 @@
 #include <openssl/ebcdic.h>
 #endif
-unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md)
+unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md)
        {
        MD5_CTX c;
        static unsigned char m[MD5_DIGEST_LENGTH];
diff --git a/src/lib/libcrypto/md5/md5s.cpp b/src/lib/libcrypto/md5/md5s.cpp
new file mode 100644
index 0000000000..dd343fd4e6
--- /dev/null
+++ b/src/lib/libcrypto/md5/md5s.cpp
@@ -0,0 +1,78 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/md5.h>
+extern "C" {
+void md5_block_x86(MD5_CTX *ctx, unsigned char *buffer,int num);
+}
+void main(int argc,char *argv[])
+        {
+        unsigned char buffer[64*256];
+        MD5_CTX ctx;
+        unsigned long s1,s2,e1,e2;
+        unsigned char k[16];
+        unsigned long data[2];
+        unsigned char iv[8];
+        int i,num=0,numm;
+        int j=0;
+        if (argc >= 2)
+                num=atoi(argv[1]);
+        if (num == 0) num=16;
+        if (num > 250) num=16;
+        numm=num+2;
+        num*=64;
+        numm*=64;
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<10; i++) /**/
+                        {
+                        md5_block_x86(&ctx,buffer,numm);
+                        GetTSC(s1);
+                        md5_block_x86(&ctx,buffer,numm);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        md5_block_x86(&ctx,buffer,num);
+                        GetTSC(e2);
+                        md5_block_x86(&ctx,buffer,num);
+                        }
+                printf("md5 (%d bytes) %d %d (%.2f)\n",num,
+                        e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
+                }
+        }
diff --git a/src/lib/libcrypto/md5/md5test.c b/src/lib/libcrypto/md5/md5test.c
new file mode 100644
index 0000000000..bfd62629ed
--- /dev/null
+++ b/src/lib/libcrypto/md5/md5test.c
@@ -0,0 +1,136 @@
+/* crypto/md5/md5test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "../e_os.h"
+#ifdef OPENSSL_NO_MD5
+int main(int argc, char *argv[])
+{
+    printf("No MD5 support\n");
+    return(0);
+}
+#else
+#include <openssl/evp.h>
+#include <openssl/md5.h>
+static char *test[]={
+        "",
+        "a",
+        "abc",
+        "message digest",
+        "abcdefghijklmnopqrstuvwxyz",
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+        "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+        NULL,
+        };
+static char *ret[]={
+        "d41d8cd98f00b204e9800998ecf8427e",
+        "0cc175b9c0f1b6a831c399e269772661",
+        "900150983cd24fb0d6963f7d28e17f72",
+        "f96b697d7cb7938d525a2f31aaf161d0",
+        "c3fcd3d76192e4007dfb496cca67e13b",
+        "d174ab98d277d9f5a5611c2c9f419d9f",
+        "57edf4a22be3c955ac49da2e2107b67a",
+        };
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+        {
+        int i,err=0;
+        unsigned char **P,**R;
+        char *p;
+        unsigned char md[MD5_DIGEST_LENGTH];
+        P=(unsigned char **)test;
+        R=(unsigned char **)ret;
+        i=1;
+        while (*P != NULL)
+                {
+                EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md5(), NULL);
+                p=pt(md);
+                if (strcmp(p,(char *)*R) != 0)
+                        {
+                        printf("error calculating MD5 on '%s'\n",*P);
+                        printf("got %s instead of %s\n",p,*R);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                i++;
+                R++;
+                P++;
+                }
+        EXIT(err);
+        return(0);
+        }
+static char *pt(unsigned char *md)
+        {
+        int i;
+        static char buf[80];
+        for (i=0; i<MD5_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
+#endif
diff --git a/src/lib/libcrypto/mdc2/Makefile b/src/lib/libcrypto/mdc2/Makefile
new file mode 100644
index 0000000000..b8e9a9a4fa
--- /dev/null
+++ b/src/lib/libcrypto/mdc2/Makefile
@@ -0,0 +1,98 @@
+#
+# OpenSSL/crypto/mdc2/Makefile
+#
+DIR=    mdc2
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST= mdc2test.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=mdc2dgst.c mdc2_one.c
+LIBOBJ=mdc2dgst.o mdc2_one.o
+SRC= $(LIBSRC)
+EXHEADER= mdc2.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+mdc2_one.o: ../../e_os.h ../../include/openssl/bio.h
+mdc2_one.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+mdc2_one.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+mdc2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+mdc2_one.o: ../../include/openssl/lhash.h ../../include/openssl/mdc2.h
+mdc2_one.o: ../../include/openssl/opensslconf.h
+mdc2_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+mdc2_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+mdc2_one.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+mdc2_one.o: ../cryptlib.h mdc2_one.c
+mdc2dgst.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+mdc2dgst.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+mdc2dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+mdc2dgst.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
+mdc2dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/opensslconf.h
+mdc2dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+mdc2dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+mdc2dgst.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+mdc2dgst.o: mdc2dgst.c
diff --git a/src/lib/libcrypto/mdc2/Makefile.ssl b/src/lib/libcrypto/mdc2/Makefile.ssl
new file mode 100644
index 0000000000..33f366fb08
--- /dev/null
+++ b/src/lib/libcrypto/mdc2/Makefile.ssl
@@ -0,0 +1,98 @@
+#
+# SSLeay/crypto/mdc2/Makefile
+#
+DIR=    mdc2
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST= mdc2test.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=mdc2dgst.c mdc2_one.c
+LIBOBJ=mdc2dgst.o mdc2_one.o
+SRC= $(LIBSRC)
+EXHEADER= mdc2.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+mdc2_one.o: ../../e_os.h ../../include/openssl/bio.h
+mdc2_one.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+mdc2_one.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+mdc2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+mdc2_one.o: ../../include/openssl/lhash.h ../../include/openssl/mdc2.h
+mdc2_one.o: ../../include/openssl/opensslconf.h
+mdc2_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+mdc2_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+mdc2_one.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+mdc2_one.o: ../cryptlib.h mdc2_one.c
+mdc2dgst.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+mdc2dgst.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+mdc2dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/opensslconf.h
+mdc2dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+mdc2dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+mdc2dgst.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+mdc2dgst.o: mdc2dgst.c
diff --git a/src/lib/libcrypto/mdc2/mdc2.h b/src/lib/libcrypto/mdc2/mdc2.h
new file mode 100644
index 0000000000..4cba101f37
--- /dev/null
+++ b/src/lib/libcrypto/mdc2/mdc2.h
@@ -0,0 +1,97 @@
+/* crypto/mdc2/mdc2.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_MDC2_H
+#define HEADER_MDC2_H
+#include <openssl/des.h>
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#ifdef OPENSSL_NO_MDC2
+#error MDC2 is disabled.
+#endif
+#define MDC2_BLOCK              8
+#define MDC2_DIGEST_LENGTH      16
+ 
+typedef struct mdc2_ctx_st
+        {
+        int num;
+        unsigned char data[MDC2_BLOCK];
+        DES_cblock h,hh;
+        int pad_type; /* either 1 or 2, default 1 */
+        } MDC2_CTX;
+#ifdef OPENSSL_FIPS
+int private_MDC2_Init(MDC2_CTX *c);
+#endif
+int MDC2_Init(MDC2_CTX *c);
+int MDC2_Update(MDC2_CTX *c, const unsigned char *data, unsigned long len);
+int MDC2_Final(unsigned char *md, MDC2_CTX *c);
+unsigned char *MDC2(const unsigned char *d, unsigned long n,
+        unsigned char *md);
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/mdc2/mdc2test.c b/src/lib/libcrypto/mdc2/mdc2test.c
new file mode 100644
index 0000000000..017b31add2
--- /dev/null
+++ b/src/lib/libcrypto/mdc2/mdc2test.c
@@ -0,0 +1,149 @@
+/* crypto/mdc2/mdc2test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "../e_os.h"
+#if defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_MDC2)
+#define OPENSSL_NO_MDC2
+#endif
+#ifdef OPENSSL_NO_MDC2
+int main(int argc, char *argv[])
+{
+    printf("No MDC2 support\n");
+    return(0);
+}
+#else
+#include <openssl/evp.h>
+#include <openssl/mdc2.h>
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+static unsigned char pad1[16]={
+        0x42,0xE5,0x0C,0xD2,0x24,0xBA,0xCE,0xBA,
+        0x76,0x0B,0xDD,0x2B,0xD4,0x09,0x28,0x1A
+        };
+static unsigned char pad2[16]={
+        0x2E,0x46,0x79,0xB5,0xAD,0xD9,0xCA,0x75,
+        0x35,0xD8,0x7A,0xFE,0xAB,0x33,0xBE,0xE2
+        };
+int main(int argc, char *argv[])
+        {
+        int ret=0;
+        unsigned char md[MDC2_DIGEST_LENGTH];
+        int i;
+        EVP_MD_CTX c;
+        static char *text="Now is the time for all ";
+#ifdef CHARSET_EBCDIC
+        ebcdic2ascii(text,text,strlen(text));
+#endif
+        EVP_MD_CTX_init(&c);
+        EVP_DigestInit_ex(&c,EVP_mdc2(), NULL);
+        EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));
+        EVP_DigestFinal_ex(&c,&(md[0]),NULL);
+        if (memcmp(md,pad1,MDC2_DIGEST_LENGTH) != 0)
+                {
+                for (i=0; i<MDC2_DIGEST_LENGTH; i++)
+                        printf("%02X",md[i]);
+                printf(" <- generated\n");
+                for (i=0; i<MDC2_DIGEST_LENGTH; i++)
+                        printf("%02X",pad1[i]);
+                printf(" <- correct\n");
+                ret=1;
+                }
+        else
+                printf("pad1 - ok\n");
+        EVP_DigestInit_ex(&c,EVP_mdc2(), NULL);
+        /* FIXME: use a ctl function? */
+        ((MDC2_CTX *)c.md_data)->pad_type=2;
+        EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));
+        EVP_DigestFinal_ex(&c,&(md[0]),NULL);
+        if (memcmp(md,pad2,MDC2_DIGEST_LENGTH) != 0)
+                {
+                for (i=0; i<MDC2_DIGEST_LENGTH; i++)
+                        printf("%02X",md[i]);
+                printf(" <- generated\n");
+                for (i=0; i<MDC2_DIGEST_LENGTH; i++)
+                        printf("%02X",pad2[i]);
+                printf(" <- correct\n");
+                ret=1;
+                }
+        else
+                printf("pad2 - ok\n");
+        EVP_MD_CTX_cleanup(&c);
+#ifdef OPENSSL_SYS_NETWARE
+    if (ret) printf("ERROR: %d\n", ret);
+#endif
+        EXIT(ret);
+        return(ret);
+        }
+#endif
diff --git a/src/lib/libcrypto/mem.c b/src/lib/libcrypto/mem.c
new file mode 100644
index 0000000000..dd86733b77
--- /dev/null
+++ b/src/lib/libcrypto/mem.c
@@ -0,0 +1,401 @@
+/* crypto/mem.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+static int allow_customize = 1;      /* we provide flexible functions for */
+static int allow_customize_debug = 1;/* exchanging memory-related functions at
+                                      * run-time, but this must be done
+                                      * before any blocks are actually
+                                      * allocated; or we'll run into huge
+                                      * problems when malloc/free pairs
+                                      * don't match etc. */
+/* the following pointers may be changed as long as 'allow_customize' is set */
+static void *(*malloc_func)(size_t)         = malloc;
+static void *default_malloc_ex(size_t num, const char *file, int line)
+        { return malloc_func(num); }
+static void *(*malloc_ex_func)(size_t, const char *file, int line)
+        = default_malloc_ex;
+static void *(*realloc_func)(void *, size_t)= realloc;
+static void *default_realloc_ex(void *str, size_t num,
+        const char *file, int line)
+        { return realloc_func(str,num); }
+static void *(*realloc_ex_func)(void *, size_t, const char *file, int line)
+        = default_realloc_ex;
+static void (*free_func)(void *)            = free;
+static void *(*malloc_locked_func)(size_t)  = malloc;
+static void *default_malloc_locked_ex(size_t num, const char *file, int line)
+        { return malloc_locked_func(num); }
+static void *(*malloc_locked_ex_func)(size_t, const char *file, int line)
+        = default_malloc_locked_ex;
+static void (*free_locked_func)(void *)     = free;
+/* may be changed as long as 'allow_customize_debug' is set */
+/* XXX use correct function pointer types */
+#ifdef CRYPTO_MDEBUG
+/* use default functions from mem_dbg.c */
+static void (*malloc_debug_func)(void *,int,const char *,int,int)
+        = CRYPTO_dbg_malloc;
+static void (*realloc_debug_func)(void *,void *,int,const char *,int,int)
+        = CRYPTO_dbg_realloc;
+static void (*free_debug_func)(void *,int) = CRYPTO_dbg_free;
+static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options;
+static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options;
+#else
+/* applications can use CRYPTO_malloc_debug_init() to select above case
+ * at run-time */
+static void (*malloc_debug_func)(void *,int,const char *,int,int) = NULL;
+static void (*realloc_debug_func)(void *,void *,int,const char *,int,int)
+        = NULL;
+static void (*free_debug_func)(void *,int) = NULL;
+static void (*set_debug_options_func)(long) = NULL;
+static long (*get_debug_options_func)(void) = NULL;
+#endif
+int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t),
+        void (*f)(void *))
+        {
+        if (!allow_customize)
+                return 0;
+        if ((m == 0) || (r == 0) || (f == 0))
+                return 0;
+        malloc_func=m; malloc_ex_func=default_malloc_ex;
+        realloc_func=r; realloc_ex_func=default_realloc_ex;
+        free_func=f;
+        malloc_locked_func=m; malloc_locked_ex_func=default_malloc_locked_ex;
+        free_locked_func=f;
+        return 1;
+        }
+int CRYPTO_set_mem_ex_functions(
+        void *(*m)(size_t,const char *,int),
+        void *(*r)(void *, size_t,const char *,int),
+        void (*f)(void *))
+        {
+        if (!allow_customize)
+                return 0;
+        if ((m == 0) || (r == 0) || (f == 0))
+                return 0;
+        malloc_func=0; malloc_ex_func=m;
+        realloc_func=0; realloc_ex_func=r;
+        free_func=f;
+        malloc_locked_func=0; malloc_locked_ex_func=m;
+        free_locked_func=f;
+        return 1;
+        }
+int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*f)(void *))
+        {
+        if (!allow_customize)
+                return 0;
+        if ((m == NULL) || (f == NULL))
+                return 0;
+        malloc_locked_func=m; malloc_locked_ex_func=default_malloc_locked_ex;
+        free_locked_func=f;
+        return 1;
+        }
+int CRYPTO_set_locked_mem_ex_functions(
+        void *(*m)(size_t,const char *,int),
+        void (*f)(void *))
+        {
+        if (!allow_customize)
+                return 0;
+        if ((m == NULL) || (f == NULL))
+                return 0;
+        malloc_locked_func=0; malloc_locked_ex_func=m;
+        free_func=f;
+        return 1;
+        }
+int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),
+                                   void (*r)(void *,void *,int,const char *,int,int),
+                                   void (*f)(void *,int),
+                                   void (*so)(long),
+                                   long (*go)(void))
+        {
+        if (!allow_customize_debug)
+                return 0;
+        malloc_debug_func=m;
+        realloc_debug_func=r;
+        free_debug_func=f;
+        set_debug_options_func=so;
+        get_debug_options_func=go;
+        return 1;
+        }
+void CRYPTO_get_mem_functions(void *(**m)(size_t), void *(**r)(void *, size_t),
+        void (**f)(void *))
+        {
+        if (m != NULL) *m = (malloc_ex_func == default_malloc_ex) ? 
+                             malloc_func : 0;
+        if (r != NULL) *r = (realloc_ex_func == default_realloc_ex) ? 
+                             realloc_func : 0;
+        if (f != NULL) *f=free_func;
+        }
+void CRYPTO_get_mem_ex_functions(
+        void *(**m)(size_t,const char *,int),
+        void *(**r)(void *, size_t,const char *,int),
+        void (**f)(void *))
+        {
+        if (m != NULL) *m = (malloc_ex_func != default_malloc_ex) ?
+                            malloc_ex_func : 0;
+        if (r != NULL) *r = (realloc_ex_func != default_realloc_ex) ?
+                            realloc_ex_func : 0;
+        if (f != NULL) *f=free_func;
+        }
+void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *))
+        {
+        if (m != NULL) *m = (malloc_locked_ex_func == default_malloc_locked_ex) ? 
+                             malloc_locked_func : 0;
+        if (f != NULL) *f=free_locked_func;
+        }
+void CRYPTO_get_locked_mem_ex_functions(
+        void *(**m)(size_t,const char *,int),
+        void (**f)(void *))
+        {
+        if (m != NULL) *m = (malloc_locked_ex_func != default_malloc_locked_ex) ?
+                            malloc_locked_ex_func : 0;
+        if (f != NULL) *f=free_locked_func;
+        }
+void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
+                                    void (**r)(void *,void *,int,const char *,int,int),
+                                    void (**f)(void *,int),
+                                    void (**so)(long),
+                                    long (**go)(void))
+        {
+        if (m != NULL) *m=malloc_debug_func;
+        if (r != NULL) *r=realloc_debug_func;
+        if (f != NULL) *f=free_debug_func;
+        if (so != NULL) *so=set_debug_options_func;
+        if (go != NULL) *go=get_debug_options_func;
+        }
+void *CRYPTO_malloc_locked(int num, const char *file, int line)
+        {
+        void *ret = NULL;
+        extern unsigned char cleanse_ctr;
+        if (num <= 0) return NULL;
+        allow_customize = 0;
+        if (malloc_debug_func != NULL)
+                {
+                allow_customize_debug = 0;
+                malloc_debug_func(NULL, num, file, line, 0);
+                }
+        ret = malloc_locked_ex_func(num,file,line);
+#ifdef LEVITTE_DEBUG_MEM
+        fprintf(stderr, "LEVITTE_DEBUG_MEM:         > 0x%p (%d)\n", ret, num);
+#endif
+        if (malloc_debug_func != NULL)
+                malloc_debug_func(ret, num, file, line, 1);
+        /* Create a dependency on the value of 'cleanse_ctr' so our memory
+         * sanitisation function can't be optimised out. NB: We only do
+         * this for >2Kb so the overhead doesn't bother us. */
+        if(ret && (num > 2048))
+                ((unsigned char *)ret)[0] = cleanse_ctr;
+        return ret;
+        }
+void CRYPTO_free_locked(void *str)
+        {
+        if (free_debug_func != NULL)
+                free_debug_func(str, 0);
+#ifdef LEVITTE_DEBUG_MEM
+        fprintf(stderr, "LEVITTE_DEBUG_MEM:         < 0x%p\n", str);
+#endif
+        free_locked_func(str);
+        if (free_debug_func != NULL)
+                free_debug_func(NULL, 1);
+        }
+void *CRYPTO_malloc(int num, const char *file, int line)
+        {
+        void *ret = NULL;
+        extern unsigned char cleanse_ctr;
+        if (num <= 0) return NULL;
+        allow_customize = 0;
+        if (malloc_debug_func != NULL)
+                {
+                allow_customize_debug = 0;
+                malloc_debug_func(NULL, num, file, line, 0);
+                }
+        ret = malloc_ex_func(num,file,line);
+#ifdef LEVITTE_DEBUG_MEM
+        fprintf(stderr, "LEVITTE_DEBUG_MEM:         > 0x%p (%d)\n", ret, num);
+#endif
+        if (malloc_debug_func != NULL)
+                malloc_debug_func(ret, num, file, line, 1);
+        /* Create a dependency on the value of 'cleanse_ctr' so our memory
+         * sanitisation function can't be optimised out. NB: We only do
+         * this for >2Kb so the overhead doesn't bother us. */
+        if(ret && (num > 2048))
+                ((unsigned char *)ret)[0] = cleanse_ctr;
+        return ret;
+        }
+void *CRYPTO_realloc(void *str, int num, const char *file, int line)
+        {
+        void *ret = NULL;
+        if (str == NULL)
+                return CRYPTO_malloc(num, file, line);
+        if (num <= 0) return NULL;
+ 
+        if (realloc_debug_func != NULL)
+                realloc_debug_func(str, NULL, num, file, line, 0);
+        ret = realloc_ex_func(str,num,file,line);
+#ifdef LEVITTE_DEBUG_MEM
+        fprintf(stderr, "LEVITTE_DEBUG_MEM:         | 0x%p -> 0x%p (%d)\n", str, ret, num);
+#endif
+        if (realloc_debug_func != NULL)
+                realloc_debug_func(str, ret, num, file, line, 1);
+        return ret;
+        }
+void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,
+                           int line)
+        {
+        void *ret = NULL;
+        if (str == NULL)
+                return CRYPTO_malloc(num, file, line);
+ 
+        if (num <= 0) return NULL;
+ 
+        if (realloc_debug_func != NULL)
+                realloc_debug_func(str, NULL, num, file, line, 0);
+        ret=malloc_ex_func(num,file,line);
+        if(ret)
+                {
+                memcpy(ret,str,old_len);
+                OPENSSL_cleanse(str,old_len);
+                free_func(str);
+                }
+#ifdef LEVITTE_DEBUG_MEM
+        fprintf(stderr,
+                "LEVITTE_DEBUG_MEM:         | 0x%p -> 0x%p (%d)\n",
+                str, ret, num);
+#endif
+        if (realloc_debug_func != NULL)
+                realloc_debug_func(str, ret, num, file, line, 1);
+        return ret;
+        }
+void CRYPTO_free(void *str)
+        {
+        if (free_debug_func != NULL)
+                free_debug_func(str, 0);
+#ifdef LEVITTE_DEBUG_MEM
+        fprintf(stderr, "LEVITTE_DEBUG_MEM:         < 0x%p\n", str);
+#endif
+        free_func(str);
+        if (free_debug_func != NULL)
+                free_debug_func(NULL, 1);
+        }
+void *CRYPTO_remalloc(void *a, int num, const char *file, int line)
+        {
+        if (a != NULL) OPENSSL_free(a);
+        a=(char *)OPENSSL_malloc(num);
+        return(a);
+        }
+void CRYPTO_set_mem_debug_options(long bits)
+        {
+        if (set_debug_options_func != NULL)
+                set_debug_options_func(bits);
+        }
+long CRYPTO_get_mem_debug_options(void)
+        {
+        if (get_debug_options_func != NULL)
+                return get_debug_options_func();
+        return 0;
+        }
diff --git a/src/lib/libcrypto/mem_dbg.c b/src/lib/libcrypto/mem_dbg.c
index 8316485217..e212de27e4 100644
--- a/src/lib/libcrypto/mem_dbg.c
+++ b/src/lib/libcrypto/mem_dbg.c
@@ -59,11 +59,11 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>       
-#include "cryptlib.h"
 #include <openssl/crypto.h>
 #include <openssl/buffer.h>
 #include <openssl/bio.h>
 #include <openssl/lhash.h>
+#include "cryptlib.h"
 static int mh_mode=CRYPTO_MEM_CHECK_OFF;
 /* The state changes to CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE
@@ -252,16 +252,8 @@ long CRYPTO_dbg_get_options(void)
 /* static int mem_cmp(MEM *a, MEM *b) */
 static int mem_cmp(const void *a_void, const void *b_void)
        {
-#ifdef _WIN64
-        const char *a=(const char *)((const MEM *)a_void)->addr,
-                   *b=(const char *)((const MEM *)b_void)->addr;
-        if (a==b)       return 0;
-        else if (a>b)   return 1;
-        else            return -1;
-#else
        return((const char *)((const MEM *)a_void)->addr
                - (const char *)((const MEM *)b_void)->addr);
-#endif
        }
 /* static unsigned long mem_hash(MEM *a) */
diff --git a/src/lib/libcrypto/o_dir.c b/src/lib/libcrypto/o_dir.c
new file mode 100644
index 0000000000..42891ea459
--- /dev/null
+++ b/src/lib/libcrypto/o_dir.c
@@ -0,0 +1,83 @@
+/* crypto/o_dir.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2004.
+ */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <errno.h>
+#include <e_os.h>
+/* The routines really come from the Levitte Programming, so to make
+   life simple, let's just use the raw files and hack the symbols to
+   fit our namespace.  */
+#define LP_DIR_CTX OPENSSL_DIR_CTX
+#define LP_dir_context_st OPENSSL_dir_context_st
+#define LP_find_file OPENSSL_DIR_read
+#define LP_find_file_end OPENSSL_DIR_end
+#include "o_dir.h"
+#define LPDIR_H
+#if defined OPENSSL_SYS_UNIX || defined DJGPP
+#include "LPdir_unix.c"
+#elif defined OPENSSL_SYS_VMS
+#include "LPdir_vms.c"
+#elif defined OPENSSL_SYS_WIN32
+#include "LPdir_win32.c"
+#elif defined OPENSSL_SYS_WINCE
+#include "LPdir_wince.c"
+#else
+#include "LPdir_nyi.c"
+#endif
diff --git a/src/lib/libcrypto/o_dir.h b/src/lib/libcrypto/o_dir.h
new file mode 100644
index 0000000000..4b725c0312
--- /dev/null
+++ b/src/lib/libcrypto/o_dir.h
@@ -0,0 +1,53 @@
+/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */
+/* Copied from Richard Levitte's (richard@levitte.org) LP library.  All
+ * symbol names have been changed, with permission from the author.
+ */
+/* $LP: LPlib/source/LPdir.h,v 1.1 2004/06/14 08:56:04 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#ifndef O_DIR_H
+#define O_DIR_H
+#ifdef __cplusplus
+extern "C" {
+#endif
+  typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX;
+  /* returns NULL on error or end-of-directory.
+     If it is end-of-directory, errno will be zero */
+  const char *OPENSSL_DIR_read(OPENSSL_DIR_CTX **ctx, const char *directory);
+  /* returns 1 on success, 0 on error */
+  int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx);
+#ifdef __cplusplus
+}
+#endif
+#endif /* LPDIR_H */
diff --git a/src/lib/libcrypto/o_dir_test.c b/src/lib/libcrypto/o_dir_test.c
new file mode 100644
index 0000000000..3d75ecb005
--- /dev/null
+++ b/src/lib/libcrypto/o_dir_test.c
@@ -0,0 +1,70 @@
+/* crypto/o_dir.h -*- mode:C; c-file-style: "eay" -*- */
+/* Copied from Richard Levitte's (richard@levitte.org) LP library.  All
+ * symbol names have been changed, with permission from the author.
+ */
+/* $LP: LPlib/test/test_dir.c,v 1.1 2004/06/16 22:59:47 _cvs_levitte Exp $ */
+/*
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#include <stddef.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include "e_os2.h"
+#include "o_dir.h"
+#if defined OPENSSL_SYS_UNIX || defined OPENSSL_SYS_WIN32 || defined OPENSSL_SYS_WINCE
+#define CURRDIR "."
+#elif defined OPENSSL_SYS_VMS
+#define CURRDIR "SYS$DISK:[]"
+#else
+#error "No supported platform defined!"
+#endif
+int main()
+{
+  OPENSSL_DIR_CTX *ctx = NULL;
+  const char *result;
+  while((result = OPENSSL_DIR_read(&ctx, CURRDIR)) != NULL)
+    {
+      printf("%s\n", result);
+    }
+  if (errno)
+    {
+      perror("test_dir");
+      exit(1);
+    }
+  if (!OPENSSL_DIR_end(&ctx))
+    {
+      perror("test_dir");
+      exit(2);
+    }
+  exit(0);
+}
diff --git a/src/lib/libcrypto/o_str.h b/src/lib/libcrypto/o_str.h
new file mode 100644
index 0000000000..dfc98494c6
--- /dev/null
+++ b/src/lib/libcrypto/o_str.h
@@ -0,0 +1,68 @@
+/* crypto/o_str.h -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_O_STR_H
+#define HEADER_O_STR_H
+#include <stddef.h>             /* to get size_t */
+int OPENSSL_strcasecmp(const char *str1, const char *str2);
+int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n);
+int OPENSSL_memcmp(const void *p1,const void *p2,size_t n);
+#endif
diff --git a/src/lib/libcrypto/objects/Makefile b/src/lib/libcrypto/objects/Makefile
new file mode 100644
index 0000000000..9c5615099c
--- /dev/null
+++ b/src/lib/libcrypto/objects/Makefile
@@ -0,0 +1,119 @@
+#
+# OpenSSL/crypto/objects/Makefile
+#
+DIR=    objects
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+PERL=           perl
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile README
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= o_names.c obj_dat.c obj_lib.c obj_err.c
+LIBOBJ= o_names.o obj_dat.o obj_lib.o obj_err.o
+SRC= $(LIBSRC)
+EXHEADER= objects.h obj_mac.h
+HEADER= $(EXHEADER) obj_dat.h
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    obj_dat.h lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+obj_dat.h: obj_dat.pl obj_mac.h
+        $(PERL) obj_dat.pl obj_mac.h obj_dat.h
+# objects.pl both reads and writes obj_mac.num
+obj_mac.h: objects.pl objects.txt obj_mac.num
+        $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
+        @sleep 1; touch obj_mac.h; sleep 1
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+o_names.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+o_names.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+o_names.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+o_names.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+o_names.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+o_names.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+o_names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+o_names.o: o_names.c
+obj_dat.o: ../../e_os.h ../../include/openssl/asn1.h
+obj_dat.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+obj_dat.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+obj_dat.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+obj_dat.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+obj_dat.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+obj_dat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+obj_dat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+obj_dat.o: ../../include/openssl/symhacks.h ../cryptlib.h obj_dat.c obj_dat.h
+obj_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+obj_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+obj_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+obj_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+obj_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+obj_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+obj_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+obj_err.o: obj_err.c
+obj_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+obj_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+obj_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+obj_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+obj_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+obj_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+obj_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+obj_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+obj_lib.o: ../cryptlib.h obj_lib.c
diff --git a/src/lib/libcrypto/objects/Makefile.ssl b/src/lib/libcrypto/objects/Makefile.ssl
new file mode 100644
index 0000000000..3e7a194cf9
--- /dev/null
+++ b/src/lib/libcrypto/objects/Makefile.ssl
@@ -0,0 +1,123 @@
+#
+# SSLeay/crypto/objects/Makefile
+#
+DIR=    objects
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+PERL=           perl
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile README
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= o_names.c obj_dat.c obj_lib.c obj_err.c
+LIBOBJ= o_names.o obj_dat.o obj_lib.o obj_err.o
+SRC= $(LIBSRC)
+EXHEADER= objects.h obj_mac.h
+HEADER= $(EXHEADER) obj_dat.h
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    obj_dat.h lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+obj_dat.h: obj_dat.pl obj_mac.h
+        $(PERL) obj_dat.pl obj_mac.h obj_dat.h
+# objects.pl both reads and writes obj_mac.num
+obj_mac.h: objects.pl objects.txt obj_mac.num
+        $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+o_names.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+o_names.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+o_names.o: ../../include/openssl/e_os2.h ../../include/openssl/lhash.h
+o_names.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+o_names.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+o_names.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+o_names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+o_names.o: o_names.c
+obj_dat.o: ../../e_os.h ../../include/openssl/asn1.h
+obj_dat.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+obj_dat.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+obj_dat.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+obj_dat.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+obj_dat.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+obj_dat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+obj_dat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+obj_dat.o: ../../include/openssl/symhacks.h ../cryptlib.h obj_dat.c obj_dat.h
+obj_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+obj_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+obj_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+obj_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+obj_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+obj_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+obj_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+obj_err.o: ../../include/openssl/symhacks.h obj_err.c
+obj_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+obj_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+obj_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+obj_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+obj_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+obj_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+obj_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+obj_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+obj_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h obj_lib.c
diff --git a/src/lib/libcrypto/objects/o_names.c b/src/lib/libcrypto/objects/o_names.c
index adb5731f76..28c9370ca3 100644
--- a/src/lib/libcrypto/objects/o_names.c
+++ b/src/lib/libcrypto/objects/o_names.c
@@ -111,8 +111,8 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
 static int obj_name_cmp(const void *a_void, const void *b_void)
        {
        int ret;
-        const OBJ_NAME *a = (const OBJ_NAME *)a_void;
+        OBJ_NAME *a = (OBJ_NAME *)a_void;
-        const OBJ_NAME *b = (const OBJ_NAME *)b_void;
+        OBJ_NAME *b = (OBJ_NAME *)b_void;
        ret=a->type-b->type;
        if (ret == 0)
@@ -133,7 +133,7 @@ static int obj_name_cmp(const void *a_void, const void *b_void)
 static unsigned long obj_name_hash(const void *a_void)
        {
        unsigned long ret;
-        const OBJ_NAME *a = (const OBJ_NAME *)a_void;
+        OBJ_NAME *a = (OBJ_NAME *)a_void;
        if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type))
                {
diff --git a/src/lib/libcrypto/objects/obj_dat.c b/src/lib/libcrypto/objects/obj_dat.c
index 7fd7433241..f549d078ef 100644
--- a/src/lib/libcrypto/objects/obj_dat.c
+++ b/src/lib/libcrypto/objects/obj_dat.c
@@ -58,12 +58,10 @@
 #include <stdio.h>
 #include <ctype.h>
-#include <limits.h>
 #include "cryptlib.h"
 #include <openssl/lhash.h>
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
-#include <openssl/bn.h>
 /* obj_dat.h is generated from objects.h by obj_dat.pl */
 #ifndef OPENSSL_NO_OBJECT
@@ -117,7 +115,7 @@ static unsigned long add_hash(const void *ca_void)
        int i;
        unsigned long ret=0;
        unsigned char *p;
-        const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void;
+        ADDED_OBJ *ca = (ADDED_OBJ *)ca_void;
        a=ca->obj;
        switch (ca->type)
@@ -151,8 +149,8 @@ static int add_cmp(const void *ca_void, const void *cb_void)
        {
        ASN1_OBJECT *a,*b;
        int i;
-        const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void;
+        ADDED_OBJ *ca = (ADDED_OBJ *)ca_void;
-        const ADDED_OBJ *cb = (const ADDED_OBJ *)cb_void;
+        ADDED_OBJ *cb = (ADDED_OBJ *)cb_void;
        i=ca->type-cb->type;
        if (i) return(i);
@@ -163,7 +161,7 @@ static int add_cmp(const void *ca_void, const void *cb_void)
        case ADDED_DATA:
                i=(a->length - b->length);
                if (i) return(i);
-                return(memcmp(a->data,b->data,(size_t)a->length));
+                return(memcmp(a->data,b->data,a->length));
        case ADDED_SNAME:
                if (a->sn == NULL) return(-1);
                else if (b->sn == NULL) return(1);
@@ -384,8 +382,8 @@ int OBJ_obj2nid(const ASN1_OBJECT *a)
                adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
                if (adp != NULL) return (adp->obj->nid);
                }
-        op=(ASN1_OBJECT **)OBJ_bsearch((const char *)&a,(const char *)obj_objs,
+        op=(ASN1_OBJECT **)OBJ_bsearch((char *)&a,(char *)obj_objs,NUM_OBJ,
-                NUM_OBJ, sizeof(ASN1_OBJECT *),obj_cmp);
+                sizeof(ASN1_OBJECT *),obj_cmp);
        if (op == NULL)
                return(NID_undef);
        return((*op)->nid);
@@ -401,9 +399,7 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
        {
        int nid = NID_undef;
        ASN1_OBJECT *op=NULL;
-        unsigned char *buf;
+        unsigned char *buf,*p;
-        unsigned char *p;
-        const unsigned char *cp;
        int i, j;
        if(!no_name) {
@@ -415,8 +411,8 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
        /* Work out size of content octets */
        i=a2d_ASN1_OBJECT(NULL,0,s,-1);
        if (i <= 0) {
-                /* Don't clear the error */
+                /* Clear the error */
-                /*ERR_clear_error();*/
+                ERR_get_error();
                return NULL;
        }
        /* Work out total size */
@@ -429,170 +425,75 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
        ASN1_put_object(&p,0,i,V_ASN1_OBJECT,V_ASN1_UNIVERSAL);
        /* Write out contents */
        a2d_ASN1_OBJECT(p,i,s,-1);
+        
-        cp=buf;
+        p=buf;
-        op=d2i_ASN1_OBJECT(NULL,&cp,j);
+        op=d2i_ASN1_OBJECT(NULL,&p,j);
        OPENSSL_free(buf);
        return op;
        }
 int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
 {
-        int i,n=0,len,nid, first, use_bn;
+        int i,idx=0,n=0,len,nid;
-        BIGNUM *bl;
        unsigned long l;
        unsigned char *p;
+        const char *s;
        char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
+        if (buf_len <= 0) return(0);
        if ((a == NULL) || (a->data == NULL)) {
                buf[0]='\0';
                return(0);
        }
+        if (no_name || (nid=OBJ_obj2nid(a)) == NID_undef) {
+                len=a->length;
+                p=a->data;
-        if (!no_name && (nid=OBJ_obj2nid(a)) != NID_undef)
+                idx=0;
-                {
+                l=0;
-                const char *s;
+                while (idx < a->length) {
-                s=OBJ_nid2ln(nid);
+                        l|=(p[idx]&0x7f);
-                if (s == NULL)
+                        if (!(p[idx] & 0x80)) break;
-                        s=OBJ_nid2sn(nid);
+                        l<<=7L;
-                if (buf)
+                        idx++;
-                        BUF_strlcpy(buf,s,buf_len);
-                n=strlen(s);
-                return n;
                }
+                idx++;
+                i=(int)(l/40);
+                if (i > 2) i=2;
+                l-=(long)(i*40);
+                BIO_snprintf(tbuf,sizeof tbuf,"%d.%lu",i,l);
+                i=strlen(tbuf);
+                BUF_strlcpy(buf,tbuf,buf_len);
+                buf_len-=i;
+                buf+=i;
+                n+=i;
-        len=a->length;
-        p=a->data;
-        first = 1;
-        bl = NULL;
-        while (len > 0)
-                {
                l=0;
-                use_bn = 0;
+                for (; idx<len; idx++) {
-                for (;;)
+                        l|=p[idx]&0x7f;
-                        {
+                        if (!(p[idx] & 0x80)) {
-                        unsigned char c = *p++;
+                                BIO_snprintf(tbuf,sizeof tbuf,".%lu",l);
-                        len--;
+                                i=strlen(tbuf);
-                        if ((len == 0) && (c & 0x80))
-                                goto err;
-                        if (use_bn)
-                                {
-                                if (!BN_add_word(bl, c & 0x7f))
-                                        goto err;
-                                }
-                        else
-                                l |= c  & 0x7f;
-                        if (!(c & 0x80))
-                                break;
-                        if (!use_bn && (l > (ULONG_MAX >> 7L)))
-                                {
-                                if (!bl && !(bl = BN_new()))
-                                        goto err;
-                                if (!BN_set_word(bl, l))
-                                        goto err;
-                                use_bn = 1;
-                                }
-                        if (use_bn)
-                                {
-                                if (!BN_lshift(bl, bl, 7))
-                                        goto err;
-                                }
-                        else
-                                l<<=7L;
-                        }
-                if (first)
-                        {
-                        first = 0;
-                        if (l >= 80)
-                                {
-                                i = 2;
-                                if (use_bn)
-                                        {
-                                        if (!BN_sub_word(bl, 80))
-                                                goto err;
-                                        }
-                                else
-                                        l -= 80;
-                                }
-                        else
-                                {
-                                i=(int)(l/40);
-                                l-=(long)(i*40);
-                                }
-                        if (buf && (buf_len > 0))
-                                {
-                                *buf++ = i + '0';
-                                buf_len--;
-                                }
-                        n++;
-                        }
-                if (use_bn)
-                        {
-                        char *bndec;
-                        bndec = BN_bn2dec(bl);
-                        if (!bndec)
-                                goto err;
-                        i = strlen(bndec);
-                        if (buf)
-                                {
                                if (buf_len > 0)
-                                        {
+                                        BUF_strlcpy(buf,tbuf,buf_len);
-                                        *buf++ = '.';
+                                buf_len-=i;
-                                        buf_len--;
+                                buf+=i;
-                                        }
+                                n+=i;
-                                BUF_strlcpy(buf,bndec,buf_len);
+                                l=0;
-                                if (i > buf_len)
-                                        {
-                                        buf += buf_len;
-                                        buf_len = 0;
-                                        }
-                                else
-                                        {
-                                        buf+=i;
-                                        buf_len-=i;
-                                        }
-                                }
-                        n++;
-                        n += i;
-                        OPENSSL_free(bndec);
-                        }
-                else
-                        {
-                        BIO_snprintf(tbuf,sizeof tbuf,".%lu",l);
-                        i=strlen(tbuf);
-                        if (buf && (buf_len > 0))
-                                {
-                                BUF_strlcpy(buf,tbuf,buf_len);
-                                if (i > buf_len)
-                                        {
-                                        buf += buf_len;
-                                        buf_len = 0;
-                                        }
-                                else
-                                        {
-                                        buf+=i;
-                                        buf_len-=i;
-                                        }
-                                }
-                        n+=i;
-                        l=0;
                        }
+                        l<<=7L;
                }
+        } else {
-        if (bl)
+                s=OBJ_nid2ln(nid);
-                BN_free(bl);
+                if (s == NULL)
-        return n;
+                        s=OBJ_nid2sn(nid);
+                BUF_strlcpy(buf,s,buf_len);
-        err:
+                n=strlen(s);
-        if (bl)
+        }
-                BN_free(bl);
+        return(n);
-        return -1;
 }
 int OBJ_txt2nid(const char *s)
@@ -618,7 +519,7 @@ int OBJ_ln2nid(const char *s)
                adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
                if (adp != NULL) return (adp->obj->nid);
                }
-        op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)ln_objs, NUM_LN,
+        op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)ln_objs,NUM_LN,
                sizeof(ASN1_OBJECT *),ln_cmp);
        if (op == NULL) return(NID_undef);
        return((*op)->nid);
@@ -646,8 +547,8 @@ int OBJ_sn2nid(const char *s)
 static int obj_cmp(const void *ap, const void *bp)
        {
        int j;
-        const ASN1_OBJECT *a= *(ASN1_OBJECT * const *)ap;
+        ASN1_OBJECT *a= *(ASN1_OBJECT **)ap;
-        const ASN1_OBJECT *b= *(ASN1_OBJECT * const *)bp;
+        ASN1_OBJECT *b= *(ASN1_OBJECT **)bp;
        j=(a->length - b->length);
        if (j) return(j);
@@ -657,14 +558,8 @@ static int obj_cmp(const void *ap, const void *bp)
 const char *OBJ_bsearch(const char *key, const char *base, int num, int size,
        int (*cmp)(const void *, const void *))
        {
-        return OBJ_bsearch_ex(key, base, num, size, cmp, 0);
+        int l,h,i,c;
-        }
+        const char *p;
-const char *OBJ_bsearch_ex(const char *key, const char *base, int num,
-        int size, int (*cmp)(const void *, const void *), int flags)
-        {
-        int l,h,i=0,c=0;
-        const char *p = NULL;
        if (num == 0) return(NULL);
        l=0;
@@ -679,33 +574,20 @@ const char *OBJ_bsearch_ex(const char *key, const char *base, int num,
                else if (c > 0)
                        l=i+1;
                else
-                        break;
+                        return(p);
                }
 #ifdef CHARSET_EBCDIC
 /* THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and
 * I don't have perl (yet), we revert to a *LINEAR* search
 * when the object wasn't found in the binary search.
 */
-        if (c != 0)
+        for (i=0; i<num; ++i) {
-                {
+                p= &(base[i*size]);
-                for (i=0; i<num; ++i)
+                if ((*cmp)(key,p) == 0)
-                        {
+                        return p;
-                        p= &(base[i*size]);
+        }
-                        c = (*cmp)(key,p);
-                        if (c == 0 || (c < 0 && (flags & OBJ_BSEARCH_VALUE_ON_NOMATCH)))
-                                return p;
-                        }
-                }
 #endif
-        if (c != 0 && !(flags & OBJ_BSEARCH_VALUE_ON_NOMATCH))
+        return(NULL);
-                p = NULL;
-        else if (c == 0 && (flags & OBJ_BSEARCH_FIRST_VALUE_ON_MATCH))
-                {
-                while(i > 0 && (*cmp)(key,&(base[(i-1)*size])) == 0)
-                        i--;
-                p = &(base[i*size]);
-                }
-        return(p);
        }
 int OBJ_create_objects(BIO *in)
diff --git a/src/lib/libcrypto/objects/obj_dat.pl b/src/lib/libcrypto/objects/obj_dat.pl
index 8a09a46ee6..d0371661f9 100644
--- a/src/lib/libcrypto/objects/obj_dat.pl
+++ b/src/lib/libcrypto/objects/obj_dat.pl
@@ -94,7 +94,7 @@ for ($i=0; $i<$n; $i++)
        {
        if (!defined($nid{$i}))
                {
-                push(@out,"{NULL,NULL,NID_undef,0,NULL,0},\n");
+                push(@out,"{NULL,NULL,NID_undef,0,NULL},\n");
                }
        else
                {
@@ -138,7 +138,7 @@ for ($i=0; $i<$n; $i++)
                        }
                else
                        {
-                        $out.="0,NULL,0";
+                        $out.="0,NULL";
                        }
                $out.="},\n";
                push(@out,$out);
diff --git a/src/lib/libcrypto/objects/obj_err.c b/src/lib/libcrypto/objects/obj_err.c
index 12b48850c6..0682979b38 100644
--- a/src/lib/libcrypto/objects/obj_err.c
+++ b/src/lib/libcrypto/objects/obj_err.c
@@ -91,12 +91,15 @@ static ERR_STRING_DATA OBJ_str_reasons[]=
 void ERR_load_OBJ_strings(void)
        {
-#ifndef OPENSSL_NO_ERR
+        static int init=1;
-        if (ERR_func_error_string(OBJ_str_functs[0].error) == NULL)
+        if (init)
                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
                ERR_load_strings(0,OBJ_str_functs);
                ERR_load_strings(0,OBJ_str_reasons);
-                }
 #endif
+                }
        }
diff --git a/src/lib/libcrypto/objects/obj_lib.c b/src/lib/libcrypto/objects/obj_lib.c
index 706fa0b0e7..b0b0f2ff24 100644
--- a/src/lib/libcrypto/objects/obj_lib.c
+++ b/src/lib/libcrypto/objects/obj_lib.c
@@ -82,8 +82,7 @@ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o)
        r->data=OPENSSL_malloc(o->length);
        if (r->data == NULL)
                goto err;
-        if (o->data != NULL)
+        memcpy(r->data,o->data,o->length);
-                memcpy(r->data,o->data,o->length);
        r->length=o->length;
        r->nid=o->nid;
        r->ln=r->sn=NULL;
diff --git a/src/lib/libcrypto/objects/obj_mac.num b/src/lib/libcrypto/objects/obj_mac.num
index 47815b1e4e..84555d936e 100644
--- a/src/lib/libcrypto/objects/obj_mac.num
+++ b/src/lib/libcrypto/objects/obj_mac.num
@@ -673,118 +673,3 @@ sha256		672
 sha384          673
 sha512          674
 sha224          675
-identified_organization         676
-certicom_arc            677
-wap             678
-wap_wsg         679
-X9_62_id_characteristic_two_basis               680
-X9_62_onBasis           681
-X9_62_tpBasis           682
-X9_62_ppBasis           683
-X9_62_c2pnb163v1                684
-X9_62_c2pnb163v2                685
-X9_62_c2pnb163v3                686
-X9_62_c2pnb176v1                687
-X9_62_c2tnb191v1                688
-X9_62_c2tnb191v2                689
-X9_62_c2tnb191v3                690
-X9_62_c2onb191v4                691
-X9_62_c2onb191v5                692
-X9_62_c2pnb208w1                693
-X9_62_c2tnb239v1                694
-X9_62_c2tnb239v2                695
-X9_62_c2tnb239v3                696
-X9_62_c2onb239v4                697
-X9_62_c2onb239v5                698
-X9_62_c2pnb272w1                699
-X9_62_c2pnb304w1                700
-X9_62_c2tnb359v1                701
-X9_62_c2pnb368w1                702
-X9_62_c2tnb431r1                703
-secp112r1               704
-secp112r2               705
-secp128r1               706
-secp128r2               707
-secp160k1               708
-secp160r1               709
-secp160r2               710
-secp192k1               711
-secp224k1               712
-secp224r1               713
-secp256k1               714
-secp384r1               715
-secp521r1               716
-sect113r1               717
-sect113r2               718
-sect131r1               719
-sect131r2               720
-sect163k1               721
-sect163r1               722
-sect163r2               723
-sect193r1               724
-sect193r2               725
-sect233k1               726
-sect233r1               727
-sect239k1               728
-sect283k1               729
-sect283r1               730
-sect409k1               731
-sect409r1               732
-sect571k1               733
-sect571r1               734
-wap_wsg_idm_ecid_wtls1          735
-wap_wsg_idm_ecid_wtls3          736
-wap_wsg_idm_ecid_wtls4          737
-wap_wsg_idm_ecid_wtls5          738
-wap_wsg_idm_ecid_wtls6          739
-wap_wsg_idm_ecid_wtls7          740
-wap_wsg_idm_ecid_wtls8          741
-wap_wsg_idm_ecid_wtls9          742
-wap_wsg_idm_ecid_wtls10         743
-wap_wsg_idm_ecid_wtls11         744
-wap_wsg_idm_ecid_wtls12         745
-any_policy              746
-policy_mappings         747
-inhibit_any_policy              748
-ipsec3          749
-ipsec4          750
-camellia_128_cbc                751
-camellia_192_cbc                752
-camellia_256_cbc                753
-camellia_128_ecb                754
-camellia_192_ecb                755
-camellia_256_ecb                756
-camellia_128_cfb128             757
-camellia_192_cfb128             758
-camellia_256_cfb128             759
-camellia_128_cfb1               760
-camellia_192_cfb1               761
-camellia_256_cfb1               762
-camellia_128_cfb8               763
-camellia_192_cfb8               764
-camellia_256_cfb8               765
-camellia_128_ofb128             766
-camellia_192_ofb128             767
-camellia_256_ofb128             768
-subject_directory_attributes            769
-issuing_distribution_point              770
-certificate_issuer              771
-korea           772
-kisa            773
-kftc            774
-npki_alg                775
-seed_ecb                776
-seed_cbc                777
-seed_ofb128             778
-seed_cfb128             779
-hmac_md5                780
-hmac_sha1               781
-id_PasswordBasedMAC             782
-id_DHBasedMac           783
-id_it_suppLangTags              784
-caRepository            785
-id_smime_ct_compressedData              786
-id_ct_asciiTextWithCRLF         787
-id_aes128_wrap          788
-id_aes192_wrap          789
-id_aes256_wrap          790
diff --git a/src/lib/libcrypto/objects/objects.h b/src/lib/libcrypto/objects/objects.h
index 7242f76fb0..f859d859b8 100644
--- a/src/lib/libcrypto/objects/objects.h
+++ b/src/lib/libcrypto/objects/objects.h
@@ -966,10 +966,7 @@
 #define OBJ_NAME_TYPE_COMP_METH         0x04
 #define OBJ_NAME_TYPE_NUM               0x05
-#define OBJ_NAME_ALIAS                  0x8000
+#define OBJ_NAME_ALIAS          0x8000
-#define OBJ_BSEARCH_VALUE_ON_NOMATCH            0x01
-#define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH        0x02
 #ifdef  __cplusplus
@@ -1013,8 +1010,6 @@ int		OBJ_sn2nid(const char *s);
 int             OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);
 const char *    OBJ_bsearch(const char *key,const char *base,int num,int size,
        int (*cmp)(const void *, const void *));
-const char *    OBJ_bsearch_ex(const char *key,const char *base,int num,
-        int size, int (*cmp)(const void *, const void *), int flags);
 int             OBJ_new_nid(int num);
 int             OBJ_add_object(const ASN1_OBJECT *obj);
diff --git a/src/lib/libcrypto/objects/objects.pl b/src/lib/libcrypto/objects/objects.pl
index 76c06cc8f9..76bb8da677 100644
--- a/src/lib/libcrypto/objects/objects.pl
+++ b/src/lib/libcrypto/objects/objects.pl
@@ -107,12 +107,13 @@ while (<IN>)
        }
 close IN;
-open (NUMOUT,">$ARGV[1]") || die "Can't open output file $ARGV[1]";
+#XXX don't modify input files
-foreach (sort { $a <=> $b } keys %nidn)
+#open (NUMOUT,">$ARGV[1]") || die "Can't open output file $ARGV[1]";
-        {
+#foreach (sort { $a <=> $b } keys %nidn)
-        print NUMOUT $nidn{$_},"\t\t",$_,"\n";
+#       {
-        }
+#       print NUMOUT $nidn{$_},"\t\t",$_,"\n";
-close NUMOUT;
+#       }
+#close NUMOUT;
 open (OUT,">$ARGV[2]") || die "Can't open output file $ARGV[2]";
 print OUT <<'EOF';
diff --git a/src/lib/libcrypto/objects/objects.txt b/src/lib/libcrypto/objects/objects.txt
index 34c8d1d647..2635c4e667 100644
--- a/src/lib/libcrypto/objects/objects.txt
+++ b/src/lib/libcrypto/objects/objects.txt
@@ -1,28 +1,12 @@
-# CCITT was renamed to ITU-T quite some time ago
+0                       : CCITT                 : ccitt
-0                       : ITU-T                 : itu-t
-!Alias ccitt itu-t
 1                       : ISO                   : iso
-2                       : JOINT-ISO-ITU-T       : joint-iso-itu-t
+2                       : JOINT-ISO-CCITT       : joint-iso-ccitt
-!Alias joint-iso-ccitt joint-iso-itu-t
 iso 2                   : member-body           : ISO Member Body
-iso 3                   : identified-organization
+joint-iso-ccitt 5 1 5   : selected-attribute-types      : Selected Attribute Types
-# HMAC OIDs
-identified-organization 6 1 5 5 8 1 1   : HMAC-MD5      : hmac-md5
-identified-organization 6 1 5 5 8 1 2   : HMAC-SHA1     : hmac-sha1
-identified-organization 132     : certicom-arc
-joint-iso-itu-t 23      : international-organizations   : International Organizations
-international-organizations 43  : wap
-wap 13                  : wap-wsg
-joint-iso-itu-t 5 1 5   : selected-attribute-types      : Selected Attribute Types
 selected-attribute-types 55     : clearance
@@ -40,34 +24,12 @@ ISO-US 10045		: ansi-X9-62		: ANSI X9.62
 !Alias id-fieldType ansi-X9-62 1
 X9-62_id-fieldType 1            : prime-field
 X9-62_id-fieldType 2            : characteristic-two-field
-X9-62_characteristic-two-field 3 : id-characteristic-two-basis
+# ... characteristic-two-field OID subtree
-X9-62_id-characteristic-two-basis 1 : onBasis
-X9-62_id-characteristic-two-basis 2 : tpBasis
-X9-62_id-characteristic-two-basis 3 : ppBasis
 !Alias id-publicKeyType ansi-X9-62 2
 X9-62_id-publicKeyType 1        : id-ecPublicKey
 !Alias ellipticCurve ansi-X9-62 3
 !Alias c-TwoCurve X9-62_ellipticCurve 0
-X9-62_c-TwoCurve 1              : c2pnb163v1
+# ... characteristic 2 curve OIDs
-X9-62_c-TwoCurve 2              : c2pnb163v2
-X9-62_c-TwoCurve 3              : c2pnb163v3
-X9-62_c-TwoCurve 4              : c2pnb176v1
-X9-62_c-TwoCurve 5              : c2tnb191v1
-X9-62_c-TwoCurve 6              : c2tnb191v2
-X9-62_c-TwoCurve 7              : c2tnb191v3
-X9-62_c-TwoCurve 8              : c2onb191v4
-X9-62_c-TwoCurve 9              : c2onb191v5
-X9-62_c-TwoCurve 10             : c2pnb208w1
-X9-62_c-TwoCurve 11             : c2tnb239v1
-X9-62_c-TwoCurve 12             : c2tnb239v2
-X9-62_c-TwoCurve 13             : c2tnb239v3
-X9-62_c-TwoCurve 14             : c2onb239v4
-X9-62_c-TwoCurve 15             : c2onb239v5
-X9-62_c-TwoCurve 16             : c2pnb272w1
-X9-62_c-TwoCurve 17             : c2pnb304w1
-X9-62_c-TwoCurve 18             : c2tnb359v1
-X9-62_c-TwoCurve 19             : c2pnb368w1
-X9-62_c-TwoCurve 20             : c2tnb431r1
 !Alias primeCurve X9-62_ellipticCurve 1
 X9-62_primeCurve 1              : prime192v1
 X9-62_primeCurve 2              : prime192v2
@@ -80,60 +42,6 @@ X9-62_primeCurve 7	 	: prime256v1
 !global
 X9-62_id-ecSigType 1            : ecdsa-with-SHA1
-# SECG curve OIDs from "SEC 2: Recommended Elliptic Curve Domain Parameters"
-# (http://www.secg.org/)
-!Alias secg_ellipticCurve certicom-arc 0
-# SECG prime curves OIDs
-secg-ellipticCurve 6            : secp112r1
-secg-ellipticCurve 7            : secp112r2
-secg-ellipticCurve 28           : secp128r1
-secg-ellipticCurve 29           : secp128r2
-secg-ellipticCurve 9            : secp160k1
-secg-ellipticCurve 8            : secp160r1
-secg-ellipticCurve 30           : secp160r2
-secg-ellipticCurve 31           : secp192k1
-# NOTE: the curve secp192r1 is the same as prime192v1 defined above
-#       and is therefore omitted
-secg-ellipticCurve 32           : secp224k1
-secg-ellipticCurve 33           : secp224r1
-secg-ellipticCurve 10           : secp256k1
-# NOTE: the curve secp256r1 is the same as prime256v1 defined above
-#       and is therefore omitted
-secg-ellipticCurve 34           : secp384r1
-secg-ellipticCurve 35           : secp521r1
-# SECG characteristic two curves OIDs
-secg-ellipticCurve 4            : sect113r1
-secg-ellipticCurve 5            : sect113r2
-secg-ellipticCurve 22           : sect131r1
-secg-ellipticCurve 23           : sect131r2
-secg-ellipticCurve 1            : sect163k1
-secg-ellipticCurve 2            : sect163r1
-secg-ellipticCurve 15           : sect163r2
-secg-ellipticCurve 24           : sect193r1
-secg-ellipticCurve 25           : sect193r2
-secg-ellipticCurve 26           : sect233k1
-secg-ellipticCurve 27           : sect233r1
-secg-ellipticCurve 3            : sect239k1
-secg-ellipticCurve 16           : sect283k1
-secg-ellipticCurve 17           : sect283r1
-secg-ellipticCurve 36           : sect409k1
-secg-ellipticCurve 37           : sect409r1
-secg-ellipticCurve 38           : sect571k1
-secg-ellipticCurve 39           : sect571r1
-# WAP/TLS curve OIDs (http://www.wapforum.org/)
-!Alias wap-wsg-idm-ecid wap-wsg 4
-wap-wsg-idm-ecid 1      : wap-wsg-idm-ecid-wtls1
-wap-wsg-idm-ecid 3      : wap-wsg-idm-ecid-wtls3
-wap-wsg-idm-ecid 4      : wap-wsg-idm-ecid-wtls4
-wap-wsg-idm-ecid 5      : wap-wsg-idm-ecid-wtls5
-wap-wsg-idm-ecid 6      : wap-wsg-idm-ecid-wtls6
-wap-wsg-idm-ecid 7      : wap-wsg-idm-ecid-wtls7
-wap-wsg-idm-ecid 8      : wap-wsg-idm-ecid-wtls8
-wap-wsg-idm-ecid 9      : wap-wsg-idm-ecid-wtls9
-wap-wsg-idm-ecid 10     : wap-wsg-idm-ecid-wtls10
-wap-wsg-idm-ecid 11     : wap-wsg-idm-ecid-wtls11
-wap-wsg-idm-ecid 12     : wap-wsg-idm-ecid-wtls12
 ISO-US 113533 7 66 10   : CAST5-CBC             : cast5-cbc
@@ -145,10 +53,6 @@ ISO-US 113533 7 66 10	: CAST5-CBC		: cast5-cbc
 !Cname pbeWithMD5AndCast5-CBC
 ISO-US 113533 7 66 12   :                       : pbeWithMD5AndCast5CBC
-# Macs for CMP and CRMF
-ISO-US 113533 7 66 13   : id-PasswordBasedMAC   : password based MAC
-ISO-US 113533 7 66 30   : id-DHBasedMac         : Diffie-Hellman based MAC
 ISO-US 113549           : rsadsi                : RSA Data Security, Inc.
 rsadsi 1                : pkcs                  : RSA Data Security, Inc. PKCS
@@ -245,8 +149,6 @@ id-smime-ct 5		: id-smime-ct-TDTInfo
 id-smime-ct 6           : id-smime-ct-contentInfo
 id-smime-ct 7           : id-smime-ct-DVCSRequestData
 id-smime-ct 8           : id-smime-ct-DVCSResponseData
-id-smime-ct 9           : id-smime-ct-compressedData
-id-smime-ct 27          : id-ct-asciiTextWithCRLF
 # S/MIME Attributes
 id-smime-aa 1           : id-smime-aa-receiptRequest
@@ -494,7 +396,6 @@ id-it 12		: id-it-revPassphrase
 id-it 13                : id-it-implicitConfirm
 id-it 14                : id-it-confirmWaitTime
 id-it 15                : id-it-origPKIMessage
-id-it 16                : id-it-suppLangTags
 # CRMF registration
 id-pkip 1               : id-regCtrl
@@ -581,7 +482,6 @@ id-ad 2			: caIssuers		: CA Issuers
 id-ad 3                 : ad_timestamping       : AD Time Stamping
 !Cname ad-dvcs
 id-ad 4                 : AD_DVCS               : ad dvcs
-id-ad 5                 : caRepository          : CA Repository
 !Alias id-pkix-OCSP ad-OCSP
@@ -669,8 +569,6 @@ X500algorithms 3 100	: RSA-MDC2		: mdc2WithRSA
 X500algorithms 3 101    : MDC2                  : mdc2
 X500 29                 : id-ce
-!Cname subject-directory-attributes
-id-ce 9                 : subjectDirectoryAttributes : X509v3 Subject Directory Attributes
 !Cname subject-key-identifier
 id-ce 14                : subjectKeyIdentifier  : X509v3 Subject Key Identifier
 !Cname key-usage
@@ -691,28 +589,18 @@ id-ce 21		: CRLReason		: X509v3 CRL Reason Code
 id-ce 24                : invalidityDate        : Invalidity Date
 !Cname delta-crl
 id-ce 27                : deltaCRL              : X509v3 Delta CRL Indicator
-!Cname issuing-distribution-point
-id-ce 28                : issuingDistributionPoint : X509v3 Issuing Distrubution Point
-!Cname certificate-issuer
-id-ce 29                : certificateIssuer     : X509v3 Certificate Issuer
 !Cname name-constraints
 id-ce 30                : nameConstraints       : X509v3 Name Constraints
 !Cname crl-distribution-points
 id-ce 31                : crlDistributionPoints : X509v3 CRL Distribution Points
 !Cname certificate-policies
 id-ce 32                : certificatePolicies   : X509v3 Certificate Policies
-!Cname any-policy
-certificate-policies 0  : anyPolicy             : X509v3 Any Policy
-!Cname policy-mappings
-id-ce 33                : policyMappings        : X509v3 Policy Mappings
 !Cname authority-key-identifier
 id-ce 35                : authorityKeyIdentifier : X509v3 Authority Key Identifier
 !Cname policy-constraints
 id-ce 36                : policyConstraints     : X509v3 Policy Constraints
 !Cname ext-key-usage
 id-ce 37                : extendedKeyUsage      : X509v3 Extended Key Usage
-!Cname inhibit-any-policy
-id-ce 54                : inhibitAnyPolicy      : X509v3 Inhibit Any Policy
 !Cname target-information
 id-ce 55                : targetInformation     : X509v3 AC Targeting
 !Cname no-rev-avail
@@ -780,7 +668,7 @@ mime-mhs-headings 2	: id-hex-multipart-message : id-hex-multipart-message
 !Cname rle-compression
 1 1 1 1 666 1           : RLE                   : run length compression
 !Cname zlib-compression
-id-smime-alg 8          : ZLIB                  : zlib compression
+1 1 1 1 666 2           : ZLIB                  : zlib compression
 # AES aka Rijndael
@@ -822,10 +710,6 @@ aes 44			: AES-256-CFB		: aes-256-cfb
                        : DES-EDE3-CFB1         : des-ede3-cfb1
                        : DES-EDE3-CFB8         : des-ede3-cfb8
-aes 5                   : id-aes128-wrap 
-aes 25                  : id-aes192-wrap 
-aes 45                  : id-aes256-wrap 
 # OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84.
 !Alias nist_hashalgs nistAlgorithms 2
 nist_hashalgs 1         : SHA256                : sha256
@@ -844,9 +728,9 @@ holdInstruction 2	: holdInstructionCallIssuer : Hold Instruction Call Issuer
 !Cname hold-instruction-reject
 holdInstruction 3       : holdInstructionReject : Hold Instruction Reject
-# OID's from ITU-T.  Most of this is defined in RFC 1274.  A couple of
+# OID's from CCITT.  Most of this is defined in RFC 1274.  A couple of
 # them are also mentioned in RFC 2247
-itu-t 9                 : data
+ccitt 9                 : data
 data 2342               : pss
 pss 19200300            : ucl
 ucl 100                 : pilot
@@ -920,7 +804,7 @@ pilotAttributeType 54	:			: dITRedirect
 pilotAttributeType 55   : audio
 pilotAttributeType 56   :                       : documentPublisher
-international-organizations 42  : id-set        : Secure Electronic Transactions
+2 23 42                 : id-set                : Secure Electronic Transactions
 id-set 0                : set-ctype             : content types
 id-set 1                : set-msgExt            : message extensions
@@ -1066,54 +950,3 @@ set-brand 6011		: set-brand-Novus
 rsadsi 3 10             : DES-CDMF              : des-cdmf
 rsadsi 1 1 6            : rsaOAEPEncryptionSET
-                        : Oakley-EC2N-3         : ipsec3
-                        : Oakley-EC2N-4         : ipsec4
-# Definitions for Camellia cipher - CBC MODE
-1 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC            : camellia-128-cbc
-1 2 392 200011 61 1 1 1 3 : CAMELLIA-192-CBC            : camellia-192-cbc
-1 2 392 200011 61 1 1 1 4 : CAMELLIA-256-CBC            : camellia-256-cbc
-# Definitions for Camellia cipher - ECB, CFB, OFB MODE
-!Alias ntt-ds 0 3 4401 5
-!Alias camellia ntt-ds 3 1 9 
-camellia 1              : CAMELLIA-128-ECB              : camellia-128-ecb
-!Cname camellia-128-ofb128
-camellia 3              : CAMELLIA-128-OFB              : camellia-128-ofb
-!Cname camellia-128-cfb128
-camellia 4              : CAMELLIA-128-CFB              : camellia-128-cfb
-camellia 21             : CAMELLIA-192-ECB              : camellia-192-ecb
-!Cname camellia-192-ofb128
-camellia 23             : CAMELLIA-192-OFB              : camellia-192-ofb
-!Cname camellia-192-cfb128
-camellia 24             : CAMELLIA-192-CFB              : camellia-192-cfb
-camellia 41             : CAMELLIA-256-ECB              : camellia-256-ecb
-!Cname camellia-256-ofb128
-camellia 43             : CAMELLIA-256-OFB              : camellia-256-ofb
-!Cname camellia-256-cfb128
-camellia 44             : CAMELLIA-256-CFB              : camellia-256-cfb
-# There are no OIDs for these modes...
-                        : CAMELLIA-128-CFB1             : camellia-128-cfb1
-                        : CAMELLIA-192-CFB1             : camellia-192-cfb1
-                        : CAMELLIA-256-CFB1             : camellia-256-cfb1
-                        : CAMELLIA-128-CFB8             : camellia-128-cfb8
-                        : CAMELLIA-192-CFB8             : camellia-192-cfb8
-                        : CAMELLIA-256-CFB8             : camellia-256-cfb8
-# Definitions for SEED cipher - ECB, CBC, OFB mode
-member-body 410 200004  : KISA          : kisa
-kisa 1 3                : SEED-ECB      : seed-ecb
-kisa 1 4                : SEED-CBC      : seed-cbc
-!Cname seed-cfb128
-kisa 1 5                : SEED-CFB      : seed-cfb
-!Cname seed-ofb128
-kisa 1 6                : SEED-OFB      : seed-ofb
diff --git a/src/lib/libcrypto/ocsp/Makefile b/src/lib/libcrypto/ocsp/Makefile
new file mode 100644
index 0000000000..0fe028960e
--- /dev/null
+++ b/src/lib/libcrypto/ocsp/Makefile
@@ -0,0 +1,213 @@
+#
+# OpenSSL/ocsp/Makefile
+#
+DIR=    ocsp
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile README
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= ocsp_asn.c ocsp_ext.c ocsp_ht.c ocsp_lib.c ocsp_cl.c \
+        ocsp_srv.c ocsp_prn.c ocsp_vfy.c ocsp_err.c
+LIBOBJ= ocsp_asn.o ocsp_ext.o ocsp_ht.o ocsp_lib.o ocsp_cl.o \
+        ocsp_srv.o ocsp_prn.o ocsp_vfy.o ocsp_err.o
+SRC= $(LIBSRC)
+EXHEADER= ocsp.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+ocsp_asn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+ocsp_asn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+ocsp_asn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ocsp_asn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ocsp_asn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+ocsp_asn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_asn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+ocsp_asn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_asn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_asn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_asn.o: ocsp_asn.c
+ocsp_cl.o: ../../e_os.h ../../include/openssl/asn1.h
+ocsp_cl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+ocsp_cl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_cl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ocsp_cl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ocsp_cl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_cl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ocsp_cl.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_cl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ocsp_cl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+ocsp_cl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+ocsp_cl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+ocsp_cl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_cl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_cl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_cl.o: ../cryptlib.h ocsp_cl.c
+ocsp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ocsp_err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+ocsp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ocsp_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ocsp_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+ocsp_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+ocsp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_err.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+ocsp_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_err.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_err.o: ocsp_err.c
+ocsp_ext.o: ../../e_os.h ../../include/openssl/asn1.h
+ocsp_ext.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+ocsp_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ocsp_ext.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ocsp_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_ext.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ocsp_ext.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_ext.o: ../../include/openssl/opensslconf.h
+ocsp_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+ocsp_ext.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_ext.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_ext.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_ext.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_ext.c
+ocsp_ht.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ocsp_ht.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+ocsp_ht.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ocsp_ht.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ocsp_ht.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+ocsp_ht.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+ocsp_ht.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_ht.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_ht.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_ht.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+ocsp_ht.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_ht.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_ht.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_ht.o: ocsp_ht.c
+ocsp_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+ocsp_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+ocsp_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ocsp_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ocsp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ocsp_lib.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_lib.o: ../../include/openssl/opensslconf.h
+ocsp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_lib.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+ocsp_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+ocsp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_lib.c
+ocsp_prn.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ocsp_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+ocsp_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ocsp_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ocsp_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+ocsp_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+ocsp_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_prn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_prn.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+ocsp_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+ocsp_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_prn.o: ocsp_prn.c
+ocsp_srv.o: ../../e_os.h ../../include/openssl/asn1.h
+ocsp_srv.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+ocsp_srv.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_srv.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ocsp_srv.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ocsp_srv.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_srv.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ocsp_srv.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_srv.o: ../../include/openssl/opensslconf.h
+ocsp_srv.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_srv.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+ocsp_srv.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+ocsp_srv.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_srv.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_srv.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_srv.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_srv.c
+ocsp_vfy.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ocsp_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+ocsp_vfy.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ocsp_vfy.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ocsp_vfy.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+ocsp_vfy.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+ocsp_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_vfy.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+ocsp_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_vfy.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_vfy.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_vfy.o: ocsp_vfy.c
diff --git a/src/lib/libcrypto/ocsp/Makefile.ssl b/src/lib/libcrypto/ocsp/Makefile.ssl
new file mode 100644
index 0000000000..02477be538
--- /dev/null
+++ b/src/lib/libcrypto/ocsp/Makefile.ssl
@@ -0,0 +1,293 @@
+#
+# OpenSSL/ocsp/Makefile.ssl
+#
+DIR=    ocsp
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile README
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= ocsp_asn.c ocsp_ext.c ocsp_ht.c ocsp_lib.c ocsp_cl.c \
+        ocsp_srv.c ocsp_prn.c ocsp_vfy.c ocsp_err.c
+LIBOBJ= ocsp_asn.o ocsp_ext.o ocsp_ht.o ocsp_lib.o ocsp_cl.o \
+        ocsp_srv.o ocsp_prn.o ocsp_vfy.o ocsp_err.o
+SRC= $(LIBSRC)
+EXHEADER= ocsp.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile ;
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+ocsp_asn.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+ocsp_asn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+ocsp_asn.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ocsp_asn.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ocsp_asn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_asn.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ocsp_asn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
+ocsp_asn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_asn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_asn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_asn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_asn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+ocsp_asn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+ocsp_asn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+ocsp_asn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_asn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_asn.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ocsp_asn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_asn.o: ../../include/openssl/x509v3.h ocsp_asn.c
+ocsp_cl.o: ../../e_os.h ../../include/openssl/aes.h
+ocsp_cl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ocsp_cl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ocsp_cl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ocsp_cl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_cl.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ocsp_cl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_cl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ocsp_cl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+ocsp_cl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+ocsp_cl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+ocsp_cl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+ocsp_cl.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_cl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ocsp_cl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+ocsp_cl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+ocsp_cl.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+ocsp_cl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+ocsp_cl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+ocsp_cl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_cl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_cl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ocsp_cl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_cl.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_cl.c
+ocsp_err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+ocsp_err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_err.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_err.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+ocsp_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+ocsp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_err.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_err.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_err.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+ocsp_err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+ocsp_err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+ocsp_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_err.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ocsp_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_err.o: ../../include/openssl/x509v3.h ocsp_err.c
+ocsp_ext.o: ../../e_os.h ../../include/openssl/aes.h
+ocsp_ext.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ocsp_ext.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ocsp_ext.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ocsp_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_ext.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ocsp_ext.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ocsp_ext.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+ocsp_ext.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+ocsp_ext.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+ocsp_ext.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+ocsp_ext.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_ext.o: ../../include/openssl/opensslconf.h
+ocsp_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+ocsp_ext.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_ext.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+ocsp_ext.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_ext.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ocsp_ext.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+ocsp_ext.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_ext.o: ../cryptlib.h ocsp_ext.c
+ocsp_ht.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+ocsp_ht.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_ht.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_ht.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_ht.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_ht.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+ocsp_ht.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+ocsp_ht.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_ht.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_ht.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_ht.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_ht.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_ht.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_ht.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_ht.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+ocsp_ht.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+ocsp_ht.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+ocsp_ht.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_ht.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_ht.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ocsp_ht.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_ht.o: ../../include/openssl/x509v3.h ocsp_ht.c
+ocsp_lib.o: ../../e_os.h ../../include/openssl/aes.h
+ocsp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ocsp_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ocsp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ocsp_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_lib.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ocsp_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ocsp_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+ocsp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+ocsp_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+ocsp_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+ocsp_lib.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_lib.o: ../../include/openssl/opensslconf.h
+ocsp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_lib.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+ocsp_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+ocsp_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+ocsp_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ocsp_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+ocsp_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_lib.o: ../cryptlib.h ocsp_lib.c
+ocsp_prn.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+ocsp_prn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_prn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_prn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_prn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_prn.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+ocsp_prn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+ocsp_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_prn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_prn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_prn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_prn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_prn.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+ocsp_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+ocsp_prn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+ocsp_prn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+ocsp_prn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_prn.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ocsp_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_prn.o: ../../include/openssl/x509v3.h ocsp_prn.c
+ocsp_srv.o: ../../e_os.h ../../include/openssl/aes.h
+ocsp_srv.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ocsp_srv.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ocsp_srv.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ocsp_srv.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_srv.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ocsp_srv.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_srv.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ocsp_srv.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+ocsp_srv.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+ocsp_srv.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+ocsp_srv.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+ocsp_srv.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_srv.o: ../../include/openssl/opensslconf.h
+ocsp_srv.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_srv.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+ocsp_srv.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+ocsp_srv.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_srv.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+ocsp_srv.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_srv.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_srv.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ocsp_srv.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+ocsp_srv.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_srv.o: ../cryptlib.h ocsp_srv.c
+ocsp_vfy.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+ocsp_vfy.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_vfy.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_vfy.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_vfy.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_vfy.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+ocsp_vfy.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+ocsp_vfy.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_vfy.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_vfy.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_vfy.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_vfy.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+ocsp_vfy.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+ocsp_vfy.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+ocsp_vfy.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_vfy.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_vfy.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ocsp_vfy.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_vfy.o: ../../include/openssl/x509v3.h ocsp_vfy.c
diff --git a/src/lib/libcrypto/ocsp/ocsp.h b/src/lib/libcrypto/ocsp/ocsp.h
index a0577a717e..fab3c03182 100644
--- a/src/lib/libcrypto/ocsp/ocsp.h
+++ b/src/lib/libcrypto/ocsp/ocsp.h
@@ -186,11 +186,11 @@ typedef struct ocsp_resp_bytes_st
 *      responseStatus         OCSPResponseStatus,
 *      responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
 */
-struct ocsp_response_st
+typedef struct ocsp_response_st
        {
        ASN1_ENUMERATED *responseStatus;
        OCSP_RESPBYTES  *responseBytes;
-        };
+        } OCSP_RESPONSE;
 /*   ResponderID ::= CHOICE {
 *      byName   [1] Name,
@@ -198,18 +198,14 @@ struct ocsp_response_st
 */
 #define V_OCSP_RESPID_NAME 0
 #define V_OCSP_RESPID_KEY  1
-struct ocsp_responder_id_st
+typedef struct ocsp_responder_id_st
        {
        int type;
        union   {
                X509_NAME* byName;
                ASN1_OCTET_STRING *byKey;
                } value;
-        };
+        } OCSP_RESPID;
-DECLARE_STACK_OF(OCSP_RESPID)
-DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
 /*   KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
 *                            --(excluding the tag and length fields)
 */
@@ -353,9 +349,13 @@ typedef struct ocsp_service_locator_st
 #define PEM_STRING_OCSP_REQUEST "OCSP REQUEST"
 #define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"
-#define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p)
+#define d2i_OCSP_REQUEST_bio(bp,p) (OCSP_REQUEST*)ASN1_d2i_bio((char*(*)()) \
+                OCSP_REQUEST_new,(char *(*)())d2i_OCSP_REQUEST, (bp),\
+                (unsigned char **)(p))
-#define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p)
+#define d2i_OCSP_RESPONSE_bio(bp,p) (OCSP_RESPONSE*)ASN1_d2i_bio((char*(*)())\
+                OCSP_REQUEST_new,(char *(*)())d2i_OCSP_RESPONSE, (bp),\
+                (unsigned char **)(p))
 #define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \
     (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL)
@@ -371,9 +371,11 @@ typedef struct ocsp_service_locator_st
    PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\
                        bp,(char *)o, NULL,NULL,0,NULL,NULL)
-#define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o)
+#define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio(i2d_OCSP_RESPONSE,bp,\
+                (unsigned char *)o)
-#define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o)
+#define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio(i2d_OCSP_REQUEST,bp,\
+                (unsigned char *)o)
 #define OCSP_REQUEST_sign(o,pkey,md) \
        ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\
@@ -394,17 +396,14 @@ typedef struct ocsp_service_locator_st
 #define ASN1_BIT_STRING_digest(data,type,md,len) \
        ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
-#define OCSP_CERTID_dup(cid) ASN1_dup_of(OCSP_CERTID,i2d_OCSP_CERTID,d2i_OCSP_CERTID,cid)
+#define OCSP_CERTID_dup(cid) (OCSP_CERTID*)ASN1_dup((int(*)())i2d_OCSP_CERTID,\
+                (char *(*)())d2i_OCSP_CERTID,(char *)(cid))
 #define OCSP_CERTSTATUS_dup(cs)\
                (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
                (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
 OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);
-OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
-                                                                int maxline);
-int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
-void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
 OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
@@ -474,10 +473,8 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp,
                        X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
                        STACK_OF(X509) *certs, unsigned long flags);
-ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
+ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(), 
-                                void *data, STACK_OF(ASN1_OBJECT) *sk);
+                                char *data, STACK_OF(ASN1_OBJECT) *sk);
-#define ASN1_STRING_encode_of(type,s,i2d,data,sk) \
-        ASN1_STRING_encode(s, CHECKED_I2D_OF(type, i2d), data, sk)
 X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);
@@ -567,11 +564,11 @@ void ERR_load_OCSP_strings(void);
 /* Function codes. */
 #define OCSP_F_ASN1_STRING_ENCODE                        100
+#define OCSP_F_CERT_ID_NEW                               101
 #define OCSP_F_D2I_OCSP_NONCE                            102
 #define OCSP_F_OCSP_BASIC_ADD1_STATUS                    103
 #define OCSP_F_OCSP_BASIC_SIGN                           104
 #define OCSP_F_OCSP_BASIC_VERIFY                         105
-#define OCSP_F_OCSP_CERT_ID_NEW                          101
 #define OCSP_F_OCSP_CHECK_DELEGATED                      106
 #define OCSP_F_OCSP_CHECK_IDS                            107
 #define OCSP_F_OCSP_CHECK_ISSUER                         108
@@ -582,7 +579,6 @@ void ERR_load_OCSP_strings(void);
 #define OCSP_F_OCSP_REQUEST_VERIFY                       116
 #define OCSP_F_OCSP_RESPONSE_GET1_BASIC                  111
 #define OCSP_F_OCSP_SENDREQ_BIO                          112
-#define OCSP_F_PARSE_HTTP_LINE1                          117
 #define OCSP_F_REQUEST_VERIFY                            113
 /* Reason codes. */
diff --git a/src/lib/libcrypto/ocsp/ocsp_asn.c b/src/lib/libcrypto/ocsp/ocsp_asn.c
index 39b7a1c568..6a3a360d54 100644
--- a/src/lib/libcrypto/ocsp/ocsp_asn.c
+++ b/src/lib/libcrypto/ocsp/ocsp_asn.c
@@ -62,7 +62,7 @@
 ASN1_SEQUENCE(OCSP_SIGNATURE) = {
        ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR),
        ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING),
-        ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0)
+        ASN1_EXP_SEQUENCE_OF(OCSP_SIGNATURE, certs, X509, 0)
 } ASN1_SEQUENCE_END(OCSP_SIGNATURE)
 IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE)
diff --git a/src/lib/libcrypto/ocsp/ocsp_cl.c b/src/lib/libcrypto/ocsp/ocsp_cl.c
index 17bab5fc59..9b3e6dd8ca 100644
--- a/src/lib/libcrypto/ocsp/ocsp_cl.c
+++ b/src/lib/libcrypto/ocsp/ocsp_cl.c
@@ -101,8 +101,6 @@ int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm)
        {
        GENERAL_NAME *gen;
        gen = GENERAL_NAME_new();
-        if (gen == NULL)
-                return 0;
        if (!X509_NAME_set(&gen->d.directoryName, nm))
                {
                GENERAL_NAME_free(gen);
diff --git a/src/lib/libcrypto/ocsp/ocsp_err.c b/src/lib/libcrypto/ocsp/ocsp_err.c
index d2f2e79f44..65e6093fbc 100644
--- a/src/lib/libcrypto/ocsp/ocsp_err.c
+++ b/src/lib/libcrypto/ocsp/ocsp_err.c
@@ -1,6 +1,6 @@
 /* crypto/ocsp/ocsp_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -71,11 +71,11 @@
 static ERR_STRING_DATA OCSP_str_functs[]=
        {
 {ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE),   "ASN1_STRING_encode"},
+{ERR_FUNC(OCSP_F_CERT_ID_NEW),  "CERT_ID_NEW"},
 {ERR_FUNC(OCSP_F_D2I_OCSP_NONCE),       "D2I_OCSP_NONCE"},
 {ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS),       "OCSP_basic_add1_status"},
 {ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN),      "OCSP_basic_sign"},
 {ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY),    "OCSP_basic_verify"},
-{ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW),     "OCSP_cert_id_new"},
 {ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"},
 {ERR_FUNC(OCSP_F_OCSP_CHECK_IDS),       "OCSP_CHECK_IDS"},
 {ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER),    "OCSP_CHECK_ISSUER"},
@@ -86,7 +86,6 @@ static ERR_STRING_DATA OCSP_str_functs[]=
 {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY),  "OCSP_request_verify"},
 {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC),     "OCSP_response_get1_basic"},
 {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO),     "OCSP_sendreq_bio"},
-{ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1),     "PARSE_HTTP_LINE1"},
 {ERR_FUNC(OCSP_F_REQUEST_VERIFY),       "REQUEST_VERIFY"},
 {0,NULL}
        };
@@ -130,12 +129,15 @@ static ERR_STRING_DATA OCSP_str_reasons[]=
 void ERR_load_OCSP_strings(void)
        {
-#ifndef OPENSSL_NO_ERR
+        static int init=1;
-        if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL)
+        if (init)
                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
                ERR_load_strings(0,OCSP_str_functs);
                ERR_load_strings(0,OCSP_str_reasons);
-                }
 #endif
+                }
        }
diff --git a/src/lib/libcrypto/ocsp/ocsp_ext.c b/src/lib/libcrypto/ocsp/ocsp_ext.c
index 815cc29d58..57399433fc 100644
--- a/src/lib/libcrypto/ocsp/ocsp_ext.c
+++ b/src/lib/libcrypto/ocsp/ocsp_ext.c
@@ -265,8 +265,8 @@ int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc)
 /* also CRL Entry Extensions */
-ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
+ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(), 
-                                void *data, STACK_OF(ASN1_OBJECT) *sk)
+                                char *data, STACK_OF(ASN1_OBJECT) *sk)
        {
        int i;
        unsigned char *p, *b = NULL;
@@ -274,23 +274,18 @@ ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
        if (data)
                {
                if ((i=i2d(data,NULL)) <= 0) goto err;
-                if (!(b=p=OPENSSL_malloc((unsigned int)i)))
+                if (!(b=p=(unsigned char*)OPENSSL_malloc((unsigned int)i)))
                        goto err;
                if (i2d(data, &p) <= 0) goto err;
                }
        else if (sk)
                {
-                if ((i=i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL,
+                if ((i=i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL,i2d,V_ASN1_SEQUENCE,
-                                                   (I2D_OF(ASN1_OBJECT))i2d,
+                                   V_ASN1_UNIVERSAL,IS_SEQUENCE))<=0) goto err;
-                                                   V_ASN1_SEQUENCE,
+                if (!(b=p=(unsigned char*)OPENSSL_malloc((unsigned int)i)))
-                                                   V_ASN1_UNIVERSAL,
-                                                   IS_SEQUENCE))<=0) goto err;
-                if (!(b=p=OPENSSL_malloc((unsigned int)i)))
                        goto err;
-                if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,(I2D_OF(ASN1_OBJECT))i2d,
+                if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,i2d,V_ASN1_SEQUENCE,
-                                                V_ASN1_SEQUENCE,
+                                 V_ASN1_UNIVERSAL,IS_SEQUENCE)<=0) goto err;
-                                                V_ASN1_UNIVERSAL,
-                                                IS_SEQUENCE)<=0) goto err;
                }
        else
                {
@@ -444,8 +439,7 @@ X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim)
                }
        if (!(x = X509_EXTENSION_new())) goto err;
        if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err;
-        if (!(ASN1_STRING_encode_of(OCSP_CRLID,x->value,i2d_OCSP_CRLID,cid,
+        if (!(ASN1_STRING_encode(x->value,i2d_OCSP_CRLID,(char*)cid,NULL)))
-                                    NULL)))
                goto err;
        OCSP_CRLID_free(cid);
        return x;
@@ -473,8 +467,7 @@ X509_EXTENSION *OCSP_accept_responses_new(char **oids)
        if (!(x = X509_EXTENSION_new())) goto err;
        if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses)))
                goto err;
-        if (!(ASN1_STRING_encode_of(ASN1_OBJECT,x->value,i2d_ASN1_OBJECT,NULL,
+        if (!(ASN1_STRING_encode(x->value,i2d_ASN1_OBJECT,NULL,sk)))
-                                    sk)))
                goto err;
        sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
        return x;
@@ -494,8 +487,8 @@ X509_EXTENSION *OCSP_archive_cutoff_new(char* tim)
        if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err;
        if (!(x = X509_EXTENSION_new())) goto err;
        if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err;
-        if (!(ASN1_STRING_encode_of(ASN1_GENERALIZEDTIME,x->value,
+        if (!(ASN1_STRING_encode(x->value,i2d_ASN1_GENERALIZEDTIME,
-                                    i2d_ASN1_GENERALIZEDTIME,gt,NULL))) goto err;
+                                 (char*)gt,NULL))) goto err;
        ASN1_GENERALIZEDTIME_free(gt);
        return x;
 err:
@@ -533,8 +526,8 @@ X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls)
        if (!(x = X509_EXTENSION_new())) goto err;
        if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator))) 
                goto err;
-        if (!(ASN1_STRING_encode_of(OCSP_SERVICELOC,x->value,
+        if (!(ASN1_STRING_encode(x->value, i2d_OCSP_SERVICELOC,
-                                    i2d_OCSP_SERVICELOC,sloc,NULL))) goto err;
+                                 (char*)sloc, NULL))) goto err;
        OCSP_SERVICELOC_free(sloc);
        return x;
 err:
diff --git a/src/lib/libcrypto/ocsp/ocsp_ht.c b/src/lib/libcrypto/ocsp/ocsp_ht.c
index a8e569b74a..2c48171883 100644
--- a/src/lib/libcrypto/ocsp/ocsp_ht.c
+++ b/src/lib/libcrypto/ocsp/ocsp_ht.c
@@ -1,9 +1,9 @@
 /* ocsp_ht.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2006.
+ * project 2000.
 */
 /* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -68,404 +68,106 @@
 #define strtoul (unsigned long)strtol
 #endif /* OPENSSL_SYS_SUNOS */
-/* Stateful OCSP request code, supporting non-blocking I/O */
+/* Quick and dirty HTTP OCSP request handler.
+ * Could make this a bit cleverer by adding
-/* Opaque OCSP request status structure */
+ * support for non blocking BIOs and a few
+ * other refinements.
-struct ocsp_req_ctx_st {
+ */
-        int state;              /* Current I/O state */
-        unsigned char *iobuf;   /* Line buffer */
-        int iobuflen;           /* Line buffer length */
-        BIO *io;                /* BIO to perform I/O with */
-        BIO *mem;               /* Memory BIO response is built into */
-        unsigned long asn1_len; /* ASN1 length of response */
-        };
-#define OCSP_MAX_REQUEST_LENGTH (100 * 1024)
-#define OCSP_MAX_LINE_LEN       4096;
-/* OCSP states */
-/* If set no reading should be performed */
-#define OHS_NOREAD              0x1000
-/* Error condition */
-#define OHS_ERROR               (0 | OHS_NOREAD)
-/* First line being read */
-#define OHS_FIRSTLINE           1
-/* MIME headers being read */
-#define OHS_HEADERS             2
-/* OCSP initial header (tag + length) being read */
-#define OHS_ASN1_HEADER         3
-/* OCSP content octets being read */
-#define OHS_ASN1_CONTENT        4
-/* Request being sent */
-#define OHS_ASN1_WRITE          (6 | OHS_NOREAD)
-/* Request being flushed */
-#define OHS_ASN1_FLUSH          (7 | OHS_NOREAD)
-/* Completed */
-#define OHS_DONE                (8 | OHS_NOREAD)
-static int parse_http_line1(char *line);
-void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx)
+OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req)
-        {
+{
-        if (rctx->mem)
+        BIO *mem = NULL;
-                BIO_free(rctx->mem);
+        char tmpbuf[1024];
-        if (rctx->iobuf)
+        OCSP_RESPONSE *resp = NULL;
-                OPENSSL_free(rctx->iobuf);
+        char *p, *q, *r;
-        OPENSSL_free(rctx);
+        int len, retcode;
+        static char req_txt[] =
+"POST %s HTTP/1.0\r\n\
+Content-Type: application/ocsp-request\r\n\
+Content-Length: %d\r\n\r\n";
+        len = i2d_OCSP_REQUEST(req, NULL);
+        if(BIO_printf(b, req_txt, path, len) < 0) {
+                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_WRITE_ERROR);
+                goto err;
        }
+        if(i2d_OCSP_REQUEST_bio(b, req) <= 0) {
-OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
+                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_WRITE_ERROR);
-                                                                int maxline)
+                goto err;
-        {
+        }
-        static char post_hdr[] = "POST %s HTTP/1.0\r\n"
+        if(!(mem = BIO_new(BIO_s_mem()))) goto err;
-        "Content-Type: application/ocsp-request\r\n"
+        /* Copy response to a memory BIO: socket bios can't do gets! */
-        "Content-Length: %d\r\n\r\n";
+        while ((len = BIO_read(b, tmpbuf, sizeof tmpbuf))) {
+                if(len < 0) {
-        OCSP_REQ_CTX *rctx;
+                        OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_READ_ERROR);
-        rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX));
+                        goto err;
-        rctx->state = OHS_FIRSTLINE;
-        rctx->mem = BIO_new(BIO_s_mem());
-        rctx->io = io;
-        if (maxline > 0)
-                rctx->iobuflen = maxline;
-        else
-                rctx->iobuflen = OCSP_MAX_LINE_LEN;
-        rctx->iobuf = OPENSSL_malloc(rctx->iobuflen);
-        if (!path)
-                path = "/";
-        if (BIO_printf(rctx->mem, post_hdr, path,
-                                i2d_OCSP_REQUEST(req, NULL)) <= 0)
-                {
-                rctx->state = OHS_ERROR;
-                return 0;
-                }
-        if (i2d_OCSP_REQUEST_bio(rctx->mem, req) <= 0)
-                {
-                rctx->state = OHS_ERROR;
-                return 0;
                }
-        rctx->state = OHS_ASN1_WRITE;
+                BIO_write(mem, tmpbuf, len);
-        rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL);
-        return rctx;
        }
+        if(BIO_gets(mem, tmpbuf, 512) <= 0) {
+                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+                goto err;
+        }
+        /* Parse the HTTP response. This will look like this:
+         * "HTTP/1.0 200 OK". We need to obtain the numeric code and
+         * (optional) informational message.
+         */
-/* Parse the HTTP response. This will look like this:
- * "HTTP/1.0 200 OK". We need to obtain the numeric code and
- * (optional) informational message.
- */
-static int parse_http_line1(char *line)
-        {
-        int retcode;
-        char *p, *q, *r;
        /* Skip to first white space (passed protocol info) */
+        for(p = tmpbuf; *p && !isspace((unsigned char)*p); p++) continue;
-        for(p = line; *p && !isspace((unsigned char)*p); p++)
+        if(!*p) {
-                continue;
+                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
-        if(!*p)
+                goto err;
-                {
+        }
-                OCSPerr(OCSP_F_PARSE_HTTP_LINE1,
-                                        OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
-                return 0;
-                }
        /* Skip past white space to start of response code */
-        while(*p && isspace((unsigned char)*p))
+        while(isspace((unsigned char)*p)) p++;
-                p++;
+        if(!*p) {
+                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
-        if(!*p)
+                goto err;
-                {
+        }
-                OCSPerr(OCSP_F_PARSE_HTTP_LINE1,
-                                        OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
-                return 0;
-                }
        /* Find end of response code: first whitespace after start of code */
-        for(q = p; *q && !isspace((unsigned char)*q); q++)
+        for(q = p; *q && !isspace((unsigned char)*q); q++) continue;
-                continue;
+        if(!*q) {
+                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
-        if(!*q)
+                goto err;
-                {
+        }
-                OCSPerr(OCSP_F_PARSE_HTTP_LINE1,
-                                        OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
-                return 0;
-                }
        /* Set end of response code and start of message */ 
        *q++ = 0;
        /* Attempt to parse numeric code */
        retcode = strtoul(p, &r, 10);
+        if(*r) goto err;
-        if(*r)
-                return 0;
        /* Skip over any leading white space in message */
-        while(*q && isspace((unsigned char)*q))
+        while(isspace((unsigned char)*q))  q++;
-                q++;
+        if(*q) {
+        /* Finally zap any trailing white space in message (include CRLF) */
-        if(*q)
+        /* We know q has a non white space character so this is OK */
-                {
+                for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) *r = 0;
-                /* Finally zap any trailing white space in message (include
+        }
-                 * CRLF) */
+        if(retcode != 200) {
+                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_ERROR);
-                /* We know q has a non white space character so this is OK */
+                if(!*q) { 
-                for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--)
-                        *r = 0;
-                }
-        if(retcode != 200)
-                {
-                OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_ERROR);
-                if(!*q)
                        ERR_add_error_data(2, "Code=", p);
-                else
+                }
+                else {
                        ERR_add_error_data(4, "Code=", p, ",Reason=", q);
-                return 0;
                }
+                goto err;
-        return 1;
        }
+        /* Find blank line marking beginning of content */      
-int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
+        while(BIO_gets(mem, tmpbuf, 512) > 0)
        {
-        int i, n;
+                for(p = tmpbuf; isspace((unsigned char)*p); p++) continue;
-        const unsigned char *p;
+                if(!*p) break;
-        next_io:
-        if (!(rctx->state & OHS_NOREAD))
-                {
-                n = BIO_read(rctx->io, rctx->iobuf, rctx->iobuflen);
-                if (n <= 0)
-                        {
-                        if (BIO_should_retry(rctx->io))
-                                return -1;
-                        return 0;
-                        }
-                /* Write data to memory BIO */
-                if (BIO_write(rctx->mem, rctx->iobuf, n) != n)
-                        return 0;
-                }
-        switch(rctx->state)
-                {
-                case OHS_ASN1_WRITE:
-                n = BIO_get_mem_data(rctx->mem, &p);
-                i = BIO_write(rctx->io,
-                        p + (n - rctx->asn1_len), rctx->asn1_len);
-                if (i <= 0)
-                        {
-                        if (BIO_should_retry(rctx->io))
-                                return -1;
-                        rctx->state = OHS_ERROR;
-                        return 0;
-                        }
-                rctx->asn1_len -= i;
-                if (rctx->asn1_len > 0)
-                        goto next_io;
-                rctx->state = OHS_ASN1_FLUSH;
-                (void)BIO_reset(rctx->mem);
-                case OHS_ASN1_FLUSH:
-                i = BIO_flush(rctx->io);
-                if (i > 0)
-                        {
-                        rctx->state = OHS_FIRSTLINE;
-                        goto next_io;
-                        }
-                if (BIO_should_retry(rctx->io))
-                        return -1;
-                rctx->state = OHS_ERROR;
-                return 0;
-                case OHS_ERROR:
-                return 0;
-                case OHS_FIRSTLINE:
-                case OHS_HEADERS:
-                /* Attempt to read a line in */
-                next_line:
-                /* Due to &%^*$" memory BIO behaviour with BIO_gets we
-                 * have to check there's a complete line in there before
-                 * calling BIO_gets or we'll just get a partial read.
-                 */
-                n = BIO_get_mem_data(rctx->mem, &p);
-                if ((n <= 0) || !memchr(p, '\n', n))
-                        {
-                        if (n >= rctx->iobuflen)
-                                {
-                                rctx->state = OHS_ERROR;
-                                return 0;
-                                }
-                        goto next_io;
-                        }
-                n = BIO_gets(rctx->mem, (char *)rctx->iobuf, rctx->iobuflen);
-                if (n <= 0)
-                        {
-                        if (BIO_should_retry(rctx->mem))
-                                goto next_io;
-                        rctx->state = OHS_ERROR;
-                        return 0;
-                        }
-                /* Don't allow excessive lines */
-                if (n == rctx->iobuflen)
-                        {
-                        rctx->state = OHS_ERROR;
-                        return 0;
-                        }
-                /* First line */
-                if (rctx->state == OHS_FIRSTLINE)
-                        {
-                        if (parse_http_line1((char *)rctx->iobuf))
-                                {
-                                rctx->state = OHS_HEADERS;
-                                goto next_line;
-                                }
-                        else
-                                {
-                                rctx->state = OHS_ERROR;
-                                return 0;
-                                }
-                        }
-                else
-                        {
-                        /* Look for blank line: end of headers */
-                        for (p = rctx->iobuf; *p; p++)
-                                {
-                                if ((*p != '\r') && (*p != '\n'))
-                                        break;
-                                }
-                        if (*p)
-                                goto next_line;
-                        rctx->state = OHS_ASN1_HEADER;
-                        }
- 
-                /* Fall thru */
-                case OHS_ASN1_HEADER:
-                /* Now reading ASN1 header: can read at least 6 bytes which
-                 * is more than enough for any valid ASN1 SEQUENCE header
-                 */
-                n = BIO_get_mem_data(rctx->mem, &p);
-                if (n < 6)
-                        goto next_io;
-                /* Check it is an ASN1 SEQUENCE */
-                if (*p++ != (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED))
-                        {
-                        rctx->state = OHS_ERROR;
-                        return 0;
-                        }
-                /* Check out length field */
-                if (*p & 0x80)
-                        {
-                        n = *p & 0x7F;
-                        /* Not NDEF or excessive length */
-                        if (!n || (n > 4))
-                                {
-                                rctx->state = OHS_ERROR;
-                                return 0;
-                                }
-                        p++;
-                        rctx->asn1_len = 0;
-                        for (i = 0; i < n; i++)
-                                {
-                                rctx->asn1_len <<= 8;
-                                rctx->asn1_len |= *p++;
-                                }
-                        if (rctx->asn1_len > OCSP_MAX_REQUEST_LENGTH)
-                                {
-                                rctx->state = OHS_ERROR;
-                                return 0;
-                                }
-                        rctx->asn1_len += n + 2;
-                        }
-                else
-                        rctx->asn1_len = *p + 2;
-                rctx->state = OHS_ASN1_CONTENT;
-                /* Fall thru */
-                
-                case OHS_ASN1_CONTENT:
-                n = BIO_get_mem_data(rctx->mem, &p);
-                if (n < (int)rctx->asn1_len)
-                        goto next_io;
-                *presp = d2i_OCSP_RESPONSE(NULL, &p, rctx->asn1_len);
-                if (*presp)
-                        {
-                        rctx->state = OHS_DONE;
-                        return 1;
-                        }
-                rctx->state = OHS_ERROR;
-                return 0;
-                break;
-                case OHS_DONE:
-                return 1;
-                }
-        return 0;
        }
+        if(*p) {
-/* Blocking OCSP request handler: now a special case of non-blocking I/O */
+                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_NO_CONTENT);
+                goto err;
-OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req)
+        }
-        {
+        if(!(resp = d2i_OCSP_RESPONSE_bio(mem, NULL))) {
-        OCSP_RESPONSE *resp = NULL;
+                OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,ERR_R_NESTED_ASN1_ERROR);
-        OCSP_REQ_CTX *ctx;
+                goto err;
-        int rv;
-        ctx = OCSP_sendreq_new(b, path, req, -1);
-        do
-                {
-                rv = OCSP_sendreq_nbio(&resp, ctx);
-                } while ((rv == -1) && BIO_should_retry(b));
-        OCSP_REQ_CTX_free(ctx);
-        if (rv)
-                return resp;
-        return NULL;
        }
+        err:
+        BIO_free(mem);
+        return resp;
+}
diff --git a/src/lib/libcrypto/ocsp/ocsp_lib.c b/src/lib/libcrypto/ocsp/ocsp_lib.c
index 27450811d7..9e87fc7895 100644
--- a/src/lib/libcrypto/ocsp/ocsp_lib.c
+++ b/src/lib/libcrypto/ocsp/ocsp_lib.c
@@ -112,7 +112,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
        if (alg->algorithm != NULL) ASN1_OBJECT_free(alg->algorithm);
        if ((nid = EVP_MD_type(dgst)) == NID_undef)
                {
-                OCSPerr(OCSP_F_OCSP_CERT_ID_NEW,OCSP_R_UNKNOWN_NID);
+                OCSPerr(OCSP_F_CERT_ID_NEW,OCSP_R_UNKNOWN_NID);
                goto err;
                }
        if (!(alg->algorithm=OBJ_nid2obj(nid))) goto err;
@@ -134,7 +134,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
                }
        return cid;
 digerr:
-        OCSPerr(OCSP_F_OCSP_CERT_ID_NEW,OCSP_R_DIGEST_ERR);
+        OCSPerr(OCSP_F_CERT_ID_NEW,OCSP_R_DIGEST_ERR);
 err:
        if (cid) OCSP_CERTID_free(cid);
        return NULL;
diff --git a/src/lib/libcrypto/ocsp/ocsp_prn.c b/src/lib/libcrypto/ocsp/ocsp_prn.c
index 3dfb51c1e4..4b7bc28769 100644
--- a/src/lib/libcrypto/ocsp/ocsp_prn.c
+++ b/src/lib/libcrypto/ocsp/ocsp_prn.c
@@ -194,7 +194,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
        if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) goto err;
        l=ASN1_ENUMERATED_get(o->responseStatus);
-        if (BIO_printf(bp,"    OCSP Response Status: %s (0x%lx)\n",
+        if (BIO_printf(bp,"    OCSP Response Status: %s (0x%x)\n",
                       OCSP_response_status_str(l), l) <= 0) goto err;
        if (rb == NULL) return 1;
        if (BIO_puts(bp,"    Response Type: ") <= 0)
@@ -252,7 +252,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
                                {
                                l=ASN1_ENUMERATED_get(rev->revocationReason);
                                if (BIO_printf(bp, 
-                                         "\n    Revocation Reason: %s (0x%lx)",
+                                         "\n    Revocation Reason: %s (0x%x)",
                                               OCSP_crl_reason_str(l), l) <= 0)
                                        goto err;
                                }
diff --git a/src/lib/libcrypto/ocsp/ocsp_vfy.c b/src/lib/libcrypto/ocsp/ocsp_vfy.c
index 23ea41c847..3d58dfb06c 100644
--- a/src/lib/libcrypto/ocsp/ocsp_vfy.c
+++ b/src/lib/libcrypto/ocsp/ocsp_vfy.c
@@ -367,7 +367,7 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *st
                return 0;
                }
        gen = req->tbsRequest->requestorName;
-        if (!gen || gen->type != GEN_DIRNAME)
+        if (gen->type != GEN_DIRNAME)
                {
                OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
                return 0;
diff --git a/src/lib/libcrypto/opensslconf.h.in b/src/lib/libcrypto/opensslconf.h.in
new file mode 100644
index 0000000000..685e83b7a3
--- /dev/null
+++ b/src/lib/libcrypto/opensslconf.h.in
@@ -0,0 +1,158 @@
+/* crypto/opensslconf.h.in */
+/* Generate 80386 code? */
+#undef I386_ONLY
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define OPENSSLDIR "/usr/local/ssl"
+#endif
+#endif
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned long
+#endif
+#endif
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#undef BN_LLONG
+/* Should we define BN_DIV2W here? */
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#undef RC4_INDEX
+#endif
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#undef DES_UNROLL
+#endif
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )              /* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )       /* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )       /* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )          /* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )         /* HP-PA */
+  /* Unknown */
+#elif defined( __aux )          /* 68K */
+  /* Unknown */
+#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )          /* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/opensslv.h b/src/lib/libcrypto/opensslv.h
index b308894f18..e50c1baf00 100644
--- a/src/lib/libcrypto/opensslv.h
+++ b/src/lib/libcrypto/opensslv.h
@@ -12,7 +12,7 @@
 * 0.9.3-beta2    0x00903002 (same as ...beta2-dev)
 * 0.9.3          0x0090300f
 * 0.9.3a         0x0090301f
- * 0.9.4          0x0090400f
+ * 0.9.4          0x0090400f
 * 1.2.3z         0x102031af
 *
 * For continuity reasons (because 0.9.5 is already out, and is coded
@@ -25,11 +25,11 @@
 * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
 *  major minor fix final patch/beta)
 */
-#define OPENSSL_VERSION_NUMBER  0x0090808fL
+#define OPENSSL_VERSION_NUMBER  0x009070afL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.8h-fips 28 May 2008"
+#define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.7j-fips 04 May 2006"
 #else
-#define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.8h 28 May 2008"
+#define OPENSSL_VERSION_TEXT    "OpenSSL 0.9.7j 04 May 2006"
 #endif
 #define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
@@ -83,7 +83,7 @@
 * should only keep the versions that are binary compatible with the current.
 */
 #define SHLIB_VERSION_HISTORY ""
-#define SHLIB_VERSION_NUMBER "0.9.8"
+#define SHLIB_VERSION_NUMBER "0.9.7"
 #endif /* HEADER_OPENSSLV_H */
diff --git a/src/lib/libcrypto/ossl_typ.h b/src/lib/libcrypto/ossl_typ.h
index 345fb1dc4d..285fd0b1d9 100644
--- a/src/lib/libcrypto/ossl_typ.h
+++ b/src/lib/libcrypto/ossl_typ.h
@@ -97,43 +97,15 @@ typedef int ASN1_NULL;
 #ifdef OPENSSL_SYS_WIN32
 #undef X509_NAME
-#undef X509_EXTENSIONS
-#undef X509_CERT_PAIR
 #undef PKCS7_ISSUER_AND_SERIAL
 #endif
-#ifdef BIGNUM
-#undef BIGNUM
-#endif
-typedef struct bignum_st BIGNUM;
-typedef struct bignum_ctx BN_CTX;
-typedef struct bn_blinding_st BN_BLINDING;
-typedef struct bn_mont_ctx_st BN_MONT_CTX;
-typedef struct bn_recp_ctx_st BN_RECP_CTX;
-typedef struct bn_gencb_st BN_GENCB;
-typedef struct buf_mem_st BUF_MEM;
 typedef struct evp_cipher_st EVP_CIPHER;
 typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
 typedef struct env_md_st EVP_MD;
 typedef struct env_md_ctx_st EVP_MD_CTX;
 typedef struct evp_pkey_st EVP_PKEY;
-typedef struct dh_st DH;
-typedef struct dh_method DH_METHOD;
-typedef struct dsa_st DSA;
-typedef struct dsa_method DSA_METHOD;
-typedef struct rsa_st RSA;
-typedef struct rsa_meth_st RSA_METHOD;
-typedef struct rand_meth_st RAND_METHOD;
-typedef struct ecdh_method ECDH_METHOD;
-typedef struct ecdsa_method ECDSA_METHOD;
 typedef struct x509_st X509;
 typedef struct X509_algor_st X509_ALGOR;
 typedef struct X509_crl_st X509_CRL;
@@ -141,39 +113,10 @@ typedef struct X509_name_st X509_NAME;
 typedef struct x509_store_st X509_STORE;
 typedef struct x509_store_ctx_st X509_STORE_CTX;
-typedef struct v3_ext_ctx X509V3_CTX;
-typedef struct conf_st CONF;
-typedef struct store_st STORE;
-typedef struct store_method_st STORE_METHOD;
-typedef struct ui_st UI;
-typedef struct ui_method_st UI_METHOD;
-typedef struct st_ERR_FNS ERR_FNS;
 typedef struct engine_st ENGINE;
-typedef struct X509_POLICY_NODE_st X509_POLICY_NODE;
-typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL;
-typedef struct X509_POLICY_TREE_st X509_POLICY_TREE;
-typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE;
  /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */
 #define DECLARE_PKCS12_STACK_OF(type) /* Nothing */
 #define IMPLEMENT_PKCS12_STACK_OF(type) /* Nothing */
-typedef struct crypto_ex_data_st CRYPTO_EX_DATA;
-/* Callback types for crypto.h */
-typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-                                        int idx, long argl, void *argp);
-typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-                                        int idx, long argl, void *argp);
-typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, 
-                                        int idx, long argl, void *argp);
-typedef struct ocsp_req_ctx_st OCSP_REQ_CTX;
-typedef struct ocsp_response_st OCSP_RESPONSE;
-typedef struct ocsp_responder_id_st OCSP_RESPID;
 #endif /* def HEADER_OPENSSL_TYPES_H */
diff --git a/src/lib/libcrypto/pem/Makefile b/src/lib/libcrypto/pem/Makefile
new file mode 100644
index 0000000000..742194fd24
--- /dev/null
+++ b/src/lib/libcrypto/pem/Makefile
@@ -0,0 +1,241 @@
+#
+# OpenSSL/crypto/pem/Makefile
+#
+DIR=    pem
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c \
+        pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c
+LIBOBJ= pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o pem_err.o \
+        pem_x509.o pem_xaux.o pem_oth.o pem_pk8.o pem_pkey.o
+SRC= $(LIBSRC)
+EXHEADER= pem.h pem2.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links: $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+pem_all.o: ../../e_os.h ../../include/openssl/asn1.h
+pem_all.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pem_all.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+pem_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pem_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pem_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+pem_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pem_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+pem_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pem_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_all.c
+pem_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+pem_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pem_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pem_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_err.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pem_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pem_err.o: ../../include/openssl/x509_vfy.h pem_err.c
+pem_info.o: ../../e_os.h ../../include/openssl/asn1.h
+pem_info.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pem_info.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+pem_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pem_info.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pem_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pem_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_info.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+pem_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_info.o: ../cryptlib.h pem_info.c
+pem_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+pem_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pem_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_lib.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+pem_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pem_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pem_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+pem_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pem_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+pem_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
+pem_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_lib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_lib.o: ../cryptlib.h pem_lib.c
+pem_oth.o: ../../e_os.h ../../include/openssl/asn1.h
+pem_oth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pem_oth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pem_oth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pem_oth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pem_oth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+pem_oth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_oth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pem_oth.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+pem_oth.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_oth.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+pem_oth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_oth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pem_oth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_oth.c
+pem_pk8.o: ../../e_os.h ../../include/openssl/asn1.h
+pem_pk8.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pem_pk8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pem_pk8.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pem_pk8.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pem_pk8.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+pem_pk8.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_pk8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pem_pk8.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+pem_pk8.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
+pem_pk8.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_pk8.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_pk8.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_pk8.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_pk8.o: ../cryptlib.h pem_pk8.c
+pem_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+pem_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pem_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pem_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pem_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pem_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+pem_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_pkey.o: ../../include/openssl/opensslconf.h
+pem_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_pkey.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_pkey.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+pem_pkey.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+pem_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pem_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_pkey.c
+pem_seal.o: ../../e_os.h ../../include/openssl/asn1.h
+pem_seal.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pem_seal.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pem_seal.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pem_seal.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pem_seal.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+pem_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_seal.o: ../../include/openssl/opensslconf.h
+pem_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_seal.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pem_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_seal.c
+pem_sign.o: ../../e_os.h ../../include/openssl/asn1.h
+pem_sign.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pem_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pem_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pem_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pem_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+pem_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_sign.o: ../../include/openssl/opensslconf.h
+pem_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_sign.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_sign.o: ../cryptlib.h pem_sign.c
+pem_x509.o: ../../e_os.h ../../include/openssl/asn1.h
+pem_x509.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pem_x509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pem_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pem_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pem_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+pem_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_x509.o: ../../include/openssl/opensslconf.h
+pem_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_x509.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pem_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pem_x509.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_x509.c
+pem_xaux.o: ../../e_os.h ../../include/openssl/asn1.h
+pem_xaux.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pem_xaux.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pem_xaux.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pem_xaux.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pem_xaux.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+pem_xaux.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_xaux.o: ../../include/openssl/opensslconf.h
+pem_xaux.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_xaux.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_xaux.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pem_xaux.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_xaux.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pem_xaux.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_xaux.c
diff --git a/src/lib/libcrypto/pem/Makefile.ssl b/src/lib/libcrypto/pem/Makefile.ssl
new file mode 100644
index 0000000000..d3043eb401
--- /dev/null
+++ b/src/lib/libcrypto/pem/Makefile.ssl
@@ -0,0 +1,336 @@
+#
+# SSLeay/crypto/pem/Makefile
+#
+DIR=    pem
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c \
+        pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c
+LIBOBJ= pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o pem_err.o \
+        pem_x509.o pem_xaux.o pem_oth.o pem_pk8.o pem_pkey.o
+SRC= $(LIBSRC)
+EXHEADER= pem.h pem2.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links: $(EXHEADER)
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+pem_all.o: ../../e_os.h ../../include/openssl/aes.h
+pem_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_all.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pem_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+pem_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pem_all.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pem_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_all.c
+pem_err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+pem_err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+pem_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+pem_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+pem_err.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+pem_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pem_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pem_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pem_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pem_err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pem_err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pem_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_err.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pem_err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_err.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_err.o: pem_err.c
+pem_info.o: ../../e_os.h ../../include/openssl/aes.h
+pem_info.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_info.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_info.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_info.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_info.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_info.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_info.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_info.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_info.o: ../../include/openssl/opensslconf.h
+pem_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_info.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pem_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_info.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_info.o: ../cryptlib.h pem_info.c
+pem_lib.o: ../../e_os.h ../../include/openssl/aes.h
+pem_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pem_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+pem_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
+pem_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pem_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pem_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_lib.c
+pem_oth.o: ../../e_os.h ../../include/openssl/aes.h
+pem_oth.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_oth.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_oth.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_oth.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_oth.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_oth.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_oth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_oth.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_oth.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_oth.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_oth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_oth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pem_oth.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+pem_oth.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_oth.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+pem_oth.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_oth.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_oth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_oth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_oth.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_oth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_oth.o: ../cryptlib.h pem_oth.c
+pem_pk8.o: ../../e_os.h ../../include/openssl/aes.h
+pem_pk8.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_pk8.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_pk8.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_pk8.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_pk8.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_pk8.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_pk8.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_pk8.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_pk8.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_pk8.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_pk8.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_pk8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pem_pk8.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+pem_pk8.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
+pem_pk8.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_pk8.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_pk8.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_pk8.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_pk8.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_pk8.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pem_pk8.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pem_pk8.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_pk8.c
+pem_pkey.o: ../../e_os.h ../../include/openssl/aes.h
+pem_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_pkey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_pkey.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_pkey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_pkey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_pkey.o: ../../include/openssl/opensslconf.h
+pem_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_pkey.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_pkey.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+pem_pkey.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+pem_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_pkey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_pkey.o: ../cryptlib.h pem_pkey.c
+pem_seal.o: ../../e_os.h ../../include/openssl/aes.h
+pem_seal.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_seal.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_seal.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_seal.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_seal.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_seal.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_seal.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_seal.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_seal.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_seal.o: ../../include/openssl/opensslconf.h
+pem_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_seal.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_seal.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_seal.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pem_seal.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pem_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_seal.c
+pem_sign.o: ../../e_os.h ../../include/openssl/aes.h
+pem_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_sign.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_sign.o: ../../include/openssl/opensslconf.h
+pem_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_sign.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pem_sign.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pem_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_sign.c
+pem_x509.o: ../../e_os.h ../../include/openssl/aes.h
+pem_x509.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_x509.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_x509.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_x509.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_x509.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_x509.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_x509.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_x509.o: ../../include/openssl/opensslconf.h
+pem_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_x509.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pem_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_x509.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_x509.o: ../cryptlib.h pem_x509.c
+pem_xaux.o: ../../e_os.h ../../include/openssl/aes.h
+pem_xaux.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_xaux.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_xaux.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_xaux.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_xaux.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_xaux.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_xaux.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_xaux.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_xaux.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_xaux.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_xaux.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_xaux.o: ../../include/openssl/opensslconf.h
+pem_xaux.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_xaux.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_xaux.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pem_xaux.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_xaux.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_xaux.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_xaux.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_xaux.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_xaux.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_xaux.o: ../cryptlib.h pem_xaux.c
diff --git a/src/lib/libcrypto/pem/pem.h b/src/lib/libcrypto/pem/pem.h
index 670afa670b..d330cbf9a3 100644
--- a/src/lib/libcrypto/pem/pem.h
+++ b/src/lib/libcrypto/pem/pem.h
@@ -59,7 +59,6 @@
 #ifndef HEADER_PEM_H
 #define HEADER_PEM_H
-#include <openssl/e_os2.h>
 #ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
@@ -69,6 +68,7 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem2.h>
+#include <openssl/e_os2.h>
 #ifdef  __cplusplus
 extern "C" {
@@ -91,9 +91,6 @@ extern "C" {
 #define PEM_OBJ_DHPARAMS        17
 #define PEM_OBJ_DSAPARAMS       18
 #define PEM_OBJ_PRIV_RSA_PUBLIC 19
-#define PEM_OBJ_PRIV_ECDSA      20
-#define PEM_OBJ_PUB_ECDSA       21
-#define PEM_OBJ_ECPARAMETERS    22
 #define PEM_ERROR               30
 #define PEM_DEK_DES_CBC         40
@@ -113,7 +110,6 @@ extern "C" {
 #define PEM_STRING_X509_OLD     "X509 CERTIFICATE"
 #define PEM_STRING_X509         "CERTIFICATE"
-#define PEM_STRING_X509_PAIR    "CERTIFICATE PAIR"
 #define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE"
 #define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST"
 #define PEM_STRING_X509_REQ     "CERTIFICATE REQUEST"
@@ -130,10 +126,6 @@ extern "C" {
 #define PEM_STRING_DHPARAMS     "DH PARAMETERS"
 #define PEM_STRING_SSL_SESSION  "SSL SESSION PARAMETERS"
 #define PEM_STRING_DSAPARAMS    "DSA PARAMETERS"
-#define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
-#define PEM_STRING_ECPARAMETERS "EC PARAMETERS"
-#define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
-#define PEM_STRING_CMS          "CMS"
  /* Note that this structure is initialised by PEM_SealInit and cleaned up
     by PEM_SealFinal (at least for now) */
@@ -221,50 +213,24 @@ typedef struct pem_ctx_st
 #define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
 type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
 { \
-    return (type*)PEM_ASN1_read(CHECKED_D2I_OF(type, d2i_##asn1), \
+return((type *)PEM_ASN1_read((char *(*)())d2i_##asn1, str,fp,(char **)x,\
-                                str, fp, \
+        cb,u)); \
-                                CHECKED_PPTR_OF(type, x), \
+} \
-                                cb, u); \
-} 
 #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
 int PEM_write_##name(FILE *fp, type *x) \
 { \
-    return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \
+return(PEM_ASN1_write((int (*)())i2d_##asn1,str,fp, (char *)x, \
-                          str, fp, \
+                                                         NULL,NULL,0,NULL,NULL)); \
-                          CHECKED_PTR_OF(type, x), \
+} 
-                          NULL, NULL, 0, NULL, NULL); \
-}
-#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \
-int PEM_write_##name(FILE *fp, const type *x) \
-{ \
-    return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \
-                          str, fp, \
-                          CHECKED_PTR_OF(const type, x), \
-                          NULL, NULL, 0, NULL, NULL); \
-}
 #define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
 int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
             unsigned char *kstr, int klen, pem_password_cb *cb, \
                  void *u) \
        { \
-            return PEM_ASN1_write(CHECKED_I2D_OF(type, i2d_##asn1), \
+        return(PEM_ASN1_write((int (*)())i2d_##asn1,str,fp, \
-                                  str, fp, \
+                (char *)x,enc,kstr,klen,cb,u)); \
-                                  CHECKED_PTR_OF(type, x), \
-                                  enc, kstr, klen, cb, u); \
-        }
-#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \
-int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
-             unsigned char *kstr, int klen, pem_password_cb *cb, \
-                  void *u) \
-        { \
-            return PEM_ASN1_write(CHECKED_I2D_OF(const type, i2d_##asn1), \
-                                  str, fp, \
-                                  CHECKED_PTR_OF(const type, x), \
-                                  enc, kstr, klen, cb, u); \
        }
 #endif
@@ -272,66 +238,33 @@ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
 #define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
 type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\
 { \
-    return (type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i_##asn1), \
+return((type *)PEM_ASN1_read_bio((char *(*)())d2i_##asn1, str,bp,\
-                                    str, bp, \
+                                                        (char **)x,cb,u)); \
-                                    CHECKED_PPTR_OF(type, x), \
-                                    cb, u); \
 }
 #define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
 int PEM_write_bio_##name(BIO *bp, type *x) \
 { \
-    return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \
+return(PEM_ASN1_write_bio((int (*)())i2d_##asn1,str,bp, (char *)x, \
-                              str, bp, \
+                                                         NULL,NULL,0,NULL,NULL)); \
-                              CHECKED_PTR_OF(type, x), \
-                              NULL, NULL, 0, NULL, NULL); \
-}
-#define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
-int PEM_write_bio_##name(BIO *bp, const type *x) \
-{ \
-    return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \
-                              str, bp, \
-                              CHECKED_PTR_OF(const type, x), \
-                              NULL, NULL, 0, NULL, NULL); \
 }
 #define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
 int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
             unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
        { \
-            return PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d_##asn1), \
+        return(PEM_ASN1_write_bio((int (*)())i2d_##asn1,str,bp, \
-                                      str, bp, \
+                (char *)x,enc,kstr,klen,cb,u)); \
-                                      CHECKED_PTR_OF(type, x), \
-                                      enc, kstr, klen, cb, u); \
-        }
-#define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
-int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
-             unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
-        { \
-            return PEM_ASN1_write_bio(CHECKED_I2D_OF(const type, i2d_##asn1), \
-                                      str, bp, \
-                                      CHECKED_PTR_OF(const type, x), \
-                                      enc, kstr, klen, cb, u); \
        }
 #define IMPLEMENT_PEM_write(name, type, str, asn1) \
        IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
        IMPLEMENT_PEM_write_fp(name, type, str, asn1) 
-#define IMPLEMENT_PEM_write_const(name, type, str, asn1) \
-        IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
-        IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) 
 #define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \
        IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
        IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) 
-#define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \
-        IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
-        IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) 
 #define IMPLEMENT_PEM_read(name, type, str, asn1) \
        IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
        IMPLEMENT_PEM_read_fp(name, type, str, asn1) 
@@ -340,10 +273,6 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
        IMPLEMENT_PEM_read(name, type, str, asn1) \
        IMPLEMENT_PEM_write(name, type, str, asn1)
-#define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \
-        IMPLEMENT_PEM_read(name, type, str, asn1) \
-        IMPLEMENT_PEM_write_const(name, type, str, asn1)
 #define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \
        IMPLEMENT_PEM_read(name, type, str, asn1) \
        IMPLEMENT_PEM_write_cb(name, type, str, asn1)
@@ -364,9 +293,6 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
 #define DECLARE_PEM_write_fp(name, type) \
        int PEM_write_##name(FILE *fp, type *x);
-#define DECLARE_PEM_write_fp_const(name, type) \
-        int PEM_write_##name(FILE *fp, const type *x);
 #define DECLARE_PEM_write_cb_fp(name, type) \
        int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
             unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
@@ -380,9 +306,6 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
 #define DECLARE_PEM_write_bio(name, type) \
        int PEM_write_bio_##name(BIO *bp, type *x);
-#define DECLARE_PEM_write_bio_const(name, type) \
-        int PEM_write_bio_##name(BIO *bp, const type *x);
 #define DECLARE_PEM_write_cb_bio(name, type) \
        int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
             unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
@@ -399,10 +322,6 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
        DECLARE_PEM_write_bio(name, type) \
        DECLARE_PEM_write_fp(name, type) 
-#define DECLARE_PEM_write_const(name, type) \
-        DECLARE_PEM_write_bio_const(name, type) \
-        DECLARE_PEM_write_fp_const(name, type)
 #define DECLARE_PEM_write_cb(name, type) \
        DECLARE_PEM_write_cb_bio(name, type) \
        DECLARE_PEM_write_cb_fp(name, type) 
@@ -415,10 +334,6 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
        DECLARE_PEM_read(name, type) \
        DECLARE_PEM_write(name, type)
-#define DECLARE_PEM_rw_const(name, type) \
-        DECLARE_PEM_read(name, type) \
-        DECLARE_PEM_write_const(name, type)
 #define DECLARE_PEM_rw_cb(name, type) \
        DECLARE_PEM_read(name, type) \
        DECLARE_PEM_write_cb(name, type)
@@ -488,6 +403,9 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
        (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,fp,\
                                                        (char **)x,cb,u)
+#define PEM_write_bio_SSL_SESSION(bp,x) \
+                PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \
+                        PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_bio_X509(bp,x) \
                PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \
                        (char *)x, NULL,NULL,0,NULL,NULL)
@@ -526,6 +444,8 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
                        PEM_STRING_X509,bp, \
                        (char *)x, NULL,NULL,0,NULL,NULL)
+#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb,u)
 #define PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \
        (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u)
 #define PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \
@@ -574,25 +494,11 @@ int	PEM_write_bio(BIO *bp,const char *name,char *hdr,unsigned char *data,
                long len);
 int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp,
             pem_password_cb *cb, void *u);
-void *  PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp,
+char *  PEM_ASN1_read_bio(char *(*d2i)(),const char *name,BIO *bp,char **x,
-                          void **x, pem_password_cb *cb, void *u);
+                pem_password_cb *cb, void *u);
+int     PEM_ASN1_write_bio(int (*i2d)(),const char *name,BIO *bp,char *x,
-#define PEM_ASN1_read_bio_of(type,d2i,name,bp,x,cb,u) \
-    ((type*)PEM_ASN1_read_bio(CHECKED_D2I_OF(type, d2i), \
-                              name, bp,                 \
-                              CHECKED_PPTR_OF(type, x), \
-                              cb, u))
-int     PEM_ASN1_write_bio(i2d_of_void *i2d,const char *name,BIO *bp,char *x,
                           const EVP_CIPHER *enc,unsigned char *kstr,int klen,
                           pem_password_cb *cb, void *u);
-#define PEM_ASN1_write_bio_of(type,i2d,name,bp,x,enc,kstr,klen,cb,u) \
-    (PEM_ASN1_write_bio(CHECKED_I2D_OF(type, i2d), \
-                        name, bp,                  \
-                        CHECKED_PTR_OF(type, x), \
-                        enc, kstr, klen, cb, u))
 STACK_OF(X509_INFO) *   PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
 int     PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc,
                unsigned char *kstr, int klen, pem_password_cb *cd, void *u);
@@ -602,11 +508,11 @@ int	PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc,
 int     PEM_read(FILE *fp, char **name, char **header,
                unsigned char **data,long *len);
 int     PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len);
-void *  PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
+char *  PEM_ASN1_read(char *(*d2i)(),const char *name,FILE *fp,char **x,
-                      pem_password_cb *cb, void *u);
+        pem_password_cb *cb, void *u);
-int     PEM_ASN1_write(i2d_of_void *i2d,const char *name,FILE *fp,
+int     PEM_ASN1_write(int (*i2d)(),const char *name,FILE *fp,char *x,
-                       char *x,const EVP_CIPHER *enc,unsigned char *kstr,
+                       const EVP_CIPHER *enc,unsigned char *kstr,int klen,
-                       int klen,pem_password_cb *callback, void *u);
+                       pem_password_cb *callback, void *u);
 STACK_OF(X509_INFO) *   PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
        pem_password_cb *cb, void *u);
 #endif
@@ -636,8 +542,6 @@ DECLARE_PEM_rw(X509, X509)
 DECLARE_PEM_rw(X509_AUX, X509)
-DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR)
 DECLARE_PEM_rw(X509_REQ, X509_REQ)
 DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
@@ -655,7 +559,7 @@ DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
 DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
-DECLARE_PEM_rw_const(RSAPublicKey, RSA)
+DECLARE_PEM_rw(RSAPublicKey, RSA)
 DECLARE_PEM_rw(RSA_PUBKEY, RSA)
 #endif
@@ -666,19 +570,13 @@ DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
 DECLARE_PEM_rw(DSA_PUBKEY, DSA)
-DECLARE_PEM_rw_const(DSAparams, DSA)
+DECLARE_PEM_rw(DSAparams, DSA)
-#endif
-#ifndef OPENSSL_NO_EC
-DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP)
-DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)
-DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
 #endif
 #ifndef OPENSSL_NO_DH
-DECLARE_PEM_rw_const(DHparams, DH)
+DECLARE_PEM_rw(DHparams, DH)
 #endif
@@ -728,27 +626,24 @@ void ERR_load_PEM_strings(void);
 /* Function codes. */
 #define PEM_F_D2I_PKCS8PRIVATEKEY_BIO                    120
 #define PEM_F_D2I_PKCS8PRIVATEKEY_FP                     121
-#define PEM_F_DO_PK8PKEY                                 126
+#define PEM_F_DEF_CALLBACK                               100
-#define PEM_F_DO_PK8PKEY_FP                              125
 #define PEM_F_LOAD_IV                                    101
 #define PEM_F_PEM_ASN1_READ                              102
 #define PEM_F_PEM_ASN1_READ_BIO                          103
 #define PEM_F_PEM_ASN1_WRITE                             104
 #define PEM_F_PEM_ASN1_WRITE_BIO                         105
-#define PEM_F_PEM_DEF_CALLBACK                           100
 #define PEM_F_PEM_DO_HEADER                              106
+#define PEM_F_PEM_F_DO_PK8KEY_FP                         122
 #define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY            118
 #define PEM_F_PEM_GET_EVP_CIPHER_INFO                    107
-#define PEM_F_PEM_PK8PKEY                                119
 #define PEM_F_PEM_READ                                   108
 #define PEM_F_PEM_READ_BIO                               109
-#define PEM_F_PEM_READ_BIO_PRIVATEKEY                    123
-#define PEM_F_PEM_READ_PRIVATEKEY                        124
 #define PEM_F_PEM_SEALFINAL                              110
 #define PEM_F_PEM_SEALINIT                               111
 #define PEM_F_PEM_SIGNFINAL                              112
 #define PEM_F_PEM_WRITE                                  113
 #define PEM_F_PEM_WRITE_BIO                              114
+#define PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY              119
 #define PEM_F_PEM_X509_INFO_READ                         115
 #define PEM_F_PEM_X509_INFO_READ_BIO                     116
 #define PEM_F_PEM_X509_INFO_WRITE_BIO                    117
diff --git a/src/lib/libcrypto/pem/pem_all.c b/src/lib/libcrypto/pem/pem_all.c
index 66cbc7eb82..07963314c9 100644
--- a/src/lib/libcrypto/pem/pem_all.c
+++ b/src/lib/libcrypto/pem/pem_all.c
@@ -55,59 +55,6 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
 #include <stdio.h>
 #undef SSLEAY_MACROS
@@ -117,15 +64,7 @@
 #include <openssl/x509.h>
 #include <openssl/pkcs7.h>
 #include <openssl/pem.h>
-#ifndef OPENSSL_NO_RSA
+#include <openssl/fips.h>
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
 #ifndef OPENSSL_NO_RSA
 static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa);
@@ -134,10 +73,6 @@ static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa);
 static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa);
 #endif
-#ifndef OPENSSL_NO_EC
-static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey);
-#endif
 IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ)
 IMPLEMENT_PEM_write(X509_REQ_NEW, X509_REQ, PEM_STRING_X509_REQ_OLD, X509_REQ)
@@ -194,8 +129,50 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,
 #endif
-IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
+#ifdef OPENSSL_FIPS
-IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
+int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        EVP_PKEY *k;
+        int ret;
+        k = EVP_PKEY_new();
+        if (!k)
+                return 0;
+        EVP_PKEY_set1_RSA(k, x);
+        ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+        EVP_PKEY_free(k);
+        return ret;
+}
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+        EVP_PKEY *k;
+        int ret;
+        k = EVP_PKEY_new();
+        if (!k)
+                return 0;
+        EVP_PKEY_set1_RSA(k, x);
+        ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+        EVP_PKEY_free(k);
+        return ret;
+}
+#endif
+#else
+IMPLEMENT_PEM_write_cb(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
+#endif
+IMPLEMENT_PEM_rw(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
 IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
 #endif
@@ -224,73 +201,69 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
        return pkey_get_dsa(pktmp, dsa);
 }
-IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
-IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
-#ifndef OPENSSL_NO_FP_API
+#ifdef OPENSSL_FIPS
-DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb,
+int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
-                                                                void *u)
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
 {
-        EVP_PKEY *pktmp;
+        EVP_PKEY *k;
-        pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
+        int ret;
-        return pkey_get_dsa(pktmp, dsa);
+        k = EVP_PKEY_new();
+        if (!k)
+                return 0;
+        EVP_PKEY_set1_DSA(k, x);
+        ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+        EVP_PKEY_free(k);
+        return ret;
 }
-#endif
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
-IMPLEMENT_PEM_rw_const(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams)
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
-#endif
-#ifndef OPENSSL_NO_EC
-static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey)
 {
-        EC_KEY *dtmp;
+        EVP_PKEY *k;
-        if(!key) return NULL;
+        int ret;
-        dtmp = EVP_PKEY_get1_EC_KEY(key);
+        k = EVP_PKEY_new();
-        EVP_PKEY_free(key);
+        if (!k)
-        if(!dtmp) return NULL;
+                return 0;
-        if(eckey) 
+        EVP_PKEY_set1_DSA(k, x);
-        {
+        ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-                EC_KEY_free(*eckey);
+        EVP_PKEY_free(k);
-                *eckey = dtmp;
+        return ret;
-        }
-        return dtmp;
 }
+#endif
-EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb,
+#else
-                                                        void *u)
-{
-        EVP_PKEY *pktmp;
-        pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
-        return pkey_get_eckey(pktmp, key);
-}
-IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters)
+IMPLEMENT_PEM_write_cb(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
-IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)
+#endif
-IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
+IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
 #ifndef OPENSSL_NO_FP_API
- 
-EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb,
+DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb,
-                                                                void *u)
+                                                                void *u)
 {
        EVP_PKEY *pktmp;
        pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
-        return pkey_get_eckey(pktmp, eckey);
+        return pkey_get_dsa(pktmp, dsa);
 }
 #endif
+IMPLEMENT_PEM_rw(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams)
 #endif
 #ifndef OPENSSL_NO_DH
-IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
+IMPLEMENT_PEM_rw(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
 #endif
@@ -301,8 +274,42 @@ IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
 * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything
 * appropriate.)
 */
-IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:\
-                        (x->type == EVP_PKEY_RSA)?PEM_STRING_RSA:PEM_STRING_ECPRIVATEKEY), PrivateKey)
+#ifdef OPENSSL_FIPS
+int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+        {
+                if (FIPS_mode())
+                        return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
+                                                (char *)kstr, klen, cb, u);
+                else
+                        return PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,
+                (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),
+                        bp,(char *)x,enc,kstr,klen,cb,u);
+        }
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+        {
+                if (FIPS_mode())
+                        return PEM_write_PKCS8PrivateKey(fp, x, enc,
+                                                (char *)kstr, klen, cb, u);
+                else
+                        return PEM_ASN1_write((int (*)())i2d_PrivateKey,
+                (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),
+                        fp,(char *)x,enc,kstr,klen,cb,u);
+        }
+#endif
+#else
+IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), PrivateKey)
+#endif
 IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
diff --git a/src/lib/libcrypto/pem/pem_err.c b/src/lib/libcrypto/pem/pem_err.c
index 3133563d77..8527028ebc 100644
--- a/src/lib/libcrypto/pem/pem_err.c
+++ b/src/lib/libcrypto/pem/pem_err.c
@@ -72,27 +72,24 @@ static ERR_STRING_DATA PEM_str_functs[]=
        {
 {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO),       "d2i_PKCS8PrivateKey_bio"},
 {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP),        "d2i_PKCS8PrivateKey_fp"},
-{ERR_FUNC(PEM_F_DO_PK8PKEY),    "DO_PK8PKEY"},
+{ERR_FUNC(PEM_F_DEF_CALLBACK),  "DEF_CALLBACK"},
-{ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"},
 {ERR_FUNC(PEM_F_LOAD_IV),       "LOAD_IV"},
 {ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"},
 {ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO),     "PEM_ASN1_read_bio"},
 {ERR_FUNC(PEM_F_PEM_ASN1_WRITE),        "PEM_ASN1_write"},
 {ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO),    "PEM_ASN1_write_bio"},
-{ERR_FUNC(PEM_F_PEM_DEF_CALLBACK),      "PEM_def_callback"},
 {ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"},
+{ERR_FUNC(PEM_F_PEM_F_DO_PK8KEY_FP),    "PEM_F_DO_PK8KEY_FP"},
 {ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY),       "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"},
 {ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO),       "PEM_get_EVP_CIPHER_INFO"},
-{ERR_FUNC(PEM_F_PEM_PK8PKEY),   "PEM_PK8PKEY"},
 {ERR_FUNC(PEM_F_PEM_READ),      "PEM_read"},
 {ERR_FUNC(PEM_F_PEM_READ_BIO),  "PEM_read_bio"},
-{ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY),       "PEM_READ_BIO_PRIVATEKEY"},
-{ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY),   "PEM_READ_PRIVATEKEY"},
 {ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"},
 {ERR_FUNC(PEM_F_PEM_SEALINIT),  "PEM_SealInit"},
 {ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"},
 {ERR_FUNC(PEM_F_PEM_WRITE),     "PEM_write"},
 {ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"},
+{ERR_FUNC(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY), "PEM_write_bio_PKCS8PrivateKey"},
 {ERR_FUNC(PEM_F_PEM_X509_INFO_READ),    "PEM_X509_INFO_read"},
 {ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO),        "PEM_X509_INFO_read_bio"},
 {ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO),       "PEM_X509_INFO_write_bio"},
@@ -124,12 +121,15 @@ static ERR_STRING_DATA PEM_str_reasons[]=
 void ERR_load_PEM_strings(void)
        {
-#ifndef OPENSSL_NO_ERR
+        static int init=1;
-        if (ERR_func_error_string(PEM_str_functs[0].error) == NULL)
+        if (init)
                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
                ERR_load_strings(0,PEM_str_functs);
                ERR_load_strings(0,PEM_str_reasons);
-                }
 #endif
+                }
        }
diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c
index 3a273f6f70..9e4af29c95 100644
--- a/src/lib/libcrypto/pem/pem_info.c
+++ b/src/lib/libcrypto/pem/pem_info.c
@@ -63,12 +63,6 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
 #ifndef OPENSSL_NO_FP_API
 STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
@@ -91,15 +85,13 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_p
 STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
        {
        X509_INFO *xi=NULL;
-        char *name=NULL,*header=NULL;
+        char *name=NULL,*header=NULL,**pp;
-        void *pp;
+        unsigned char *data=NULL,*p;
-        unsigned char *data=NULL;
-        const unsigned char *p;
        long len,error=0;
        int ok=0;
        STACK_OF(X509_INFO) *ret=NULL;
        unsigned int i,raw;
-        d2i_of_void *d2i;
+        char *(*d2i)();
        if (sk == NULL)
                {
@@ -131,42 +123,42 @@ start:
                if (    (strcmp(name,PEM_STRING_X509) == 0) ||
                        (strcmp(name,PEM_STRING_X509_OLD) == 0))
                        {
-                        d2i=(D2I_OF(void))d2i_X509;
+                        d2i=(char *(*)())d2i_X509;
                        if (xi->x509 != NULL)
                                {
                                if (!sk_X509_INFO_push(ret,xi)) goto err;
                                if ((xi=X509_INFO_new()) == NULL) goto err;
                                goto start;
                                }
-                        pp=&(xi->x509);
+                        pp=(char **)&(xi->x509);
                        }
                else if ((strcmp(name,PEM_STRING_X509_TRUSTED) == 0))
                        {
-                        d2i=(D2I_OF(void))d2i_X509_AUX;
+                        d2i=(char *(*)())d2i_X509_AUX;
                        if (xi->x509 != NULL)
                                {
                                if (!sk_X509_INFO_push(ret,xi)) goto err;
                                if ((xi=X509_INFO_new()) == NULL) goto err;
                                goto start;
                                }
-                        pp=&(xi->x509);
+                        pp=(char **)&(xi->x509);
                        }
                else if (strcmp(name,PEM_STRING_X509_CRL) == 0)
                        {
-                        d2i=(D2I_OF(void))d2i_X509_CRL;
+                        d2i=(char *(*)())d2i_X509_CRL;
                        if (xi->crl != NULL)
                                {
                                if (!sk_X509_INFO_push(ret,xi)) goto err;
                                if ((xi=X509_INFO_new()) == NULL) goto err;
                                goto start;
                                }
-                        pp=&(xi->crl);
+                        pp=(char **)&(xi->crl);
                        }
                else
 #ifndef OPENSSL_NO_RSA
                        if (strcmp(name,PEM_STRING_RSA) == 0)
                        {
-                        d2i=(D2I_OF(void))d2i_RSAPrivateKey;
+                        d2i=(char *(*)())d2i_RSAPrivateKey;
                        if (xi->x_pkey != NULL) 
                                {
                                if (!sk_X509_INFO_push(ret,xi)) goto err;
@@ -181,7 +173,7 @@ start:
                        if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)
                                goto err;
                        xi->x_pkey->dec_pkey->type=EVP_PKEY_RSA;
-                        pp=&(xi->x_pkey->dec_pkey->pkey.rsa);
+                        pp=(char **)&(xi->x_pkey->dec_pkey->pkey.rsa);
                        if ((int)strlen(header) > 10) /* assume encrypted */
                                raw=1;
                        }
@@ -190,7 +182,7 @@ start:
 #ifndef OPENSSL_NO_DSA
                        if (strcmp(name,PEM_STRING_DSA) == 0)
                        {
-                        d2i=(D2I_OF(void))d2i_DSAPrivateKey;
+                        d2i=(char *(*)())d2i_DSAPrivateKey;
                        if (xi->x_pkey != NULL) 
                                {
                                if (!sk_X509_INFO_push(ret,xi)) goto err;
@@ -205,36 +197,12 @@ start:
                        if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)
                                goto err;
                        xi->x_pkey->dec_pkey->type=EVP_PKEY_DSA;
-                        pp=&xi->x_pkey->dec_pkey->pkey.dsa;
+                        pp=(char **)&(xi->x_pkey->dec_pkey->pkey.dsa);
                        if ((int)strlen(header) > 10) /* assume encrypted */
                                raw=1;
                        }
                else
 #endif
-#ifndef OPENSSL_NO_EC
-                        if (strcmp(name,PEM_STRING_ECPRIVATEKEY) == 0)
-                        {
-                                d2i=(D2I_OF(void))d2i_ECPrivateKey;
-                                if (xi->x_pkey != NULL) 
-                                {
-                                        if (!sk_X509_INFO_push(ret,xi)) goto err;
-                                        if ((xi=X509_INFO_new()) == NULL) goto err;
-                                                goto start;
-                                }
- 
-                        xi->enc_data=NULL;
-                        xi->enc_len=0;
- 
-                        xi->x_pkey=X509_PKEY_new();
-                        if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)
-                                goto err;
-                        xi->x_pkey->dec_pkey->type=EVP_PKEY_EC;
-                        pp=&(xi->x_pkey->dec_pkey->pkey.ec);
-                        if ((int)strlen(header) > 10) /* assume encrypted */
-                                raw=1;
-                        }
-                else
-#endif
                        {
                        d2i=NULL;
                        pp=NULL;
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c
index 9bae4c8850..82815067b3 100644
--- a/src/lib/libcrypto/pem/pem_lib.c
+++ b/src/lib/libcrypto/pem/pem_lib.c
@@ -69,7 +69,7 @@
 #include <openssl/des.h>
 #endif
-const char PEM_version[]="PEM" OPENSSL_VERSION_PTEXT;
+const char *PEM_version="PEM" OPENSSL_VERSION_PTEXT;
 #define MIN_LENGTH      4
@@ -81,7 +81,7 @@ int PEM_def_callback(char *buf, int num, int w, void *key)
 #ifdef OPENSSL_NO_FP_API
        /* We should not ever call the default callback routine from
         * windows. */
-        PEMerr(PEM_F_PEM_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        PEMerr(PEM_F_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
        return(-1);
 #else
        int i,j;
@@ -102,7 +102,7 @@ int PEM_def_callback(char *buf, int num, int w, void *key)
                i=EVP_read_pw_string(buf,num,prompt,w);
                if (i != 0)
                        {
-                        PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
+                        PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
                        memset(buf,0,(unsigned int)num);
                        return(-1);
                        }
@@ -158,11 +158,11 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str)
        }
 #ifndef OPENSSL_NO_FP_API
-void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
+char *PEM_ASN1_read(char *(*d2i)(), const char *name, FILE *fp, char **x,
-                    pem_password_cb *cb, void *u)
+             pem_password_cb *cb, void *u)
        {
        BIO *b;
-        void *ret;
+        char *ret;
        if ((b=BIO_new(BIO_s_file())) == NULL)
                {
@@ -195,8 +195,6 @@ static int check_pem(const char *nm, const char *name)
        if(!strcmp(nm,PEM_STRING_DSA) &&
                 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
-        if(!strcmp(nm,PEM_STRING_ECPRIVATEKEY) &&
-                 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
        /* Permit older strings */
        if(!strcmp(nm,PEM_STRING_X509_OLD) &&
@@ -260,9 +258,9 @@ err:
        }
 #ifndef OPENSSL_NO_FP_API
-int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
+int PEM_ASN1_write(int (*i2d)(), const char *name, FILE *fp, char *x,
-                   char *x, const EVP_CIPHER *enc, unsigned char *kstr,
+             const EVP_CIPHER *enc, unsigned char *kstr, int klen,
-                   int klen, pem_password_cb *callback, void *u)
+             pem_password_cb *callback, void *u)
        {
        BIO *b;
        int ret;
@@ -279,9 +277,9 @@ int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
        }
 #endif
-int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
+int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
-                       char *x, const EVP_CIPHER *enc, unsigned char *kstr,
+             const EVP_CIPHER *enc, unsigned char *kstr, int klen,
-                       int klen, pem_password_cb *callback, void *u)
+             pem_password_cb *callback, void *u)
        {
        EVP_CIPHER_CTX ctx;
        int dsize=0,i,j,ret=0;
@@ -338,7 +336,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
                        kstr=(unsigned char *)buf;
                        }
                RAND_add(data,i,0);/* put in the RSA key. */
-                OPENSSL_assert(enc->iv_len <= (int)sizeof(iv));
+                OPENSSL_assert(enc->iv_len <= sizeof iv);
                if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */
                        goto err;
                /* The 'iv' is used as the iv and as a salt.  It is
@@ -579,7 +577,6 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
                }
        EVP_EncodeFinal(&ctx,buf,&outl);
        if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
-        OPENSSL_cleanse(buf, PEM_BUFSIZE*8);
        OPENSSL_free(buf);
        buf = NULL;
        if (    (BIO_write(bp,"-----END ",9) != 9) ||
@@ -588,10 +585,8 @@ int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
                goto err;
        return(i+outl);
 err:
-        if (buf) {
+        if (buf)
-                OPENSSL_cleanse(buf, PEM_BUFSIZE*8);
                OPENSSL_free(buf);
-        }
        PEMerr(PEM_F_PEM_WRITE_BIO,reason);
        return(0);
        }
diff --git a/src/lib/libcrypto/pem/pem_oth.c b/src/lib/libcrypto/pem/pem_oth.c
index b33868d25a..8d9064ea7c 100644
--- a/src/lib/libcrypto/pem/pem_oth.c
+++ b/src/lib/libcrypto/pem/pem_oth.c
@@ -67,11 +67,10 @@
 /* Handle 'other' PEMs: not private keys */
-void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x,
+char *PEM_ASN1_read_bio(char *(*d2i)(), const char *name, BIO *bp, char **x,
-                        pem_password_cb *cb, void *u)
+             pem_password_cb *cb, void *u)
        {
-        const unsigned char *p=NULL;
+        unsigned char *p=NULL,*data=NULL;
-        unsigned char *data=NULL;
        long len;
        char *ret=NULL;
diff --git a/src/lib/libcrypto/pem/pem_pk8.c b/src/lib/libcrypto/pem/pem_pk8.c
index 6deab8c338..db38a2a79d 100644
--- a/src/lib/libcrypto/pem/pem_pk8.c
+++ b/src/lib/libcrypto/pem/pem_pk8.c
@@ -118,7 +118,7 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER
        char buf[PEM_BUFSIZE];
        int ret;
        if(!(p8inf = EVP_PKEY2PKCS8(x))) {
-                PEMerr(PEM_F_DO_PK8PKEY,
+                PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,
                                        PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
                return 0;
        }
@@ -127,7 +127,8 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER
                        if(!cb) klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
                        else klen = cb(buf, PEM_BUFSIZE, 1, u);
                        if(klen <= 0) {
-                                PEMerr(PEM_F_DO_PK8PKEY,PEM_R_READ_KEY);
+                                PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,
+                                                                PEM_R_READ_KEY);
                                PKCS8_PRIV_KEY_INFO_free(p8inf);
                                return 0;
                        }
@@ -214,7 +215,7 @@ static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, const EVP_CI
        BIO *bp;
        int ret;
        if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
-                PEMerr(PEM_F_DO_PK8PKEY_FP,ERR_R_BUF_LIB);
+                PEMerr(PEM_F_PEM_F_DO_PK8KEY_FP,ERR_R_BUF_LIB);
                return(0);
        }
        ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u);
diff --git a/src/lib/libcrypto/pem/pem_pkey.c b/src/lib/libcrypto/pem/pem_pkey.c
index 4da4c31ce5..9ecdbd5419 100644
--- a/src/lib/libcrypto/pem/pem_pkey.c
+++ b/src/lib/libcrypto/pem/pem_pkey.c
@@ -70,8 +70,7 @@
 EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
        {
        char *nm=NULL;
-        const unsigned char *p=NULL;
+        unsigned char *p=NULL,*data=NULL;
-        unsigned char *data=NULL;
        long len;
        EVP_PKEY *ret=NULL;
@@ -83,8 +82,6 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo
                ret=d2i_PrivateKey(EVP_PKEY_RSA,x,&p,len);
        else if (strcmp(nm,PEM_STRING_DSA) == 0)
                ret=d2i_PrivateKey(EVP_PKEY_DSA,x,&p,len);
-        else if (strcmp(nm,PEM_STRING_ECPRIVATEKEY) == 0)
-                ret=d2i_PrivateKey(EVP_PKEY_EC,x,&p,len);
        else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) {
                PKCS8_PRIV_KEY_INFO *p8inf;
                p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
@@ -105,7 +102,7 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo
                if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
                else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);
                if (klen <= 0) {
-                        PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,
+                        PEMerr(PEM_F_PEM_ASN1_READ_BIO,
                                        PEM_R_BAD_PASSWORD_READ);
                        X509_SIG_free(p8);
                        goto err;
@@ -122,10 +119,9 @@ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo
        }
 p8err:
        if (ret == NULL)
-                PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,ERR_R_ASN1_LIB);
+                PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
 err:
        OPENSSL_free(nm);
-        OPENSSL_cleanse(data, len);
        OPENSSL_free(data);
        return(ret);
        }
@@ -138,7 +134,7 @@ EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void
        if ((b=BIO_new(BIO_s_file())) == NULL)
                {
-                PEMerr(PEM_F_PEM_READ_PRIVATEKEY,ERR_R_BUF_LIB);
+                PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB);
                return(0);
                }
        BIO_set_fp(b,fp,BIO_NOCLOSE);
diff --git a/src/lib/libcrypto/pem/pem_seal.c b/src/lib/libcrypto/pem/pem_seal.c
index 4e554e5481..56e08abd70 100644
--- a/src/lib/libcrypto/pem/pem_seal.c
+++ b/src/lib/libcrypto/pem/pem_seal.c
@@ -56,7 +56,6 @@
 * [including the GNU Public Licence.]
 */
-#include <openssl/opensslconf.h>        /* for OPENSSL_NO_RSA */
 #ifndef OPENSSL_NO_RSA
 #include <stdio.h>
 #include "cryptlib.h"
@@ -65,7 +64,6 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
-#include <openssl/rsa.h>
 int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
             unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk,
diff --git a/src/lib/libcrypto/pem/pem_xaux.c b/src/lib/libcrypto/pem/pem_xaux.c
index 63ce660cf1..2f579b5421 100644
--- a/src/lib/libcrypto/pem/pem_xaux.c
+++ b/src/lib/libcrypto/pem/pem_xaux.c
@@ -66,4 +66,3 @@
 #include <openssl/pem.h>
 IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX)
-IMPLEMENT_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR, PEM_STRING_X509_PAIR, X509_CERT_PAIR)
diff --git a/src/lib/libcrypto/perlasm/alpha.pl b/src/lib/libcrypto/perlasm/alpha.pl
new file mode 100644
index 0000000000..3dac571743
--- /dev/null
+++ b/src/lib/libcrypto/perlasm/alpha.pl
@@ -0,0 +1,434 @@
+#!/usr/local/bin/perl
+package alpha;
+use Carp qw(croak cluck);
+$label="100";
+$n_debug=0;
+$smear_regs=1;
+$reg_alloc=1;
+$align="3";
+$com_start="#";
+sub main'asm_init_output { @out=(); }
+sub main'asm_get_output { return(@out); }
+sub main'get_labels { return(@labels); }
+sub main'external_label { push(@labels,@_); }
+# General registers
+%regs=( 'r0',   '$0',
+        'r1',   '$1',
+        'r2',   '$2',
+        'r3',   '$3',
+        'r4',   '$4',
+        'r5',   '$5',
+        'r6',   '$6',
+        'r7',   '$7',
+        'r8',   '$8',
+        'r9',   '$22',
+        'r10',  '$23',
+        'r11',  '$24',
+        'r12',  '$25',
+        'r13',  '$27',
+        'r14',  '$28',
+        'r15',  '$21', # argc == 5
+        'r16',  '$20', # argc == 4
+        'r17',  '$19', # argc == 3
+        'r18',  '$18', # argc == 2
+        'r19',  '$17', # argc == 1
+        'r20',  '$16', # argc == 0
+        'r21',  '$9',  # save 0
+        'r22',  '$10', # save 1
+        'r23',  '$11', # save 2
+        'r24',  '$12', # save 3
+        'r25',  '$13', # save 4
+        'r26',  '$14', # save 5
+        'a0',   '$16',
+        'a1',   '$17',
+        'a2',   '$18',
+        'a3',   '$19',
+        'a4',   '$20',
+        'a5',   '$21',
+        's0',   '$9',
+        's1',   '$10',
+        's2',   '$11',
+        's3',   '$12',
+        's4',   '$13',
+        's5',   '$14',
+        'zero', '$31',
+        'sp',   '$30',
+        );
+$main'reg_s0="r21";
+$main'reg_s1="r22";
+$main'reg_s2="r23";
+$main'reg_s3="r24";
+$main'reg_s4="r25";
+$main'reg_s5="r26";
+@reg=(  '$0', '$1' ,'$2' ,'$3' ,'$4' ,'$5' ,'$6' ,'$7' ,'$8',
+        '$22','$23','$24','$25','$20','$21','$27','$28');
+sub main'sub    { &out3("subq",@_); }
+sub main'add    { &out3("addq",@_); }
+sub main'mov    { &out3("bis",$_[0],$_[0],$_[1]); }
+sub main'or     { &out3("bis",@_); }
+sub main'bis    { &out3("bis",@_); }
+sub main'br     { &out1("br",@_); }
+sub main'ld     { &out2("ldq",@_); }
+sub main'st     { &out2("stq",@_); }
+sub main'cmpult { &out3("cmpult",@_); }
+sub main'cmplt  { &out3("cmplt",@_); }
+sub main'bgt    { &out2("bgt",@_); }
+sub main'ble    { &out2("ble",@_); }
+sub main'blt    { &out2("blt",@_); }
+sub main'mul    { &out3("mulq",@_); }
+sub main'muh    { &out3("umulh",@_); }
+$main'QWS=8;
+sub main'asm_add
+        {
+        push(@out,@_);
+        }
+sub main'asm_finish
+        {
+        &main'file_end();
+        print &main'asm_get_output();
+        }
+sub main'asm_init
+        {
+        ($type,$fn)=@_;
+        $filename=$fn;
+        &main'asm_init_output();
+        &main'comment("Don't even think of reading this code");
+        &main'comment("It was automatically generated by $filename");
+        &main'comment("Which is a perl program used to generate the alpha assember.");
+        &main'comment("eric <eay\@cryptsoft.com>");
+        &main'comment("");
+        $filename =~ s/\.pl$//;
+        &main'file($filename);
+        }
+sub conv
+        {
+        local($r)=@_;
+        local($v);
+        return($regs{$r}) if defined($regs{$r});
+        return($r);
+        }
+sub main'QWPw
+        {
+        local($off,$reg)=@_;
+        return(&main'QWP($off*8,$reg));
+        }
+sub main'QWP
+        {
+        local($off,$reg)=@_;
+        $ret="$off(".&conv($reg).")";
+        return($ret);
+        }
+sub out3
+        {
+        local($name,$p1,$p2,$p3)=@_;
+        $p1=&conv($p1);
+        $p2=&conv($p2);
+        $p3=&conv($p3);
+        push(@out,"\t$name\t");
+        $l=length($p1)+1;
+        push(@out,$p1.",");
+        $ll=3-($l+9)/8;
+        $tmp1=sprintf("\t" x $ll);
+        push(@out,$tmp1);
+        $l=length($p2)+1;
+        push(@out,$p2.",");
+        $ll=3-($l+9)/8;
+        $tmp1=sprintf("\t" x $ll);
+        push(@out,$tmp1);
+        push(@out,&conv($p3)."\n");
+        }
+sub out2
+        {
+        local($name,$p1,$p2,$p3)=@_;
+        $p1=&conv($p1);
+        $p2=&conv($p2);
+        push(@out,"\t$name\t");
+        $l=length($p1)+1;
+        push(@out,$p1.",");
+        $ll=3-($l+9)/8;
+        $tmp1=sprintf("\t" x $ll);
+        push(@out,$tmp1);
+        push(@out,&conv($p2)."\n");
+        }
+sub out1
+        {
+        local($name,$p1)=@_;
+        $p1=&conv($p1);
+        push(@out,"\t$name\t".$p1."\n");
+        }
+sub out0
+        {
+        push(@out,"\t$_[0]\n");
+        }
+sub main'file
+        {
+        local($file)=@_;
+        local($tmp)=<<"EOF";
+ # DEC Alpha assember
+ # Generated from perl scripts contains in SSLeay
+        .file   1 "$file.s"
+        .set noat
+EOF
+        push(@out,$tmp);
+        }
+sub main'function_begin
+        {
+        local($func)=@_;
+print STDERR "$func\n";
+        local($tmp)=<<"EOF";
+        .text
+        .align $align
+        .globl $func
+        .ent $func
+${func}:
+${func}..ng:
+        .frame \$30,0,\$26,0
+        .prologue 0
+EOF
+        push(@out,$tmp);
+        $stack=0;
+        }
+sub main'function_end
+        {
+        local($func)=@_;
+        local($tmp)=<<"EOF";
+        ret     \$31,(\$26),1
+        .end $func
+EOF
+        push(@out,$tmp);
+        $stack=0;
+        %label=();
+        }
+sub main'function_end_A
+        {
+        local($func)=@_;
+        local($tmp)=<<"EOF";
+        ret     \$31,(\$26),1
+EOF
+        push(@out,$tmp);
+        }
+sub main'function_end_B
+        {
+        local($func)=@_;
+        $func=$under.$func;
+        push(@out,"\t.end $func\n");
+        $stack=0;
+        %label=();
+        }
+sub main'wparam
+        {
+        local($num)=@_;
+        if ($num < 6)
+                {
+                $num=20-$num;
+                return("r$num");
+                }
+        else
+                { return(&main'QWP($stack+$num*8,"sp")); }
+        }
+sub main'stack_push
+        {
+        local($num)=@_;
+        $stack+=$num*8;
+        &main'sub("sp",$num*8,"sp");
+        }
+sub main'stack_pop
+        {
+        local($num)=@_;
+        $stack-=$num*8;
+        &main'add("sp",$num*8,"sp");
+        }
+sub main'swtmp
+        {
+        return(&main'QWP(($_[0])*8,"sp"));
+        }
+# Should use swtmp, which is above sp.  Linix can trash the stack above esp
+#sub main'wtmp
+#       {
+#       local($num)=@_;
+#
+#       return(&main'QWP(-($num+1)*4,"esp","",0));
+#       }
+sub main'comment
+        {
+        foreach (@_)
+                {
+                if (/^\s*$/)
+                        { push(@out,"\n"); }
+                else
+                        { push(@out,"\t$com_start $_ $com_end\n"); }
+                }
+        }
+sub main'label
+        {
+        if (!defined($label{$_[0]}))
+                {
+                $label{$_[0]}=$label;
+                $label++;
+                }
+        return('$'.$label{$_[0]});
+        }
+sub main'set_label
+        {
+        if (!defined($label{$_[0]}))
+                {
+                $label{$_[0]}=$label;
+                $label++;
+                }
+#       push(@out,".align $align\n") if ($_[1] != 0);
+        push(@out,'$'."$label{$_[0]}:\n");
+        }
+sub main'file_end
+        {
+        }
+sub main'data_word
+        {
+        push(@out,"\t.long $_[0]\n");
+        }
+@pool_free=();
+@pool_taken=();
+$curr_num=0;
+$max=0;
+sub main'init_pool
+        {
+        local($args)=@_;
+        local($i);
+        @pool_free=();
+        for ($i=(14+(6-$args)); $i >= 0; $i--)
+                {
+                push(@pool_free,"r$i");
+                }
+        print STDERR "START :register pool:@pool_free\n";
+        $curr_num=$max=0;
+        }
+sub main'fin_pool
+        {
+        printf STDERR "END %2d:register pool:@pool_free\n",$max;
+        }
+sub main'GR
+        {
+        local($r)=@_;
+        local($i,@n,$_);
+        foreach (@pool_free)
+                {
+                if ($r ne $_)
+                        { push(@n,$_); }
+                else
+                        {
+                        $curr_num++;
+                        $max=$curr_num if ($curr_num > $max);
+                        }
+                }
+        @pool_free=@n;
+print STDERR "GR:@pool_free\n" if $reg_alloc;
+        return(@_);
+        }
+sub main'NR
+        {
+        local($num)=@_;
+        local(@ret);
+        $num=1 if $num == 0;
+        ($#pool_free >= ($num-1)) || croak "out of registers: want $num, have @pool_free";
+        while ($num > 0)
+                {
+                push(@ret,pop @pool_free);
+                $curr_num++;
+                $max=$curr_num if ($curr_num > $max);
+                $num--
+                }
+        print STDERR "nr @ret\n" if $n_debug;
+print STDERR "NR:@pool_free\n" if $reg_alloc;
+        return(@ret);
+        }
+sub main'FR
+        {
+        local(@r)=@_;
+        local(@a,$v,$w);
+        print STDERR "fr @r\n" if $n_debug;
+#       cluck "fr @r";
+        for $w (@pool_free)
+                {
+                foreach $v (@r)
+                        {
+                        croak "double register free of $v (@pool_free)" if $w eq $v;
+                        }
+                }
+        foreach $v (@r)
+                {
+                croak "bad argument to FR" if ($v !~ /^r\d+$/);
+                if ($smear_regs)
+                        { unshift(@pool_free,$v); }
+                else    { push(@pool_free,$v); }
+                $curr_num--;
+                }
+print STDERR "FR:@pool_free\n" if $reg_alloc;
+        }
+1;
diff --git a/src/lib/libcrypto/perlasm/cbc.pl b/src/lib/libcrypto/perlasm/cbc.pl
index e43dc9ae15..22149c680e 100644
--- a/src/lib/libcrypto/perlasm/cbc.pl
+++ b/src/lib/libcrypto/perlasm/cbc.pl
@@ -322,8 +322,7 @@ sub cbc
        &function_end_A($name);
-        &align(64);
+        &set_label("cbc_enc_jmp_table",1);
-        &set_label("cbc_enc_jmp_table");
        &data_word("0");
        &data_word(&label("ej1")."-".&label("PIC_point"));
        &data_word(&label("ej2")."-".&label("PIC_point"));
@@ -342,7 +341,6 @@ sub cbc
        #&data_word(&label("dj5")."-".&label("PIC_point"));
        #&data_word(&label("dj6")."-".&label("PIC_point"));
        #&data_word(&label("dj7")."-".&label("PIC_point"));
-        &align(64);
        &function_end_B($name);
        
diff --git a/src/lib/libcrypto/perlasm/x86asm.pl b/src/lib/libcrypto/perlasm/x86asm.pl
index 5979122158..c3de90c65d 100644
--- a/src/lib/libcrypto/perlasm/x86asm.pl
+++ b/src/lib/libcrypto/perlasm/x86asm.pl
@@ -18,34 +18,37 @@ sub main'asm_init
        ($type,$fn,$i386)=@_;
        $filename=$fn;
-        $elf=$cpp=$coff=$aout=$win32=$netware=$mwerks=0;
+        $elf=$cpp=$sol=$aout=$win32=$gaswin=$openbsd=0;
        if (    ($type eq "elf"))
                { $elf=1; require "x86unix.pl"; }
+        elsif ( ($type eq "openbsd-elf"))
+                { $openbsd=$elf=1; require "x86unix.pl"; }
+        elsif ( ($type eq "openbsd-a.out"))
+                { $openbsd=1; require "x86unix.pl"; }
        elsif ( ($type eq "a.out"))
                { $aout=1; require "x86unix.pl"; }
-        elsif ( ($type eq "coff" or $type eq "gaswin"))
+        elsif ( ($type eq "gaswin"))
-                { $coff=1; require "x86unix.pl"; }
+                { $gaswin=1; $aout=1; require "x86unix.pl"; }
+        elsif ( ($type eq "sol"))
+                { $sol=1; require "x86unix.pl"; }
        elsif ( ($type eq "cpp"))
                { $cpp=1; require "x86unix.pl"; }
        elsif ( ($type eq "win32"))
                { $win32=1; require "x86ms.pl"; }
        elsif ( ($type eq "win32n"))
                { $win32=1; require "x86nasm.pl"; }
-        elsif ( ($type eq "nw-nasm"))
-                { $netware=1; require "x86nasm.pl"; }
-        elsif ( ($type eq "nw-mwasm"))
-                { $netware=1; $mwerks=1; require "x86nasm.pl"; }
        else
                {
                print STDERR <<"EOF";
 Pick one target type from
-        elf     - Linux, FreeBSD, Solaris x86, etc.
+        elf     - linux, FreeBSD etc
-        a.out   - OpenBSD, DJGPP, etc.
+        a.out   - old linux
-        coff    - GAS/COFF such as Win32 targets
+        sol     - x86 solaris
+        cpp     - format so x86unix.cpp can be used
        win32   - Windows 95/Windows NT
        win32n  - Windows 95/Windows NT NASM format
-        nw-nasm - NetWare NASM format
+        openbsd-elf     - OpenBSD elf
-        nw-mwasm- NetWare Metrowerks Assembler
+        openbsd-a.out   - OpenBSD a.out
 EOF
                exit(1);
                }
@@ -58,7 +61,7 @@ EOF
 &comment("Don't even think of reading this code");
 &comment("It was automatically generated by $filename");
 &comment("Which is a perl program used to generate the x86 assember for");
-&comment("any of ELF, a.out, COFF, Win32, ...");
+&comment("any of elf, a.out, BSDI, Win32, gaswin (for GNU as on Win32) or Solaris");
 &comment("eric <eay\@cryptsoft.com>");
 &comment("");
@@ -93,7 +96,7 @@ $tmp
 #ifdef OUT
 #define OK      1
 #define ALIGN   4
-#if defined(__CYGWIN__) || defined(__DJGPP__) || (__MINGW32__)
+#if defined(__CYGWIN__) || defined(__DJGPP__) || defined(__MINGW32__)
 #undef SIZE
 #undef TYPE
 #define SIZE(a,b)
@@ -127,4 +130,6 @@ BSDI - a.out with a very primative version of as.
 EOF
        }
+sub main'align() {} # swallow align statements in 0.9.7 context
 1;
diff --git a/src/lib/libcrypto/perlasm/x86ms.pl b/src/lib/libcrypto/perlasm/x86ms.pl
new file mode 100644
index 0000000000..b6bd744057
--- /dev/null
+++ b/src/lib/libcrypto/perlasm/x86ms.pl
@@ -0,0 +1,380 @@
+#!/usr/local/bin/perl
+package x86ms;
+$label="L000";
+%lb=(   'eax',  'al',
+        'ebx',  'bl',
+        'ecx',  'cl',
+        'edx',  'dl',
+        'ax',   'al',
+        'bx',   'bl',
+        'cx',   'cl',
+        'dx',   'dl',
+        );
+%hb=(   'eax',  'ah',
+        'ebx',  'bh',
+        'ecx',  'ch',
+        'edx',  'dh',
+        'ax',   'ah',
+        'bx',   'bh',
+        'cx',   'ch',
+        'dx',   'dh',
+        );
+sub main'asm_init_output { @out=(); }
+sub main'asm_get_output { return(@out); }
+sub main'get_labels { return(@labels); }
+sub main'external_label { push(@labels,@_); }
+sub main'LB
+        {
+        (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n";
+        return($lb{$_[0]});
+        }
+sub main'HB
+        {
+        (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n";
+        return($hb{$_[0]});
+        }
+sub main'BP
+        {
+        &get_mem("BYTE",@_);
+        }
+sub main'DWP
+        {
+        &get_mem("DWORD",@_);
+        }
+sub main'BC
+        {
+        return @_;
+        }
+sub main'DWC
+        {
+        return @_;
+        }
+sub main'stack_push
+        {
+        local($num)=@_;
+        $stack+=$num*4;
+        &main'sub("esp",$num*4);
+        }
+sub main'stack_pop
+        {
+        local($num)=@_;
+        $stack-=$num*4;
+        &main'add("esp",$num*4);
+        }
+sub get_mem
+        {
+        local($size,$addr,$reg1,$reg2,$idx)=@_;
+        local($t,$post);
+        local($ret)="$size PTR ";
+        $addr =~ s/^\s+//;
+        if ($addr =~ /^(.+)\+(.+)$/)
+                {
+                $reg2=&conv($1);
+                $addr="_$2";
+                }
+        elsif ($addr =~ /^[_a-zA-Z]/)
+                {
+                $addr="_$addr";
+                }
+        if ($addr =~ /^.+\-.+$/) { $addr="($addr)"; }
+        $reg1="$regs{$reg1}" if defined($regs{$reg1});
+        $reg2="$regs{$reg2}" if defined($regs{$reg2});
+        if (($addr ne "") && ($addr ne 0))
+                {
+                if ($addr !~ /^-/)
+                        { $ret.=$addr; }
+                else    { $post=$addr; }
+                }
+        if ($reg2 ne "")
+                {
+                $t="";
+                $t="*$idx" if ($idx != 0);
+                $reg1="+".$reg1 if ("$reg1$post" ne "");
+                $ret.="[$reg2$t$reg1$post]";
+                }
+        else
+                {
+                $ret.="[$reg1$post]"
+                }
+        $ret =~ s/\[\]//;       # in case $addr was the only argument
+        return($ret);
+        }
+sub main'mov    { &out2("mov",@_); }
+sub main'movb   { &out2("mov",@_); }
+sub main'and    { &out2("and",@_); }
+sub main'or     { &out2("or",@_); }
+sub main'shl    { &out2("shl",@_); }
+sub main'shr    { &out2("shr",@_); }
+sub main'xor    { &out2("xor",@_); }
+sub main'xorb   { &out2("xor",@_); }
+sub main'add    { &out2("add",@_); }
+sub main'adc    { &out2("adc",@_); }
+sub main'sub    { &out2("sub",@_); }
+sub main'rotl   { &out2("rol",@_); }
+sub main'rotr   { &out2("ror",@_); }
+sub main'exch   { &out2("xchg",@_); }
+sub main'cmp    { &out2("cmp",@_); }
+sub main'lea    { &out2("lea",@_); }
+sub main'mul    { &out1("mul",@_); }
+sub main'div    { &out1("div",@_); }
+sub main'dec    { &out1("dec",@_); }
+sub main'inc    { &out1("inc",@_); }
+sub main'jmp    { &out1("jmp",@_); }
+sub main'jmp_ptr { &out1p("jmp",@_); }
+sub main'je     { &out1("je",@_); }
+sub main'jle    { &out1("jle",@_); }
+sub main'jz     { &out1("jz",@_); }
+sub main'jge    { &out1("jge",@_); }
+sub main'jl     { &out1("jl",@_); }
+sub main'ja     { &out1("ja",@_); }
+sub main'jae    { &out1("jae",@_); }
+sub main'jb     { &out1("jb",@_); }
+sub main'jbe    { &out1("jbe",@_); }
+sub main'jc     { &out1("jc",@_); }
+sub main'jnc    { &out1("jnc",@_); }
+sub main'jnz    { &out1("jnz",@_); }
+sub main'jne    { &out1("jne",@_); }
+sub main'jno    { &out1("jno",@_); }
+sub main'push   { &out1("push",@_); $stack+=4; }
+sub main'pop    { &out1("pop",@_); $stack-=4; }
+sub main'bswap  { &out1("bswap",@_); &using486(); }
+sub main'not    { &out1("not",@_); }
+sub main'call   { &out1("call",($_[0]=~/^\$L/?'':'_').$_[0]); }
+sub main'ret    { &out0("ret"); }
+sub main'nop    { &out0("nop"); }
+sub main'movz   { &out2("movzx",@_); }
+sub out2
+        {
+        local($name,$p1,$p2)=@_;
+        local($l,$t);
+        push(@out,"\t$name\t");
+        $t=&conv($p1).",";
+        $l=length($t);
+        push(@out,$t);
+        $l=4-($l+9)/8;
+        push(@out,"\t" x $l);
+        push(@out,&conv($p2));
+        push(@out,"\n");
+        }
+sub out0
+        {
+        local($name)=@_;
+        push(@out,"\t$name\n");
+        }
+sub out1
+        {
+        local($name,$p1)=@_;
+        local($l,$t);
+        push(@out,"\t$name\t".&conv($p1)."\n");
+        }
+sub conv
+        {
+        local($p)=@_;
+        $p =~ s/0x([0-9A-Fa-f]+)/0$1h/;
+        return $p;
+        }
+sub using486
+        {
+        return if $using486;
+        $using486++;
+        grep(s/\.386/\.486/,@out);
+        }
+sub main'file
+        {
+        local($file)=@_;
+        local($tmp)=<<"EOF";
+        TITLE   $file.asm
+        .386
+.model FLAT
+EOF
+        push(@out,$tmp);
+        }
+sub main'function_begin
+        {
+        local($func,$extra)=@_;
+        push(@labels,$func);
+        local($tmp)=<<"EOF";
+_TEXT   SEGMENT
+PUBLIC  _$func
+$extra
+_$func PROC NEAR
+        push    ebp
+        push    ebx
+        push    esi
+        push    edi
+EOF
+        push(@out,$tmp);
+        $stack=20;
+        }
+sub main'function_begin_B
+        {
+        local($func,$extra)=@_;
+        local($tmp)=<<"EOF";
+_TEXT   SEGMENT
+PUBLIC  _$func
+$extra
+_$func PROC NEAR
+EOF
+        push(@out,$tmp);
+        $stack=4;
+        }
+sub main'function_end
+        {
+        local($func)=@_;
+        local($tmp)=<<"EOF";
+        pop     edi
+        pop     esi
+        pop     ebx
+        pop     ebp
+        ret
+_$func ENDP
+_TEXT   ENDS
+EOF
+        push(@out,$tmp);
+        $stack=0;
+        %label=();
+        }
+sub main'function_end_B
+        {
+        local($func)=@_;
+        local($tmp)=<<"EOF";
+_$func ENDP
+_TEXT   ENDS
+EOF
+        push(@out,$tmp);
+        $stack=0;
+        %label=();
+        }
+sub main'function_end_A
+        {
+        local($func)=@_;
+        local($tmp)=<<"EOF";
+        pop     edi
+        pop     esi
+        pop     ebx
+        pop     ebp
+        ret
+EOF
+        push(@out,$tmp);
+        }
+sub main'file_end
+        {
+        push(@out,"END\n");
+        }
+sub main'wparam
+        {
+        local($num)=@_;
+        return(&main'DWP($stack+$num*4,"esp","",0));
+        }
+sub main'swtmp
+        {
+        return(&main'DWP($_[0]*4,"esp","",0));
+        }
+# Should use swtmp, which is above esp.  Linix can trash the stack above esp
+#sub main'wtmp
+#       {
+#       local($num)=@_;
+#
+#       return(&main'DWP(-(($num+1)*4),"esp","",0));
+#       }
+sub main'comment
+        {
+        foreach (@_)
+                {
+                push(@out,"\t; $_\n");
+                }
+        }
+sub main'label
+        {
+        if (!defined($label{$_[0]}))
+                {
+                $label{$_[0]}="\$${label}${_[0]}";
+                $label++;
+                }
+        return($label{$_[0]});
+        }
+sub main'set_label
+        {
+        if (!defined($label{$_[0]}))
+                {
+                $label{$_[0]}="\$${label}${_[0]}";
+                $label++;
+                }
+        if((defined $_[2]) && ($_[2] == 1))
+                {
+                push(@out,"$label{$_[0]}::\n");
+                }
+        else
+                {
+                push(@out,"$label{$_[0]}:\n");
+                }
+        }
+sub main'data_word
+        {
+        push(@out,"\tDD\t$_[0]\n");
+        }
+sub out1p
+        {
+        local($name,$p1)=@_;
+        local($l,$t);
+        push(@out,"\t$name\t ".&conv($p1)."\n");
+        }
+sub main'picmeup
+        {
+        local($dst,$sym)=@_;
+        &main'lea($dst,&main'DWP($sym));
+        }
+sub main'blindpop { &out1("pop",@_); }
diff --git a/src/lib/libcrypto/perlasm/x86nasm.pl b/src/lib/libcrypto/perlasm/x86nasm.pl
new file mode 100644
index 0000000000..4bdb3fe180
--- /dev/null
+++ b/src/lib/libcrypto/perlasm/x86nasm.pl
@@ -0,0 +1,370 @@
+#!/usr/local/bin/perl
+package x86nasm;
+$label="L000";
+%lb=(   'eax',  'al',
+        'ebx',  'bl',
+        'ecx',  'cl',
+        'edx',  'dl',
+        'ax',   'al',
+        'bx',   'bl',
+        'cx',   'cl',
+        'dx',   'dl',
+        );
+%hb=(   'eax',  'ah',
+        'ebx',  'bh',
+        'ecx',  'ch',
+        'edx',  'dh',
+        'ax',   'ah',
+        'bx',   'bh',
+        'cx',   'ch',
+        'dx',   'dh',
+        );
+sub main'asm_init_output { @out=(); }
+sub main'asm_get_output { return(@out); }
+sub main'get_labels { return(@labels); }
+sub main'external_label
+{
+        push(@labels,@_);
+        foreach (@_) {
+                push(@out, "extern\t_$_\n");
+        }
+}
+sub main'LB
+        {
+        (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n";
+        return($lb{$_[0]});
+        }
+sub main'HB
+        {
+        (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n";
+        return($hb{$_[0]});
+        }
+sub main'BP
+        {
+        &get_mem("BYTE",@_);
+        }
+sub main'DWP
+        {
+        &get_mem("DWORD",@_);
+        }
+sub main'BC
+        {
+        return "BYTE @_";
+        }
+sub main'DWC
+        {
+        return "DWORD @_";
+        }
+sub main'stack_push
+        {
+        my($num)=@_;
+        $stack+=$num*4;
+        &main'sub("esp",$num*4);
+        }
+sub main'stack_pop
+        {
+        my($num)=@_;
+        $stack-=$num*4;
+        &main'add("esp",$num*4);
+        }
+sub get_mem
+        {
+        my($size,$addr,$reg1,$reg2,$idx)=@_;
+        my($t,$post);
+        my($ret)="$size [";
+        $addr =~ s/^\s+//;
+        if ($addr =~ /^(.+)\+(.+)$/)
+                {
+                $reg2=&conv($1);
+                $addr="_$2";
+                }
+        elsif ($addr =~ /^[_a-zA-Z]/)
+                {
+                $addr="_$addr";
+                }
+        if ($addr =~ /^.+\-.+$/) { $addr="($addr)"; }
+        $reg1="$regs{$reg1}" if defined($regs{$reg1});
+        $reg2="$regs{$reg2}" if defined($regs{$reg2});
+        if (($addr ne "") && ($addr ne 0))
+                {
+                if ($addr !~ /^-/)
+                        { $ret.="${addr}+"; }
+                else    { $post=$addr; }
+                }
+        if ($reg2 ne "")
+                {
+                $t="";
+                $t="*$idx" if ($idx != 0);
+                $reg1="+".$reg1 if ("$reg1$post" ne "");
+                $ret.="$reg2$t$reg1$post]";
+                }
+        else
+                {
+                $ret.="$reg1$post]"
+                }
+        $ret =~ s/\+\]/]/; # in case $addr was the only argument
+        return($ret);
+        }
+sub main'mov    { &out2("mov",@_); }
+sub main'movb   { &out2("mov",@_); }
+sub main'and    { &out2("and",@_); }
+sub main'or     { &out2("or",@_); }
+sub main'shl    { &out2("shl",@_); }
+sub main'shr    { &out2("shr",@_); }
+sub main'xor    { &out2("xor",@_); }
+sub main'xorb   { &out2("xor",@_); }
+sub main'add    { &out2("add",@_); }
+sub main'adc    { &out2("adc",@_); }
+sub main'sub    { &out2("sub",@_); }
+sub main'rotl   { &out2("rol",@_); }
+sub main'rotr   { &out2("ror",@_); }
+sub main'exch   { &out2("xchg",@_); }
+sub main'cmp    { &out2("cmp",@_); }
+sub main'lea    { &out2("lea",@_); }
+sub main'mul    { &out1("mul",@_); }
+sub main'div    { &out1("div",@_); }
+sub main'dec    { &out1("dec",@_); }
+sub main'inc    { &out1("inc",@_); }
+sub main'jmp    { &out1("jmp",@_); }
+sub main'jmp_ptr { &out1p("jmp",@_); }
+# This is a bit of a kludge: declare all branches as NEAR.
+sub main'je     { &out1("je NEAR",@_); }
+sub main'jle    { &out1("jle NEAR",@_); }
+sub main'jz     { &out1("jz NEAR",@_); }
+sub main'jge    { &out1("jge NEAR",@_); }
+sub main'jl     { &out1("jl NEAR",@_); }
+sub main'ja     { &out1("ja NEAR",@_); }
+sub main'jae    { &out1("jae NEAR",@_); }
+sub main'jb     { &out1("jb NEAR",@_); }
+sub main'jbe    { &out1("jbe NEAR",@_); }
+sub main'jc     { &out1("jc NEAR",@_); }
+sub main'jnc    { &out1("jnc NEAR",@_); }
+sub main'jnz    { &out1("jnz NEAR",@_); }
+sub main'jne    { &out1("jne NEAR",@_); }
+sub main'jno    { &out1("jno NEAR",@_); }
+sub main'push   { &out1("push",@_); $stack+=4; }
+sub main'pop    { &out1("pop",@_); $stack-=4; }
+sub main'bswap  { &out1("bswap",@_); &using486(); }
+sub main'not    { &out1("not",@_); }
+sub main'call   { &out1("call",($_[0]=~/^\$L/?'':'_').$_[0]); }
+sub main'ret    { &out0("ret"); }
+sub main'nop    { &out0("nop"); }
+sub main'movz   { &out2("movzx",@_); }
+sub out2
+        {
+        my($name,$p1,$p2)=@_;
+        my($l,$t);
+        push(@out,"\t$name\t");
+        if ($name eq "lea")
+                {
+                $p1 =~ s/^[^\[]*\[/\[/;
+                $p2 =~ s/^[^\[]*\[/\[/;
+                }
+        $t=&conv($p1).",";
+        $l=length($t);
+        push(@out,$t);
+        $l=4-($l+9)/8;
+        push(@out,"\t" x $l);
+        push(@out,&conv($p2));
+        push(@out,"\n");
+        }
+sub out0
+        {
+        my($name)=@_;
+        push(@out,"\t$name\n");
+        }
+sub out1
+        {
+        my($name,$p1)=@_;
+        my($l,$t);
+        push(@out,"\t$name\t".&conv($p1)."\n");
+        }
+sub conv
+        {
+        my($p)=@_;
+        $p =~ s/0x([0-9A-Fa-f]+)/0$1h/;
+        return $p;
+        }
+sub using486
+        {
+        return if $using486;
+        $using486++;
+        grep(s/\.386/\.486/,@out);
+        }
+sub main'file
+        {
+        local $tmp;
+        $tmp=<<___;
+%ifdef __omf__
+section code    use32 class=code
+%else
+section .text
+%endif
+___
+        push(@out,$tmp);
+        }
+sub main'function_begin
+        {
+        my($func,$extra)=@_;
+        push(@labels,$func);
+        my($tmp)=<<"EOF";
+global  _$func
+_$func:
+        push    ebp
+        push    ebx
+        push    esi
+        push    edi
+EOF
+        push(@out,$tmp);
+        $stack=20;
+        }
+sub main'function_begin_B
+        {
+        my($func,$extra)=@_;
+        my($tmp)=<<"EOF";
+global  _$func
+_$func:
+EOF
+        push(@out,$tmp);
+        $stack=4;
+        }
+sub main'function_end
+        {
+        my($func)=@_;
+        my($tmp)=<<"EOF";
+        pop     edi
+        pop     esi
+        pop     ebx
+        pop     ebp
+        ret
+EOF
+        push(@out,$tmp);
+        $stack=0;
+        %label=();
+        }
+sub main'function_end_B
+        {
+        $stack=0;
+        %label=();
+        }
+sub main'function_end_A
+        {
+        my($func)=@_;
+        my($tmp)=<<"EOF";
+        pop     edi
+        pop     esi
+        pop     ebx
+        pop     ebp
+        ret
+EOF
+        push(@out,$tmp);
+        }
+sub main'file_end
+        {
+        }
+sub main'wparam
+        {
+        my($num)=@_;
+        return(&main'DWP($stack+$num*4,"esp","",0));
+        }
+sub main'swtmp
+        {
+        return(&main'DWP($_[0]*4,"esp","",0));
+        }
+# Should use swtmp, which is above esp.  Linix can trash the stack above esp
+#sub main'wtmp
+#       {
+#       my($num)=@_;
+#
+#       return(&main'DWP(-(($num+1)*4),"esp","",0));
+#       }
+sub main'comment
+        {
+        foreach (@_)
+                {
+                push(@out,"\t; $_\n");
+                }
+        }
+sub main'label
+        {
+        if (!defined($label{$_[0]}))
+                {
+                $label{$_[0]}="\$${label}${_[0]}";
+                $label++;
+                }
+        return($label{$_[0]});
+        }
+sub main'set_label
+        {
+        if (!defined($label{$_[0]}))
+                {
+                $label{$_[0]}="\$${label}${_[0]}";
+                $label++;
+                }
+        push(@out,"$label{$_[0]}:\n");
+        }
+sub main'data_word
+        {
+        push(@out,"\tDD\t$_[0]\n");
+        }
+sub out1p
+        {
+        my($name,$p1)=@_;
+        my($l,$t);
+        push(@out,"\t$name\t ".&conv($p1)."\n");
+        }
+sub main'picmeup
+        {
+        local($dst,$sym)=@_;
+        &main'lea($dst,&main'DWP($sym));
+        }
+sub main'blindpop { &out1("pop",@_); }
diff --git a/src/lib/libcrypto/perlasm/x86unix.pl b/src/lib/libcrypto/perlasm/x86unix.pl
new file mode 100644
index 0000000000..b61425e951
--- /dev/null
+++ b/src/lib/libcrypto/perlasm/x86unix.pl
@@ -0,0 +1,628 @@
+#!/usr/local/bin/perl
+package x86unix;
+$label="L000";
+$const="";
+$constl=0;
+$align=($main'aout)?"4":"16";
+$under=($main'aout)?"_":"";
+$com_start=($main'sol)?"/":"#";
+sub main'asm_init_output { @out=(); }
+sub main'asm_get_output { return(@out); }
+sub main'get_labels { return(@labels); }
+sub main'external_label { push(@labels,@_); }
+if ($main'openbsd)
+        {
+        $com_start='/*';
+        $com_end='*/';
+        }
+if ($main'cpp)
+        {
+        $align="ALIGN";
+        $under="";
+        $com_start='/*';
+        $com_end='*/';
+        }
+%lb=(   'eax',  '%al',
+        'ebx',  '%bl',
+        'ecx',  '%cl',
+        'edx',  '%dl',
+        'ax',   '%al',
+        'bx',   '%bl',
+        'cx',   '%cl',
+        'dx',   '%dl',
+        );
+%hb=(   'eax',  '%ah',
+        'ebx',  '%bh',
+        'ecx',  '%ch',
+        'edx',  '%dh',
+        'ax',   '%ah',
+        'bx',   '%bh',
+        'cx',   '%ch',
+        'dx',   '%dh',
+        );
+%regs=( 'eax',  '%eax',
+        'ebx',  '%ebx',
+        'ecx',  '%ecx',
+        'edx',  '%edx',
+        'esi',  '%esi',
+        'edi',  '%edi',
+        'ebp',  '%ebp',
+        'esp',  '%esp',
+        );
+%reg_val=(
+        'eax',  0x00,
+        'ebx',  0x03,
+        'ecx',  0x01,
+        'edx',  0x02,
+        'esi',  0x06,
+        'edi',  0x07,
+        'ebp',  0x05,
+        'esp',  0x04,
+        );
+sub main'LB
+        {
+        (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n";
+        return($lb{$_[0]});
+        }
+sub main'HB
+        {
+        (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n";
+        return($hb{$_[0]});
+        }
+sub main'DWP
+        {
+        local($addr,$reg1,$reg2,$idx)=@_;
+        $ret="";
+        $addr =~ s/(^|[+ \t])([A-Za-z_]+[A-Za-z0-9_]+)($|[+ \t])/$1$under$2$3/;
+        $reg1="$regs{$reg1}" if defined($regs{$reg1});
+        $reg2="$regs{$reg2}" if defined($regs{$reg2});
+        $ret.=$addr if ($addr ne "") && ($addr ne 0);
+        if ($reg2 ne "")
+                {
+                if($idx ne "" && $idx != 0)
+                    { $ret.="($reg1,$reg2,$idx)"; }
+                else
+                    { $ret.="($reg1,$reg2)"; }
+                }
+        elsif ($reg1 ne "")
+                { $ret.="($reg1)" }
+        return($ret);
+        }
+sub main'BP
+        {
+        return(&main'DWP(@_));
+        }
+sub main'BC
+        {
+        return @_;
+        }
+sub main'DWC
+        {
+        return @_;
+        }
+#sub main'BP
+#       {
+#       local($addr,$reg1,$reg2,$idx)=@_;
+#
+#       $ret="";
+#
+#       $addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/;
+#       $reg1="$regs{$reg1}" if defined($regs{$reg1});
+#       $reg2="$regs{$reg2}" if defined($regs{$reg2});
+#       $ret.=$addr if ($addr ne "") && ($addr ne 0);
+#       if ($reg2 ne "")
+#               { $ret.="($reg1,$reg2,$idx)"; }
+#       else
+#               { $ret.="($reg1)" }
+#       return($ret);
+#       }
+sub main'mov    { &out2("movl",@_); }
+sub main'movb   { &out2("movb",@_); }
+sub main'and    { &out2("andl",@_); }
+sub main'or     { &out2("orl",@_); }
+sub main'shl    { &out2("sall",@_); }
+sub main'shr    { &out2("shrl",@_); }
+sub main'xor    { &out2("xorl",@_); }
+sub main'xorb   { &out2("xorb",@_); }
+sub main'add    { &out2($_[0]=~/%[a-d][lh]/?"addb":"addl",@_); }
+sub main'adc    { &out2("adcl",@_); }
+sub main'sub    { &out2("subl",@_); }
+sub main'rotl   { &out2("roll",@_); }
+sub main'rotr   { &out2("rorl",@_); }
+sub main'exch   { &out2($_[0]=~/%[a-d][lh]/?"xchgb":"xchgl",@_); }
+sub main'cmp    { &out2("cmpl",@_); }
+sub main'lea    { &out2("leal",@_); }
+sub main'mul    { &out1("mull",@_); }
+sub main'div    { &out1("divl",@_); }
+sub main'jmp    { &out1("jmp",@_); }
+sub main'jmp_ptr { &out1p("jmp",@_); }
+sub main'je     { &out1("je",@_); }
+sub main'jle    { &out1("jle",@_); }
+sub main'jne    { &out1("jne",@_); }
+sub main'jnz    { &out1("jnz",@_); }
+sub main'jz     { &out1("jz",@_); }
+sub main'jge    { &out1("jge",@_); }
+sub main'jl     { &out1("jl",@_); }
+sub main'ja     { &out1("ja",@_); }
+sub main'jae    { &out1("jae",@_); }
+sub main'jb     { &out1("jb",@_); }
+sub main'jbe    { &out1("jbe",@_); }
+sub main'jc     { &out1("jc",@_); }
+sub main'jnc    { &out1("jnc",@_); }
+sub main'jno    { &out1("jno",@_); }
+sub main'dec    { &out1("decl",@_); }
+sub main'inc    { &out1($_[0]=~/%[a-d][hl]/?"incb":"incl",@_); }
+sub main'push   { &out1("pushl",@_); $stack+=4; }
+sub main'pop    { &out1("popl",@_); $stack-=4; }
+sub main'pushf  { &out0("pushf"); $stack+=4; }
+sub main'popf   { &out0("popf"); $stack-=4; }
+sub main'not    { &out1("notl",@_); }
+sub main'call   { &out1("call",($_[0]=~/^\.L/?'':$under).$_[0]); }
+sub main'ret    { &out0("ret"); }
+sub main'nop    { &out0("nop"); }
+sub main'test   { &out2("testl",@_); }
+sub main'movz   { &out2("movzbl",@_); }
+sub main'neg    { &out1("negl",@_); }
+# The bswapl instruction is new for the 486. Emulate if i386.
+sub main'bswap
+        {
+        if ($main'i386)
+                {
+                &main'comment("bswapl @_");
+                &main'exch(main'HB(@_),main'LB(@_));
+                &main'rotr(@_,16);
+                &main'exch(main'HB(@_),main'LB(@_));
+                }
+        else
+                {
+                &out1("bswapl",@_);
+                }
+        }
+sub out2
+        {
+        local($name,$p1,$p2)=@_;
+        local($l,$ll,$t);
+        local(%special)=(       "roll",0xD1C0,"rorl",0xD1C8,
+                                "rcll",0xD1D0,"rcrl",0xD1D8,
+                                "shll",0xD1E0,"shrl",0xD1E8,
+                                "sarl",0xD1F8);
+        
+        if ((defined($special{$name})) && defined($regs{$p1}) && ($p2 == 1))
+                {
+                $op=$special{$name}|$reg_val{$p1};
+                $tmp1=sprintf(".byte %d\n",($op>>8)&0xff);
+                $tmp2=sprintf(".byte %d\t",$op     &0xff);
+                push(@out,$tmp1);
+                push(@out,$tmp2);
+                $p2=&conv($p2);
+                $p1=&conv($p1);
+                &main'comment("$name $p2 $p1");
+                return;
+                }
+        push(@out,"\t$name\t");
+        $t=&conv($p2).",";
+        $l=length($t);
+        push(@out,$t);
+        $ll=4-($l+9)/8;
+        $tmp1=sprintf("\t" x $ll);
+        push(@out,$tmp1);
+        push(@out,&conv($p1)."\n");
+        }
+sub out1
+        {
+        local($name,$p1)=@_;
+        local($l,$t);
+        local(%special)=("bswapl",0x0FC8);
+        if ((defined($special{$name})) && defined($regs{$p1}))
+                {
+                $op=$special{$name}|$reg_val{$p1};
+                $tmp1=sprintf(".byte %d\n",($op>>8)&0xff);
+                $tmp2=sprintf(".byte %d\t",$op     &0xff);
+                push(@out,$tmp1);
+                push(@out,$tmp2);
+                $p2=&conv($p2);
+                $p1=&conv($p1);
+                &main'comment("$name $p2 $p1");
+                return;
+                }
+        push(@out,"\t$name\t".&conv($p1)."\n");
+        }
+sub out1p
+        {
+        local($name,$p1)=@_;
+        local($l,$t);
+        push(@out,"\t$name\t*".&conv($p1)."\n");
+        }
+sub out0
+        {
+        push(@out,"\t$_[0]\n");
+        }
+sub conv
+        {
+        local($p)=@_;
+#       $p =~ s/0x([0-9A-Fa-f]+)/0$1h/;
+        $p=$regs{$p} if (defined($regs{$p}));
+        $p =~ s/^(-{0,1}[0-9A-Fa-f]+)$/\$$1/;
+        $p =~ s/^(0x[0-9A-Fa-f]+)$/\$$1/;
+        return $p;
+        }
+sub main'file
+        {
+        local($file)=@_;
+        if ($main'openbsd)
+                { push(@out,"#include <machine/asm.h>\n"); return; }
+        local($tmp)=<<"EOF";
+        .file   "$file.s"
+        .version        "01.01"
+gcc2_compiled.:
+EOF
+        push(@out,$tmp);
+        }
+sub main'function_begin
+        {
+        local($func)=@_;
+        &main'external_label($func);
+        $func=$under.$func;
+        if ($main'openbsd)
+                { push (@out, "\nENTRY($func)\n"); goto skip; }
+        local($tmp)=<<"EOF";
+.text
+        .align $align
+.globl $func
+EOF
+        push(@out,$tmp);
+        if ($main'cpp)
+                { $tmp=push(@out,"\tTYPE($func,\@function)\n"); }
+        elsif ($main'gaswin)
+                { $tmp=push(@out,"\t.def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); }
+        else    { $tmp=push(@out,"\t.type\t$func,\@function\n"); }
+        push(@out,"$func:\n");
+skip:
+        $tmp=<<"EOF";
+        pushl   %ebp
+        pushl   %ebx
+        pushl   %esi
+        pushl   %edi
+EOF
+        push(@out,$tmp);
+        $stack=20;
+        }
+sub main'function_begin_B
+        {
+        local($func,$extra)=@_;
+        &main'external_label($func);
+        $func=$under.$func;
+        if ($main'openbsd)
+                { push(@out, "\nENTRY($func)\n"); goto skip; }
+        local($tmp)=<<"EOF";
+.text
+        .align $align
+.globl $func
+EOF
+        push(@out,$tmp);
+        if ($main'cpp)
+                { push(@out,"\tTYPE($func,\@function)\n"); }
+        elsif ($main'gaswin)
+                { $tmp=push(@out,"\t.def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); }
+        else    { push(@out,"\t.type    $func,\@function\n"); }
+        push(@out,"$func:\n");
+skip:
+        $stack=4;
+        }
+sub main'function_end
+        {
+        local($func)=@_;
+        $func=$under.$func;
+        local($tmp)=<<"EOF";
+        popl    %edi
+        popl    %esi
+        popl    %ebx
+        popl    %ebp
+        ret
+.L_${func}_end:
+EOF
+        push(@out,$tmp);
+        if ($main'cpp)
+                { push(@out,"\tSIZE($func,.L_${func}_end-$func)\n"); }
+        elsif ($main'gaswin)
+                { $tmp=push(@out,"\t.align 4\n"); }
+        else    { push(@out,"\t.size\t$func,.L_${func}_end-$func\n"); }
+        push(@out,".ident       \"$func\"\n");
+        $stack=0;
+        %label=();
+        }
+sub main'function_end_A
+        {
+        local($func)=@_;
+        local($tmp)=<<"EOF";
+        popl    %edi
+        popl    %esi
+        popl    %ebx
+        popl    %ebp
+        ret
+EOF
+        push(@out,$tmp);
+        }
+sub main'function_end_B
+        {
+        local($func)=@_;
+        $func=$under.$func;
+        push(@out,".L_${func}_end:\n");
+        if ($main'cpp)
+                { push(@out,"\tSIZE($func,.L_${func}_end-$func)\n"); }
+        elsif ($main'gaswin)
+                { push(@out,"\t.align 4\n"); }
+        else    { push(@out,"\t.size\t$func,.L_${func}_end-$func\n"); }
+        push(@out,".ident       \"desasm.pl\"\n");
+        $stack=0;
+        %label=();
+        }
+sub main'wparam
+        {
+        local($num)=@_;
+        return(&main'DWP($stack+$num*4,"esp","",0));
+        }
+sub main'stack_push
+        {
+        local($num)=@_;
+        $stack+=$num*4;
+        &main'sub("esp",$num*4);
+        }
+sub main'stack_pop
+        {
+        local($num)=@_;
+        $stack-=$num*4;
+        &main'add("esp",$num*4);
+        }
+sub main'swtmp
+        {
+        return(&main'DWP($_[0]*4,"esp","",0));
+        }
+# Should use swtmp, which is above esp.  Linix can trash the stack above esp
+#sub main'wtmp
+#       {
+#       local($num)=@_;
+#
+#       return(&main'DWP(-($num+1)*4,"esp","",0));
+#       }
+sub main'comment
+        {
+        if (!$main'openbsd && $main'elf)
+                        # GNU and SVR4 as'es use different comment delimiters,
+                {       # so we just skip comments...
+                push(@out,"\n");
+                return;
+                }
+        foreach (@_)
+                {
+                if (/^\s*$/)
+                        { push(@out,"\n"); }
+                else
+                        { push(@out,"\t$com_start $_ $com_end\n"); }
+                }
+        }
+sub main'public_label
+        {
+        $label{$_[0]}="${under}${_[0]}" if (!defined($label{$_[0]}));
+        push(@out,".globl\t$label{$_[0]}\n");
+        }
+sub main'label
+        {
+        if (!defined($label{$_[0]}))
+                {
+                $label{$_[0]}=".${label}${_[0]}";
+                $label++;
+                }
+        return($label{$_[0]});
+        }
+sub main'set_label
+        {
+        if (!defined($label{$_[0]}))
+                {
+                $label{$_[0]}=".${label}${_[0]}";
+                $label++;
+                }
+        if ($main'openbsd)
+                { push(@out,"_ALIGN_TEXT\n") if ($_[1] != 0); }
+        else
+                { push(@out,".align $align\n") if ($_[1] != 0); }
+        push(@out,"$label{$_[0]}:\n");
+        }
+sub main'file_end
+        {
+        if ($const ne "")
+                {
+                push(@out,".section .rodata\n");
+                push(@out,$const);
+                $const="";
+                }
+        }
+sub main'data_word
+        {
+        push(@out,"\t.long\t".join(',',@_)."\n");
+        }
+# debug output functions: puts, putx, printf
+sub main'puts
+        {
+        &pushvars();
+        &main'push('$Lstring' . ++$constl);
+        &main'call('puts');
+        $stack-=4;
+        &main'add("esp",4);
+        &popvars();
+        $const .= "Lstring$constl:\n\t.string \"@_[0]\"\n";
+        }
+sub main'putx
+        {
+        &pushvars();
+        &main'push($_[0]);
+        &main'push('$Lstring' . ++$constl);
+        &main'call('printf');
+        &main'add("esp",8);
+        $stack-=8;
+        &popvars();
+        $const .= "Lstring$constl:\n\t.string \"\%X\"\n";
+        }
+sub main'printf
+        {
+        $ostack = $stack;
+        &pushvars();
+        for ($i = @_ - 1; $i >= 0; $i--)
+                {
+                if ($i == 0) # change this to support %s format strings
+                        {
+                        &main'push('$Lstring' . ++$constl);
+                        $const .= "Lstring$constl:\n\t.string \"@_[$i]\"\n";
+                        }
+                else
+                        {
+                        if ($_[$i] =~ /([0-9]*)\(%esp\)/)
+                                {
+                                &main'push(($1 + $stack - $ostack) . '(%esp)');
+                                }
+                        else
+                                {
+                                &main'push($_[$i]);
+                                }
+                        }
+                }
+        &main'call('printf');
+        $stack-=4*@_;
+        &main'add("esp",4*@_);
+        &popvars();
+        }
+sub pushvars
+        {
+        &main'pushf();
+        &main'push("edx");
+        &main'push("ecx");
+        &main'push("eax");
+        }
+sub popvars
+        {
+        &main'pop("eax");
+        &main'pop("ecx");
+        &main'pop("edx");
+        &main'popf();
+        }
+sub main'picmeup
+        {
+        local($dst,$sym)=@_;
+        if ($main'cpp)
+                {
+                local($tmp)=<<___;
+#if (defined(ELF) || defined(SOL)) && defined(PIC)
+        .align  8
+        call    1f
+1:      popl    $regs{$dst}
+        addl    \$_GLOBAL_OFFSET_TABLE_+[.-1b],$regs{$dst}
+        movl    $sym\@GOT($regs{$dst}),$regs{$dst}
+#else
+        leal    $sym,$regs{$dst}
+#endif
+___
+                push(@out,$tmp);
+                }
+        elsif ($main'openbsd)
+                {
+                push(@out, "#ifdef PIC\n");
+                push(@out, "\tPIC_PROLOGUE\n");
+                &main'mov($dst,"PIC_GOT($sym)");
+                push(@out, "\tPIC_EPILOGUE\n");
+                push(@out, "#else\n");
+                &main'lea($dst,&main'DWP($sym));
+                push(@out, "#endif\n");
+                }
+        elsif ($main'pic && ($main'elf || $main'aout))
+                {
+                push(@out,"\t.align\t8\n");
+                &main'call(&main'label("PIC_me_up"));
+                &main'set_label("PIC_me_up");
+                &main'blindpop($dst);
+                &main'add($dst,"\$$under"."_GLOBAL_OFFSET_TABLE_+[.-".
+                                &main'label("PIC_me_up") . "]");
+                &main'mov($dst,&main'DWP($sym."\@GOT",$dst));
+                }
+        else
+                {
+                &main'lea($dst,&main'DWP($sym));
+                }
+        }
+sub main'blindpop { &out1("popl",@_); }
diff --git a/src/lib/libcrypto/pkcs12/Makefile b/src/lib/libcrypto/pkcs12/Makefile
new file mode 100644
index 0000000000..3a7498fe7a
--- /dev/null
+++ b/src/lib/libcrypto/pkcs12/Makefile
@@ -0,0 +1,286 @@
+#
+# OpenSSL/crypto/pkcs12/Makefile
+#
+DIR=    pkcs12
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= p12_add.c p12_asn.c p12_attr.c p12_crpt.c p12_crt.c p12_decr.c \
+        p12_init.c p12_key.c p12_kiss.c p12_mutl.c\
+        p12_utl.c p12_npas.c pk12err.c p12_p8d.c p12_p8e.c
+LIBOBJ= p12_add.o p12_asn.o p12_attr.o p12_crpt.o p12_crt.o p12_decr.o \
+        p12_init.o p12_key.o p12_kiss.o p12_mutl.o\
+        p12_utl.o p12_npas.o pk12err.o p12_p8d.o p12_p8e.o
+SRC= $(LIBSRC)
+EXHEADER=  pkcs12.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+test:
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+p12_add.o: ../../e_os.h ../../include/openssl/asn1.h
+p12_add.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p12_add.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p12_add.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_add.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_add.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+p12_add.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_add.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_add.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_add.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p12_add.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_add.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p12_add.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_add.c
+p12_asn.o: ../../e_os.h ../../include/openssl/asn1.h
+p12_asn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+p12_asn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p12_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p12_asn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p12_asn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_asn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_asn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_asn.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_asn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_asn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_asn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_asn.o: ../cryptlib.h p12_asn.c
+p12_attr.o: ../../e_os.h ../../include/openssl/asn1.h
+p12_attr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p12_attr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p12_attr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_attr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_attr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+p12_attr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_attr.o: ../../include/openssl/opensslconf.h
+p12_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_attr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_attr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_attr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_attr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_attr.o: ../cryptlib.h p12_attr.c
+p12_crpt.o: ../../e_os.h ../../include/openssl/asn1.h
+p12_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p12_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p12_crpt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_crpt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+p12_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_crpt.o: ../../include/openssl/opensslconf.h
+p12_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_crpt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_crpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_crpt.o: ../cryptlib.h p12_crpt.c
+p12_crt.o: ../../e_os.h ../../include/openssl/asn1.h
+p12_crt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p12_crt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p12_crt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_crt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_crt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+p12_crt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_crt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_crt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_crt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p12_crt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_crt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p12_crt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_crt.c
+p12_decr.o: ../../e_os.h ../../include/openssl/asn1.h
+p12_decr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p12_decr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p12_decr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_decr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_decr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+p12_decr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_decr.o: ../../include/openssl/opensslconf.h
+p12_decr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_decr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_decr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_decr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_decr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_decr.o: ../cryptlib.h p12_decr.c
+p12_init.o: ../../e_os.h ../../include/openssl/asn1.h
+p12_init.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p12_init.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p12_init.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_init.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_init.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+p12_init.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_init.o: ../../include/openssl/opensslconf.h
+p12_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_init.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_init.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_init.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_init.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_init.o: ../cryptlib.h p12_init.c
+p12_key.o: ../../e_os.h ../../include/openssl/asn1.h
+p12_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+p12_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p12_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p12_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p12_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_key.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_key.o: ../cryptlib.h p12_key.c
+p12_kiss.o: ../../e_os.h ../../include/openssl/asn1.h
+p12_kiss.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p12_kiss.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p12_kiss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_kiss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_kiss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+p12_kiss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_kiss.o: ../../include/openssl/opensslconf.h
+p12_kiss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_kiss.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_kiss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_kiss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_kiss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_kiss.o: ../cryptlib.h p12_kiss.c
+p12_mutl.o: ../../e_os.h ../../include/openssl/asn1.h
+p12_mutl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p12_mutl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p12_mutl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_mutl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_mutl.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
+p12_mutl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_mutl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_mutl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_mutl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_mutl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+p12_mutl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_mutl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p12_mutl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_mutl.c
+p12_npas.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_npas.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+p12_npas.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p12_npas.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p12_npas.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_npas.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+p12_npas.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_npas.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_npas.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+p12_npas.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_npas.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_npas.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_npas.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_npas.o: p12_npas.c
+p12_p8d.o: ../../e_os.h ../../include/openssl/asn1.h
+p12_p8d.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p12_p8d.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p12_p8d.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_p8d.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_p8d.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+p12_p8d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_p8d.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_p8d.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_p8d.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p12_p8d.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_p8d.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p12_p8d.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_p8d.c
+p12_p8e.o: ../../e_os.h ../../include/openssl/asn1.h
+p12_p8e.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p12_p8e.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p12_p8e.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_p8e.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_p8e.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+p12_p8e.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_p8e.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_p8e.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_p8e.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p12_p8e.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_p8e.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p12_p8e.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_p8e.c
+p12_utl.o: ../../e_os.h ../../include/openssl/asn1.h
+p12_utl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+p12_utl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+p12_utl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_utl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_utl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+p12_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+p12_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+p12_utl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_utl.c
+pk12err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pk12err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+pk12err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pk12err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pk12err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pk12err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pk12err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk12err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk12err.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+pk12err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pk12err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pk12err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk12err.o: pk12err.c
diff --git a/src/lib/libcrypto/pkcs12/Makefile.ssl b/src/lib/libcrypto/pkcs12/Makefile.ssl
new file mode 100644
index 0000000000..a6e47b4085
--- /dev/null
+++ b/src/lib/libcrypto/pkcs12/Makefile.ssl
@@ -0,0 +1,417 @@
+#
+# SSLeay/crypto/pkcs12/Makefile
+#
+DIR=    pkcs12
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= p12_add.c p12_asn.c p12_attr.c p12_crpt.c p12_crt.c p12_decr.c \
+        p12_init.c p12_key.c p12_kiss.c p12_mutl.c\
+        p12_utl.c p12_npas.c pk12err.c p12_p8d.c p12_p8e.c
+LIBOBJ= p12_add.o p12_asn.o p12_attr.o p12_crpt.o p12_crt.o p12_decr.o \
+        p12_init.o p12_key.o p12_kiss.o p12_mutl.o\
+        p12_utl.o p12_npas.o pk12err.o p12_p8d.o p12_p8e.o
+SRC= $(LIBSRC)
+EXHEADER=  pkcs12.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+test:
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+p12_add.o: ../../e_os.h ../../include/openssl/aes.h
+p12_add.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_add.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_add.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_add.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_add.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_add.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_add.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_add.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_add.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_add.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_add.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_add.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_add.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_add.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_add.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_add.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_add.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_add.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_add.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p12_add.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_add.o: ../cryptlib.h p12_add.c
+p12_asn.o: ../../e_os.h ../../include/openssl/aes.h
+p12_asn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+p12_asn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p12_asn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p12_asn.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p12_asn.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p12_asn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p12_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p12_asn.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p12_asn.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p12_asn.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p12_asn.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p12_asn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_asn.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_asn.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_asn.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_asn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_asn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_asn.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_asn.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_asn.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_asn.c
+p12_attr.o: ../../e_os.h ../../include/openssl/aes.h
+p12_attr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_attr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_attr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_attr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_attr.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_attr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_attr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_attr.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_attr.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_attr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_attr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_attr.o: ../../include/openssl/opensslconf.h
+p12_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_attr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_attr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_attr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_attr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_attr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_attr.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_attr.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_attr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_attr.c
+p12_crpt.o: ../../e_os.h ../../include/openssl/aes.h
+p12_crpt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_crpt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_crpt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_crpt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_crpt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_crpt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_crpt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_crpt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_crpt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_crpt.o: ../../include/openssl/opensslconf.h
+p12_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_crpt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_crpt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_crpt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_crpt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_crpt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_crpt.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_crpt.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_crpt.c
+p12_crt.o: ../../e_os.h ../../include/openssl/aes.h
+p12_crt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_crt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_crt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_crt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_crt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_crt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_crt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_crt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_crt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_crt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_crt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_crt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_crt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_crt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_crt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_crt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_crt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_crt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_crt.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p12_crt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_crt.o: ../cryptlib.h p12_crt.c
+p12_decr.o: ../../e_os.h ../../include/openssl/aes.h
+p12_decr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_decr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_decr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_decr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_decr.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_decr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_decr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_decr.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_decr.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_decr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_decr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_decr.o: ../../include/openssl/opensslconf.h
+p12_decr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_decr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_decr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_decr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_decr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_decr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_decr.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_decr.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_decr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_decr.c
+p12_init.o: ../../e_os.h ../../include/openssl/aes.h
+p12_init.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_init.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_init.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_init.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_init.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_init.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_init.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_init.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_init.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_init.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_init.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_init.o: ../../include/openssl/opensslconf.h
+p12_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_init.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_init.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_init.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_init.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_init.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_init.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_init.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_init.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_init.c
+p12_key.o: ../../e_os.h ../../include/openssl/aes.h
+p12_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_key.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_key.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_key.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_key.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_key.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_key.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p12_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_key.o: ../cryptlib.h p12_key.c
+p12_kiss.o: ../../e_os.h ../../include/openssl/aes.h
+p12_kiss.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_kiss.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_kiss.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_kiss.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_kiss.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_kiss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_kiss.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_kiss.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_kiss.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_kiss.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_kiss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_kiss.o: ../../include/openssl/opensslconf.h
+p12_kiss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_kiss.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_kiss.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_kiss.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_kiss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_kiss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_kiss.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_kiss.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_kiss.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_kiss.c
+p12_mutl.o: ../../e_os.h ../../include/openssl/aes.h
+p12_mutl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_mutl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_mutl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_mutl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_mutl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_mutl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_mutl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_mutl.o: ../../include/openssl/hmac.h ../../include/openssl/idea.h
+p12_mutl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p12_mutl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p12_mutl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p12_mutl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_mutl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_mutl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_mutl.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+p12_mutl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_mutl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_mutl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_mutl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_mutl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p12_mutl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_mutl.o: ../cryptlib.h p12_mutl.c
+p12_npas.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p12_npas.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p12_npas.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p12_npas.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p12_npas.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p12_npas.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p12_npas.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+p12_npas.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p12_npas.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p12_npas.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p12_npas.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p12_npas.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_npas.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_npas.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+p12_npas.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_npas.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_npas.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_npas.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_npas.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_npas.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_npas.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_npas.o: ../../include/openssl/x509_vfy.h p12_npas.c
+p12_p8d.o: ../../e_os.h ../../include/openssl/aes.h
+p12_p8d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_p8d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_p8d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_p8d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_p8d.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_p8d.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_p8d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_p8d.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_p8d.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_p8d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_p8d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_p8d.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_p8d.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_p8d.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_p8d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_p8d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_p8d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_p8d.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_p8d.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p12_p8d.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_p8d.o: ../cryptlib.h p12_p8d.c
+p12_p8e.o: ../../e_os.h ../../include/openssl/aes.h
+p12_p8e.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_p8e.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_p8e.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_p8e.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_p8e.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_p8e.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_p8e.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_p8e.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_p8e.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_p8e.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_p8e.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_p8e.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_p8e.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_p8e.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_p8e.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_p8e.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_p8e.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_p8e.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_p8e.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p12_p8e.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_p8e.o: ../cryptlib.h p12_p8e.c
+p12_utl.o: ../../e_os.h ../../include/openssl/aes.h
+p12_utl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_utl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_utl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_utl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_utl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_utl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_utl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_utl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_utl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_utl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_utl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_utl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_utl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p12_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_utl.o: ../cryptlib.h p12_utl.c
+pk12err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+pk12err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+pk12err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+pk12err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+pk12err.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+pk12err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pk12err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pk12err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pk12err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pk12err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pk12err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pk12err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk12err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk12err.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+pk12err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pk12err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pk12err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pk12err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk12err.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pk12err.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pk12err.o: ../../include/openssl/x509_vfy.h pk12err.c
diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c
index 41bdc00551..27015dd8c3 100644
--- a/src/lib/libcrypto/pkcs12/p12_add.c
+++ b/src/lib/libcrypto/pkcs12/p12_add.c
@@ -68,16 +68,16 @@ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid
        PKCS12_BAGS *bag;
        PKCS12_SAFEBAG *safebag;
        if (!(bag = PKCS12_BAGS_new())) {
-                PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+                PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
                return NULL;
        }
        bag->type = OBJ_nid2obj(nid1);
        if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
-                PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+                PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
                return NULL;
        }
        if (!(safebag = PKCS12_SAFEBAG_new())) {
-                PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+                PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
                return NULL;
        }
        safebag->value.bag = bag;
diff --git a/src/lib/libcrypto/pkcs12/p12_crpt.c b/src/lib/libcrypto/pkcs12/p12_crpt.c
index 3ad33c49d8..003ec7a33e 100644
--- a/src/lib/libcrypto/pkcs12/p12_crpt.c
+++ b/src/lib/libcrypto/pkcs12/p12_crpt.c
@@ -84,25 +84,19 @@ EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(),
 #endif
 }
-int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de)
 {
        PBEPARAM *pbe;
        int saltlen, iter, ret;
-        unsigned char *salt;
+        unsigned char *salt, *pbuf;
-        const unsigned char *pbuf;
        unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
        /* Extract useful info from parameter */
-        if (param == NULL || param->type != V_ASN1_SEQUENCE ||
-            param->value.sequence == NULL) {
-                PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR);
-                return 0;
-        }
        pbuf = param->value.sequence->data;
-        if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
+        if (!param || (param->type != V_ASN1_SEQUENCE) ||
-                PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR);
+           !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) {
+                EVPerr(PKCS12_F_PKCS12_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
                return 0;
        }
diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c
index dbafda17b6..40340a7bef 100644
--- a/src/lib/libcrypto/pkcs12/p12_crt.c
+++ b/src/lib/libcrypto/pkcs12/p12_crt.c
@@ -1,9 +1,9 @@
 /* p12_crt.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project.
+ * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -60,289 +60,113 @@
 #include "cryptlib.h"
 #include <openssl/pkcs12.h>
-static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag);
 PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
             STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
             int keytype)
 {
-        PKCS12 *p12 = NULL;
+        PKCS12 *p12;
-        STACK_OF(PKCS7) *safes = NULL;
+        STACK_OF(PKCS12_SAFEBAG) *bags;
-        STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
+        STACK_OF(PKCS7) *safes;
-        PKCS12_SAFEBAG *bag = NULL;
+        PKCS12_SAFEBAG *bag;
+        PKCS8_PRIV_KEY_INFO *p8;
+        PKCS7 *authsafe;
+        X509 *tcert;
        int i;
        unsigned char keyid[EVP_MAX_MD_SIZE];
-        unsigned int keyidlen = 0;
+        unsigned int keyidlen;
        /* Set defaults */
-        if (!nid_cert)
+        if(!nid_cert)
-                nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
-        if (!nid_key)
-                nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-        if (!iter)
-                iter = PKCS12_DEFAULT_ITER;
-        if (!mac_iter)
-                mac_iter = 1;
-        if(!pkey && !cert && !ca)
-                {
-                PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT);
-                return NULL;
-                }
-        if (pkey && cert)
-                {
-                if(!X509_check_private_key(cert, pkey))
-                        return NULL;
-                X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
-                }
-        if (cert)
-                {
-                bag = PKCS12_add_cert(&bags, cert);
-                if(name && !PKCS12_add_friendlyname(bag, name, -1))
-                        goto err;
-                if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
-                        goto err;
-                }
-        /* Add all other certificates */
-        for(i = 0; i < sk_X509_num(ca); i++)
                {
-                if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i)))
+#ifdef OPENSSL_FIPS
-                        goto err;
+                if (FIPS_mode())
-                }
+                        nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+                else
-        if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass))
+#endif
-                        goto err;
+                        nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
-        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-        bags = NULL;
-        if (pkey)
-                {
-                int cspidx;
-                bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);
-                if (!bag)
-                        goto err;
-                cspidx = EVP_PKEY_get_attr_by_NID(pkey, NID_ms_csp_name, -1);
-                if (cspidx >= 0)
-                        {
-                        X509_ATTRIBUTE *cspattr;
-                        cspattr = EVP_PKEY_get_attr(pkey, cspidx);
-                        if (!X509at_add1_attr(&bag->attrib, cspattr))
-                                goto err;
-                        }
-                if(name && !PKCS12_add_friendlyname(bag, name, -1))
-                        goto err;
-                if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
-                        goto err;
                }
+        if(!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+        if(!iter) iter = PKCS12_DEFAULT_ITER;
+        if(!mac_iter) mac_iter = 1;
-        if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL))
+        if(!pkey || !cert) {
-                        goto err;
+                PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT);
+                return NULL;
-        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+        }
-        bags = NULL;
-        p12 = PKCS12_add_safes(safes, 0);
-        sk_PKCS7_pop_free(safes, PKCS7_free);
-        safes = NULL;
-        if ((mac_iter != -1) &&
-                !PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL))
-            goto err;
-        return p12;
-        err:
-        if (p12)
-                PKCS12_free(p12);
-        if (safes)
-                sk_PKCS7_pop_free(safes, PKCS7_free);
-        if (bags)
-                sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-        return NULL;
-}
+        if(!X509_check_private_key(cert, pkey)) return NULL;
-PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
+        if(!(bags = sk_PKCS12_SAFEBAG_new_null ())) {
-        {
+                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
-        PKCS12_SAFEBAG *bag = NULL;
+                return NULL;
-        char *name;
+        }
-        int namelen = -1;
-        unsigned char *keyid;
-        int keyidlen = -1;
        /* Add user certificate */
-        if(!(bag = PKCS12_x5092certbag(cert)))
+        if(!(bag = PKCS12_x5092certbag(cert))) return NULL;
-                goto err;
+        if(name && !PKCS12_add_friendlyname(bag, name, -1)) return NULL;
+        X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
-        /* Use friendlyName and localKeyID in certificate.
+        if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL;
-         * (if present)
-         */
-        name = (char *)X509_alias_get0(cert, &namelen);
-        if(name && !PKCS12_add_friendlyname(bag, name, namelen))
-                goto err;
-        keyid = X509_keyid_get0(cert, &keyidlen);
-        if(keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
-                goto err;
-        if (!pkcs12_add_bag(pbags, bag))
-                goto err;
-        return bag;
-        err:
-        if (bag)
-                PKCS12_SAFEBAG_free(bag);
-        return NULL;
+        if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
+                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
+                return NULL;
        }
+        
-PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key,
+        /* Add all other certificates */
-                                                int key_usage, int iter,
+        if(ca) {
-                                                int nid_key, char *pass)
+                for(i = 0; i < sk_X509_num(ca); i++) {
-        {
+                        tcert = sk_X509_value(ca, i);
+                        if(!(bag = PKCS12_x5092certbag(tcert))) return NULL;
-        PKCS12_SAFEBAG *bag = NULL;
+                        if(!sk_PKCS12_SAFEBAG_push(bags, bag)) {
-        PKCS8_PRIV_KEY_INFO *p8 = NULL;
+                                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
+                                return NULL;
-        /* Make a PKCS#8 structure */
+                        }
-        if(!(p8 = EVP_PKEY2PKCS8(key)))
-                goto err;
-        if(key_usage && !PKCS8_add_keyusage(p8, key_usage))
-                goto err;
-        if (nid_key != -1)
-                {
-                bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8);
-                PKCS8_PRIV_KEY_INFO_free(p8);
                }
-        else
-                bag = PKCS12_MAKE_KEYBAG(p8);
-        if(!bag)
-                goto err;
-        if (!pkcs12_add_bag(pbags, bag))
-                goto err;
-        return bag;
-        err:
-        if (bag)
-                PKCS12_SAFEBAG_free(bag);
-        return NULL;
        }
-int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
+        /* Turn certbags into encrypted authsafe */
-                                                int nid_safe, int iter, char *pass)
+        authsafe = PKCS12_pack_p7encdata (nid_cert, pass, -1, NULL, 0,
-        {
-        PKCS7 *p7 = NULL;
-        int free_safes = 0;
-        if (!*psafes)
-                {
-                *psafes = sk_PKCS7_new_null();
-                if (!*psafes)
-                        return 0;
-                free_safes = 1;
-                }
-        else
-                free_safes = 0;
-        if (nid_safe == 0)
-                nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;
-        if (nid_safe == -1)
-                p7 = PKCS12_pack_p7data(bags);
-        else
-                p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0,
                                          iter, bags);
-        if (!p7)
+        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-                goto err;
-        if (!sk_PKCS7_push(*psafes, p7))
-                goto err;
-        return 1;
-        err:
-        if (free_safes)
-                {
-                sk_PKCS7_free(*psafes);
-                *psafes = NULL;
-                }
-        if (p7)
-                PKCS7_free(p7);
-        return 0;
+        if (!authsafe) return NULL;
+        if(!(safes = sk_PKCS7_new_null ())
+           || !sk_PKCS7_push(safes, authsafe)) {
+                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
+                return NULL;
        }
-static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag)
+        /* Make a shrouded key bag */
-        {
+        if(!(p8 = EVP_PKEY2PKCS8 (pkey))) return NULL;
-        int free_bags;
+        if(keytype && !PKCS8_add_keyusage(p8, keytype)) return NULL;
-        if (!pbags)
+        bag = PKCS12_MAKE_SHKEYBAG (nid_key, pass, -1, NULL, 0, iter, p8);
-                return 1;
+        if(!bag) return NULL;
-        if (!*pbags)
+        PKCS8_PRIV_KEY_INFO_free(p8);
-                {
+        if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL;
-                *pbags = sk_PKCS12_SAFEBAG_new_null();
+        if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL;
-                if (!*pbags)
+        if(!(bags = sk_PKCS12_SAFEBAG_new_null())
-                        return 0;
+           || !sk_PKCS12_SAFEBAG_push (bags, bag)) {
-                free_bags = 1;
+                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
-                }
+                return NULL;
-        else 
+        }
-                free_bags = 0;
+        /* Turn it into unencrypted safe bag */
+        if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL;
-        if (!sk_PKCS12_SAFEBAG_push(*pbags, bag))
+        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-                {
+        if(!sk_PKCS7_push(safes, authsafe)) {
-                if (free_bags)
+                PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE);
-                        {
+                return NULL;
-                        sk_PKCS12_SAFEBAG_free(*pbags);
-                        *pbags = NULL;
-                        }
-                return 0;
-                }
-        return 1;
        }
-                
-PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7)
+        if(!(p12 = PKCS12_init (NID_pkcs7_data))) return NULL;
-        {
-        PKCS12 *p12;
-        if (nid_p7 <= 0)
-                nid_p7 = NID_pkcs7_data;
-        p12 = PKCS12_init(nid_p7);
-        if (!p12)
+        if(!PKCS12_pack_authsafes (p12, safes)) return NULL;
-                return NULL;
-        if(!PKCS12_pack_authsafes(p12, safes))
+        sk_PKCS7_pop_free(safes, PKCS7_free);
-                {
-                PKCS12_free(p12);
+        if(!PKCS12_set_mac (p12, pass, -1, NULL, 0, mac_iter, NULL))
-                return NULL;
+            return NULL;
-                }
        return p12;
-        }
+}
diff --git a/src/lib/libcrypto/pkcs12/p12_decr.c b/src/lib/libcrypto/pkcs12/p12_decr.c
index 74c961a92b..b5684a83ba 100644
--- a/src/lib/libcrypto/pkcs12/p12_decr.c
+++ b/src/lib/libcrypto/pkcs12/p12_decr.c
@@ -113,14 +113,13 @@ unsigned char * PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
 void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
             const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf)
 {
-        unsigned char *out;
+        unsigned char *out, *p;
-        const unsigned char *p;
        void *ret;
        int outlen;
        if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
                               &out, &outlen, 0)) {
-                PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
+                PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
                return NULL;
        }
        p = out;
@@ -138,7 +137,7 @@ void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
 #endif
        ret = ASN1_item_d2i(NULL, &p, outlen, it);
        if (zbuf) OPENSSL_cleanse(out, outlen);
-        if(!ret) PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
+        if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
        OPENSSL_free(out);
        return ret;
 }
@@ -155,17 +154,17 @@ ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *i
        unsigned char *in = NULL;
        int inlen;
        if (!(oct = M_ASN1_OCTET_STRING_new ())) {
-                PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE);
+                PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE);
                return NULL;
        }
        inlen = ASN1_item_i2d(obj, &in, it);
        if (!in) {
-                PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR);
+                PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR);
                return NULL;
        }
        if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
                                 &oct->length, 1)) {
-                PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR);
+                PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR);
                OPENSSL_free(in);
                return NULL;
        }
diff --git a/src/lib/libcrypto/pkcs12/p12_init.c b/src/lib/libcrypto/pkcs12/p12_init.c
index 6bdc132631..5276b12669 100644
--- a/src/lib/libcrypto/pkcs12/p12_init.c
+++ b/src/lib/libcrypto/pkcs12/p12_init.c
@@ -62,7 +62,7 @@
 /* Initialise a PKCS12 structure to take data */
-PKCS12 *PKCS12_init(int mode)
+PKCS12 *PKCS12_init (int mode)
 {
        PKCS12 *pkcs12;
        if (!(pkcs12 = PKCS12_new())) {
diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c
index 18e72d0a1b..9196a34b4a 100644
--- a/src/lib/libcrypto/pkcs12/p12_key.c
+++ b/src/lib/libcrypto/pkcs12/p12_key.c
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/pkcs12.h>
-#include <openssl/bn.h>
 /* Uncomment out this line to get debugging info about key generation */
 /*#define DEBUG_KEYGEN*/
diff --git a/src/lib/libcrypto/pkcs12/p12_kiss.c b/src/lib/libcrypto/pkcs12/p12_kiss.c
index c2ee2cc6f3..2b31999e11 100644
--- a/src/lib/libcrypto/pkcs12/p12_kiss.c
+++ b/src/lib/libcrypto/pkcs12/p12_kiss.c
@@ -80,7 +80,7 @@ static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
 * passed unitialised.
 */
-int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
+int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
             STACK_OF(X509) **ca)
 {
@@ -141,7 +141,7 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
 /* Parse the outer PKCS#12 structure */
-static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
+static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
             EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
 {
        STACK_OF(PKCS7) *asafes;
@@ -178,10 +178,10 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
 }
-static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
+static int parse_bags (STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
-                      int passlen, EVP_PKEY **pkey, X509 **cert,
+                       int passlen, EVP_PKEY **pkey, X509 **cert,
-                      STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
+                       STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
-                      char *keymatch)
+                       char *keymatch)
 {
        int i;
        for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
@@ -197,9 +197,9 @@ static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
 #define MATCH_ALL  0x3
 static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
-                     EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
+                      EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
-                     ASN1_OCTET_STRING **keyid,
+                      ASN1_OCTET_STRING **keyid,
-                     char *keymatch)
+             char *keymatch)
 {
        PKCS8_PRIV_KEY_INFO *p8;
        X509 *x509;
@@ -221,7 +221,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
                        if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL;
                } else {
                        if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) {
-                                PKCS12err(PKCS12_F_PARSE_BAG,ERR_R_MALLOC_FAILURE);
+                                PKCS12err(PKCS12_F_PARSE_BAGS,ERR_R_MALLOC_FAILURE);
                                return 0;
                    }
                }
diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c
index c408cc8ab8..140d21155e 100644
--- a/src/lib/libcrypto/pkcs12/p12_mutl.c
+++ b/src/lib/libcrypto/pkcs12/p12_mutl.c
@@ -64,12 +64,12 @@
 #include <openssl/pkcs12.h>
 /* Generate a MAC */
-int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
+int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen,
-                   unsigned char *mac, unsigned int *maclen)
+                    unsigned char *mac, unsigned int *maclen)
 {
        const EVP_MD *md_type;
        HMAC_CTX hmac;
-        unsigned char key[EVP_MAX_MD_SIZE], *salt;
+        unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt;
        int saltlen, iter;
        if (!PKCS7_type_is_data(p12->authsafes))
@@ -88,12 +88,12 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
                return 0;
        }
        if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
-                                 EVP_MD_size(md_type), key, md_type)) {
+                                 PKCS12_MAC_KEY_LENGTH, key, md_type)) {
                PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR);
                return 0;
        }
        HMAC_CTX_init(&hmac);
-        HMAC_Init_ex(&hmac, key, EVP_MD_size(md_type), md_type, NULL);
+        HMAC_Init_ex(&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type, NULL);
        HMAC_Update(&hmac, p12->authsafes->d.data->data,
                                         p12->authsafes->d.data->length);
        HMAC_Final(&hmac, mac, maclen);
@@ -102,16 +102,16 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
 }
 /* Verify the mac */
-int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
+int PKCS12_verify_mac (PKCS12 *p12, const char *pass, int passlen)
 {
        unsigned char mac[EVP_MAX_MD_SIZE];
        unsigned int maclen;
        if(p12->mac == NULL) {
-                PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC,PKCS12_R_MAC_ABSENT);
+                PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_ABSENT);
                return 0;
        }
        if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) {
-                PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC,PKCS12_R_MAC_GENERATION_ERROR);
+                PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_GENERATION_ERROR);
                return 0;
        }
        if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
@@ -121,7 +121,7 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
 /* Set a mac */
-int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
+int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen,
             unsigned char *salt, int saltlen, int iter, const EVP_MD *md_type)
 {
        unsigned char mac[EVP_MAX_MD_SIZE];
@@ -145,7 +145,7 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
 }
 /* Set up a mac structure */
-int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
+int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
             const EVP_MD *md_type)
 {
        if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR;
diff --git a/src/lib/libcrypto/pkcs12/p12_npas.c b/src/lib/libcrypto/pkcs12/p12_npas.c
index 48eacc5c49..af708a2743 100644
--- a/src/lib/libcrypto/pkcs12/p12_npas.c
+++ b/src/lib/libcrypto/pkcs12/p12_npas.c
@@ -77,26 +77,28 @@ static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
 int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass)
 {
-        /* Check for NULL PKCS12 structure */
-        if(!p12) {
+/* Check for NULL PKCS12 structure */
-                PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
-                return 0;
-        }
-        /* Check the mac */
+if(!p12) {
-        
+        PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
-        if (!PKCS12_verify_mac(p12, oldpass, -1)) {
+        return 0;
-                PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_MAC_VERIFY_FAILURE);
+}
-                return 0;
-        }
-        if (!newpass_p12(p12, oldpass, newpass)) {
+/* Check the mac */
-                PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_PARSE_ERROR);
-                return 0;
+if (!PKCS12_verify_mac(p12, oldpass, -1)) {
-        }
+        PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_MAC_VERIFY_FAILURE);
+        return 0;
+}
+if (!newpass_p12(p12, oldpass, newpass)) {
+        PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_PARSE_ERROR);
+        return 0;
+}
+return 1;
-        return 1;
 }
 /* Parse the outer PKCS#12 structure */
@@ -204,8 +206,7 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
 static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)
 {
        PBEPARAM *pbe;
-        const unsigned char *p;
+        unsigned char *p;
        p = alg->parameter->value.sequence->data;
        pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
        *pnid = OBJ_obj2nid(alg->algorithm);
diff --git a/src/lib/libcrypto/pkcs12/pk12err.c b/src/lib/libcrypto/pkcs12/pk12err.c
index 07a1fb6907..a33b37b1c7 100644
--- a/src/lib/libcrypto/pkcs12/pk12err.c
+++ b/src/lib/libcrypto/pkcs12/pk12err.c
@@ -70,18 +70,16 @@
 static ERR_STRING_DATA PKCS12_str_functs[]=
        {
-{ERR_FUNC(PKCS12_F_PARSE_BAG),  "PARSE_BAG"},
 {ERR_FUNC(PKCS12_F_PARSE_BAGS), "PARSE_BAGS"},
 {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME),    "PKCS12_ADD_FRIENDLYNAME"},
 {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC),        "PKCS12_add_friendlyname_asc"},
 {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI),        "PKCS12_add_friendlyname_uni"},
 {ERR_FUNC(PKCS12_F_PKCS12_ADD_LOCALKEYID),      "PKCS12_add_localkeyid"},
 {ERR_FUNC(PKCS12_F_PKCS12_CREATE),      "PKCS12_create"},
+{ERR_FUNC(PKCS12_F_PKCS12_DECRYPT_D2I), "PKCS12_DECRYPT_D2I"},
 {ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC),     "PKCS12_gen_mac"},
+{ERR_FUNC(PKCS12_F_PKCS12_I2D_ENCRYPT), "PKCS12_I2D_ENCRYPT"},
 {ERR_FUNC(PKCS12_F_PKCS12_INIT),        "PKCS12_init"},
-{ERR_FUNC(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I),    "PKCS12_item_decrypt_d2i"},
-{ERR_FUNC(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT),    "PKCS12_item_i2d_encrypt"},
-{ERR_FUNC(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG),   "PKCS12_item_pack_safebag"},
 {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"},
 {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"},
 {ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG), "PKCS12_MAKE_KEYBAG"},
@@ -89,6 +87,7 @@ static ERR_STRING_DATA PKCS12_str_functs[]=
 {ERR_FUNC(PKCS12_F_PKCS12_NEWPASS),     "PKCS12_newpass"},
 {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"},
 {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA),      "PKCS12_pack_p7encdata"},
+{ERR_FUNC(PKCS12_F_PKCS12_PACK_SAFEBAG),        "PKCS12_PACK_SAFEBAG"},
 {ERR_FUNC(PKCS12_F_PKCS12_PARSE),       "PKCS12_parse"},
 {ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT),   "PKCS12_pbe_crypt"},
 {ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN),        "PKCS12_PBE_keyivgen"},
@@ -96,9 +95,9 @@ static ERR_STRING_DATA PKCS12_str_functs[]=
 {ERR_FUNC(PKCS12_F_PKCS12_SET_MAC),     "PKCS12_set_mac"},
 {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES),    "PKCS12_unpack_authsafes"},
 {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA),       "PKCS12_unpack_p7data"},
-{ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC),  "PKCS12_verify_mac"},
 {ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE), "PKCS8_add_keyusage"},
 {ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT),      "PKCS8_encrypt"},
+{ERR_FUNC(PKCS12_F_VERIFY_MAC), "VERIFY_MAC"},
 {0,NULL}
        };
@@ -133,12 +132,15 @@ static ERR_STRING_DATA PKCS12_str_reasons[]=
 void ERR_load_PKCS12_strings(void)
        {
-#ifndef OPENSSL_NO_ERR
+        static int init=1;
-        if (ERR_func_error_string(PKCS12_str_functs[0].error) == NULL)
+        if (init)
                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
                ERR_load_strings(0,PKCS12_str_functs);
                ERR_load_strings(0,PKCS12_str_reasons);
-                }
 #endif
+                }
        }
diff --git a/src/lib/libcrypto/pkcs12/pkcs12.h b/src/lib/libcrypto/pkcs12/pkcs12.h
index a2d7e359a0..fb8af82d4f 100644
--- a/src/lib/libcrypto/pkcs12/pkcs12.h
+++ b/src/lib/libcrypto/pkcs12/pkcs12.h
@@ -249,15 +249,6 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
 PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
                         STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
                                                 int mac_iter, int keytype);
-PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
-PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key,
-                                                int key_usage, int iter,
-                                                int key_nid, char *pass);
-int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
-                                        int safe_nid, int iter, char *pass);
-PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid);
 int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
 int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
 PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
@@ -273,18 +264,16 @@ void ERR_load_PKCS12_strings(void);
 /* Error codes for the PKCS12 functions. */
 /* Function codes. */
-#define PKCS12_F_PARSE_BAG                               129
 #define PKCS12_F_PARSE_BAGS                              103
 #define PKCS12_F_PKCS12_ADD_FRIENDLYNAME                 100
 #define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC             127
 #define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI             102
 #define PKCS12_F_PKCS12_ADD_LOCALKEYID                   104
 #define PKCS12_F_PKCS12_CREATE                           105
+#define PKCS12_F_PKCS12_DECRYPT_D2I                      106
 #define PKCS12_F_PKCS12_GEN_MAC                          107
+#define PKCS12_F_PKCS12_I2D_ENCRYPT                      108
 #define PKCS12_F_PKCS12_INIT                             109
-#define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I                 106
-#define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT                 108
-#define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG                117
 #define PKCS12_F_PKCS12_KEY_GEN_ASC                      110
 #define PKCS12_F_PKCS12_KEY_GEN_UNI                      111
 #define PKCS12_F_PKCS12_MAKE_KEYBAG                      112
@@ -292,16 +281,17 @@ void ERR_load_PKCS12_strings(void);
 #define PKCS12_F_PKCS12_NEWPASS                          128
 #define PKCS12_F_PKCS12_PACK_P7DATA                      114
 #define PKCS12_F_PKCS12_PACK_P7ENCDATA                   115
+#define PKCS12_F_PKCS12_PACK_SAFEBAG                     117
 #define PKCS12_F_PKCS12_PARSE                            118
 #define PKCS12_F_PKCS12_PBE_CRYPT                        119
 #define PKCS12_F_PKCS12_PBE_KEYIVGEN                     120
 #define PKCS12_F_PKCS12_SETUP_MAC                        122
 #define PKCS12_F_PKCS12_SET_MAC                          123
-#define PKCS12_F_PKCS12_UNPACK_AUTHSAFES                 130
+#define PKCS12_F_PKCS12_UNPACK_AUTHSAFES                 129
-#define PKCS12_F_PKCS12_UNPACK_P7DATA                    131
+#define PKCS12_F_PKCS12_UNPACK_P7DATA                    130
-#define PKCS12_F_PKCS12_VERIFY_MAC                       126
 #define PKCS12_F_PKCS8_ADD_KEYUSAGE                      124
 #define PKCS12_F_PKCS8_ENCRYPT                           125
+#define PKCS12_F_VERIFY_MAC                              126
 /* Reason codes. */
 #define PKCS12_R_CANT_PACK_STRUCTURE                     100
diff --git a/src/lib/libcrypto/pkcs7/Makefile b/src/lib/libcrypto/pkcs7/Makefile
new file mode 100644
index 0000000000..3f7e88b40f
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/Makefile
@@ -0,0 +1,187 @@
+#
+# OpenSSL/crypto/pkcs7/Makefile
+#
+DIR=    pkcs7
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+PEX_LIBS=
+EX_LIBS=
+ 
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile README
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= pk7_asn1.c pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c \
+        pk7_mime.c
+LIBOBJ= pk7_asn1.o pk7_lib.o pkcs7err.o pk7_doit.o pk7_smime.o pk7_attr.o \
+        pk7_mime.o
+SRC= $(LIBSRC)
+EXHEADER=  pkcs7.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+test:
+all:    lib
+testapps: enc dec sign verify
+enc: enc.o lib
+        $(CC) $(CFLAGS) -o enc enc.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
+dec: dec.o lib
+        $(CC) $(CFLAGS) -o dec dec.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
+sign: sign.o lib
+        $(CC) $(CFLAGS) -o sign sign.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
+verify: verify.o example.o lib
+        $(CC) $(CFLAGS) -o verify verify.o $(PEX_LIBS) example.o $(LIB) $(EX_LIBS)
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff enc dec sign verify
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+pk7_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+pk7_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+pk7_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+pk7_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pk7_asn1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pk7_asn1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pk7_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pk7_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pk7_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk7_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pk7_asn1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_asn1.c
+pk7_attr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pk7_attr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+pk7_attr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pk7_attr.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pk7_attr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pk7_attr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pk7_attr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_attr.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pk7_attr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pk7_attr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk7_attr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pk7_attr.o: ../../include/openssl/x509_vfy.h pk7_attr.c
+pk7_doit.o: ../../e_os.h ../../include/openssl/asn1.h
+pk7_doit.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pk7_doit.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+pk7_doit.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pk7_doit.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pk7_doit.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pk7_doit.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pk7_doit.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_doit.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_doit.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pk7_doit.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pk7_doit.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pk7_doit.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk7_doit.o: ../../include/openssl/x509v3.h ../cryptlib.h pk7_doit.c
+pk7_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+pk7_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pk7_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pk7_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pk7_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pk7_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+pk7_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk7_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pk7_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+pk7_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pk7_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pk7_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk7_lib.o: ../cryptlib.h pk7_lib.c
+pk7_mime.o: ../../e_os.h ../../include/openssl/asn1.h
+pk7_mime.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pk7_mime.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pk7_mime.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pk7_mime.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pk7_mime.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+pk7_mime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk7_mime.o: ../../include/openssl/opensslconf.h
+pk7_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pk7_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pk7_mime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pk7_mime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk7_mime.o: ../cryptlib.h pk7_mime.c
+pk7_smime.o: ../../e_os.h ../../include/openssl/asn1.h
+pk7_smime.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pk7_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+pk7_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pk7_smime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pk7_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pk7_smime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pk7_smime.o: ../../include/openssl/objects.h
+pk7_smime.o: ../../include/openssl/opensslconf.h
+pk7_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pk7_smime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk7_smime.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pk7_smime.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+pk7_smime.o: ../cryptlib.h pk7_smime.c
+pkcs7err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pkcs7err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pkcs7err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+pkcs7err.o: ../../include/openssl/opensslconf.h
+pkcs7err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pkcs7err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pkcs7err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pkcs7err.o: pkcs7err.c
diff --git a/src/lib/libcrypto/pkcs7/Makefile.ssl b/src/lib/libcrypto/pkcs7/Makefile.ssl
new file mode 100644
index 0000000000..c3bfc7d560
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/Makefile.ssl
@@ -0,0 +1,243 @@
+#
+# SSLeay/crypto/pkcs7/Makefile
+#
+DIR=    pkcs7
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+PEX_LIBS=
+EX_LIBS=
+ 
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile README
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= pk7_asn1.c pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c \
+        pk7_mime.c
+LIBOBJ= pk7_asn1.o pk7_lib.o pkcs7err.o pk7_doit.o pk7_smime.o pk7_attr.o \
+        pk7_mime.o
+SRC= $(LIBSRC)
+EXHEADER=  pkcs7.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+test:
+all:    lib
+testapps: enc dec sign verify
+enc: enc.o lib
+        $(CC) $(CFLAGS) -o enc enc.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
+dec: dec.o lib
+        $(CC) $(CFLAGS) -o dec dec.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
+sign: sign.o lib
+        $(CC) $(CFLAGS) -o sign sign.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
+verify: verify.o example.o lib
+        $(CC) $(CFLAGS) -o verify verify.o $(PEX_LIBS) example.o $(LIB) $(EX_LIBS)
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff enc dec sign verify
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+pk7_asn1.o: ../../e_os.h ../../include/openssl/aes.h
+pk7_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+pk7_asn1.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+pk7_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+pk7_asn1.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+pk7_asn1.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+pk7_asn1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pk7_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pk7_asn1.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pk7_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pk7_asn1.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pk7_asn1.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pk7_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pk7_asn1.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pk7_asn1.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pk7_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pk7_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pk7_asn1.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pk7_asn1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk7_asn1.o: ../cryptlib.h pk7_asn1.c
+pk7_attr.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+pk7_attr.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+pk7_attr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+pk7_attr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+pk7_attr.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+pk7_attr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pk7_attr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pk7_attr.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pk7_attr.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pk7_attr.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pk7_attr.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pk7_attr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_attr.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pk7_attr.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pk7_attr.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pk7_attr.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pk7_attr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pk7_attr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pk7_attr.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pk7_attr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk7_attr.o: pk7_attr.c
+pk7_doit.o: ../../e_os.h ../../include/openssl/aes.h
+pk7_doit.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pk7_doit.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pk7_doit.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pk7_doit.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+pk7_doit.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+pk7_doit.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pk7_doit.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pk7_doit.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pk7_doit.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pk7_doit.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pk7_doit.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pk7_doit.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_doit.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_doit.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pk7_doit.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pk7_doit.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pk7_doit.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pk7_doit.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk7_doit.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pk7_doit.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pk7_doit.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+pk7_doit.o: ../cryptlib.h pk7_doit.c
+pk7_lib.o: ../../e_os.h ../../include/openssl/aes.h
+pk7_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pk7_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pk7_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pk7_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pk7_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pk7_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pk7_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pk7_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pk7_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pk7_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pk7_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk7_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pk7_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+pk7_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pk7_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pk7_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pk7_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk7_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pk7_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pk7_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_lib.c
+pk7_mime.o: ../../e_os.h ../../include/openssl/aes.h
+pk7_mime.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pk7_mime.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pk7_mime.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pk7_mime.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pk7_mime.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pk7_mime.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pk7_mime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pk7_mime.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pk7_mime.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pk7_mime.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pk7_mime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk7_mime.o: ../../include/openssl/opensslconf.h
+pk7_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pk7_mime.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pk7_mime.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pk7_mime.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pk7_mime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk7_mime.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pk7_mime.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pk7_mime.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_mime.c
+pk7_smime.o: ../../e_os.h ../../include/openssl/aes.h
+pk7_smime.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pk7_smime.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pk7_smime.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pk7_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+pk7_smime.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+pk7_smime.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pk7_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pk7_smime.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pk7_smime.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pk7_smime.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pk7_smime.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pk7_smime.o: ../../include/openssl/objects.h
+pk7_smime.o: ../../include/openssl/opensslconf.h
+pk7_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pk7_smime.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pk7_smime.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pk7_smime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pk7_smime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pk7_smime.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pk7_smime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk7_smime.o: ../../include/openssl/x509v3.h ../cryptlib.h pk7_smime.c
+pkcs7err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pkcs7err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+pkcs7err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pkcs7err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+pkcs7err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pkcs7err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pkcs7err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pkcs7err.o: pkcs7err.c
diff --git a/src/lib/libcrypto/pkcs7/bio_ber.c b/src/lib/libcrypto/pkcs7/bio_ber.c
new file mode 100644
index 0000000000..895a91177b
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/bio_ber.c
@@ -0,0 +1,466 @@
+/* crypto/evp/bio_ber.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+static int ber_write(BIO *h,char *buf,int num);
+static int ber_read(BIO *h,char *buf,int size);
+/*static int ber_puts(BIO *h,char *str); */
+/*static int ber_gets(BIO *h,char *str,int size); */
+static long ber_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int ber_new(BIO *h);
+static int ber_free(BIO *data);
+static long ber_callback_ctrl(BIO *h,int cmd,void *(*fp)());
+#define BER_BUF_SIZE    (32)
+/* This is used to hold the state of the BER objects being read. */
+typedef struct ber_struct
+        {
+        int tag;
+        int class;
+        long length;
+        int inf;
+        int num_left;
+        int depth;
+        } BER_CTX;
+typedef struct bio_ber_struct
+        {
+        int tag;
+        int class;
+        long length;
+        int inf;
+        /* most of the following are used when doing non-blocking IO */
+        /* reading */
+        long num_left;  /* number of bytes still to read/write in block */
+        int depth;      /* used with indefinite encoding. */
+        int finished;   /* No more read data */
+        /* writting */ 
+        char *w_addr;
+        int w_offset;
+        int w_left;
+        int buf_len;
+        int buf_off;
+        unsigned char buf[BER_BUF_SIZE];
+        } BIO_BER_CTX;
+static BIO_METHOD methods_ber=
+        {
+        BIO_TYPE_CIPHER,"cipher",
+        ber_write,
+        ber_read,
+        NULL, /* ber_puts, */
+        NULL, /* ber_gets, */
+        ber_ctrl,
+        ber_new,
+        ber_free,
+        ber_callback_ctrl,
+        };
+BIO_METHOD *BIO_f_ber(void)
+        {
+        return(&methods_ber);
+        }
+static int ber_new(BIO *bi)
+        {
+        BIO_BER_CTX *ctx;
+        ctx=(BIO_BER_CTX *)OPENSSL_malloc(sizeof(BIO_BER_CTX));
+        if (ctx == NULL) return(0);
+        memset((char *)ctx,0,sizeof(BIO_BER_CTX));
+        bi->init=0;
+        bi->ptr=(char *)ctx;
+        bi->flags=0;
+        return(1);
+        }
+static int ber_free(BIO *a)
+        {
+        BIO_BER_CTX *b;
+        if (a == NULL) return(0);
+        b=(BIO_BER_CTX *)a->ptr;
+        OPENSSL_cleanse(a->ptr,sizeof(BIO_BER_CTX));
+        OPENSSL_free(a->ptr);
+        a->ptr=NULL;
+        a->init=0;
+        a->flags=0;
+        return(1);
+        }
+int bio_ber_get_header(BIO *bio, BIO_BER_CTX *ctx)
+        {
+        char buf[64];
+        int i,j,n;
+        int ret;
+        unsigned char *p;
+        unsigned long length
+        int tag;
+        int class;
+        long max;
+        BIO_clear_retry_flags(b);
+        /* Pack the buffer down if there is a hole at the front */
+        if (ctx->buf_off != 0)
+                {
+                p=ctx->buf;
+                j=ctx->buf_off;
+                n=ctx->buf_len-j;
+                for (i=0; i<n; i++)
+                        {
+                        p[0]=p[j];
+                        p++;
+                        }
+                ctx->buf_len-j;
+                ctx->buf_off=0;
+                }
+        /* If there is more room, read some more data */
+        i=BER_BUF_SIZE-ctx->buf_len;
+        if (i)
+                {
+                i=BIO_read(bio->next_bio,&(ctx->buf[ctx->buf_len]),i);
+                if (i <= 0)
+                        {
+                        BIO_copy_next_retry(b);
+                        return(i);
+                        }
+                else
+                        ctx->buf_len+=i;
+                }
+        max=ctx->buf_len;
+        p=ctx->buf;
+        ret=ASN1_get_object(&p,&length,&tag,&class,max);
+        if (ret & 0x80)
+                {
+                if ((ctx->buf_len < BER_BUF_SIZE) &&
+                        (ERR_GET_REASON(ERR_peek_error()) == ASN1_R_TOO_LONG))
+                        {
+                        ERR_get_error(); /* clear the error */
+                        BIO_set_retry_read(b);
+                        }
+                return(-1);
+                }
+        /* We have no error, we have a header, so make use of it */
+        if ((ctx->tag  >= 0) && (ctx->tag != tag))
+                {
+                BIOerr(BIO_F_BIO_BER_GET_HEADER,BIO_R_TAG_MISMATCH);
+                sprintf(buf,"tag=%d, got %d",ctx->tag,tag);
+                ERR_add_error_data(1,buf);
+                return(-1);
+                }
+        if (ret & 0x01)
+        if (ret & V_ASN1_CONSTRUCTED)
+        }
+        
+static int ber_read(BIO *b, char *out, int outl)
+        {
+        int ret=0,i,n;
+        BIO_BER_CTX *ctx;
+        BIO_clear_retry_flags(b);
+        if (out == NULL) return(0);
+        ctx=(BIO_BER_CTX *)b->ptr;
+        if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+        if (ctx->finished) return(0);
+again:
+        /* First see if we are half way through reading a block */
+        if (ctx->num_left > 0)
+                {
+                if (ctx->num_left < outl)
+                        n=ctx->num_left;
+                else
+                        n=outl;
+                i=BIO_read(b->next_bio,out,n);
+                if (i <= 0)
+                        {
+                        BIO_copy_next_retry(b);
+                        return(i);
+                        }
+                ctx->num_left-=i;
+                outl-=i;
+                ret+=i;
+                if (ctx->num_left <= 0)
+                        {
+                        ctx->depth--;
+                        if (ctx->depth <= 0)
+                                ctx->finished=1;
+                        }
+                if (outl <= 0)
+                        return(ret);
+                else
+                        goto again;
+                }
+        else    /* we need to read another BER header */
+                {
+                }
+        }
+static int ber_write(BIO *b, char *in, int inl)
+        {
+        int ret=0,n,i;
+        BIO_ENC_CTX *ctx;
+        ctx=(BIO_ENC_CTX *)b->ptr;
+        ret=inl;
+        BIO_clear_retry_flags(b);
+        n=ctx->buf_len-ctx->buf_off;
+        while (n > 0)
+                {
+                i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
+                if (i <= 0)
+                        {
+                        BIO_copy_next_retry(b);
+                        return(i);
+                        }
+                ctx->buf_off+=i;
+                n-=i;
+                }
+        /* at this point all pending data has been written */
+        if ((in == NULL) || (inl <= 0)) return(0);
+        ctx->buf_off=0;
+        while (inl > 0)
+                {
+                n=(inl > ENC_BLOCK_SIZE)?ENC_BLOCK_SIZE:inl;
+                EVP_CipherUpdate(&(ctx->cipher),
+                        (unsigned char *)ctx->buf,&ctx->buf_len,
+                        (unsigned char *)in,n);
+                inl-=n;
+                in+=n;
+                ctx->buf_off=0;
+                n=ctx->buf_len;
+                while (n > 0)
+                        {
+                        i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
+                        if (i <= 0)
+                                {
+                                BIO_copy_next_retry(b);
+                                return(i);
+                                }
+                        n-=i;
+                        ctx->buf_off+=i;
+                        }
+                ctx->buf_len=0;
+                ctx->buf_off=0;
+                }
+        BIO_copy_next_retry(b);
+        return(ret);
+        }
+static long ber_ctrl(BIO *b, int cmd, long num, char *ptr)
+        {
+        BIO *dbio;
+        BIO_ENC_CTX *ctx,*dctx;
+        long ret=1;
+        int i;
+        ctx=(BIO_ENC_CTX *)b->ptr;
+        switch (cmd)
+                {
+        case BIO_CTRL_RESET:
+                ctx->ok=1;
+                ctx->finished=0;
+                EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL,
+                        ctx->cipher.berrypt);
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_EOF:      /* More to read */
+                if (ctx->cont <= 0)
+                        ret=1;
+                else
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_WPENDING:
+                ret=ctx->buf_len-ctx->buf_off;
+                if (ret <= 0)
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_PENDING: /* More to read in buffer */
+                ret=ctx->buf_len-ctx->buf_off;
+                if (ret <= 0)
+                        ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_CTRL_FLUSH:
+                /* do a final write */
+again:
+                while (ctx->buf_len != ctx->buf_off)
+                        {
+                        i=ber_write(b,NULL,0);
+                        if (i < 0)
+                                {
+                                ret=i;
+                                break;
+                                }
+                        }
+                if (!ctx->finished)
+                        {
+                        ctx->finished=1;
+                        ctx->buf_off=0;
+                        ret=EVP_CipherFinal_ex(&(ctx->cipher),
+                                (unsigned char *)ctx->buf,
+                                &(ctx->buf_len));
+                        ctx->ok=(int)ret;
+                        if (ret <= 0) break;
+                        /* push out the bytes */
+                        goto again;
+                        }
+                
+                /* Finally flush the underlying BIO */
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+        case BIO_C_GET_CIPHER_STATUS:
+                ret=(long)ctx->ok;
+                break;
+        case BIO_C_DO_STATE_MACHINE:
+                BIO_clear_retry_flags(b);
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                BIO_copy_next_retry(b);
+                break;
+        case BIO_CTRL_DUP:
+                dbio=(BIO *)ptr;
+                dctx=(BIO_ENC_CTX *)dbio->ptr;
+                memcpy(&(dctx->cipher),&(ctx->cipher),sizeof(ctx->cipher));
+                dbio->init=1;
+                break;
+        default:
+                ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+                break;
+                }
+        return(ret);
+        }
+static long ber_callback_ctrl(BIO *b, int cmd, void *(*fp)())
+        {
+        long ret=1;
+        if (b->next_bio == NULL) return(0);
+        switch (cmd)
+                {
+        default:
+                ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
+                break;
+                }
+        return(ret);
+        }
+/*
+void BIO_set_cipher_ctx(b,c)
+BIO *b;
+EVP_CIPHER_ctx *c;
+        {
+        if (b == NULL) return;
+        if ((b->callback != NULL) &&
+                (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
+                return;
+        b->init=1;
+        ctx=(BIO_ENC_CTX *)b->ptr;
+        memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX));
+        
+        if (b->callback != NULL)
+                b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
+        }
+*/
+void BIO_set_cipher(BIO *b, EVP_CIPHER *c, unsigned char *k, unsigned char *i,
+             int e)
+        {
+        BIO_ENC_CTX *ctx;
+        if (b == NULL) return;
+        if ((b->callback != NULL) &&
+                (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
+                return;
+        b->init=1;
+        ctx=(BIO_ENC_CTX *)b->ptr;
+        EVP_CipherInit_ex(&(ctx->cipher),c,NULL,k,i,e);
+        
+        if (b->callback != NULL)
+                b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
+        }
diff --git a/src/lib/libcrypto/pkcs7/dec.c b/src/lib/libcrypto/pkcs7/dec.c
new file mode 100644
index 0000000000..6752ec568a
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/dec.c
@@ -0,0 +1,248 @@
+/* crypto/pkcs7/verify.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/asn1.h>
+int verify_callback(int ok, X509_STORE_CTX *ctx);
+BIO *bio_err=NULL;
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        char *keyfile=NULL;
+        BIO *in;
+        EVP_PKEY *pkey;
+        X509 *x509;
+        PKCS7 *p7;
+        PKCS7_SIGNER_INFO *si;
+        X509_STORE_CTX cert_ctx;
+        X509_STORE *cert_store=NULL;
+        BIO *data,*detached=NULL,*p7bio=NULL;
+        char buf[1024*4];
+        unsigned char *pp;
+        int i,printit=0;
+        STACK_OF(PKCS7_SIGNER_INFO) *sk;
+        OpenSSL_add_all_algorithms();
+        bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+        data=BIO_new(BIO_s_file());
+        pp=NULL;
+        while (argc > 1)
+                {
+                argc--;
+                argv++;
+                if (strcmp(argv[0],"-p") == 0)
+                        {
+                        printit=1;
+                        }
+                else if ((strcmp(argv[0],"-k") == 0) && (argc >= 2)) {
+                        keyfile = argv[1];
+                        argc-=1;
+                        argv+=1;
+                } else if ((strcmp(argv[0],"-d") == 0) && (argc >= 2))
+                        {
+                        detached=BIO_new(BIO_s_file());
+                        if (!BIO_read_filename(detached,argv[1]))
+                                goto err;
+                        argc-=1;
+                        argv+=1;
+                        }
+                else break;
+                }
+         if (!BIO_read_filename(data,argv[0])) goto err; 
+        if(!keyfile) {
+                fprintf(stderr, "No private key file specified\n");
+                goto err;
+        }
+        if ((in=BIO_new_file(keyfile,"r")) == NULL) goto err;
+        if ((x509=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) goto err;
+        BIO_reset(in);
+        if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL)) == NULL)
+                goto err;
+        BIO_free(in);
+        if (pp == NULL)
+                BIO_set_fp(data,stdin,BIO_NOCLOSE);
+        /* Load the PKCS7 object from a file */
+        if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL,NULL)) == NULL) goto err;
+        /* This stuff is being setup for certificate verification.
+         * When using SSL, it could be replaced with a 
+         * cert_stre=SSL_CTX_get_cert_store(ssl_ctx); */
+        cert_store=X509_STORE_new();
+        X509_STORE_set_default_paths(cert_store);
+        X509_STORE_load_locations(cert_store,NULL,"../../certs");
+        X509_STORE_set_verify_cb_func(cert_store,verify_callback);
+        ERR_clear_error();
+        /* We need to process the data */
+        /* We cannot support detached encryption */
+        p7bio=PKCS7_dataDecode(p7,pkey,detached,x509);
+        if (p7bio == NULL)
+                {
+                printf("problems decoding\n");
+                goto err;
+                }
+        /* We now have to 'read' from p7bio to calculate digests etc. */
+        for (;;)
+                {
+                i=BIO_read(p7bio,buf,sizeof(buf));
+                /* print it? */
+                if (i <= 0) break;
+                fwrite(buf,1, i, stdout);
+                }
+        /* We can now verify signatures */
+        sk=PKCS7_get_signer_info(p7);
+        if (sk == NULL)
+                {
+                fprintf(stderr, "there are no signatures on this data\n");
+                }
+        else
+                {
+                /* Ok, first we need to, for each subject entry,
+                 * see if we can verify */
+                ERR_clear_error();
+                for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sk); i++)
+                        {
+                        si=sk_PKCS7_SIGNER_INFO_value(sk,i);
+                        i=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si);
+                        if (i <= 0)
+                                goto err;
+                        else
+                                fprintf(stderr,"Signature verified\n");
+                        }
+                }
+        X509_STORE_free(cert_store);
+        exit(0);
+err:
+        ERR_load_crypto_strings();
+        ERR_print_errors_fp(stderr);
+        exit(1);
+        }
+/* should be X509 * but we can just have them as char *. */
+int verify_callback(int ok, X509_STORE_CTX *ctx)
+        {
+        char buf[256];
+        X509 *err_cert;
+        int err,depth;
+        err_cert=X509_STORE_CTX_get_current_cert(ctx);
+        err=    X509_STORE_CTX_get_error(ctx);
+        depth=  X509_STORE_CTX_get_error_depth(ctx);
+        X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
+        BIO_printf(bio_err,"depth=%d %s\n",depth,buf);
+        if (!ok)
+                {
+                BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
+                        X509_verify_cert_error_string(err));
+                if (depth < 6)
+                        {
+                        ok=1;
+                        X509_STORE_CTX_set_error(ctx,X509_V_OK);
+                        }
+                else
+                        {
+                        ok=0;
+                        X509_STORE_CTX_set_error(ctx,X509_V_ERR_CERT_CHAIN_TOO_LONG);
+                        }
+                }
+        switch (ctx->error)
+                {
+        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+                X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);
+                BIO_printf(bio_err,"issuer= %s\n",buf);
+                break;
+        case X509_V_ERR_CERT_NOT_YET_VALID:
+        case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+                BIO_printf(bio_err,"notBefore=");
+                ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
+                BIO_printf(bio_err,"\n");
+                break;
+        case X509_V_ERR_CERT_HAS_EXPIRED:
+        case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+                BIO_printf(bio_err,"notAfter=");
+                ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
+                BIO_printf(bio_err,"\n");
+                break;
+                }
+        BIO_printf(bio_err,"verify return:%d\n",ok);
+        return(ok);
+        }
diff --git a/src/lib/libcrypto/pkcs7/des.pem b/src/lib/libcrypto/pkcs7/des.pem
new file mode 100644
index 0000000000..62d1657e3e
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/des.pem
@@ -0,0 +1,15 @@
+MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG
+A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
+ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR+MA0GCSqGSIb3DQEBAQUABEC2vXI1xQDW6lUHM3zQ
+/9uBEBOO5A3TtkrklAXq7v01gsIC21t52qSk36REXY+slhNZ0OQ349tgkTsoETHFLoEwMIHw
+AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI
+QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
+UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G
+CSqGSIb3DQEBAQUABEB8ujxbabxXUYJhopuDm3oDq4JNqX6Io4p3ro+ShqfIndsXTZ1v5a2N
+WtLLCWlHn/habjBwZ/DgQgcKASbZ7QxNMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA
+oAQIbsL5v1wX98KggAQoAaJ4WHm68fXY1WE5OIjfVBIDpO1K+i8dmKhjnAjrjoyZ9Bwc8rDL
+lgQg4CXb805h5xl+GfvSwUaHJayte1m2mcOhs3J2YyqbQ+MEIMIiJQccmhO3oDKm36CFvYR8
+5PjpclVcZyX2ngbwPFMnBAgy0clOAE6UKAAAAAAAAAAAAAA=
diff --git a/src/lib/libcrypto/pkcs7/doc b/src/lib/libcrypto/pkcs7/doc
new file mode 100644
index 0000000000..d2e8b7b2a3
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/doc
@@ -0,0 +1,24 @@
+int PKCS7_set_content_type(PKCS7 *p7, int type);
+Call to set the type of PKCS7 object we are working on
+int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
+        EVP_MD *dgst);
+Use this to setup a signer info
+There will also be functions to add signed and unsigned attributes.
+int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
+Add a signer info to the content.
+int PKCS7_add_certificae(PKCS7 *p7, X509 *x509);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+----
+p7=PKCS7_new();
+PKCS7_set_content_type(p7,NID_pkcs7_signed);
+signer=PKCS7_SINGNER_INFO_new();
+PKCS7_SIGNER_INFO_set(signer,x509,pkey,EVP_md5());
+PKCS7_add_signer(py,signer);
+we are now setup.
diff --git a/src/lib/libcrypto/pkcs7/enc.c b/src/lib/libcrypto/pkcs7/enc.c
new file mode 100644
index 0000000000..7417f8a4e0
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/enc.c
@@ -0,0 +1,174 @@
+/* crypto/pkcs7/enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        X509 *x509;
+        PKCS7 *p7;
+        BIO *in;
+        BIO *data,*p7bio;
+        char buf[1024*4];
+        int i;
+        int nodetach=1;
+        char *keyfile = NULL;
+        const EVP_CIPHER *cipher=NULL;
+        STACK_OF(X509) *recips=NULL;
+        OpenSSL_add_all_algorithms();
+        data=BIO_new(BIO_s_file());
+        while(argc > 1)
+                {
+                if (strcmp(argv[1],"-nd") == 0)
+                        {
+                        nodetach=1;
+                        argv++; argc--;
+                        }
+                else if ((strcmp(argv[1],"-c") == 0) && (argc >= 2)) {
+                        if(!(cipher = EVP_get_cipherbyname(argv[2]))) {
+                                fprintf(stderr, "Unknown cipher %s\n", argv[2]);
+                                goto err;
+                        }
+                        argc-=2;
+                        argv+=2;
+                } else if ((strcmp(argv[1],"-k") == 0) && (argc >= 2)) {
+                        keyfile = argv[2];
+                        argc-=2;
+                        argv+=2;
+                        if (!(in=BIO_new_file(keyfile,"r"))) goto err;
+                        if (!(x509=PEM_read_bio_X509(in,NULL,NULL,NULL)))
+                                goto err;
+                        if(!recips) recips = sk_X509_new_null();
+                        sk_X509_push(recips, x509);
+                        BIO_free(in);
+                } else break;
+        }
+        if(!recips) {
+                fprintf(stderr, "No recipients\n");
+                goto err;
+        }
+        if (!BIO_read_filename(data,argv[1])) goto err;
+        p7=PKCS7_new();
+#if 0
+        BIO_reset(in);
+        if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err;
+        BIO_free(in);
+        PKCS7_set_type(p7,NID_pkcs7_signedAndEnveloped);
+         
+        if (PKCS7_add_signature(p7,x509,pkey,EVP_sha1()) == NULL) goto err;
+        /* we may want to add more */
+        PKCS7_add_certificate(p7,x509);
+#else
+        PKCS7_set_type(p7,NID_pkcs7_enveloped);
+#endif
+        if(!cipher)     {
+#ifndef OPENSSL_NO_DES
+                cipher = EVP_des_ede3_cbc();
+#else
+                fprintf(stderr, "No cipher selected\n");
+                goto err;
+#endif
+        }
+        if (!PKCS7_set_cipher(p7,cipher)) goto err;
+        for(i = 0; i < sk_X509_num(recips); i++) {
+                if (!PKCS7_add_recipient(p7,sk_X509_value(recips, i))) goto err;
+        }
+        sk_X509_pop_free(recips, X509_free);
+        /* Set the content of the signed to 'data' */
+        /* PKCS7_content_new(p7,NID_pkcs7_data); not used in envelope */
+        /* could be used, but not in this version :-)
+        if (!nodetach) PKCS7_set_detached(p7,1);
+        */
+        if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err;
+        for (;;)
+                {
+                i=BIO_read(data,buf,sizeof(buf));
+                if (i <= 0) break;
+                BIO_write(p7bio,buf,i);
+                }
+        BIO_flush(p7bio);
+        if (!PKCS7_dataFinal(p7,p7bio)) goto err;
+        BIO_free(p7bio);
+        PEM_write_PKCS7(stdout,p7);
+        PKCS7_free(p7);
+        exit(0);
+err:
+        ERR_load_crypto_strings();
+        ERR_print_errors_fp(stderr);
+        exit(1);
+        }
diff --git a/src/lib/libcrypto/pkcs7/es1.pem b/src/lib/libcrypto/pkcs7/es1.pem
new file mode 100644
index 0000000000..47112a238f
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/es1.pem
@@ -0,0 +1,66 @@
+-----BEGIN PKCS7-----
+MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG
+A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
+ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqGSIb3DQEBAQUABEDWak0y/5XZJhQJeCLo
+KECcHXkTEbjzYkYNHIinbiPmRK4QbNfs9z2mA3z/c2ykQ4eAqFR2jyNrUMN/+I5XEiv6MIHw
+AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI
+QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
+UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G
+CSqGSIb3DQEBAQUABEAWg9+KgtCjc77Jdj1Ve4wGgHjVHbbSYEA1ZqKFDoi15vSr9hfpHmC4
+ycZzcRo16JkTfolefiHZzmyjVz94vSN6MIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA
+oAQI7X4Tk4mcbV6ggASBsHl1mCaJ3RhXWlNPCgCRU53d7M5x6TDZRkvwdtdvW96m1lupT03F
+XtonkBqk7oMkH7kGfs5/REQOPjx0QE2Ixmgt1W3szum82EZwA7pZNppcraK7W/odw/7bYZO+
+II3HPmRklE2N9qiu1LPaPUsnYogkO6SennyeL5tZ382vBweL/8pnG0qsbT1OBb65v+llnsjT
+pa1T/p+fIx/iJJGE6K9fYFokC6gXLQ6ozXRdOu5oBDB8mPCYYvAqKycidM/MrGGUkpEtS4f0
+lS31PwQi5YTim8Ig3/TOwVpPX32i46FTuEIEIMHkD/OvpfwCCzXUHHJnKnKUAUvIsSY3vGBs
+8ezpUDfBBBj9LHDy32hZ2tQilkDefP5VM2LLdrWgamYEgfiyITQvn08Ul5lQOQxbFKBheFq5
+otCCN4MR+w5eq12xQu6y+f9z0159ag2ru87D0lLtUtXXtCELbO1nUkT2sJ0k/iDs9TOXr6Cx
+go1XKYho83hlkXYiCteVizdAbgVGNsNRD4wtIdajsorET/LuJECgp11YeL9w1dlDB0HLEZfi
+XCsUphH4jGagba3hDeUSibnjSiJlN0ukfuQurBBbI2UkBAujiEAubKPn7C1FZJRSw6CPPX5t
+KEpmcqT1JNk6LO8Js6/1sCmmBh1VGCy1+EuTI9J1p7Dagf4nQ8cHitoCRpHuKZlFHnZyv7tw
+Rn/KOhHaYP2VzAh40gQIvKMAAWh9oFsEEIMwIoOmLwLH5wf+8QdbDhoECH8HwZt9a12dBAjL
+r4j2zlvtfgQIt7nmEM3wz1EECKlc3EIy1irCBBCAKINcermK3A+jI6ISN2RzBFA3dsh/xwMu
+l61aWMBBZzEz/SF92k6n35KZhCC0d6fIVC/1WMv0fnCwQ8oEDynSre216VEFiYKBaQLJe5o/
+mTAxC7Ht3goXnuc+i1FItOkLrgRI/wyvTICEn2WsNZiMADnGaee2bqPnUopo+VMGexJEtCPk
+l0ZNlDJGquPDkpUwaEtecVZzCNyVPYyyF4J/l8rmGDhDdYUIC8IKBEg/ip/E0BuubBLWVbv+
+HRl4QrnGpyCyeXRXXK603QP3sT1Zbbm1v5pI/loOhVHi724LmtXHSyp5qv9MDcxE1PoX10LY
+gBRtlwwESPeCF8bK5jk4xIQMhK5NMHj1Y1KQWTZ9NGITBL4hjRq2qp4Qk5GIpGgOVPopAuCo
+TIyPikpqBRNtLSPRSsDs6QPUPzWBh6JgxwRQblnDKKUkxUcnJiD4i9QtGa/ZabMn4KxtNOBL
+5JSh1nJkaLXCZY070131WWPAByLcd5TiXq8x84pmzV5NNk4tiMpoXhJNsx8e4rskQQlKd6ME
+SCe2eYDHKcKPX3WJbUzhrJSQ92/aWnI2iUY8WQ+kSNyiZ2QUjyuUg9Z66g/0d2STlvPOBHT/
+y5ODP2CwbcWX4QmCbUc9TT66fQRIrRVuwvtOfnUueyGgYhJ3HpAJfVaB/7kap5bj7Fi/azW4
+9JDfd1bC/W9h0Kyk7RO2gxvE0hIHc26mZJHTm9MNP5D328MnM2MdBEjKjQBtgrp+lFIii7MP
+nGHFTKUkG4WAIZJCf/CsT+p6/SW0qG71Me/YcSw5STB24j+a+HgMV8RVIeUlkP4z0IWWrSoB
+Gh4d/Z0EUMCVHs/HZ/bWgiyhtHpvuVAzidm8D81p1LJ5BQX5/5f/m+q5+fS/npL27dTEbNqs
+LSB6ij3MZAi7LwHWpTn9zWnDajCMEj9vlaV7mcKtHK5iBEg85agFi1h3MvicqLtoFe5hVv9T
+tG0j6CRkjkixPzivltlrf44KHv14gLM0XJxCGyq7vd3l8QYr3+9at0zNnX/yqTiBnsnE5dUE
+SIgrYuz87M2gi/ER9PcDoTtONH3+CkcqVy03q/Sj8cVWD/b1KgEhqnNOfc8Ak9PctyR/ItcR
+8Me5XVn1GJKkQJk4O29fxvgNoAQIrIESvUWGshAEQByXiFoFTDUByjTlgjcy77H1lrH+y3P/
+wAInJjJAut9kCNyGJV0PA4kdPB5USWltuO6t8gk4Pd2YBMl09zqUWkAEUCjFrtZ3mapjcGZI
+uQTASKR5LSjXoWxTT5gae/+64MerF/oCEeO3ehRTpjnPrsiRDo0rWIQTaj9+Nro8Z2xtWstw
+RnfoAHIxV1lEamPwjsceBEi2SD9hiifFeO5ECiVoaE1FdXUXhU+jwYAMx6jHWO9hMkYzS9pM
+Y3IyWR5ybtOjiQgkUdvRJPUPGf5DVVMPnymGX25aDh5PYpIESPbsM9akCpOOVuscywcUswmU
+o7dXvlB48WWCfg/al3BQKAZbn5ZXtWNwpUZkrEdHsrxAVv3rxRcdkT3Z1fzUbIuYkLJN200o
+WgRIJvn6RO8KEj7/HOg2sYuuM8nz1kR0TSgwX7/0y/7JfjBa0JIlP7o75sNJscE8oyoIMzuy
+Dvn6/U9g3BCDXn83A/s+ke60qn9gBFC6NAeLOlXal1YVWYhMQNOqCyUfAjiXBTawaysQb1Mk
+YgeNlF8xuEFcUQWIP+vNG7FJ5JPMaMRL4YEoaQ3sVFhYOERJR1cSb+8xt4QCYtBKQgRIUOmJ
+CHW5o1hXJWJiTkZK2qWFcEMzTINSj5EpYFySr8aVBjkRnI7vxegRT/+XZZXoYedQ3UNsnGI3
+DdkWii5VzX0PNF6C60pfBEiVpausYuX7Wjb3Lfm8cBj7GgN69i6Pm2gxtobVcmpo2nS4D714
+ePyhlX9n8kJ6QAcqWMRj22smDPrHVGNTizfzHBh5zNllK9gESJizILOWI327og3ZWp+qUht5
+kNDJCzMK7Z09UAy+h+vq0VTQuEo3FgLzVdqkJujjSL4Nx97lXg51AovrEn3nd4evydwcjKLX
+1wRIo72NaeWuUEQ+rt1SlCsOJ7k1ioJSqhrPOfvwcaFcb4beVet1JWiy4yvowTjLDGbUje2s
+xjrlVt4BJWI/uA6jbQsrxSe89ADZBAi5YAlR4qszeAQIXD3VSBVKbRUECNTtyvw9vvqXBAhb
+IZNn4H4cxgQI+XW7GkfL+ekECCCCg2reMyGDBAh1PYqkg3lw3gQQkNlggEPU+BH8eh7Gm7n7
+7AQIjC5EWbkil5cEEKcpuqwTWww/X89KnQAg8TcECJPomqHvrlZFBBiRSuIiHpmN+PaujXpv
+qZV2VhjkB2j09GEECOIdv8AVOJgKBAjlHgIqAD9jZQQIXHbs44+wogcEIGGqTACRJxrhMcMG
+X8drNjksIPt+snxTXUBIkTVpZWoABAh6unXPTyIr8QQgBF8xKoX27MWk7iTNmkSNZggZXa2a
+DWCGHSYLngbSOHIECD9XmO6VsvTgBAjfqB70CEW4WwQIVIBkbCocznUEEHB/zFXy/sR4OYHe
+UfbNPnIEEDWBB/NTCLMGE+o8BfyujcAECFik7GQnnF9VBBAhLXExQeWAofZNc6NtN7qZBCC1
+gVIS3ruTwKltmcrgx3heT3M8ZJhCfWa+6KzchnmKygQQ+1NL5sSzR4m/fdrqxHFyUAQYCT2x
+PamQr3wK3h0lyZER+4H0zPM86AhFBBC3CkmvL2vjflMfujnzPBVpBBge9rMbI5+0q9DLrTiT
+5F3AIgXLpD8PQWAECHkHVo6RomV3BAgMbi8E271UeAQIqtS8wnI3XngECG3TWmOMb3/iBEha
+y+mvCS6I3n3JfL8e1B5P4qX9/czJRaERLuKpGNjLiL4A+zxN0LZ0UHd0qfmJjwOTxAx3iJAC
+lGXX4nB9ATYPUT5EU+o1Y4sECN01pP6vWNIdBDAsiE0Ts8/9ltJlqX2B3AoOM4qOt9EaCjXf
+lB+aEmrhtjUwuZ6GqS5Ke7P6XnakTk4ECCLIMatNdootAAAAAAAAAAAAAA==
+-----END PKCS7-----
diff --git a/src/lib/libcrypto/pkcs7/example.c b/src/lib/libcrypto/pkcs7/example.c
new file mode 100644
index 0000000000..c993947cc3
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/example.c
@@ -0,0 +1,329 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/pkcs7.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
+int add_signed_time(PKCS7_SIGNER_INFO *si)
+        {
+        ASN1_UTCTIME *sign_time;
+        /* The last parameter is the amount to add/subtract from the current
+         * time (in seconds) */
+        sign_time=X509_gmtime_adj(NULL,0);
+        PKCS7_add_signed_attribute(si,NID_pkcs9_signingTime,
+                V_ASN1_UTCTIME,(char *)sign_time);
+        return(1);
+        }
+ASN1_UTCTIME *get_signed_time(PKCS7_SIGNER_INFO *si)
+        {
+        ASN1_TYPE *so;
+        so=PKCS7_get_signed_attribute(si,NID_pkcs9_signingTime);
+        if (so->type == V_ASN1_UTCTIME)
+            return so->value.utctime;
+        return NULL;
+        }
+        
+static int signed_string_nid= -1;
+void add_signed_string(PKCS7_SIGNER_INFO *si, char *str)
+        {
+        ASN1_OCTET_STRING *os;
+        /* To a an object of OID 1.2.3.4.5, which is an octet string */
+        if (signed_string_nid == -1)
+                signed_string_nid=
+                        OBJ_create("1.2.3.4.5","OID_example","Our example OID");
+        os=ASN1_OCTET_STRING_new();
+        ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str));
+        /* When we add, we do not free */
+        PKCS7_add_signed_attribute(si,signed_string_nid,
+                V_ASN1_OCTET_STRING,(char *)os);
+        }
+int get_signed_string(PKCS7_SIGNER_INFO *si, char *buf, int len)
+        {
+        ASN1_TYPE *so;
+        ASN1_OCTET_STRING *os;
+        int i;
+        if (signed_string_nid == -1)
+                signed_string_nid=
+                        OBJ_create("1.2.3.4.5","OID_example","Our example OID");
+        /* To retrieve */
+        so=PKCS7_get_signed_attribute(si,signed_string_nid);
+        if (so != NULL)
+                {
+                if (so->type == V_ASN1_OCTET_STRING)
+                        {
+                        os=so->value.octet_string;
+                        i=os->length;
+                        if ((i+1) > len)
+                                i=len-1;
+                        memcpy(buf,os->data,i);
+                        return(i);
+                        }
+                }
+        return(0);
+        }
+static int signed_seq2string_nid= -1;
+/* ########################################### */
+int add_signed_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
+        {
+        /* To add an object of OID 1.9.999, which is a sequence containing
+         * 2 octet strings */
+        unsigned char *p;
+        ASN1_OCTET_STRING *os1,*os2;
+        ASN1_STRING *seq;
+        unsigned char *data;
+        int i,total;
+        if (signed_seq2string_nid == -1)
+                signed_seq2string_nid=
+                        OBJ_create("1.9.9999","OID_example","Our example OID");
+        os1=ASN1_OCTET_STRING_new();
+        os2=ASN1_OCTET_STRING_new();
+        ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1));
+        ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1));
+        i =i2d_ASN1_OCTET_STRING(os1,NULL);
+        i+=i2d_ASN1_OCTET_STRING(os2,NULL);
+        total=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
+        data=malloc(total);
+        p=data;
+        ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+        i2d_ASN1_OCTET_STRING(os1,&p);
+        i2d_ASN1_OCTET_STRING(os2,&p);
+        seq=ASN1_STRING_new();
+        ASN1_STRING_set(seq,data,total);
+        free(data);
+        ASN1_OCTET_STRING_free(os1);
+        ASN1_OCTET_STRING_free(os2);
+        PKCS7_add_signed_attribute(si,signed_seq2string_nid,
+                V_ASN1_SEQUENCE,(char *)seq);
+        return(1);
+        }
+/* For this case, I will malloc the return strings */
+int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2)
+        {
+        ASN1_TYPE *so;
+        if (signed_seq2string_nid == -1)
+                signed_seq2string_nid=
+                        OBJ_create("1.9.9999","OID_example","Our example OID");
+        /* To retrieve */
+        so=PKCS7_get_signed_attribute(si,signed_seq2string_nid);
+        if (so && (so->type == V_ASN1_SEQUENCE))
+                {
+                ASN1_CTX c;
+                ASN1_STRING *s;
+                long length;
+                ASN1_OCTET_STRING *os1,*os2;
+                s=so->value.sequence;
+                c.p=ASN1_STRING_data(s);
+                c.max=c.p+ASN1_STRING_length(s);
+                if (!asn1_GetSequence(&c,&length)) goto err;
+                /* Length is the length of the seqence */
+                c.q=c.p;
+                if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 
+                        goto err;
+                c.slen-=(c.p-c.q);
+                c.q=c.p;
+                if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 
+                        goto err;
+                c.slen-=(c.p-c.q);
+                if (!asn1_Finish(&c)) goto err;
+                *str1=malloc(os1->length+1);
+                *str2=malloc(os2->length+1);
+                memcpy(*str1,os1->data,os1->length);
+                memcpy(*str2,os2->data,os2->length);
+                (*str1)[os1->length]='\0';
+                (*str2)[os2->length]='\0';
+                ASN1_OCTET_STRING_free(os1);
+                ASN1_OCTET_STRING_free(os2);
+                return(1);
+                }
+err:
+        return(0);
+        }
+/* #######################################
+ * THE OTHER WAY TO DO THINGS
+ * #######################################
+ */
+X509_ATTRIBUTE *create_time(void)
+        {
+        ASN1_UTCTIME *sign_time;
+        X509_ATTRIBUTE *ret;
+        /* The last parameter is the amount to add/subtract from the current
+         * time (in seconds) */
+        sign_time=X509_gmtime_adj(NULL,0);
+        ret=X509_ATTRIBUTE_create(NID_pkcs9_signingTime,
+                V_ASN1_UTCTIME,(char *)sign_time);
+        return(ret);
+        }
+ASN1_UTCTIME *sk_get_time(STACK_OF(X509_ATTRIBUTE) *sk)
+        {
+        ASN1_TYPE *so;
+        PKCS7_SIGNER_INFO si;
+        si.auth_attr=sk;
+        so=PKCS7_get_signed_attribute(&si,NID_pkcs9_signingTime);
+        if (so->type == V_ASN1_UTCTIME)
+            return so->value.utctime;
+        return NULL;
+        }
+        
+X509_ATTRIBUTE *create_string(char *str)
+        {
+        ASN1_OCTET_STRING *os;
+        X509_ATTRIBUTE *ret;
+        /* To a an object of OID 1.2.3.4.5, which is an octet string */
+        if (signed_string_nid == -1)
+                signed_string_nid=
+                        OBJ_create("1.2.3.4.5","OID_example","Our example OID");
+        os=ASN1_OCTET_STRING_new();
+        ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str));
+        /* When we add, we do not free */
+        ret=X509_ATTRIBUTE_create(signed_string_nid,
+                V_ASN1_OCTET_STRING,(char *)os);
+        return(ret);
+        }
+int sk_get_string(STACK_OF(X509_ATTRIBUTE) *sk, char *buf, int len)
+        {
+        ASN1_TYPE *so;
+        ASN1_OCTET_STRING *os;
+        int i;
+        PKCS7_SIGNER_INFO si;
+        si.auth_attr=sk;
+        if (signed_string_nid == -1)
+                signed_string_nid=
+                        OBJ_create("1.2.3.4.5","OID_example","Our example OID");
+        /* To retrieve */
+        so=PKCS7_get_signed_attribute(&si,signed_string_nid);
+        if (so != NULL)
+                {
+                if (so->type == V_ASN1_OCTET_STRING)
+                        {
+                        os=so->value.octet_string;
+                        i=os->length;
+                        if ((i+1) > len)
+                                i=len-1;
+                        memcpy(buf,os->data,i);
+                        return(i);
+                        }
+                }
+        return(0);
+        }
+X509_ATTRIBUTE *add_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
+        {
+        /* To add an object of OID 1.9.999, which is a sequence containing
+         * 2 octet strings */
+        unsigned char *p;
+        ASN1_OCTET_STRING *os1,*os2;
+        ASN1_STRING *seq;
+        X509_ATTRIBUTE *ret;
+        unsigned char *data;
+        int i,total;
+        if (signed_seq2string_nid == -1)
+                signed_seq2string_nid=
+                        OBJ_create("1.9.9999","OID_example","Our example OID");
+        os1=ASN1_OCTET_STRING_new();
+        os2=ASN1_OCTET_STRING_new();
+        ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1));
+        ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1));
+        i =i2d_ASN1_OCTET_STRING(os1,NULL);
+        i+=i2d_ASN1_OCTET_STRING(os2,NULL);
+        total=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
+        data=malloc(total);
+        p=data;
+        ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+        i2d_ASN1_OCTET_STRING(os1,&p);
+        i2d_ASN1_OCTET_STRING(os2,&p);
+        seq=ASN1_STRING_new();
+        ASN1_STRING_set(seq,data,total);
+        free(data);
+        ASN1_OCTET_STRING_free(os1);
+        ASN1_OCTET_STRING_free(os2);
+        ret=X509_ATTRIBUTE_create(signed_seq2string_nid,
+                V_ASN1_SEQUENCE,(char *)seq);
+        return(ret);
+        }
+/* For this case, I will malloc the return strings */
+int sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2)
+        {
+        ASN1_TYPE *so;
+        PKCS7_SIGNER_INFO si;
+        if (signed_seq2string_nid == -1)
+                signed_seq2string_nid=
+                        OBJ_create("1.9.9999","OID_example","Our example OID");
+        si.auth_attr=sk;
+        /* To retrieve */
+        so=PKCS7_get_signed_attribute(&si,signed_seq2string_nid);
+        if (so->type == V_ASN1_SEQUENCE)
+                {
+                ASN1_CTX c;
+                ASN1_STRING *s;
+                long length;
+                ASN1_OCTET_STRING *os1,*os2;
+                s=so->value.sequence;
+                c.p=ASN1_STRING_data(s);
+                c.max=c.p+ASN1_STRING_length(s);
+                if (!asn1_GetSequence(&c,&length)) goto err;
+                /* Length is the length of the seqence */
+                c.q=c.p;
+                if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 
+                        goto err;
+                c.slen-=(c.p-c.q);
+                c.q=c.p;
+                if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 
+                        goto err;
+                c.slen-=(c.p-c.q);
+                if (!asn1_Finish(&c)) goto err;
+                *str1=malloc(os1->length+1);
+                *str2=malloc(os2->length+1);
+                memcpy(*str1,os1->data,os1->length);
+                memcpy(*str2,os2->data,os2->length);
+                (*str1)[os1->length]='\0';
+                (*str2)[os2->length]='\0';
+                ASN1_OCTET_STRING_free(os1);
+                ASN1_OCTET_STRING_free(os2);
+                return(1);
+                }
+err:
+        return(0);
+        }
diff --git a/src/lib/libcrypto/pkcs7/example.h b/src/lib/libcrypto/pkcs7/example.h
new file mode 100644
index 0000000000..96167de188
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/example.h
@@ -0,0 +1,57 @@
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+int add_signed_time(PKCS7_SIGNER_INFO *si);
+ASN1_UTCTIME *get_signed_time(PKCS7_SIGNER_INFO *si);
+int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2);
diff --git a/src/lib/libcrypto/pkcs7/info.pem b/src/lib/libcrypto/pkcs7/info.pem
new file mode 100644
index 0000000000..989baf8709
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/info.pem
@@ -0,0 +1,57 @@
+issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA
+subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com
+serial :047D
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1149 (0x47d)
+        Signature Algorithm: md5withRSAEncryption
+        Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA
+        Validity
+            Not Before: May 13 05:40:58 1998 GMT
+            Not After : May 12 05:40:58 2000 GMT
+        Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Modulus:
+                    00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81:
+                    73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc:
+                    89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29:
+                    fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f:
+                    e7:e7:0c:4d:0b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Comment: 
+                Generated with SSLeay
+    Signature Algorithm: md5withRSAEncryption
+        52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55:
+        f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97:
+        d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b:
+        50:74:ad:92:cb:4e:90:e5:fa:7d
+-----BEGIN CERTIFICATE-----
+MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV
+MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE
+ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E
+IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw
+NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0
+aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG
+9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf
+lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB
+hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA
+UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8
+4A3ZItobUHStkstOkOX6fQ==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9
+mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG
+fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/
+zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29
+p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b
+bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk
+IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG
+-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libcrypto/pkcs7/infokey.pem b/src/lib/libcrypto/pkcs7/infokey.pem
new file mode 100644
index 0000000000..1e2acc954d
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/infokey.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9
+mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG
+fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/
+zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29
+p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b
+bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk
+IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG
+-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libcrypto/pkcs7/p7/a1 b/src/lib/libcrypto/pkcs7/p7/a1
new file mode 100644
index 0000000000..56ca943762
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/p7/a1
@@ -0,0 +1,2 @@
+j,H>_��_�D�zE�L� VJ��觬���E3��Y�x%_�k
+3�)DLSc�8%�M
+\ No newline at end of file
diff --git a/src/lib/libcrypto/pkcs7/p7/a2 b/src/lib/libcrypto/pkcs7/p7/a2
new file mode 100644
index 0000000000..23d8fb5e93
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/p7/a2
@@ -0,0 +1 @@
+k~@a�,N�M͹� <O( KP�騠�K�>��U�o_�Bqrm�?٠t?t��ρ�Id2��
+\ No newline at end of file
diff --git a/src/lib/libcrypto/pkcs7/p7/cert.p7c b/src/lib/libcrypto/pkcs7/p7/cert.p7c
new file mode 100644
index 0000000000..2b75ec05f7
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/p7/cert.p7c
Binary files differ
diff --git a/src/lib/libcrypto/pkcs7/p7/smime.p7m b/src/lib/libcrypto/pkcs7/p7/smime.p7m
new file mode 100644
index 0000000000..2b6e6f82ba
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/p7/smime.p7m
Binary files differ
diff --git a/src/lib/libcrypto/pkcs7/p7/smime.p7s b/src/lib/libcrypto/pkcs7/p7/smime.p7s
new file mode 100644
index 0000000000..2b5d4fb0e3
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/p7/smime.p7s
Binary files differ
diff --git a/src/lib/libcrypto/pkcs7/pk7_asn1.c b/src/lib/libcrypto/pkcs7/pk7_asn1.c
index 77931feeb4..46f0fc9375 100644
--- a/src/lib/libcrypto/pkcs7/pk7_asn1.c
+++ b/src/lib/libcrypto/pkcs7/pk7_asn1.c
@@ -69,31 +69,30 @@
 ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0);
 ASN1_ADB(PKCS7) = {
-        ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)),
+        ADB_ENTRY(NID_pkcs7_data, ASN1_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING, 0)),
-        ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)),
+        ADB_ENTRY(NID_pkcs7_signed, ASN1_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)),
-        ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)),
+        ADB_ENTRY(NID_pkcs7_enveloped, ASN1_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)),
-        ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)),
+        ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)),
-        ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)),
+        ADB_ENTRY(NID_pkcs7_digest, ASN1_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)),
-        ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0))
+        ADB_ENTRY(NID_pkcs7_encrypted, ASN1_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0))
 } ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL);
-ASN1_NDEF_SEQUENCE(PKCS7) = {
+ASN1_SEQUENCE(PKCS7) = {
        ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT),
        ASN1_ADB_OBJECT(PKCS7)
-}ASN1_NDEF_SEQUENCE_END(PKCS7)
+}ASN1_SEQUENCE_END(PKCS7)
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7)
-IMPLEMENT_ASN1_NDEF_FUNCTION(PKCS7)
 IMPLEMENT_ASN1_DUP_FUNCTION(PKCS7)
-ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = {
+ASN1_SEQUENCE(PKCS7_SIGNED) = {
        ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER),
        ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR),
        ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7),
        ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0),
        ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1),
        ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO)
-} ASN1_NDEF_SEQUENCE_END(PKCS7_SIGNED)
+} ASN1_SEQUENCE_END(PKCS7_SIGNED)
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED)
@@ -131,11 +130,11 @@ ASN1_SEQUENCE(PKCS7_ISSUER_AND_SERIAL) = {
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
-ASN1_NDEF_SEQUENCE(PKCS7_ENVELOPE) = {
+ASN1_SEQUENCE(PKCS7_ENVELOPE) = {
        ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER),
        ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),
        ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT)
-} ASN1_NDEF_SEQUENCE_END(PKCS7_ENVELOPE)
+} ASN1_SEQUENCE_END(PKCS7_ENVELOPE)
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
@@ -158,15 +157,15 @@ ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = {
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
-ASN1_NDEF_SEQUENCE(PKCS7_ENC_CONTENT) = {
+ASN1_SEQUENCE(PKCS7_ENC_CONTENT) = {
        ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT),
        ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR),
        ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING, 0)
-} ASN1_NDEF_SEQUENCE_END(PKCS7_ENC_CONTENT)
+} ASN1_SEQUENCE_END(PKCS7_ENC_CONTENT)
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)
-ASN1_NDEF_SEQUENCE(PKCS7_SIGN_ENVELOPE) = {
+ASN1_SEQUENCE(PKCS7_SIGN_ENVELOPE) = {
        ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER),
        ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),
        ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR),
@@ -174,23 +173,23 @@ ASN1_NDEF_SEQUENCE(PKCS7_SIGN_ENVELOPE) = {
        ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0),
        ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1),
        ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO)
-} ASN1_NDEF_SEQUENCE_END(PKCS7_SIGN_ENVELOPE)
+} ASN1_SEQUENCE_END(PKCS7_SIGN_ENVELOPE)
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)
-ASN1_NDEF_SEQUENCE(PKCS7_ENCRYPT) = {
+ASN1_SEQUENCE(PKCS7_ENCRYPT) = {
        ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER),
        ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT)
-} ASN1_NDEF_SEQUENCE_END(PKCS7_ENCRYPT)
+} ASN1_SEQUENCE_END(PKCS7_ENCRYPT)
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENCRYPT)
-ASN1_NDEF_SEQUENCE(PKCS7_DIGEST) = {
+ASN1_SEQUENCE(PKCS7_DIGEST) = {
        ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER),
        ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR),
        ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7),
        ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING)
-} ASN1_NDEF_SEQUENCE_END(PKCS7_DIGEST)
+} ASN1_SEQUENCE_END(PKCS7_DIGEST)
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST)
diff --git a/src/lib/libcrypto/pkcs7/pk7_attr.c b/src/lib/libcrypto/pkcs7/pk7_attr.c
index 735c8800e1..039141027a 100644
--- a/src/lib/libcrypto/pkcs7/pk7_attr.c
+++ b/src/lib/libcrypto/pkcs7/pk7_attr.c
@@ -96,8 +96,7 @@ int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap)
 STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
        {
        ASN1_TYPE *cap;
-        const unsigned char *p;
+        unsigned char *p;
        cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities);
        if (!cap || (cap->type != V_ASN1_SEQUENCE))
                return NULL;
diff --git a/src/lib/libcrypto/pkcs7/pk7_dgst.c b/src/lib/libcrypto/pkcs7/pk7_dgst.c
new file mode 100644
index 0000000000..90edfa5001
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/pk7_dgst.c
@@ -0,0 +1,66 @@
+/* crypto/pkcs7/pk7_dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c
index a03d7ebedf..4ac29ae14d 100644
--- a/src/lib/libcrypto/pkcs7/pk7_doit.c
+++ b/src/lib/libcrypto/pkcs7/pk7_doit.c
@@ -62,7 +62,6 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
-#include <openssl/err.h>
 static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
                         void *value);
@@ -102,54 +101,18 @@ static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7)
        return NULL;
        }
-static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
-        {
-        BIO *btmp;
-        const EVP_MD *md;
-        if ((btmp=BIO_new(BIO_f_md())) == NULL)
-                {
-                PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB);
-                goto err;
-                }
-        md=EVP_get_digestbyobj(alg->algorithm);
-        if (md == NULL)
-                {
-                PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,PKCS7_R_UNKNOWN_DIGEST_TYPE);
-                goto err;
-                }
-        BIO_set_md(btmp,md);
-        if (*pbio == NULL)
-                *pbio=btmp;
-        else if (!BIO_push(*pbio,btmp))
-                {
-                PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB);
-                goto err;
-                }
-        btmp=NULL;
-        return 1;
-        err:
-        if (btmp)
-                BIO_free(btmp);
-        return 0;
-        }
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
        {
        int i;
        BIO *out=NULL,*btmp=NULL;
-        X509_ALGOR *xa = NULL;
+        X509_ALGOR *xa;
+        const EVP_MD *evp_md;
        const EVP_CIPHER *evp_cipher=NULL;
        STACK_OF(X509_ALGOR) *md_sk=NULL;
        STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
        X509_ALGOR *xalg=NULL;
        PKCS7_RECIP_INFO *ri=NULL;
        EVP_PKEY *pkey;
-        ASN1_OCTET_STRING *os=NULL;
        i=OBJ_obj2nid(p7->type);
        p7->state=PKCS7_S_HEADER;
@@ -158,7 +121,6 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
                {
        case NID_pkcs7_signed:
                md_sk=p7->d.sign->md_algs;
-                os = PKCS7_get_octet_string(p7->d.sign->contents);
                break;
        case NID_pkcs7_signedAndEnveloped:
                rsk=p7->d.signed_and_enveloped->recipientinfo;
@@ -183,21 +145,37 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
                        goto err;
                        }
                break;
-        case NID_pkcs7_digest:
-                xa = p7->d.digest->md;
-                os = PKCS7_get_octet_string(p7->d.digest->contents);
-                break;
        default:
                PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
                goto err;
                }
-        for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
+        if (md_sk != NULL)
-                if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i)))
+                {
-                        goto err;
+                for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
+                        {
+                        xa=sk_X509_ALGOR_value(md_sk,i);
+                        if ((btmp=BIO_new(BIO_f_md())) == NULL)
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB);
+                                goto err;
+                                }
-        if (xa && !PKCS7_bio_add_digest(&out, xa))
+                        evp_md=EVP_get_digestbyobj(xa->algorithm);
-                        goto err;
+                        if (evp_md == NULL)
+                                {
+                                PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNKNOWN_DIGEST_TYPE);
+                                goto err;
+                                }
+                        BIO_set_md(btmp,evp_md);
+                        if (out == NULL)
+                                out=btmp;
+                        else
+                                BIO_push(out,btmp);
+                        btmp=NULL;
+                        }
+                }
        if (evp_cipher != NULL)
                {
@@ -216,25 +194,17 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
                BIO_get_cipher_ctx(btmp, &ctx);
                keylen=EVP_CIPHER_key_length(evp_cipher);
                ivlen=EVP_CIPHER_iv_length(evp_cipher);
-                xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
+                if (RAND_bytes(key,keylen) <= 0)
-                if (ivlen > 0)
-                        if (RAND_pseudo_bytes(iv,ivlen) <= 0)
-                                goto err;
-                if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1)<=0)
-                        goto err;
-                if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
-                        goto err;
-                if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0)
                        goto err;
+                xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
+                if (ivlen > 0) RAND_pseudo_bytes(iv,ivlen);
+                EVP_CipherInit_ex(ctx, evp_cipher, NULL, key, iv, 1);
                if (ivlen > 0) {
-                        if (xalg->parameter == NULL) {
+                        if (xalg->parameter == NULL) 
-                                xalg->parameter = ASN1_TYPE_new();
+                                                xalg->parameter=ASN1_TYPE_new();
-                                if (xalg->parameter == NULL)
-                                        goto err;
-                        }
                        if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
-                               goto err;
+                                                                       goto err;
                }
                /* Lets do the pub key stuff :-) */
@@ -247,8 +217,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
                                PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_MISSING_CERIPEND_INFO);
                                goto err;
                                }
-                        if ((pkey=X509_get_pubkey(ri->cert)) == NULL)
+                        pkey=X509_get_pubkey(ri->cert);
-                                goto err;
                        jj=EVP_PKEY_size(pkey);
                        EVP_PKEY_free(pkey);
                        if (max < jj) max=jj;
@@ -261,8 +230,7 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
                for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
                        {
                        ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
-                        if ((pkey=X509_get_pubkey(ri->cert)) == NULL)
+                        pkey=X509_get_pubkey(ri->cert);
-                                goto err;
                        jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey);
                        EVP_PKEY_free(pkey);
                        if (jj <= 0)
@@ -293,16 +261,24 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
                {
                if (PKCS7_is_detached(p7))
                        bio=BIO_new(BIO_s_null());
-                else if (os && os->length > 0)
+                else
-                        bio = BIO_new_mem_buf(os->data, os->length);
-                if(bio == NULL)
                        {
-                        bio=BIO_new(BIO_s_mem());
+                        if (PKCS7_type_is_signed(p7))
-                        if (bio == NULL)
+                                {
-                                goto err;
+                                ASN1_OCTET_STRING *os;
-                        BIO_set_mem_eof_return(bio,0);
+                                os = PKCS7_get_octet_string(
+                                                        p7->d.sign->contents);
+                                if (os && os->length > 0)
+                                        bio = BIO_new_mem_buf(os->data,
+                                                                os->length);
+                                }
+                        if(bio == NULL)
+                                {
+                                bio=BIO_new(BIO_s_mem());
+                                BIO_set_mem_eof_return(bio,0);
+                                }
                        }
-                }
+        }
        BIO_push(out,bio);
        bio=NULL;
        if (0)
@@ -317,17 +293,6 @@ err:
        return(out);
        }
-static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
-        {
-        int ret;
-        ret = X509_NAME_cmp(ri->issuer_and_serial->issuer,
-                                pcert->cert_info->issuer);
-        if (ret)
-                return ret;
-        return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
-                                        ri->issuer_and_serial->serial);
-        }
 /* int */
 BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
        {
@@ -438,18 +403,18 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                 * (if any)
                 */
-                if (pcert) {
+                for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) {
-                        for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+                        ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
-                                ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
+                        if(!X509_NAME_cmp(ri->issuer_and_serial->issuer,
-                                if (!pkcs7_cmp_ri(ri, pcert))
+                                        pcert->cert_info->issuer) &&
-                                        break;
+                             !M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
-                                ri=NULL;
+                                        ri->issuer_and_serial->serial)) break;
-                        }
+                        ri=NULL;
-                        if (ri == NULL) {
+                }
-                                PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                if (ri == NULL) {
-                                      PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
+                        PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-                                goto err;
+                                 PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
-                        }
+                        goto err;
                }
                jj=EVP_PKEY_size(pkey);
@@ -460,46 +425,17 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                        goto err;
                        }
-                /* If we haven't got a certificate try each ri in turn */
+                jj=EVP_PKEY_decrypt(tmp, M_ASN1_STRING_data(ri->enc_key),
+                        M_ASN1_STRING_length(ri->enc_key), pkey);
-                if (pcert == NULL)
+                if (jj <= 0)
-                        {
-                        for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
-                                {
-                                ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
-                                jj=EVP_PKEY_decrypt(tmp,
-                                        M_ASN1_STRING_data(ri->enc_key),
-                                        M_ASN1_STRING_length(ri->enc_key),
-                                                pkey);
-                                if (jj > 0)
-                                        break;
-                                ERR_clear_error();
-                                ri = NULL;
-                                }
-                        if (ri == NULL)
-                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-                                      PKCS7_R_NO_RECIPIENT_MATCHES_KEY);
-                                goto err;
-                                }
-                        }
-                else
                        {
-                        jj=EVP_PKEY_decrypt(tmp,
+                        PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_EVP_LIB);
-                                M_ASN1_STRING_data(ri->enc_key),
+                        goto err;
-                                M_ASN1_STRING_length(ri->enc_key), pkey);
-                        if (jj <= 0)
-                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-                                                                ERR_R_EVP_LIB);
-                                goto err;
-                                }
                        }
                evp_ctx=NULL;
                BIO_get_cipher_ctx(etmp,&evp_ctx);
-                if (EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0) <= 0)
+                EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0);
-                        goto err;
                if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
                        goto err;
@@ -515,8 +451,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                                goto err;
                                }
                } 
-                if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0) <= 0)
+                EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0);
-                        goto err;
                OPENSSL_cleanse(tmp,jj);
@@ -550,8 +485,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                        bio=BIO_new(BIO_s_mem());
                        BIO_set_mem_eof_return(bio,0);
                }
-                if (bio == NULL)
-                        goto err;
 #endif
                }
        BIO_push(out,bio);
@@ -571,29 +504,6 @@ err:
        return(out);
        }
-static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
-        {
-        for (;;)
-                {
-                bio=BIO_find_type(bio,BIO_TYPE_MD);
-                if (bio == NULL)
-                        {
-                        PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
-                        return NULL;    
-                        }
-                BIO_get_md_ctx(bio,pmd);
-                if (*pmd == NULL)
-                        {
-                        PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,ERR_R_INTERNAL_ERROR);
-                        return NULL;
-                        }       
-                if (EVP_MD_CTX_type(*pmd) == nid)
-                        return bio;
-                bio=BIO_next(bio);
-                }
-        return NULL;
-        }
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
        {
        int ret=0;
@@ -618,7 +528,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                si_sk=p7->d.signed_and_enveloped->signer_info;
                if (!(os=M_ASN1_OCTET_STRING_new()))
                        {
-                        PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE);
+                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_MALLOC_FAILURE);
                        goto err;
                        }
                p7->d.signed_and_enveloped->enc_data->enc_data=os;
@@ -627,7 +537,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                /* XXXXXXXXXXXXXXXX */
                if (!(os=M_ASN1_OCTET_STRING_new()))
                        {
-                        PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE);
+                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_MALLOC_FAILURE);
                        goto err;
                        }
                p7->d.enveloped->enc_data->enc_data=os;
@@ -641,24 +551,13 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                        p7->d.sign->contents->d.data = NULL;
                }
                break;
-        case NID_pkcs7_digest:
-                os=PKCS7_get_octet_string(p7->d.digest->contents);
-                /* If detached data then the content is excluded */
-                if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)
-                        {
-                        M_ASN1_OCTET_STRING_free(os);
-                        p7->d.digest->contents->d.data = NULL;
-                        }
-                break;
                }
        if (si_sk != NULL)
                {
                if ((buf=BUF_MEM_new()) == NULL)
                        {
-                        PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB);
+                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
                        goto err;
                        }
                for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++)
@@ -669,18 +568,32 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                        j=OBJ_obj2nid(si->digest_alg->algorithm);
                        btmp=bio;
+                        for (;;)
-                        btmp = PKCS7_find_digest(&mdc, btmp, j);
+                                {
+                                if ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) 
-                        if (btmp == NULL)
+                                        == NULL)
-                                goto err;
+                                        {
+                                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+                                        goto err;
+                                        }
+                                BIO_get_md_ctx(btmp,&mdc);
+                                if (mdc == NULL)
+                                        {
+                                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_INTERNAL_ERROR);
+                                        goto err;
+                                        }
+                                if (EVP_MD_CTX_type(mdc) == j)
+                                        break;
+                                else
+                                        btmp=BIO_next(btmp);
+                                }
+                        
                        /* We now have the EVP_MD_CTX, lets do the
                         * signing. */
                        EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);
                        if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey)))
                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB);
+                                PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
                                goto err;
                                }
@@ -702,17 +615,13 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                                        {
                                        if (!(sign_time=X509_gmtime_adj(NULL,0)))
                                                {
-                                                PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
+                                                PKCS7err(PKCS7_F_PKCS7_DATASIGN,
                                                        ERR_R_MALLOC_FAILURE);
                                                goto err;
                                                }
-                                        if (!PKCS7_add_signed_attribute(si,
+                                        PKCS7_add_signed_attribute(si,
                                                NID_pkcs9_signingTime,
-                                                V_ASN1_UTCTIME,sign_time))
+                                                V_ASN1_UTCTIME,sign_time);
-                                                {
-                                                M_ASN1_UTCTIME_free(sign_time);
-                                                goto err;
-                                                }
                                        }
                                /* Add digest */
@@ -720,25 +629,20 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                                EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len);
                                if (!(digest=M_ASN1_OCTET_STRING_new()))
                                        {
-                                        PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
+                                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,
                                                ERR_R_MALLOC_FAILURE);
                                        goto err;
                                        }
                                if (!M_ASN1_OCTET_STRING_set(digest,md_data,
                                                                md_len))
                                        {
-                                        PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
+                                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,
                                                ERR_R_MALLOC_FAILURE);
-                                        M_ASN1_OCTET_STRING_free(digest);
                                        goto err;
                                        }
-                                if (!PKCS7_add_signed_attribute(si,
+                                PKCS7_add_signed_attribute(si,
                                        NID_pkcs9_messageDigest,
-                                        V_ASN1_OCTET_STRING,digest))
+                                        V_ASN1_OCTET_STRING,digest);
-                                        {
-                                        M_ASN1_OCTET_STRING_free(digest);
-                                        goto err;
-                                        }
                                /* Now sign the attributes */
                                EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL);
@@ -753,42 +657,28 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                        if (si->pkey->type == EVP_PKEY_DSA)
                                ctx_tmp.digest=EVP_dss1();
 #endif
-#ifndef OPENSSL_NO_ECDSA
-                        if (si->pkey->type == EVP_PKEY_EC)
-                                ctx_tmp.digest=EVP_ecdsa();
-#endif
                        if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data,
                                (unsigned int *)&buf->length,si->pkey))
                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_EVP_LIB);
+                                PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_EVP_LIB);
                                goto err;
                                }
                        if (!ASN1_STRING_set(si->enc_digest,
                                (unsigned char *)buf->data,buf->length))
                                {
-                                PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_ASN1_LIB);
+                                PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_ASN1_LIB);
                                goto err;
                                }
                        }
                }
-        else if (i == NID_pkcs7_digest)
-                {
-                unsigned char md_data[EVP_MAX_MD_SIZE];
-                unsigned int md_len;
-                if (!PKCS7_find_digest(&mdc, bio,
-                                OBJ_obj2nid(p7->d.digest->md->algorithm)))
-                        goto err;
-                EVP_DigestFinal_ex(mdc,md_data,&md_len);
-                M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
-                }
        if (!PKCS7_is_detached(p7))
                {
                btmp=BIO_find_type(bio,BIO_TYPE_MEM);
                if (btmp == NULL)
                        {
-                        PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
+                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
                        goto err;
                        }
                BIO_get_mem_ptr(btmp,&buf_mem);
@@ -969,9 +859,6 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
 #ifndef OPENSSL_NO_DSA
        if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1();
 #endif
-#ifndef OPENSSL_NO_ECDSA
-        if (pkey->type == EVP_PKEY_EC) mdc_tmp.digest=EVP_ecdsa();
-#endif
        i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);
        EVP_PKEY_free(pkey);
@@ -996,13 +883,8 @@ PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
        int i;
        i=OBJ_obj2nid(p7->type);
-        if (i != NID_pkcs7_signedAndEnveloped)
+        if (i != NID_pkcs7_signedAndEnveloped) return(NULL);
-                return NULL;
-        if (p7->d.signed_and_enveloped == NULL)
-                return NULL;
        rsk=p7->d.signed_and_enveloped->recipientinfo;
-        if (rsk == NULL)
-                return NULL;
        ri=sk_PKCS7_RECIP_INFO_value(rsk,0);
        if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL);
        ri=sk_PKCS7_RECIP_INFO_value(rsk,idx);
@@ -1056,8 +938,6 @@ int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
        if (p7si->auth_attr != NULL)
                sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free);
        p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk);
-        if (p7si->auth_attr == NULL)
-                return 0;
        for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
                {
                if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr,i,
@@ -1076,8 +956,6 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk)
                sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr,
                                           X509_ATTRIBUTE_free);
        p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk);
-        if (p7si->unauth_attr == NULL)
-                return 0;
        for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
                {
                if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr,i,
@@ -1107,16 +985,10 @@ static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
        if (*sk == NULL)
                {
-                if (!(*sk = sk_X509_ATTRIBUTE_new_null()))
+                *sk = sk_X509_ATTRIBUTE_new_null();
-                        return 0;
 new_attrib:
-                if (!(attr=X509_ATTRIBUTE_create(nid,atrtype,value)))
+                attr=X509_ATTRIBUTE_create(nid,atrtype,value);
-                        return 0;
+                sk_X509_ATTRIBUTE_push(*sk,attr);
-                if (!sk_X509_ATTRIBUTE_push(*sk,attr))
-                        {
-                        X509_ATTRIBUTE_free(attr);
-                        return 0;
-                        }
                }
        else
                {
@@ -1129,13 +1001,7 @@ new_attrib:
                                {
                                X509_ATTRIBUTE_free(attr);
                                attr=X509_ATTRIBUTE_create(nid,atrtype,value);
-                                if (attr == NULL)
+                                sk_X509_ATTRIBUTE_set(*sk,i,attr);
-                                        return 0;
-                                if (!sk_X509_ATTRIBUTE_set(*sk,i,attr))
-                                        {
-                                        X509_ATTRIBUTE_free(attr);
-                                        return 0;
-                                        }
                                goto end;
                                }
                        }
diff --git a/src/lib/libcrypto/pkcs7/pk7_enc.c b/src/lib/libcrypto/pkcs7/pk7_enc.c
new file mode 100644
index 0000000000..acbb189c59
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/pk7_enc.c
@@ -0,0 +1,76 @@
+/* crypto/pkcs7/pk7_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+PKCS7_in_bio(PKCS7 *p7,BIO *in);
+PKCS7_out_bio(PKCS7 *p7,BIO *out);
+PKCS7_add_signer(PKCS7 *p7,X509 *cert,EVP_PKEY *key);
+PKCS7_cipher(PKCS7 *p7,EVP_CIPHER *cipher);
+PKCS7_Init(PKCS7 *p7);
+PKCS7_Update(PKCS7 *p7);
+PKCS7_Finish(PKCS7 *p7);
diff --git a/src/lib/libcrypto/pkcs7/pk7_lib.c b/src/lib/libcrypto/pkcs7/pk7_lib.c
index f2490941a3..ee1817c7af 100644
--- a/src/lib/libcrypto/pkcs7/pk7_lib.c
+++ b/src/lib/libcrypto/pkcs7/pk7_lib.c
@@ -138,10 +138,6 @@ int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
                p7->d.sign->contents=p7_data;
                break;
        case NID_pkcs7_digest:
-                if (p7->d.digest->contents != NULL)
-                        PKCS7_free(p7->d.digest->contents);
-                p7->d.digest->contents=p7_data;
-                break;
        case NID_pkcs7_data:
        case NID_pkcs7_enveloped:
        case NID_pkcs7_signedAndEnveloped:
@@ -210,12 +206,6 @@ int PKCS7_set_type(PKCS7 *p7, int type)
                break;
        case NID_pkcs7_digest:
-                p7->type=obj;
-                if ((p7->d.digest=PKCS7_DIGEST_new())
-                        == NULL) goto err;
-                if (!ASN1_INTEGER_set(p7->d.digest->version,0))
-                        goto err;
-                break;
        default:
                PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
                goto err;
@@ -225,13 +215,6 @@ err:
        return(0);
        }
-int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other)
-        {
-        p7->type = OBJ_nid2obj(type);
-        p7->d.other = other;
-        return 1;
-        }
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
        {
        int i,j,nid;
@@ -271,23 +254,16 @@ int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
        if (!j) /* we need to add another algorithm */
                {
                if(!(alg=X509_ALGOR_new())
-                        || !(alg->parameter = ASN1_TYPE_new()))
+                        || !(alg->parameter = ASN1_TYPE_new())) {
-                        {
-                        X509_ALGOR_free(alg);
                        PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE);
                        return(0);
-                        }
+                }
                alg->algorithm=OBJ_nid2obj(nid);
                alg->parameter->type = V_ASN1_NULL;
-                if (!sk_X509_ALGOR_push(md_sk,alg))
+                sk_X509_ALGOR_push(md_sk,alg);
-                        {
-                        X509_ALGOR_free(alg);
-                        return 0;
-                        }
                }
-        if (!sk_PKCS7_SIGNER_INFO_push(signer_sk,psi))
+        sk_PKCS7_SIGNER_INFO_push(signer_sk,psi);
-                return 0;
        return(1);
        }
@@ -312,17 +288,8 @@ int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
        if (*sk == NULL)
                *sk=sk_X509_new_null();
-        if (*sk == NULL)
-                {
-                PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,ERR_R_MALLOC_FAILURE);
-                return 0;
-                }
        CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
-        if (!sk_X509_push(*sk,x509))
+        sk_X509_push(*sk,x509);
-                {
-                X509_free(x509);
-                return 0;
-                }
        return(1);
        }
@@ -347,31 +314,18 @@ int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
        if (*sk == NULL)
                *sk=sk_X509_CRL_new_null();
-        if (*sk == NULL)
-                {
-                PKCS7err(PKCS7_F_PKCS7_ADD_CRL,ERR_R_MALLOC_FAILURE);
-                return 0;
-                }
        CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL);
-        if (!sk_X509_CRL_push(*sk,crl))
+        sk_X509_CRL_push(*sk,crl);
-                {
-                X509_CRL_free(crl);
-                return 0;
-                }
        return(1);
        }
 int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
             const EVP_MD *dgst)
        {
-        int nid;
        char is_dsa;
+        if (pkey->type == EVP_PKEY_DSA) is_dsa = 1;
-        if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_EC)
+        else is_dsa = 0;
-                is_dsa = 1;
-        else
-                is_dsa = 0;
        /* We now need to add another PKCS7_SIGNER_INFO entry */
        if (!ASN1_INTEGER_set(p7i->version,1))
                goto err;
@@ -401,38 +355,16 @@ int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
                goto err;
        p7i->digest_alg->parameter->type=V_ASN1_NULL;
+        p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type));
        if (p7i->digest_enc_alg->parameter != NULL)
                ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
-        nid = EVP_PKEY_type(pkey->type);
+        if(is_dsa) p7i->digest_enc_alg->parameter = NULL;
-        if (nid == EVP_PKEY_RSA)
+        else {
-                {
-                p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_rsaEncryption);
-                if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
-                        goto err;
-                p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
-                }
-        else if (nid == EVP_PKEY_DSA)
-                {
-#if 1
-                /* use 'dsaEncryption' OID for compatibility with other software
-                 * (PKCS #7 v1.5 does specify how to handle DSA) ... */
-                p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsa);
-#else
-                /* ... although the 'dsaWithSHA1' OID (as required by RFC 2630 for CMS)
-                 * would make more sense. */
-                p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsaWithSHA1);
-#endif
-                p7i->digest_enc_alg->parameter = NULL; /* special case for DSA: omit 'parameter'! */
-                }
-        else if (nid == EVP_PKEY_EC)
-                {
-                p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_ecdsa_with_SHA1);
                if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
                        goto err;
                p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
-                }
+        }
-        else
-                return(0);
        return(1);
 err:
@@ -449,28 +381,9 @@ PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
        if (!PKCS7_add_signer(p7,si)) goto err;
        return(si);
 err:
-        PKCS7_SIGNER_INFO_free(si);
        return(NULL);
        }
-int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md)
-        {
-        if (PKCS7_type_is_digest(p7))
-                {
-                if(!(p7->d.digest->md->parameter = ASN1_TYPE_new()))
-                        {
-                        PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,ERR_R_MALLOC_FAILURE);
-                        return 0;
-                        }
-                p7->d.digest->md->parameter->type = V_ASN1_NULL;
-                p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md));
-                return 1;
-                }
-                
-        PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,PKCS7_R_WRONG_CONTENT_TYPE);
-        return 1;
-        }
 STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
        {
        if (PKCS7_type_is_signed(p7))
@@ -494,7 +407,6 @@ PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
        if (!PKCS7_add_recipient_info(p7,ri)) goto err;
        return(ri);
 err:
-        PKCS7_RECIP_INFO_free(ri);
        return(NULL);
        }
@@ -517,8 +429,7 @@ int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
                return(0);
                }
-        if (!sk_PKCS7_RECIP_INFO_push(sk,ri))
+        sk_PKCS7_RECIP_INFO_push(sk,ri);
-                return 0;
        return(1);
        }
diff --git a/src/lib/libcrypto/pkcs7/pk7_mime.c b/src/lib/libcrypto/pkcs7/pk7_mime.c
index 17b68992f7..927b88c3e7 100644
--- a/src/lib/libcrypto/pkcs7/pk7_mime.c
+++ b/src/lib/libcrypto/pkcs7/pk7_mime.c
@@ -1,6 +1,6 @@
 /* pk7_mime.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project.
+ * project 1999.
 */
 /* ====================================================================
 * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
@@ -86,7 +86,6 @@ STACK_OF(MIME_PARAM) *params;		/* Zero or more parameters */
 DECLARE_STACK_OF(MIME_HEADER)
 IMPLEMENT_STACK_OF(MIME_HEADER)
-static int pkcs7_output_data(BIO *bio, BIO *data, PKCS7 *p7, int flags);
 static int B64_write_PKCS7(BIO *bio, PKCS7 *p7);
 static PKCS7 *B64_read_PKCS7(BIO *bio);
 static char * strip_ends(char *name);
@@ -110,6 +109,9 @@ static void mime_hdr_free(MIME_HEADER *hdr);
 #define MAX_SMLEN 1024
 #define mime_debug(x) /* x */
+typedef void (*stkfree)();
 /* Base 64 read and write of PKCS#7 structure */
 static int B64_write_PKCS7(BIO *bio, PKCS7 *p7)
@@ -121,7 +123,7 @@ static int B64_write_PKCS7(BIO *bio, PKCS7 *p7)
        }
        bio = BIO_push(b64, bio);
        i2d_PKCS7_bio(bio, p7);
-        (void)BIO_flush(bio);
+        BIO_flush(bio);
        bio = BIO_pop(bio);
        BIO_free(b64);
        return 1;
@@ -138,7 +140,7 @@ static PKCS7 *B64_read_PKCS7(BIO *bio)
        bio = BIO_push(b64, bio);
        if(!(p7 = d2i_PKCS7_bio(bio, NULL))) 
                PKCS7err(PKCS7_F_B64_READ_PKCS7,PKCS7_R_DECODE_ERROR);
-        (void)BIO_flush(bio);
+        BIO_flush(bio);
        bio = BIO_pop(bio);
        BIO_free(b64);
        return p7;
@@ -180,7 +182,7 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
                                                mime_eol, mime_eol);
                /* Now write out the first part */
                BIO_printf(bio, "------%s%s", bound, mime_eol);
-                pkcs7_output_data(bio, data, p7, flags);
+                SMIME_crlf_copy(data, bio, flags);
                BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
                /* Headers for signature */
@@ -194,7 +196,7 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
                                                        mime_eol, mime_eol);
                B64_write_PKCS7(bio, p7);
                BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound,
-                                                        mime_eol, mime_eol);
+                                                mime_eol, mime_eol);
                return 1;
        }
@@ -229,46 +231,6 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
        return 1;
 }
-/* Handle output of PKCS#7 data */
-static int pkcs7_output_data(BIO *out, BIO *data, PKCS7 *p7, int flags)
-        {
-        BIO *tmpbio, *p7bio;
-        if (!(flags & PKCS7_STREAM))
-                {
-                SMIME_crlf_copy(data, out, flags);
-                return 1;
-                }
-        /* Partial sign operation */
-        /* Initialize sign operation */
-        p7bio = PKCS7_dataInit(p7, out);
-        /* Copy data across, computing digests etc */
-        SMIME_crlf_copy(data, p7bio, flags);
-        /* Must be detached */
-        PKCS7_set_detached(p7, 1);
-        /* Finalize signatures */
-        PKCS7_dataFinal(p7, p7bio);
-        /* Now remove any digests prepended to the BIO */
-        while (p7bio != out)
-                {
-                tmpbio = BIO_pop(p7bio);
-                BIO_free(p7bio);
-                p7bio = tmpbio;
-                }
-        return 1;
-        }
 /* SMIME reader: handle multipart/signed and opaque signing.
 * in multipart case the content is placed in a memory BIO
 * pointed to by "bcont". In opaque this is set to NULL
@@ -377,6 +339,56 @@ PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
 }
+/* Copy text from one BIO to another making the output CRLF at EOL */
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
+{
+        char eol;
+        int len;
+        char linebuf[MAX_SMLEN];
+        if(flags & PKCS7_BINARY) {
+                while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
+                                                BIO_write(out, linebuf, len);
+                return 1;
+        }
+        if(flags & PKCS7_TEXT) BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
+        while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) {
+                eol = strip_eol(linebuf, &len);
+                if (len)
+                        BIO_write(out, linebuf, len);
+                if(eol) BIO_write(out, "\r\n", 2);
+        }
+        return 1;
+}
+/* Strip off headers if they are text/plain */
+int SMIME_text(BIO *in, BIO *out)
+{
+        char iobuf[4096];
+        int len;
+        STACK_OF(MIME_HEADER) *headers;
+        MIME_HEADER *hdr;
+        if (!(headers = mime_parse_hdr(in))) {
+                PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_PARSE_ERROR);
+                return 0;
+        }
+        if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+                PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_NO_CONTENT_TYPE);
+                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+                return 0;
+        }
+        if (strcmp (hdr->value, "text/plain")) {
+                PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_INVALID_MIME_TYPE);
+                ERR_add_error_data(2, "type: ", hdr->value);
+                sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+                return 0;
+        }
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
+                                                BIO_write(out, iobuf, len);
+        return 1;
+}
 /* Split a multipart/XXX message body into component parts: result is
 * canonical parts in a STACK of bios
 */
diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c
index 5c6b0fe24b..99a0d63f38 100644
--- a/src/lib/libcrypto/pkcs7/pk7_smime.c
+++ b/src/lib/libcrypto/pkcs7/pk7_smime.c
@@ -1,9 +1,9 @@
 /* pk7_smime.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project.
+ * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -66,10 +66,10 @@
 PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
                  BIO *data, int flags)
 {
-        PKCS7 *p7 = NULL;
+        PKCS7 *p7;
        PKCS7_SIGNER_INFO *si;
-        BIO *p7bio = NULL;
+        BIO *p7bio;
-        STACK_OF(X509_ALGOR) *smcap = NULL;
+        STACK_OF(X509_ALGOR) *smcap;
        int i;
        if(!X509_check_private_key(signcert, pkey)) {
@@ -82,87 +82,66 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
                return NULL;
        }
-        if (!PKCS7_set_type(p7, NID_pkcs7_signed))
+        PKCS7_set_type(p7, NID_pkcs7_signed);
-                goto err;
-        if (!PKCS7_content_new(p7, NID_pkcs7_data))
+        PKCS7_content_new(p7, NID_pkcs7_data);
-                goto err;
-        if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {
+        if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {
                PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
-                goto err;
+                return NULL;
        }
        if(!(flags & PKCS7_NOCERTS)) {
-                if (!PKCS7_add_certificate(p7, signcert))
+                PKCS7_add_certificate(p7, signcert);
-                        goto err;
                if(certs) for(i = 0; i < sk_X509_num(certs); i++)
-                        if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i)))
+                        PKCS7_add_certificate(p7, sk_X509_value(certs, i));
-                                goto err;
+        }
+        if(!(p7bio = PKCS7_dataInit(p7, NULL))) {
+                PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
+                return NULL;
        }
+        SMIME_crlf_copy(data, p7bio, flags);
        if(!(flags & PKCS7_NOATTR)) {
-                if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
+                PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
-                                V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)))
+                                V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data));
-                        goto err;
                /* Add SMIMECapabilities */
                if(!(flags & PKCS7_NOSMIMECAP))
                {
                if(!(smcap = sk_X509_ALGOR_new_null())) {
                        PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
-                        goto err;
+                        return NULL;
                }
 #ifndef OPENSSL_NO_DES
-                if (!PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1))
+                PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1);
-                        goto err;
 #endif
 #ifndef OPENSSL_NO_RC2
-                if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128))
+                PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128);
-                        goto err;
+                PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64);
-                if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64))
-                        goto err;
 #endif
 #ifndef OPENSSL_NO_DES
-                if (!PKCS7_simple_smimecap (smcap, NID_des_cbc, -1))
+                PKCS7_simple_smimecap (smcap, NID_des_cbc, -1);
-                        goto err;
 #endif
 #ifndef OPENSSL_NO_RC2
-                if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40))
+                PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40);
-                        goto err;
 #endif
-                if (!PKCS7_add_attrib_smimecap (si, smcap))
+                PKCS7_add_attrib_smimecap (si, smcap);
-                        goto err;
                sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
-                smcap = NULL;
                }
        }
        if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1);
-        if (flags & PKCS7_STREAM)
+        if (!PKCS7_dataFinal(p7,p7bio)) {
-                return p7;
-        if (!(p7bio = PKCS7_dataInit(p7, NULL))) {
-                PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        SMIME_crlf_copy(data, p7bio, flags);
-        if (!PKCS7_dataFinal(p7,p7bio)) {
                PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN);
-                goto err;
+                return NULL;
        }
-        BIO_free_all(p7bio);
+        BIO_free_all(p7bio);
        return p7;
-err:
-        sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
-        BIO_free_all(p7bio);
-        PKCS7_free(p7);
-        return NULL;
 }
 int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
@@ -236,8 +215,6 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
                        sk_X509_free(signers);
                        return 0;
                }
-                if (!(flags & PKCS7_NOCRL))
-                        X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl);
                i = X509_verify_cert(&cert_ctx);
                if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx);
                X509_STORE_CTX_cleanup(&cert_ctx);
@@ -274,8 +251,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
                tmpin = indata;
                
-        if (!(p7bio=PKCS7_dataInit(p7,tmpin)))
+        p7bio=PKCS7_dataInit(p7,tmpin);
-                goto err;
        if(flags & PKCS7_TEXT) {
                if(!(tmpout = BIO_new(BIO_s_mem()))) {
@@ -354,7 +330,7 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
        if(sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {
                PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_NO_SIGNERS);
-                return NULL;
+                return 0;
        }
        if(!(signers = sk_X509_new_null())) {
@@ -377,13 +353,10 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
            if (!signer) {
                        PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
                        sk_X509_free(signers);
-                        return NULL;
+                        return 0;
            }
-            if (!sk_X509_push(signers, signer)) {
+            sk_X509_push(signers, signer);
-                        sk_X509_free(signers);
-                        return NULL;
-            }
        }
        return signers;
 }
@@ -403,8 +376,7 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
                return NULL;
        }
-        if (!PKCS7_set_type(p7, NID_pkcs7_enveloped))
+        PKCS7_set_type(p7, NID_pkcs7_enveloped);
-                goto err;
        if(!PKCS7_set_cipher(p7, cipher)) {
                PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER);
                goto err;
@@ -426,7 +398,7 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
        SMIME_crlf_copy(in, p7bio, flags);
-        (void)BIO_flush(p7bio);
+        BIO_flush(p7bio);
        if (!PKCS7_dataFinal(p7,p7bio)) {
                PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_PKCS7_DATAFINAL_ERROR);
@@ -438,7 +410,7 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
        err:
-        BIO_free_all(p7bio);
+        BIO_free(p7bio);
        PKCS7_free(p7);
        return NULL;
@@ -460,7 +432,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
                return 0;
        }
-        if(cert && !X509_check_private_key(cert, pkey)) {
+        if(!X509_check_private_key(cert, pkey)) {
                PKCS7err(PKCS7_F_PKCS7_DECRYPT,
                                PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
                return 0;
@@ -476,13 +448,10 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
                /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
                if(!(tmpbuf = BIO_new(BIO_f_buffer()))) {
                        PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
-                        BIO_free_all(tmpmem);
                        return 0;
                }
                if(!(bread = BIO_push(tmpbuf, tmpmem))) {
                        PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
-                        BIO_free_all(tmpbuf);
-                        BIO_free_all(tmpmem);
                        return 0;
                }
                ret = SMIME_text(bread, data);
diff --git a/src/lib/libcrypto/pkcs7/pkcs7.h b/src/lib/libcrypto/pkcs7/pkcs7.h
index cc092d262d..15372e18f8 100644
--- a/src/lib/libcrypto/pkcs7/pkcs7.h
+++ b/src/lib/libcrypto/pkcs7/pkcs7.h
@@ -233,8 +233,6 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
                (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)
 #define PKCS7_type_is_data(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_data)
-#define PKCS7_type_is_digest(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)
 #define PKCS7_set_detached(p,v) \
                PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL)
 #define PKCS7_get_detached(p) \
@@ -264,8 +262,6 @@ DECLARE_PKCS12_STACK_OF(PKCS7)
 #define PKCS7_NOSMIMECAP        0x200
 #define PKCS7_NOOLDMIMETYPE     0x400
 #define PKCS7_CRLFEOL           0x800
-#define PKCS7_STREAM            0x1000
-#define PKCS7_NOCRL             0x2000
 /* Flags: for compatibility with older code */
@@ -306,12 +302,10 @@ DECLARE_ASN1_FUNCTIONS(PKCS7)
 DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN)
 DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY)
-DECLARE_ASN1_NDEF_FUNCTION(PKCS7)
 long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);
 int PKCS7_set_type(PKCS7 *p7, int type);
-int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other);
 int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data);
 int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
        const EVP_MD *dgst);
@@ -332,7 +326,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert);
 PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509,
        EVP_PKEY *pkey, const EVP_MD *dgst);
 X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
-int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md);
 STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7);
 PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509);
@@ -388,20 +381,16 @@ void ERR_load_PKCS7_strings(void);
 #define PKCS7_F_PKCS7_ADD_CRL                            101
 #define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO                 102
 #define PKCS7_F_PKCS7_ADD_SIGNER                         103
-#define PKCS7_F_PKCS7_BIO_ADD_DIGEST                     125
 #define PKCS7_F_PKCS7_CTRL                               104
 #define PKCS7_F_PKCS7_DATADECODE                         112
-#define PKCS7_F_PKCS7_DATAFINAL                          128
 #define PKCS7_F_PKCS7_DATAINIT                           105
 #define PKCS7_F_PKCS7_DATASIGN                           106
 #define PKCS7_F_PKCS7_DATAVERIFY                         107
 #define PKCS7_F_PKCS7_DECRYPT                            114
 #define PKCS7_F_PKCS7_ENCRYPT                            115
-#define PKCS7_F_PKCS7_FIND_DIGEST                        127
 #define PKCS7_F_PKCS7_GET0_SIGNERS                       124
 #define PKCS7_F_PKCS7_SET_CIPHER                         108
 #define PKCS7_F_PKCS7_SET_CONTENT                        109
-#define PKCS7_F_PKCS7_SET_DIGEST                         126
 #define PKCS7_F_PKCS7_SET_TYPE                           110
 #define PKCS7_F_PKCS7_SIGN                               116
 #define PKCS7_F_PKCS7_SIGNATUREVERIFY                    113
@@ -432,15 +421,13 @@ void ERR_load_PKCS7_strings(void);
 #define PKCS7_R_NO_MULTIPART_BODY_FAILURE                136
 #define PKCS7_R_NO_MULTIPART_BOUNDARY                    137
 #define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE         115
-#define PKCS7_R_NO_RECIPIENT_MATCHES_KEY                 146
 #define PKCS7_R_NO_SIGNATURES_ON_DATA                    123
 #define PKCS7_R_NO_SIGNERS                               142
 #define PKCS7_R_NO_SIG_CONTENT_TYPE                      138
 #define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE     104
 #define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR                124
-#define PKCS7_R_PKCS7_DATAFINAL                          126
 #define PKCS7_R_PKCS7_DATAFINAL_ERROR                    125
-#define PKCS7_R_PKCS7_DATASIGN                           145
+#define PKCS7_R_PKCS7_DATASIGN                           126
 #define PKCS7_R_PKCS7_PARSE_ERROR                        139
 #define PKCS7_R_PKCS7_SIG_PARSE_ERROR                    140
 #define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE   127
diff --git a/src/lib/libcrypto/pkcs7/pkcs7err.c b/src/lib/libcrypto/pkcs7/pkcs7err.c
index c0e3d4cd33..19894c80a4 100644
--- a/src/lib/libcrypto/pkcs7/pkcs7err.c
+++ b/src/lib/libcrypto/pkcs7/pkcs7err.c
@@ -77,20 +77,16 @@ static ERR_STRING_DATA PKCS7_str_functs[]=
 {ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL),       "PKCS7_add_crl"},
 {ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO),    "PKCS7_add_recipient_info"},
 {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER),    "PKCS7_add_signer"},
-{ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST),        "PKCS7_BIO_ADD_DIGEST"},
 {ERR_FUNC(PKCS7_F_PKCS7_CTRL),  "PKCS7_ctrl"},
 {ERR_FUNC(PKCS7_F_PKCS7_DATADECODE),    "PKCS7_dataDecode"},
-{ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL),     "PKCS7_dataFinal"},
 {ERR_FUNC(PKCS7_F_PKCS7_DATAINIT),      "PKCS7_dataInit"},
 {ERR_FUNC(PKCS7_F_PKCS7_DATASIGN),      "PKCS7_DATASIGN"},
 {ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY),    "PKCS7_dataVerify"},
 {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT),       "PKCS7_decrypt"},
 {ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT),       "PKCS7_encrypt"},
-{ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST),   "PKCS7_FIND_DIGEST"},
 {ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS),  "PKCS7_get0_signers"},
 {ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER),    "PKCS7_set_cipher"},
 {ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT),   "PKCS7_set_content"},
-{ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST),    "PKCS7_set_digest"},
 {ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE),      "PKCS7_set_type"},
 {ERR_FUNC(PKCS7_F_PKCS7_SIGN),  "PKCS7_sign"},
 {ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY),       "PKCS7_signatureVerify"},
@@ -124,13 +120,11 @@ static ERR_STRING_DATA PKCS7_str_reasons[]=
 {ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"},
 {ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"},
 {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),"no recipient matches certificate"},
-{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY),"no recipient matches key"},
 {ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA),"no signatures on data"},
 {ERR_REASON(PKCS7_R_NO_SIGNERS)          ,"no signers"},
 {ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"},
 {ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),"operation not supported on this type"},
 {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"},
-{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL)     ,"pkcs7 datafinal"},
 {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR),"pkcs7 datafinal error"},
 {ERR_REASON(PKCS7_R_PKCS7_DATASIGN)      ,"pkcs7 datasign"},
 {ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR)   ,"pkcs7 parse error"},
@@ -156,12 +150,15 @@ static ERR_STRING_DATA PKCS7_str_reasons[]=
 void ERR_load_PKCS7_strings(void)
        {
-#ifndef OPENSSL_NO_ERR
+        static int init=1;
-        if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL)
+        if (init)
                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
                ERR_load_strings(0,PKCS7_str_functs);
                ERR_load_strings(0,PKCS7_str_reasons);
-                }
 #endif
+                }
        }
diff --git a/src/lib/libcrypto/pkcs7/server.pem b/src/lib/libcrypto/pkcs7/server.pem
new file mode 100644
index 0000000000..750aac2094
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/server.pem
@@ -0,0 +1,24 @@
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
+-----BEGIN CERTIFICATE-----
+MIIB6TCCAVICAQAwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzQ2WhcNOTgwNjA5
+MTM1NzQ2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
+cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
+Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
+Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB4TMR2CvacKE9wAsu9jyCX8YiW
+mgCM+YoP6kt4Zkj2z5IRfm7WrycKsnpnOR+tGeqAjkCeZ6/36o9l91RvPnN1VJ/i
+xQv2df0KFeMr00IkDdTNAdIWqFkSsZTAY2QAdgenb7MB1joejquYzO2DQIO7+wpH
+irObpESxAZLySCmPPg==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
+TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu
+OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj
+gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz
+rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b
+PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA
+vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=
+-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libcrypto/pkcs7/sign.c b/src/lib/libcrypto/pkcs7/sign.c
new file mode 100644
index 0000000000..8b59885f7e
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/sign.c
@@ -0,0 +1,154 @@
+/* crypto/pkcs7/sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        X509 *x509;
+        EVP_PKEY *pkey;
+        PKCS7 *p7;
+        PKCS7_SIGNER_INFO *si;
+        BIO *in;
+        BIO *data,*p7bio;
+        char buf[1024*4];
+        int i;
+        int nodetach=0;
+#ifndef OPENSSL_NO_MD2
+        EVP_add_digest(EVP_md2());
+#endif
+#ifndef OPENSSL_NO_MD5
+        EVP_add_digest(EVP_md5());
+#endif
+#ifndef OPENSSL_NO_SHA1
+        EVP_add_digest(EVP_sha1());
+#endif
+#ifndef OPENSSL_NO_MDC2
+        EVP_add_digest(EVP_mdc2());
+#endif
+        data=BIO_new(BIO_s_file());
+again:
+        if (argc > 1)
+                {
+                if (strcmp(argv[1],"-nd") == 0)
+                        {
+                        nodetach=1;
+                        argv++; argc--;
+                        goto again;
+                        }
+                if (!BIO_read_filename(data,argv[1]))
+                        goto err;
+                }
+        else
+                BIO_set_fp(data,stdin,BIO_NOCLOSE);
+        if ((in=BIO_new_file("server.pem","r")) == NULL) goto err;
+        if ((x509=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) goto err;
+        BIO_reset(in);
+        if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL)) == NULL) goto err;
+        BIO_free(in);
+        p7=PKCS7_new();
+        PKCS7_set_type(p7,NID_pkcs7_signed);
+         
+        si=PKCS7_add_signature(p7,x509,pkey,EVP_sha1());
+        if (si == NULL) goto err;
+        /* If you do this then you get signing time automatically added */
+        PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT,
+                                                OBJ_nid2obj(NID_pkcs7_data));
+        /* we may want to add more */
+        PKCS7_add_certificate(p7,x509);
+        /* Set the content of the signed to 'data' */
+        PKCS7_content_new(p7,NID_pkcs7_data);
+        if (!nodetach)
+                PKCS7_set_detached(p7,1);
+        if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err;
+        for (;;)
+                {
+                i=BIO_read(data,buf,sizeof(buf));
+                if (i <= 0) break;
+                BIO_write(p7bio,buf,i);
+                }
+        if (!PKCS7_dataFinal(p7,p7bio)) goto err;
+        BIO_free(p7bio);
+        PEM_write_PKCS7(stdout,p7);
+        PKCS7_free(p7);
+        exit(0);
+err:
+        ERR_load_crypto_strings();
+        ERR_print_errors_fp(stderr);
+        exit(1);
+        }
diff --git a/src/lib/libcrypto/pkcs7/t/3des.pem b/src/lib/libcrypto/pkcs7/t/3des.pem
new file mode 100644
index 0000000000..b2b5081a10
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/t/3des.pem
@@ -0,0 +1,16 @@
+-----BEGIN PKCS7-----
+MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG
+A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
+ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR+MA0GCSqGSIb3DQEBAQUABEC2vXI1xQDW6lUHM3zQ
+/9uBEBOO5A3TtkrklAXq7v01gsIC21t52qSk36REXY+slhNZ0OQ349tgkTsoETHFLoEwMIHw
+AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI
+QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
+UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G
+CSqGSIb3DQEBAQUABEB8ujxbabxXUYJhopuDm3oDq4JNqX6Io4p3ro+ShqfIndsXTZ1v5a2N
+WtLLCWlHn/habjBwZ/DgQgcKASbZ7QxNMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA
+oAQIbsL5v1wX98KggAQoAaJ4WHm68fXY1WE5OIjfVBIDpO1K+i8dmKhjnAjrjoyZ9Bwc8rDL
+lgQg4CXb805h5xl+GfvSwUaHJayte1m2mcOhs3J2YyqbQ+MEIMIiJQccmhO3oDKm36CFvYR8
+5PjpclVcZyX2ngbwPFMnBAgy0clOAE6UKAAAAAAAAAAAAAA=
+-----END PKCS7-----
diff --git a/src/lib/libcrypto/pkcs7/t/3dess.pem b/src/lib/libcrypto/pkcs7/t/3dess.pem
new file mode 100644
index 0000000000..23f013516a
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/t/3dess.pem
@@ -0,0 +1,32 @@
+-----BEGIN PKCS7-----
+MIIGHgYJKoZIhvcNAQcCoIIGDzCCBgsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
+BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR
+BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv
+ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE
+AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow
+gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu
+ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG
+A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m
+dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh
+hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg
+hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP
+igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds
+syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG
+A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
+ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB
+kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l
+MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB
+TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf
+mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s
+8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx
+ggF7MIIBdwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP
+BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ
+REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB
+AgIEfjAJBgUrDgMCGgUAoHowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAbBgkqhkiG9w0B
+CQ8xDjAMMAoGCCqGSIb3DQMHMBwGCSqGSIb3DQEJBTEPFw05ODA1MTQwMzM5MzdaMCMGCSqG
+SIb3DQEJBDEWBBQstNMnSV26ba8PapQEDhO21yNFrjANBgkqhkiG9w0BAQEFAARAW9Xb9YXv
+BfcNkutgFX9Gr8iXhBVsNtGEVrjrpkQwpKa7jHI8SjAlLhk/4RFwDHf+ISB9Np3Z1WDWnLcA
+9CWR6g==
+-----END PKCS7-----
diff --git a/src/lib/libcrypto/pkcs7/t/c.pem b/src/lib/libcrypto/pkcs7/t/c.pem
new file mode 100644
index 0000000000..a4b55e321a
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/t/c.pem
@@ -0,0 +1,48 @@
+issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA
+subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com
+serial :047D
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1149 (0x47d)
+        Signature Algorithm: md5withRSAEncryption
+        Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA
+        Validity
+            Not Before: May 13 05:40:58 1998 GMT
+            Not After : May 12 05:40:58 2000 GMT
+        Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Modulus:
+                    00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81:
+                    73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc:
+                    89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29:
+                    fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f:
+                    e7:e7:0c:4d:0b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Comment: 
+                Generated with SSLeay
+    Signature Algorithm: md5withRSAEncryption
+        52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55:
+        f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97:
+        d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b:
+        50:74:ad:92:cb:4e:90:e5:fa:7d
+-----BEGIN CERTIFICATE-----
+MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV
+MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE
+ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E
+IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw
+NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0
+aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG
+9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf
+lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB
+hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA
+UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8
+4A3ZItobUHStkstOkOX6fQ==
+-----END CERTIFICATE-----
diff --git a/src/lib/libcrypto/pkcs7/t/ff b/src/lib/libcrypto/pkcs7/t/ff
new file mode 100644
index 0000000000..23f013516a
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/t/ff
@@ -0,0 +1,32 @@
+-----BEGIN PKCS7-----
+MIIGHgYJKoZIhvcNAQcCoIIGDzCCBgsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
+BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR
+BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv
+ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE
+AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow
+gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu
+ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG
+A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m
+dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh
+hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg
+hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP
+igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds
+syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG
+A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
+ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB
+kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l
+MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB
+TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf
+mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s
+8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx
+ggF7MIIBdwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP
+BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ
+REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB
+AgIEfjAJBgUrDgMCGgUAoHowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAbBgkqhkiG9w0B
+CQ8xDjAMMAoGCCqGSIb3DQMHMBwGCSqGSIb3DQEJBTEPFw05ODA1MTQwMzM5MzdaMCMGCSqG
+SIb3DQEJBDEWBBQstNMnSV26ba8PapQEDhO21yNFrjANBgkqhkiG9w0BAQEFAARAW9Xb9YXv
+BfcNkutgFX9Gr8iXhBVsNtGEVrjrpkQwpKa7jHI8SjAlLhk/4RFwDHf+ISB9Np3Z1WDWnLcA
+9CWR6g==
+-----END PKCS7-----
diff --git a/src/lib/libcrypto/pkcs7/t/msie-e b/src/lib/libcrypto/pkcs7/t/msie-e
new file mode 100644
index 0000000000..aafae69fc9
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/t/msie-e
@@ -0,0 +1,20 @@
+MIAGCSqGSIb3DQEHA6CAMIACAQAxggHCMIHMAgEAMHYwYjERMA8GA1UEBxMISW50ZXJuZXQxFzAV
+BgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5k
+aXZpZHVhbCBTdWJzY3JpYmVyAhBgQJiC3qfbCbjdj5INYLnKMA0GCSqGSIb3DQEBAQUABECMzu8y
+wQ/qZbO8cAGMRBF+mPruv3+Dvb9aWNZ2k8njUgqF6mcdhVB2MkGcsG3memRXJBixvMYWVkU3qK4Z
+VuKsMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UE
+BxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
+UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqG
+SIb3DQEBAQUABEBcWwYFHJbJGhiztt7lzue3Lc9CH5WAbyR+2BZ3uv+JxZfRs1PuaWPOwRa0Vgs3
+YwSJoRfxQj2Gk0wFqG1qt6d1MIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIAoAQI8vRlP/Nx
+2iSggASCAZhR5srxyspy7DfomRJ9ff8eMCtaNwEoEx7G25PZRonC57hBvGoScLtEPU3Wp9FEbPN7
+oJESeC+AqMTyTLNy8aQsyC5s53E9UkoIvg62ekYZBbXZqXsrxx4PhiiX3NH8GVh42phB0Chjw0nK
+HZeRDmxGY3Cmk+J+l0uVKxbNIfJIKOguLBnhqmnKH/PrnzDt591u0ULy2aTLqRm+4/1Yat/QPb6J
+eoKGwNPBbS9ogBdrCNCp9ZFg3Xar2AtQHzyTQIfYeH3SRQUpKmRm5U5o9p5emgEdT+ZfJm/J4tSH
+OmbgAFsbHQakA4MBZ4J5qfDJhOA2g5lWk1hIeu5Dn/AaLRZd0yz3oY0Ieo/erPWx/bCqtBzYbMe9
+qSFTedKlbc9EGe3opOTdBZVzK8KH3w3zsy5luxKdOUG59YYb5F1IZiWGiDyuo/HuacX+griu5LeD
+bEzOtZnko+TZXvWIko30fD79j3T4MRRhWXbgj2HKza+4vJ0mzcC/1+GPsJjAEAA/JgIEDU4w6/DI
+/HQHhLAO3G+9xKD7MvmrzkoAAAAAAAAAAAAA
diff --git a/src/lib/libcrypto/pkcs7/t/msie-e.pem b/src/lib/libcrypto/pkcs7/t/msie-e.pem
new file mode 100644
index 0000000000..a2a5e24e74
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/t/msie-e.pem
@@ -0,0 +1,22 @@
+-----BEGIN PKCS7-----
+MIAGCSqGSIb3DQEHA6CAMIIDkAIBADGCAcIwgcwCAQAwdjBiMREwDwYDVQQHEwhJ
+bnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlT
+aWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEGBAmILep9sJ
+uN2Pkg1gucowDQYJKoZIhvcNAQEBBQAEQIzO7zLBD+pls7xwAYxEEX6Y+u6/f4O9
+v1pY1naTyeNSCoXqZx2FUHYyQZywbeZ6ZFckGLG8xhZWRTeorhlW4qwwgfACAQAw
+gZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
+EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsT
+GURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBW
+QUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQFxbBgUclskaGLO23uXO57ctz0If
+lYBvJH7YFne6/4nFl9GzU+5pY87BFrRWCzdjBImhF/FCPYaTTAWobWq3p3UwggHD
+BgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgICAKAECPL0ZT/zcdokgIIBmFHmyvHK
+ynLsN+iZEn19/x4wK1o3ASgTHsbbk9lGicLnuEG8ahJwu0Q9Tdan0URs83ugkRJ4
+L4CoxPJMs3LxpCzILmzncT1SSgi+DrZ6RhkFtdmpeyvHHg+GKJfc0fwZWHjamEHQ
+KGPDScodl5EObEZjcKaT4n6XS5UrFs0h8kgo6C4sGeGqacof8+ufMO3n3W7RQvLZ
+pMupGb7j/Vhq39A9vol6gobA08FtL2iAF2sI0Kn1kWDddqvYC1AfPJNAh9h4fdJF
+BSkqZGblTmj2nl6aAR1P5l8mb8ni1Ic6ZuAAWxsdBqQDgwFngnmp8MmE4DaDmVaT
+WEh67kOf8BotFl3TLPehjQh6j96s9bH9sKq0HNhsx72pIVN50qVtz0QZ7eik5N0F
+lXMrwoffDfOzLmW7Ep05Qbn1hhvkXUhmJYaIPK6j8e5pxf6CuK7kt4NsTM61meSj
+5Nle9YiSjfR8Pv2PdPgxFGFZduCPYcrNr7i8nSbNwL/X4Y+wmMAQAD8mAgQNTjDr
+8Mj8dAeEsA7cb73EoPsy+avOSgAAAAA=
+-----END PKCS7-----
diff --git a/src/lib/libcrypto/pkcs7/t/msie-enc-01 b/src/lib/libcrypto/pkcs7/t/msie-enc-01
new file mode 100644
index 0000000000..2c93ab6462
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/t/msie-enc-01
@@ -0,0 +1,62 @@
+MIAGCSqGSIb3DQEHA6CAMIACAQAxgfMwgfACAQAwgZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYD
+VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0
+IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMT
+EkRFTU8gWkVSTyBWQUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQKvMaW8xh6oF/X+CJivz
+IZV7yHxlp4O3NHQtWG0A8MOZB+CtKlU7/6g5e/a9Du/TOqxRMqtYRp63pa2Q/mM4IYMwgAYJ
+KoZIhvcNAQcBMBoGCCqGSIb3DQMCMA4CAgCgBAifz6RvzOPYlKCABIGwxtGA/FLBBRs1wbBP
+gDCbSG0yCwjJNsFg89/k6xuXo8c5YTwsw8+XlIVq03navpew6XxxzY090rD2OJ0t6HA6GqrI
+pd8WiSh/Atqn0yfLFmkLqgIAPRfzxUxqUocxLpQsLIFp2YNUGE+yps+UZmIjw/WHfdqrcWTm
+STSvKuy3UkIJZCkGDBpTvqk4BFaHh4oTXEpgpNY+GKxjf9TDN9GQPqQZR7sgQki4t2g4/Saq
+Kl4EMISgluk6swdND0tiHY7v5d6YR29ePCl2/STJ98eJpWkEEC22GNNvOy7ru/Rv2He4MgQg
+optd7sk9MMd9xhJppg7CcH/yDx//HrtgpOcWmn6VxpgECFqon4uXkQtIBIH4PaNclFn7/hLx
+Pw2VmBGaC0SYF3U1jyN96EBxdjqy8Aa6ByMXYDW5BcfqniD5mYXfw+b81lh1kutxaPaV4YJ9
+ZlRUW752N7VHo/fG0/fukoe5W9a8kIhgLpygllb/GP4oSF4wM6n1/OgRzZj2IWFiobKO4d/t
+Mnh+C+PoEVAuFZcxQwi9GqvsK5OoIjVwNx0XcVSOl1TTYS9SwC7ugMBCab73JiruC24pL78Y
+M+NaIpIQ3On4DokJA2ZHtjBjZIxF4tKA144RvFN6pBd6TVE5XM6KD/Vh9bjSmujtEAfdQ3Te
+dvKJsbZuu0stErbvWcRy11I328l557EECAJT7d44OJ3rBBBj6bnnx6dDU2SRqp2CEoQaBAhK
+RBuyhNxkygQIOY9/NhwqAJAECOvX0Zd0DqgoBAjobPpMHhVV3gQQWLU2vEoZ51BwzxdzCmxO
+wwQI4oKfudaNqoAESKzBNAqv5kGumHOlMKsRfrs7jZCcSaOuEj97pYx08FLEgF23cav39MOQ
+NUEM1dNU+EYslL4o3RoSHRjUgPU+2t9c0prS9A/bPARIEOP94PynaTNxwHi3VTK7SzuQmgzA
+4n942E9joSiqsQPlsKAb3sPUaLC3SuUxSjNBgfpvD0bmrA/5h+WZoYXvIogFpwjkSmnFBEie
+0lh5Ov1aRrvCw5/j3Q/W/4ZtN5U+aeVBJMtA8n0Mxd5kPxHbNVh4oGprZ6wEegV8ht3voyZa
+mZ5Cyxc8ffMYnM/JJI6/oEYEUEMyyiS5FnYyvxKzfMtyn2lZ2st9nZGNNgMc9N62r5HgNbdD
+FHuRdKKzV+8kQfuMc3mOPpK1t9TFY+QgrxiB5p6S7VooI97YtP3PbfknszCEBEh4PdXYbbaR
+3AacN3Q5kYYmWsq3WW6xgrg0mmEGosGvwSQxBBuiXZrxScCa4ivEq05UZwyShePvKduOvnUE
+2zDO6IXFLZxhTZAESEm9/FovLgGAiJ7iMGmYvsISLJScwG4n+wrSaQNQXizs9N3ykys54wBN
+d/+BQ4F7pncHhDQ2Dyt5MekB8Y8iNOocUTFCu524vQRIaWCXmXP3vU7D21dp0XnAMzRQJ565
+JV3aHRoY7XDa4LePa7PP9ywyafOE5yCW7ndqx3J+2JhTDvSFsW8/q3H3iyeFhykuJVS6BFDK
+6CmKbnyyjOfE2iLGJmTFa905V2KrVDCmlEu/xyGMs80yTyZC+ySzM83FMVvLEQmSzcTNUZVp
+DfA1kNXbXkPouBXXT6g8r8JCRljaKKABmgRIlMheOJQRUUU4cgvhMreXPayhq5Ao4VMSCkA5
+hYRCBczm4Di/MMohF0SxIsdRY6gY9CPnrBXAsY6h1RbR7Tw0iQZmeXi52DCiBEj0by+SYMAa
+9z0CReIzl8JLL6EVIFz8kFxlkGWjr4dnOzhhPOq/mCpp0WxbavDfdhE87MdXJZBnLwoT62QG
+955HlAoEQBOGJbcESCgd5XSirZ9Y3AbCfuKOqoMBvEUGn+w/pMaqnGvnr5FZhuBDKrhRXqtx
+QsxA//drGUxsrZOuSL/0+fbvo7n2h1Z8Ny86jOvVZAQIAjw2l1Yc5RAESNc9i3I8pKEOVQf/
+UBczJ0NR9aTEF80dRg2lpXwD0ho4N0AvSiVbgxC7cPZHQwIqvq9LHRUs/4n+Vu3SVYU3cAxo
+lUTiCGUSlARIF+TD57SI5+RI+MNtnD9rs4E1ml51YoHGWFj3UPriDmY0FKEwIgqtMXMY3fZ9
+Kq8d83bjDzxwbDX7WwR7KbSeJWT42pCz7kM+BEjjPsOnZHuusXT3x2rrsBnYtYsbt98mSFiS
+KzTtFmXfkOBbCQdit1P76QnYJ1aXMGs6zP6GypQTadK/zYWvlm38QkVwueaJ0woESKW2pqKA
+70h2UMDHOrpepU1lj0YMzmotDHSTU3L909VvUMNg9uqfrQ6mSkb9j5Tl8oF2otOw5EzA1Yda
+KPmgsv62RWLYl80wXQRQwG0e/mgG75jp9lOhJdVXqcYbQpS9viwVaVkwH+69mu/bQI4gjoEs
+UYX6O71Re2z+cYhcm9UrK+DXuSFBXQOIlAFxKMW4B0apd6fU84FsZLMESOorXE5OE0A2B2ji
+J8QI0Exk4hUvWrMNJfUZwFyS7E05xV9ORuX1xmsKqkT4tVR5Nqln4vhvAY860VBoloz0CDkd
+8seSBEjeMgRI9FvpYuflIeHg9urkwp6N+1f0DrJJhJY9ZQ0HTQhziJmIfvbEjNqCl7hEC28+
+F8I5tuViLgfSwcFFCvnS6WFoN4X6QdFdqMCbBEjdlI1c+IQGA/IuTDMJYCuQ/v+8BG5ZeWVH
+icPZmXfRat9eFK1dGKAJef6+Tf9HPuDjSpDyffrifsp7Dc34lmm7GN1+ON3ZMtwEUNm6epb8
+1RKWjoI7jIKUV/M2p/0eeGSqs4b06KF/VR6dBwsJVL5DpnTsp3MV4j/CAOlRdSPZ5++tsKbM
+aplk+ceqQtpEFz1MYTtVV4+rlrWaBEA1okJyNZ5/tNOwM7B+XfOZ0xw+uyVi9v4byTZM2Qds
+J+d3YGYLAugTGHISLqQEerD8/gGK+/SL06b2gNedXPHtBAiBKX+Mdy3wFQQIqE9gVgvrFNUE
+CKKoTFoMGqnPBAjDPgLCklNfrwQI3Ek1vSq68w8ECBodu2FOZJVkBAgzwjfSr2N9WQQQTCoQ
+KkAbrS9tnjXn1I3+ZwQIrPx3eINo/YUECIeYWCFskxlYBAiDUdvZXwD3vgQIkEyZbbZWbUUE
+CH4+odl1Isk3BBj68fkqJ0fKJRWVLWuW/O3VE4BOPKwFlaIECFseVTdDUho8BAj+cOKvV2WA
+hgQgaXr+wwq+ItblG0Qxz8IVUXX6PV2mIdHwz4SCCvnCsaIECJhBYxdfLI/XBCDswamPn9MR
+yXi2HVQBineV+GtWVkIoZ2dCLFB9mQRMoAQI0nUR5a5AOJoECA+AunKlAlx8BAi5RtFeF4g1
+FQQIz/ie+16LlQcECOmNuVg5DXjMBAjH2nkfpXZgWwQIVdLuO/+kuHAECO/5rEHmyI9vBBD4
+16BU4Rd3YerDQnHtrwOQBCCkho1XxK5Maz8KLCNi20wvcGt8wsIXlj2h5q9ITBq7IgQQvKVY
+4OfJ7bKbItP2dylwQgQYPIGxwkkbRXNraONYvN19G8UdF35rFOuIBAjf0sKz/618ZQQIxObr
+xJkRe0sECIC+ssnjEb2NBBBI+XM4OntVWGsRV9Td3sFgBAinGwIroo8O0gQQMGAwgc9PaLaG
+gBCiwSTrYQQIVHjfCQgOtygEUIoraFoANfhZgIShpOd/RRxFU4/7xZR5tMdGoYz/g0thR0lM
+Hi88FtFD4mAh/Oat4Ri8B7bv04aokjN2UHz6nPbHHjZ8zIqpbYTCy043GNZBAhOqjyB2JbD
+NwQoR23XCYD9x6E20ChHJRXmaHwyMdYXKl5CUxypl7ois+sy2D7jDukS3wQIsTyyPgJi0GsA
+AAAAAAAAAAAA
diff --git a/src/lib/libcrypto/pkcs7/t/msie-enc-01.pem b/src/lib/libcrypto/pkcs7/t/msie-enc-01.pem
new file mode 100644
index 0000000000..9abf00b2f2
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/t/msie-enc-01.pem
@@ -0,0 +1,66 @@
+-----BEGIN PKCS7-----
+MIAGCSqGSIb3DQEHA6CAMIILyAIBADGB8zCB8AIBADCBmTCBkjELMAkGA1UEBhMC
+QVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYD
+VQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB
+TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBAgIEbjANBgkq
+hkiG9w0BAQEFAARAq8xpbzGHqgX9f4ImK/MhlXvIfGWng7c0dC1YbQDww5kH4K0q
+VTv/qDl79r0O79M6rFEyq1hGnrelrZD+YzghgzCCCssGCSqGSIb3DQEHATAaBggq
+hkiG9w0DAjAOAgIAoAQIn8+kb8zj2JSAggqgxtGA/FLBBRs1wbBPgDCbSG0yCwjJ
+NsFg89/k6xuXo8c5YTwsw8+XlIVq03navpew6XxxzY090rD2OJ0t6HA6GqrIpd8W
+iSh/Atqn0yfLFmkLqgIAPRfzxUxqUocxLpQsLIFp2YNUGE+yps+UZmIjw/WHfdqr
+cWTmSTSvKuy3UkIJZCkGDBpTvqk4BFaHh4oTXEpgpNY+GKxjf9TDN9GQPqQZR7sg
+Qki4t2g4/SaqKl6EoJbpOrMHTQ9LYh2O7+XemEdvXjwpdv0kyffHiaVpBBAtthjT
+bzsu67v0b9h3uDKim13uyT0wx33GEmmmDsJwf/IPH/8eu2Ck5xaafpXGmFqon4uX
+kQtIPaNclFn7/hLxPw2VmBGaC0SYF3U1jyN96EBxdjqy8Aa6ByMXYDW5BcfqniD5
+mYXfw+b81lh1kutxaPaV4YJ9ZlRUW752N7VHo/fG0/fukoe5W9a8kIhgLpygllb/
+GP4oSF4wM6n1/OgRzZj2IWFiobKO4d/tMnh+C+PoEVAuFZcxQwi9GqvsK5OoIjVw
+Nx0XcVSOl1TTYS9SwC7ugMBCab73JiruC24pL78YM+NaIpIQ3On4DokJA2ZHtjBj
+ZIxF4tKA144RvFN6pBd6TVE5XM6KD/Vh9bjSmujtEAfdQ3TedvKJsbZuu0stErbv
+WcRy11I328l557ECU+3eODid62PpuefHp0NTZJGqnYIShBpKRBuyhNxkyjmPfzYc
+KgCQ69fRl3QOqCjobPpMHhVV3li1NrxKGedQcM8XcwpsTsPigp+51o2qgKzBNAqv
+5kGumHOlMKsRfrs7jZCcSaOuEj97pYx08FLEgF23cav39MOQNUEM1dNU+EYslL4o
+3RoSHRjUgPU+2t9c0prS9A/bPBDj/eD8p2kzccB4t1Uyu0s7kJoMwOJ/eNhPY6Eo
+qrED5bCgG97D1Giwt0rlMUozQYH6bw9G5qwP+YflmaGF7yKIBacI5EppxZ7SWHk6
+/VpGu8LDn+PdD9b/hm03lT5p5UEky0DyfQzF3mQ/Eds1WHigamtnrAR6BXyG3e+j
+JlqZnkLLFzx98xicz8kkjr+gRkMyyiS5FnYyvxKzfMtyn2lZ2st9nZGNNgMc9N62
+r5HgNbdDFHuRdKKzV+8kQfuMc3mOPpK1t9TFY+QgrxiB5p6S7VooI97YtP3Pbfkn
+szCEeD3V2G22kdwGnDd0OZGGJlrKt1lusYK4NJphBqLBr8EkMQQbol2a8UnAmuIr
+xKtOVGcMkoXj7ynbjr51BNswzuiFxS2cYU2QSb38Wi8uAYCInuIwaZi+whIslJzA
+bif7CtJpA1BeLOz03fKTKznjAE13/4FDgXumdweENDYPK3kx6QHxjyI06hxRMUK7
+nbi9aWCXmXP3vU7D21dp0XnAMzRQJ565JV3aHRoY7XDa4LePa7PP9ywyafOE5yCW
+7ndqx3J+2JhTDvSFsW8/q3H3iyeFhykuJVS6yugpim58soznxNoixiZkxWvdOVdi
+q1QwppRLv8chjLPNMk8mQvskszPNxTFbyxEJks3EzVGVaQ3wNZDV215D6LgV10+o
+PK/CQkZY2iigAZqUyF44lBFRRThyC+Eyt5c9rKGrkCjhUxIKQDmFhEIFzObgOL8w
+yiEXRLEix1FjqBj0I+esFcCxjqHVFtHtPDSJBmZ5eLnYMKL0by+SYMAa9z0CReIz
+l8JLL6EVIFz8kFxlkGWjr4dnOzhhPOq/mCpp0WxbavDfdhE87MdXJZBnLwoT62QG
+955HlAoEQBOGJbcoHeV0oq2fWNwGwn7ijqqDAbxFBp/sP6TGqpxr56+RWYbgQyq4
+UV6rcULMQP/3axlMbK2Trki/9Pn276O59odWfDcvOozr1WQCPDaXVhzlENc9i3I8
+pKEOVQf/UBczJ0NR9aTEF80dRg2lpXwD0ho4N0AvSiVbgxC7cPZHQwIqvq9LHRUs
+/4n+Vu3SVYU3cAxolUTiCGUSlBfkw+e0iOfkSPjDbZw/a7OBNZpedWKBxlhY91D6
+4g5mNBShMCIKrTFzGN32fSqvHfN24w88cGw1+1sEeym0niVk+NqQs+5DPuM+w6dk
+e66xdPfHauuwGdi1ixu33yZIWJIrNO0WZd+Q4FsJB2K3U/vpCdgnVpcwazrM/obK
+lBNp0r/Nha+WbfxCRXC55onTCqW2pqKA70h2UMDHOrpepU1lj0YMzmotDHSTU3L9
+09VvUMNg9uqfrQ6mSkb9j5Tl8oF2otOw5EzA1YdaKPmgsv62RWLYl80wXcBtHv5o
+Bu+Y6fZToSXVV6nGG0KUvb4sFWlZMB/uvZrv20COII6BLFGF+ju9UXts/nGIXJvV
+Kyvg17khQV0DiJQBcSjFuAdGqXen1POBbGSz6itcTk4TQDYHaOInxAjQTGTiFS9a
+sw0l9RnAXJLsTTnFX05G5fXGawqqRPi1VHk2qWfi+G8BjzrRUGiWjPQIOR3yx5IE
+SN4y9FvpYuflIeHg9urkwp6N+1f0DrJJhJY9ZQ0HTQhziJmIfvbEjNqCl7hEC28+
+F8I5tuViLgfSwcFFCvnS6WFoN4X6QdFdqMCb3ZSNXPiEBgPyLkwzCWArkP7/vARu
+WXllR4nD2Zl30WrfXhStXRigCXn+vk3/Rz7g40qQ8n364n7Kew3N+JZpuxjdfjjd
+2TLc2bp6lvzVEpaOgjuMgpRX8zan/R54ZKqzhvTooX9VHp0HCwlUvkOmdOyncxXi
+P8IA6VF1I9nn762wpsxqmWT5x6pC2kQXPUxhO1VXj6uWtZo1okJyNZ5/tNOwM7B+
+XfOZ0xw+uyVi9v4byTZM2QdsJ+d3YGYLAugTGHISLqQEerD8/gGK+/SL06b2gNed
+XPHtgSl/jHct8BWoT2BWC+sU1aKoTFoMGqnPwz4CwpJTX6/cSTW9KrrzDxodu2FO
+ZJVkM8I30q9jfVlMKhAqQButL22eNefUjf5nrPx3eINo/YWHmFghbJMZWINR29lf
+APe+kEyZbbZWbUV+PqHZdSLJN/rx+SonR8olFZUta5b87dUTgE48rAWVolseVTdD
+Uho8/nDir1dlgIZpev7DCr4i1uUbRDHPwhVRdfo9XaYh0fDPhIIK+cKxophBYxdf
+LI/X7MGpj5/TEcl4th1UAYp3lfhrVlZCKGdnQixQfZkETKDSdRHlrkA4mg+AunKl
+Alx8uUbRXheINRXP+J77XouVB+mNuVg5DXjMx9p5H6V2YFtV0u47/6S4cO/5rEHm
+yI9v+NegVOEXd2Hqw0Jx7a8DkKSGjVfErkxrPwosI2LbTC9wa3zCwheWPaHmr0hM
+GrsivKVY4OfJ7bKbItP2dylwQjyBscJJG0Vza2jjWLzdfRvFHRd+axTriN/SwrP/
+rXxlxObrxJkRe0uAvrLJ4xG9jUj5czg6e1VYaxFX1N3ewWCnGwIroo8O0jBgMIHP
+T2i2hoAQosEk62FUeN8JCA63KIoraFoANfhZgIShpOd/RRxFU4/7xZR5tMdGoYz/
+g0thR0lM+Hi88FtFD4mAh/Oat4Ri8B7bv04aokjN2UHz6nPbHHjZ8zIqpbYTCy04
+3GNZTqo8gdiWwzdHbdcJgP3HoTbQKEclFeZofDIx1hcqXkJTHKmXuiKz6zLYPuMO
+6RLfsTyyPgJi0GsAAAAA
+-----END PKCS7-----
diff --git a/src/lib/libcrypto/pkcs7/t/msie-enc-02 b/src/lib/libcrypto/pkcs7/t/msie-enc-02
new file mode 100644
index 0000000000..7017055965
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/t/msie-enc-02
@@ -0,0 +1,90 @@
+MIAGCSqGSIb3DQEHA6CAMIACAQAxggHCMIHMAgEAMHYwYjERMA8GA1UEBxMISW50ZXJuZXQxFzAV
+BgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5k
+aXZpZHVhbCBTdWJzY3JpYmVyAhBgQJiC3qfbCbjdj5INYLnKMA0GCSqGSIb3DQEBAQUABEACr4tn
+kSzvo3aIlHfJLGbfokNCV6FjdDP1vQhL+kdXONqcFCEf9ReETCvaHslIr/Wepc5j2hjZselzgqLn
+rM1ZMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UE
+BxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
+UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqG
+SIb3DQEBAQUABEBanBxKOvUoRn3DiFY55lly2TPu2Cv+dI/GLrzW6qvnUMZPWGPGaUlPyWLMZrXJ
+xGXZUiRJKTBwDu91fnodUEK9MIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIAoAQImxKZEDWP
+EuOggASCBACBi1bX/qc3geqFyfRpX7JyIo/g4CDr62GlwvassAGlIO8zJ5Z/UDIIooeV6QS4D4OW
+PymKd0WXhwcJI0yBcJTWEoxND27LM7CWFJpA07AoxVCRHTOPgm794NynLecNUOqVTFyS4CRuLhVG
+PAk0nFZG/RE2yMtx4rAkSiVgOexES7wq/xWuoDSSmuTMNQOTbKfkEKqdFLkM/d62gD2wnaph7vKk
+PPK82wdZP8rF3nUUC5c4ahbNoa8g+5B3tIF/Jz3ZZK3vGLU0IWO+i7W451dna13MglDDjXOeikNl
+XLsQdAVo0nsjfGu+f66besJojPzysNA+IEZl6gNWUetl9lim4SqrxubUExdS2rmXnXXmEuEW/HC7
+dlTAeYq5Clqx5id6slhC2C2oegMww3XH9yxHw6OqzvXY6pVPEScEtBMQLgaKFQT+m2SRtbTVFG7c
+QcnUODyVB1IbpQTF1DHeeOX1W/HfpWZym8dzkti6SCyeumHmqO406xDiIMVKtHOqM86nEHuAMZsr
+cLy+ey6TEJvR6S4N8QRzng8JJDZDTJXQN6q84aEudsnOrw2KyOVwPpI6ey4qBsHUgQ8kAFy5lsQa
+WV45h6exgUwbBcKLgPZGFj+OdD2RKJsTb83/UqbJS5Q/lGXhzBlnaYucyJxEprRxbntmcnOEPFJe
+tRDUwOTd7qlJljdhIJL+uDcooL9Ahgo6Cwep6tduekv2cSEohJeTE8Dvy34YRhMbLvnFNdmnpNy
+rNZDYVVxxaKoyd2AfB8NPFZh1VdAYfI3R1QAQ2kXEef5NNIfVQfMzD9akJn4RP+Kv32Qaxm4FrnK
+xmwRyGJShavIBc2ax+F1r1+NZXuSBHn5vfoRTxOk0ST4dXsw74dnlYUMRaSu4qqUdM9jsXSyeX4Z
+gQgkR2bkaYO6ezFgenFIa7QWVw8rXZAEZ5aibCxbnY1VE41PYIvhlLdbFJhH9gY22s+fFAuwnzyA
+SRjC40A9aAEItRlaPStWSGiqlLRgNkBBwdpv2l2YPBd2QzHx6ek6XGrvRJuAC+Nh62rtQKwpNH54
+YAOHW55maBFW2SQ3TF+cZ6NbbqhCmHTyyR7mcSYc9sXSVDWEhYKQ1iyU870zhHWVpvglZizZetJC
+ZFjYex3b1ngVdcgargOvpPq9urCKKi2mbkqv/EFpzSWGXkKSpfCG/XfMnEOtkNrB8S06vnk2JcJB
+OBqJot+uuSH5hOg0vTpxX2DuONJSiWSWyfRE/lTfJJFXwhod7SXclUyXPeSyibcSic2hVAzDmwjD
+31js/j2k02PI/agPhr3UQ8cMgcNAiaoCKbNaWfn6BGbCAbTchxzUlo2cSJiLlrX2IDZmfXbXmZCo
+m1smWIG+BIIEALiuAxDb6dWLAYyVBoN9hYI4AiPeZAY9MtvQ6AV8o2/EFm6PvYGXy3Hei5830CH0
+PBeX7Kdd6ff1y33TW/l5qSkIL1ULTGR7okFfJePHDmq1dFt6/JOMptiQ8WSu7CsJQvZ9VTFXeYFc
+ZqCPPZc1NrPegNK70Zf9QxWIbDAevJ5KLBf1c6j8pU2/6LnvDY6VjaTvYSgr7vTR8eVzH4Rm77W0
+iOHxg5VcODv6cGSVyuvbX8UAGo8Cmb58ERDtBDJBQXVpWKLNAuDJ9GX8n2zNkpjZLbPSkcmuhqGa
+BJBE/BaCTkUQWlY9dIbRtEnxIU1mfbPPdx1Ppa8DqGDjSOsQdKcKYNNZtayEw++EIpmpdBNsKphC
+fB8UEK2Wkk4ZVW+qyGoi/r0MFsvO1NmSOOZ0o/jy/YHmoeURHhPy97AO3eVTkEAa5CfJEJybmo56
+7CDw/FwoGAUCgsoz7rlxzMudr/IhHIH+APinncxXlHO2ecvHD9i8DaHGA8tVifgsUhqQoZieULut
+eF94O5UAxOkv41UZssYTwN4nYrN1QkesZl3BX4ORS4EE30/PQ23ARf3WZptZrCJevGm2ZYzGeh8x
+g17mCDfiLO+bff4qP/4mC96Pu4ia6j4to5BwKIJS/+DCuoD8WeSKF4pugXQkMUiHdQnNnVP9Sp2O
+/4ly5mO8JzrQC59V2bnTNBqPhpno8kfJvK5TypPSVC+bTzern3rJ6UceB3srcn9zxKx9GdNydJQj
+yWjv8ec3n3d1nuQwhz5Q053NBhIjwoGg3Go7LO6i78ZOlpF7dcoAO13NfHLyNjnyHCaiWtVRTct9
+rLf5vN00urSn8YJngHk1eTKK8nHGIcOg6YdYDOD2nE5XwRijKmieG8Xa3eKRzfbL06GrBQENle6J
+mC131bp3cRVxpjq+o6RAbGoMm4yICsL4eTarCQrsyHmoPHqr91UHo91avyxU7knWmEhX27ybmsrs
+8aeZwPHixL14TeyhruCqRVvkf1Ks7P+z8MPUboGNqQe2WLN8ktCGEr15O8MJR/em86G03Jfo4oaw
+/DVUH5RwLT6acedOGuzMh/2r8BcmemhVQ8/cWvV4YJ0tOW4hzyVHC5hQf8sZ3LzxXLH6Ohnrbprh
+xvrdbaSdChWZDDP0bCCbxEhkwuBkBeKZrMbwRTP+TPTPYLVTH/CmKLzKh/114tkGkyO3hHS4qExU
+V39F2Sj4mylx+hD0+20D9pntpNi7htccGlOm6yNM69at/3+kLgJJyoIlaxLcCUYHNMifDt+T3p/t
+5U4XmD53uUQ6M8dvj/udqPekNSUfse15yrd9pjOt5PcJuqW28q0sFHf9pHIgz3XZFMe5PD7ppw6r
+S+C6Ir4PrYIEggQA7ZDVtiCm+BbtNNB/UJm79/OQ5mp5bTI0kPmDeycaWTa0Ojpum+c/dpG/iJOB
+DICj7jHOXSHT7JlGyX6aSFJUltucAnZvwzhPDmdDaIDiKSk85GqgdDWVfGosSCX9Ph/T3WpIxnwf
+WSDRtIHkWTjly+pe4yy5K6/XISy/L5Zh/fhiI5fjHjgzmlibs2ru4nVw6hBhUvlSSe2BEs5d9h/y
+NH8Wy3qvb2D3jh7hkepFtZJGNTHp8ZUC7Ns2JIpQYObsaxdI65i3mMOu7fRwI+0/4ejsWhP6KCEi
+LgwvLg0qM82ma6YB7qHAHboaczRVEffDcJUG4a5uycB0DoZFn+uEaEFyili20hCn4hVfsqUQk2PT
+8Mo1tSl5e30xI1YJZrRgiJm9nHRX6fLizngP+ILJLPHZsPvlSVIfY+/v/FR8feKOjaGhyGF51BAx
+aM2NIQ4jMP5/X+U5gQybi0E6u7rroDhaHsKmCMgXqszwXWCpedA/sEbeHpiTC59YlPPSlIOMc9vP
+Ko/mQCfWy/9icUaIfKQldvkllUxxNkqu6AbIpHVscbAEzSPs5xbQXU8EZNNCDisFnnpY3nQ3eLnl
+m89saTJxRb7NWHRMlmPv7qgD7uMIq3vdOGA7i5wT9MeoNIgK1/DsgH30s6RWjJy4YyyLmRTXPzbj
+hbQVpEmiMRbEidIvUx2OjKVxVQIcgtLsa2lvHQ4XL1cpLr5GVtOgy0fMg5OCDUUDsvjgjgLQ3P2U
+p2nVY5FM6/QpPc5DTLuuR9ekI2/c9Biz09RtcYDUQK2ajdo8h1IyKqHFoB7h48OXxXKKY94DY0TG
+x6PonB/epj8orAw4QKmm5M0vXYwBOqRymCTHTqOJGObdLx1euFFyqguzHJOU2gAGZI0z9Lg1yRuF
+yhdPZyuniIcmtLNxRZ1duYHErcAyX56qndmLXt7UVkATai/rIMuoJLfAsUnVuTUS5p7tJM754UZT
+7lTcXvDJgOUNnBRaIcxC3pxvbrYDJ2iFJ72xkxUP2p74gucqg25XnCVmQuLg6zDDxF6CLuw9isxy
+Xg4pkneMN//7fpp8GYl9nyZm2yqYYM+jcw0fcVc64L+X4w/gL3H2UMGgxIHSJp7HIG7VKHtXrNyj
+dPXXPVUsMsAAimqOr0Lr2sZWirfuivLaPTqhbkvG5PF7K3gT80AOIcd/6EIHBy2hZ7ukfjHmdP4L
+yQOhTQklaKzGHI0mypq0uFLWJOUlZnVrMiLP1xrWkpC8Ro9eo6mfjjQ45z8adC43a47klwTEzvod
+3rNEFIGJJUEjAN3mbqie7IxoSJknBBJK0D9lZEQ8lZWlq7vuN8JdqPM6xh155jMVsPwjLK6Tzkj5
+BpRD9Tgm3u6HPQSCBADgkWEN75Mu9TGosXY0xm1k6K6sPv8L949CrLWo4r1I2LA072bTGvQP28Vs
+hUA76jgcT1ocC++9PoktIK10YCq5w+FfMAQ04KeCXuAdmiY2iAT4Slea61PMCMta3mVGyLUZCLEm
+P+I0UKR5mlO0fGEcjU9j8TmbjZqxNFqloLsU7oSi7Os0EtYHkdAVrExUyOc/ZDie6fBjdLTmLdCm
+bE9JNwjlbXypdTZupGgLNhKGDIskUAAMwZYayI6YfSIMkNCeAYTnjOuGZZ1msCXGXsfMBR1sfUIj
+9UeGjwD8gq+UVVHX/oeoH/m0eJ5ppqi3+nUlgc9DvpYsC/Fg0G2KuYb9B+VJ+a4GMzQSPREoFtQp
+B9dtLkBb7Ha/hpGWTIdqzW0eAo5llyN8FNvl2Fu2IcLaNmWFO69gLjRKQopp0dvFOuwAVI6fvGDj
+p1WigoNbFZl8N+iiWmzKOjoG2ZLbez1clZCms/JPJrXhEMMOxWpVzkQyN336VWHmGgMcjaKCGSeA
+2nnESIGuiCXMrkHlGfabYIsKcHFCo2t13uXyZPf0zSPTkuD0Eh92wqC9pvA3gvrrCUfo9Mn3bs+e
+KWKmDlpcs8mDn032oIg+zrQhIduMqXVn3evzeVM3B5MBOGMvg51/SXg7R+MC/463juQQEb9IVe/I
+YGnO//oWm9lw/377Af/qH+FnN02obJw1FvesQIs9e5RHNQykKbO+vmVJQl1nd9DZWrHDNO7/80Yz
+2hCm7Tws5nSRN2iFlyRaYJHr7ypxkU2rCak2r6ua7XDwu1qU2RT3+qPjT1RuxQ2oTlHyGkKPMZGC
+Rc+CSWz5aeeCmHZVwdb3nC8YpfsujMiYqygLeuQ82pjKuR7DIKGmnfcOLdv5F+Ek2Wyy0D98iSgk
+aoQGYLhL9llU13pn21uRsDY5uGcXiIw1IETFlTdgENEv8futZuJsegrp7fmFXyNoNyFNyypeDrM
+6ZqR4vKxFjg3tKKeVpkw/W4EAklzMxmNiazGNDBHsnYV3rwPlKa+HeeE2YxnsKwGLCNgRYUXTaJk
+461vS160z3dvh/mLfdZ7MYCkmO3bNE3ELUDAw7YQkSuo9ujzdFKte9LC34sjg9fOex3ThAg5Y50n
+wYm4zBmGM7yEqL8O6QgnM6tIDFS9XryDaLNzcGhMWqMvhzO6sC/AA2WfLgwS517Cp03IkJQWqG9q
+w52+E+GAtpioJfczEhlv9BrhjttdugRSjJrG8SYVYE4zG3Aur5eNBoGaALIOHOtPw8+JovQmIWcF
+oaJ/WQuglFrWtew51IK6F8RiHAOBVavZOuZcO7tV+5enVfreOd0rX8ZOy4hYmHhmF1hOrrWOn+Ee
+E0SYKonXN01BM9xMBIIBSLCvNAppnGPTUGjwbMJRg1VJ2KMiBWH5oJp8tyfIAxMuWFdtaLYbRSOD
+XbOAshPVK8JAY8DQDkzqaCTAkLTfSRAt9yY6SbUpMsRv7xa8nMZNJBJzJT9b/wNjgiOJgaGuJMkV
+2g/DX2jfP3PrMM/Sbnz7edORXHj1Pa5XTT8nG5MS0FuZgvevdq3o/gVVAz+ZCKOH3ShMzZvfp01l
+SX5gaJTflmU6cdNwtn2yZ6IScF7OrjUeA9iEoSVR9dQcA+4lB3RAG3LMwcnxXY35D7+PMJzHIZdF
+cSnq+n03ACY2/E/T31iijRH29rvYHGI+mP/ieYs45iq4fTWo6i1HofeWLdP0fX7xW3XO0/hWYFiw
+BxKu66whAbRhaib3XJNvetVs25ToYXyiDpjG+cd5rCMei8sGQwTBj9Zeh0URoeMW1inTP0JvCmMU
+rZgAAAAAAAAAAAAA
diff --git a/src/lib/libcrypto/pkcs7/t/msie-enc-02.pem b/src/lib/libcrypto/pkcs7/t/msie-enc-02.pem
new file mode 100644
index 0000000000..279c5d830b
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/t/msie-enc-02.pem
@@ -0,0 +1,106 @@
+-----BEGIN PKCS7-----
+MIAGCSqGSIb3DQEHA6CAMIITQAIBADGCAcIwgcwCAQAwdjBiMREwDwYDVQQHEwhJ
+bnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlT
+aWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEGBAmILep9sJ
+uN2Pkg1gucowDQYJKoZIhvcNAQEBBQAEQAKvi2eRLO+jdoiUd8ksZt+iQ0JXoWN0
+M/W9CEv6R1c42pwUIR/1F4RMK9oeyUiv9Z6lzmPaGNmx6XOCoueszVkwgfACAQAw
+gZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
+EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsT
+GURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBW
+QUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQFqcHEo69ShGfcOIVjnmWXLZM+7Y
+K/50j8YuvNbqq+dQxk9YY8ZpSU/JYsxmtcnEZdlSJEkpMHAO73V+eh1QQr0wghFz
+BgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgICAKAECJsSmRA1jxLjgIIRSIGLVtf+
+pzeB6oXJ9GlfsnIij+DgIOvrYaXC9qywAaUg7zMnln9QMgiih5XpBLgPg5Y/KYp3
+RZeHBwkjTIFwlNYSjE0PbsszsJYUmkDTsCjFUJEdM4+Cbv3g3Kct5w1Q6pVMXJLg
+JG4uFUY8CTScVkb9ETbIy3HisCRKJWA57ERLvCr/Fa6gNJKa5Mw1A5Nsp+QQqp0U
+uQz93raAPbCdqmHu8qQ88rzbB1k/ysXedRQLlzhqFs2hryD7kHe0gX8nPdlkre8Y
+tTQhY76LtbjnV2drXcyCUMONc56KQ2VcuxB0BWjSeyN8a75/rpt6wmiM/PKw0D4g
+RmXqA1ZR62X2WKbhKqvG5tQTF1LauZeddeYS4Rb8cLt2VMB5irkKWrHmJ3qyWELY
+Lah6AzDDdcf3LEfDo6rO9djqlU8RJwS0ExAuBooVBP6bZJG1tNUUbtxBydQ4PJUH
+UhulBMXUMd545fVb8d+lZnKbx3OS2LpILJ66Yeao7jTrEOIgxUq0c6ozzqcQe4Ax
+mytwvL57LpMQm9HpLg3xBHOeDwkkNkNMldA3qrzhoS52yc6vDYrI5XA+kjp7LioG
+wdSBDyQAXLmWxBpZXjmHp7GBTBsFwouA9kYWP450PZEomxNvzf9SpslLlD+UZeHM
+GWdpi5zInESmtHFue2Zyc4Q8Ul761ENTA5N3uqUmWN2Egkv64Nyigv0CGCjoLB6n
+q1256S/ZxISiEl5MTwO/LfhhGExsu+cU12aek3Ks1kNhVXHFoqjJ3YB8Hw08VmHV
+V0Bh8jdHVABDaRcR5/k00h9VB8zMP1qQmfhE/4q/fZBrGbgWucrGbBHIYlKFq8gF
+zZrH4XWvX41le5IEefm9+hFPE6TRJPh1ezDvh2eVhQxFpK7iqpR0z2OxdLJ5fhmB
+CCRHZuRpg7p7MWB6cUhrtBZXDytdkARnlqJsLFudjVUTjU9gi+GUt1sUmEf2Bjba
+z58UC7CfPIBJGMLjQD1oAQi1GVo9K1ZIaKqUtGA2QEHB2m/aXZg8F3ZDMfHp6Tpc
+au9Em4AL42Hrau1ArCk0fnhgA4dbnmZoEVbZJDdMX5xno1tuqEKYdPLJHuZxJhz2
+xdJUNYSFgpDWLJTzvTOEdZWm+CVmLNl60kJkWNh7HdvWeBV1yBquA6+k+r26sIoq
+LaZuSq/8QWnNJYZeQpKl8Ib9d8ycQ62Q2sHxLTq+eTYlwkE4Gomi3665IfmE6DS9
+OnFfYO440lKJZJbJ9ET+VN8kkVfCGh3tJdyVTJc95LKJtxKJzaFUDMObCMPfWOz+
+PaTTY8j9qA+GvdRDxwyBw0CJqgIps1pZ+foEZsIBtNyHHNSWjZxImIuWtfYgNmZ9
+dteZkKibWyZYgb64rgMQ2+nViwGMlQaDfYWCOAIj3mQGPTLb0OgFfKNvxBZuj72B
+l8tx3oufN9Ah9DwXl+ynXen39ct901v5eakpCC9VC0xke6JBXyXjxw5qtXRbevyT
+jKbYkPFkruwrCUL2fVUxV3mBXGagjz2XNTaz3oDSu9GX/UMViGwwHryeSiwX9XOo
+/KVNv+i57w2OlY2k72EoK+700fHlcx+EZu+1tIjh8YOVXDg7+nBklcrr21/FABqP
+Apm+fBEQ7QQyQUF1aViizQLgyfRl/J9szZKY2S2z0pHJroahmgSQRPwWgk5FEFpW
+PXSG0bRJ8SFNZn2zz3cdT6WvA6hg40jrEHSnCmDTWbWshMPvhCKZqXQTbCqYQnwf
+FBCtlpJOGVVvqshqIv69DBbLztTZkjjmdKP48v2B5qHlER4T8vewDt3lU5BAGuQn
+yRCcm5qOeuwg8PxcKBgFAoLKM+65cczLna/yIRyB/gD4p53MV5RztnnLxw/YvA2h
+xgPLVYn4LFIakKGYnlC7rXhfeDuVAMTpL+NVGbLGE8DeJ2KzdUJHrGZdwV+DkUuB
+BN9Pz0NtwEX91mabWawiXrxptmWMxnofMYNe5gg34izvm33+Kj/+Jgvej7uImuo+
+LaOQcCiCUv/gwrqA/FnkiheKboF0JDFIh3UJzZ1T/Uqdjv+JcuZjvCc60AufVdm5
+0zQaj4aZ6PJHybyuU8qT0lQvm083q596yelHHgd7K3J/c8SsfRnTcnSUI8lo7/Hn
+N593dZ7kMIc+UNOdzQYSI8KBoNxqOyzuou/GTpaRe3XKADtdzXxy8jY58hwmolrV
+UU3Lfay3+bzdNLq0p/GCZ4B5NXkyivJxxiHDoOmHWAzg9pxOV8EYoyponhvF2t3i
+kc32y9OhqwUBDZXuiZgtd9W6d3EVcaY6vqOkQGxqDJuMiArC+Hk2qwkK7Mh5qDx6
+q/dVB6PdWr8sVO5J1phIV9u8m5rK7PGnmcDx4sS9eE3soa7gqkVb5H9SrOz/s/DD
+1G6BjakHtlizfJLQhhK9eTvDCUf3pvOhtNyX6OKGsPw1VB+UcC0+mnHnThrszIf9
+q/AXJnpoVUPP3Fr1eGCdLTluIc8lRwuYUH/LGdy88Vyx+joZ626a4cb63W2knQoV
+mQwz9Gwgm8RIZMLgZAXimazG8EUz/kz0z2C1Ux/wpii8yof9deLZBpMjt4R0uKhM
+VFd/Rdko+JspcfoQ9PttA/aZ7aTYu4bXHBpTpusjTOvWrf9/pC4CScqCJWsS3AlG
+BzTInw7fk96f7eVOF5g+d7lEOjPHb4/7naj3pDUlH7Htecq3faYzreT3CbqltvKt
+LBR3/aRyIM912RTHuTw+6acOq0vguiK+D62C7ZDVtiCm+BbtNNB/UJm79/OQ5mp5
+bTI0kPmDeycaWTa0Ojpum+c/dpG/iJOBDICj7jHOXSHT7JlGyX6aSFJUltucAnZv
+wzhPDmdDaIDiKSk85GqgdDWVfGosSCX9Ph/T3WpIxnwfWSDRtIHkWTjly+pe4yy5
+K6/XISy/L5Zh/fhiI5fjHjgzmlibs2ru4nVw6hBhUvlSSe2BEs5d9h/yNH8Wy3qv
+b2D3jh7hkepFtZJGNTHp8ZUC7Ns2JIpQYObsaxdI65i3mMOu7fRwI+0/4ejsWhP6
+KCEiLgwvLg0qM82ma6YB7qHAHboaczRVEffDcJUG4a5uycB0DoZFn+uEaEFyili2
+0hCn4hVfsqUQk2PT8Mo1tSl5e30xI1YJZrRgiJm9nHRX6fLizngP+ILJLPHZsPvl
+SVIfY+/v/FR8feKOjaGhyGF51BAxaM2NIQ4jMP5/X+U5gQybi0E6u7rroDhaHsKm
+CMgXqszwXWCpedA/sEbeHpiTC59YlPPSlIOMc9vPKo/mQCfWy/9icUaIfKQldvkl
+lUxxNkqu6AbIpHVscbAEzSPs5xbQXU8EZNNCDisFnnpY3nQ3eLnlm89saTJxRb7N
+WHRMlmPv7qgD7uMIq3vdOGA7i5wT9MeoNIgK1/DsgH30s6RWjJy4YyyLmRTXPzbj
+hbQVpEmiMRbEidIvUx2OjKVxVQIcgtLsa2lvHQ4XL1cpLr5GVtOgy0fMg5OCDUUD
+svjgjgLQ3P2Up2nVY5FM6/QpPc5DTLuuR9ekI2/c9Biz09RtcYDUQK2ajdo8h1Iy
+KqHFoB7h48OXxXKKY94DY0TGx6PonB/epj8orAw4QKmm5M0vXYwBOqRymCTHTqOJ
+GObdLx1euFFyqguzHJOU2gAGZI0z9Lg1yRuFyhdPZyuniIcmtLNxRZ1duYHErcAy
+X56qndmLXt7UVkATai/rIMuoJLfAsUnVuTUS5p7tJM754UZT7lTcXvDJgOUNnBRa
+IcxC3pxvbrYDJ2iFJ72xkxUP2p74gucqg25XnCVmQuLg6zDDxF6CLuw9isxyXg4p
+kneMN//7fpp8GYl9nyZm2yqYYM+jcw0fcVc64L+X4w/gL3H2UMGgxIHSJp7HIG7V
+KHtXrNyjdPXXPVUsMsAAimqOr0Lr2sZWirfuivLaPTqhbkvG5PF7K3gT80AOIcd/
+6EIHBy2hZ7ukfjHmdP4LyQOhTQklaKzGHI0mypq0uFLWJOUlZnVrMiLP1xrWkpC8
+Ro9eo6mfjjQ45z8adC43a47klwTEzvod3rNEFIGJJUEjAN3mbqie7IxoSJknBBJK
+0D9lZEQ8lZWlq7vuN8JdqPM6xh155jMVsPwjLK6Tzkj5BpRD9Tgm3u6HPeCRYQ3v
+ky71MaixdjTGbWTorqw+/wv3j0KstajivUjYsDTvZtMa9A/bxWyFQDvqOBxPWhwL
+770+iS0grXRgKrnD4V8wBDTgp4Je4B2aJjaIBPhKV5rrU8wIy1reZUbItRkIsSY/
+4jRQpHmaU7R8YRyNT2PxOZuNmrE0WqWguxTuhKLs6zQS1geR0BWsTFTI5z9kOJ7p
+8GN0tOYt0KZsT0k3COVtfKl1Nm6kaAs2EoYMiyRQAAzBlhrIjph9IgyQ0J4BhOeM
+64ZlnWawJcZex8wFHWx9QiP1R4aPAPyCr5RVUdf+h6gf+bR4nmmmqLf6dSWBz0O+
+liwL8WDQbYq5hv0H5Un5rgYzNBI9ESgW1CkH120uQFvsdr+GkZZMh2rNbR4CjmWX
+I3wU2+XYW7Yhwto2ZYU7r2AuNEpCimnR28U67ABUjp+8YOOnVaKCg1sVmXw36KJa
+bMo6OgbZktt7PVyVkKaz8k8mteEQww7FalXORDI3ffpVYeYaAxyNooIZJ4DaecRI
+ga6IJcyuQeUZ9ptgiwpwcUKja3Xe5fJk9/TNI9OS4PQSH3bCoL2m8DeC+usJR+j0
+yfduz54pYqYOWlyzyYOfTfagiD7OtCEh24ypdWfd6/N5UzcHkwE4Yy+DnX9JeDtH
+4wL/jreO5BARv0hV78hgac7/+hab2XD/fvsB/+of4Wc3TahsnDUW96xAiz17lEc1
+DKQps76+ZUlCXWd30NlascM07v/zRjPaEKbtPCzmdJE3aIWXJFpgkevvKnGRTasJ
+qTavq5rtcPC7WpTZFPf6o+NPVG7FDahOUfIaQo8xkYJFz4JJbPlp54KYdlXB1vec
+Lxil+y6MyJirKAt65DzamMq5HsMgoaad9w4t2/kX4STZbLLQP3yJKCT5qhAZguEv
+2WVTXemfbW5GwNjm4ZxeIjDUgRMWVN2AQ0S/x+61m4mx6Cunt+YVfI2g3IU3LKl4
+OszpmpHi8rEWODe0op5WmTD9bgQCSXMzGY2JrMY0MEeydhXevA+Upr4d54TZjGew
+rAYsI2BFhRdNomTjrW9LXrTPd2+H+Yt91nsxgKSY7ds0TcQtQMDDthCRK6j26PN0
+Uq170sLfiyOD1857HdOECDljnSfBibjMGYYzvISovw7pCCczq0gMVL1evINos3Nw
+aExaoy+HM7qwL8ADZZ8uDBLnXsKnTciQlBaob2rDnb4T4YC2mKgl9zMSGW/0GuGO
+2126BFKMmsbxJhVgTjMbcC6vl40GgZoAsg4c60/Dz4mi9CYhZwWhon9ZC6CUWta1
+7DnUgroXxGIcA4FVq9k65lw7u1X7l6dV+t453Stfxk7LiFiYeGYXWE6utY6f4R4T
+RJgqidc3TUEz3EywrzQKaZxj01Bo8GzCUYNVSdijIgVh+aCafLcnyAMTLlhXbWi2
+G0Ujg12zgLIT1SvCQGPA0A5M6mgkwJC030kQLfcmOkm1KTLEb+8WvJzGTSQScyU/
+W/8DY4IjiYGhriTJFdoPw19o3z9z6zDP0m58+3nTkVx49T2uV00/JxuTEtBbmYL3
+r3at6P4FVQM/mQijh90oTM2b36dNZUl+YGiU35ZlOnHTcLZ9smeiEnBezq41HgPY
+hKElUfXUHAPuJQd0QBtyzMHJ8V2N+Q+/jzCcxyGXRXEp6vp9NwAmNvxP099Yoo0R
+9va72BxiPpj/4nmLOOYquH01qOotR6H3li3T9H1+8Vt1ztP4VmBYsAcSruusIQG0
+YWom91yTb3rVbNuU6GF8og6YxvnHeawjHovLBkMEwY/WXodFEaHjFtYp0z9Cbwpj
+FK2YAAAAAA==
+-----END PKCS7-----
diff --git a/src/lib/libcrypto/pkcs7/t/msie-s-a-e b/src/lib/libcrypto/pkcs7/t/msie-s-a-e
new file mode 100644
index 0000000000..0067794d70
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/t/msie-s-a-e
@@ -0,0 +1,91 @@
+MIAGCSqGSIb3DQEHA6CAMIACAQAxggHCMIHMAgEAMHYwYjERMA8GA1UEBxMISW50ZXJuZXQxFzAV
+BgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5k
+aXZpZHVhbCBTdWJzY3JpYmVyAhBgQJiC3qfbCbjdj5INYLnKMA0GCSqGSIb3DQEBAQUABECjscaS
+G0U299fqiEAgTqTFQBp8Ai6zzjl557cVb3k6z4QZ7CbqBjSXAjLbh5e7S5Hd/FrFcDnxl1Ka06ha
+VHGPMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UE
+BxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
+UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqG
+SIb3DQEBAQUABECsyHXZ1xaiv0UQRvOmVYsaF38AL2XX75wxbCsz5/wOg7g3RP4aicZxaR4sBog0
+f2G1o9om/hu+A0rIYF/L4/GUMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIAoAQIsozQrnwj
+cc2ggASCBAAQz/LPoJe/+iYWeTwSebz6Q9UeKZzQ2UWm7GLtEM3s3c9SCvpmkwIRdEhLjWaBJMyI
+DiL7t1I1vMf9inB8LXgAcIEYkpNScjS8ERA9Ebb7ieNKSBg7w7B8ATHFxLSlDADqRgoZrB1Ctfgf
+ximp3EgxTgnhtyQhZxXW7kBQyFRwumplrJXOp7albP7IothrOKncw30IJT1fwPxWNMItI9juXF0U
+CbWVSjPzGBo4+XNXMvUO6MplOQEz/ywEQ9E8OZAQex1Zw9qq5ppsXB2pMsYV5sLJGikukMYKquiz
+3YK+tN6J8ahLcDUs+VGwqvZi17gpBTlbEP+ZmXJpnO63t1yTEB0V5AZcRKWUOhzlCBM5YUagqNoY
+cpsmSvOK6bYzkUKOrzWpDCAtGZ/Dvul5dTZZmxs2WpM+iyeHXMxO3huy8K1brPTqt1f1sHhuq1jD
+1eXedaCjIgUW9qV18vNAQCof/Yb6T/1fxztf/jD7pPLQJ+7LJkKCAEHGcaizpoKqhYcttaEhLq1G
+O+Ohqf7yFegMdTJ3wwP324w5ZYSU5fLo2Z34/Edf6EGvXyTIqVfAmEBALd6JGVdN5GlYYTxrL+eO
+P80Z4ao4YKoxwEmRp5bmQsQ8B29QhOFKmC6eiG5B96qLMtp7Zmu1grDNxTd6OXShWVwYARD0/B1P
+Sy0PAfk9Gb4fAkO9fZJDQYZ7s0mM5iOPEeSR7820TolOb+KfRabLA9d714jsc2jEykKlpP66Bh4j
+aCsyqJ0uUQcE8SnzrKAqGwgWiCGQpiTa+HBiP6eRlRGOKQj5Y06vcNx6Ija4cGe6+yCN8HV8tCY0
+okZK98NQCl5t79R/ZB2c3NvBJH+/g3ulU48ikT3tVmDxE3mOZofZyGFEM99P+YCMScLDxTl3hzGy
+0YkI8U855P7qOAbcFfh2T5n+LSELwLhbkymEfZT917GWTfmypBWMvJx0WHeDhKwQYPdzbKgWETnc
+yeKasaCW+oLdhBwrd6Ws2r4MA8cwiYXDLbwYmCxJA8VF++8kubF2HJOjSyMBS+QT2PSV/0D9UWoi
+Vfk7R4OvWBJVvq7nV+lXS0O5igjExxlmx1OaBfg7+Cr/MbK4zVNrKSJn82NnKKt6LC6RaTmvFYay
+0sDFxQ7Xo+Th6tDNKmKWJt6Kegfjc+qTWJTKb3kL+UI8vS0zTLy1+M/rZ4ekos/JiS5rYIcAswvg
+58kBgp/0rc6upBeWjBaK5O0aLAeBQfLulo1axWX04OSVKmYeoAltyR6UO9ME3acurQyg7Ta24yqO
+whi/PrIaEiO7dsWvFtzsshVzBLic02NlAkPkMUzliPYnZHWQglDAVxL5K2qhvK1OFCkQpIgBsBDM
+6KYRL/mkBIIEALIl927rIkaN37/BQIcxLcSa05YfC0Hl3mxWESt1A0D4lA37A9S8EbYmDfAYlMc0
+3HhZGdZEtawfpJFyDHzNZceNWBch6nxeNZCY4YFdsbzuGS0RKpwNA9S/czOJ4p9ymBCxuhGepI3U
+PKbC8C749Www1/wMdAot1n+K7M/PBGR8hWmaH5SS7U3yMwAB1fq2NDjx4ur+Um+MclSdN01MDXzG
+EO+eAo1pdAY8479234l8dB2YVAhZ1ZlJ4KmbqMKJrGJXnQUEYS6/cTDRjsUocsoW7uGg1ci2GiHa
+qjlkfpBfie3SdhFW/K8hwAH0HALs56oFN66wUkP/AaJAPfIUNhR6RpHKzZ9zCC42oB2mNawQRMnF
+ETBl1s/SwMxLKRp7jAfKs4NZxSY6I9z/2dTpzS3tsHMjxVDuxkolvRNWBILEMeL1CBvip2HhmoUw
+/Sz5NDgyzk1aQLV6DQNJ2RZLMZDRCtSwZSBu6lhhSgTJGazP0+NbqXXC5aQTrqrFIcWyDXz+ADle
+kszzYM/gSaQTCALTwfDDaU9Ek3xVgW+XBtExtJ3U+0AN3l0j86rUIdIvp6eWdxWQqv9LtpoorKMD
+KfUc5PYV09Z1JgsT4X51Zzq+74l5dz7udIM7UNbdTpmRm9PDj3TUbGCvNR9hqOEGTLbkvb1ZR24a
+h6uGRl2znB25IpDAGRhNRb9is/pO2tvHwHTDMOjrgvZG/pNvXgSUxz0pRjUjXIcqBe2X2gcQfeal
+r8gY76o83WEGL6ODryV9vTQVHt52+izgpYoBZaVlpgqbZl54c+OE0Zxf9RwXwDbcYu5Ku5E0MPL0
+qUjc0y2+Y6E4P5bAWaZGMGT+ORkyVUzcaWmM/+XlO7PER5wrWlCIMZCX1L/nvioY0q0CKqALn7DJ
+QU+qenbwrb6uwS7uNZY6V86s0aDYpU7yRyqxC5SbuyNJb02gdxUCgpIscFaMUjMVRml4M4BIjX/b
+U+HgHoVMUm8SnN9gRcT2izPrgOGVcMTJjfenzoCKoCPo9RjgGMctgB4DvKamErNU7OrilIfuoqzE
+PNSeP9SPw/zkDmNvMebM499We9CVnsHUWqF00/ZJWoua77+0f1bLS/tmci1JBvIcMo/4SJvgH+KF
+o0gijP9gqAPd5iCOnpnJlHUqRIym42SmyKEDuzdSwXKjAR6j7uXda39JyMJr8gGzEsu0jYRkAmj1
+YdiqwKXUcLMkcj1AKeU/PxTUVw0YKsv/rowrPYww3xQUWqNivrXB7GCHE3BzsYNdHsmziaGIXQbA
+EBHdkuKrM8BcC+fxhF/l/KUxngsD1E75IcUv8zFDF+sk4CBYHqks9S4JYlcubuizqsILbdGzIMN
+Z7w34k0XT+sEggQAyzr8MHeIJGsT+AYnZr08PeTbyr01JEoT7lPYT6PzX4F63QKKDl+mB+PwLMzY
+CXrxZcUmuay6/MV8w/f5T6vQXdoSw5puWodBYwVReYh1IaEN+jiTapm9YBVmcIsJPO6abHowknSV
+OWSvST0AtAX57fFOTckm+facfBK9s9T1lUUgF44Bh5e8f9qKqfOV44nqdCOEyUm0Dao497ieN4Eg
+XBLNvOZY9+irMiXjp0lcyFvhrJOczfyCr9EiiaiH1TfSzKGKsf2W84iKn/JH6x2eOo7xjwJ40BQD
+c6S1cUNEuqBhP6by0FioOXYOKVyifpxk84Eb+F/4CNdTJTvCPwsiegdfsX/Q53DvKVtXp9Ycam5J
+TmKRHXK/bMHF4ONv3p/O/kn/BqRx+fbbP2eMX8Z1F/ltHKfp6B+06HljUwQLBJs9XtCfqH5Zgdz9
+gad5WZF5ykFArmHDgeFlgggvbZ7z9vqnjN/TH68TxJzauYQ5vLHQ6wGXik4/4uq7/TqNmhxlQEM4
+zVkwsn203bUmKLyz+yl1zItDpn5zy1uXfGo99rBdUzdbdE9LmEFPMaFsaHd4a8oDaUroD7FgCbeD
+JJVld3ac6F8+3QbExPs48OrgA1kI3/UwXr52ldjiYzTLfAGR9BjqNFTw45FUHuMf8TEM5hcHx56w
+95eKAqraDk28o9k+M2UKpcmrdlWoWzdqVVFeWGpM8x9Y9Nt0lf/4VUQgrXjqTkUCQkJyqTeTeGgH
+rn3QBk2XAgpxZhaJs3InW0BkAlBmK99cMinUiJeFt5a4p5wPeXrVuh6V9m7Mpl9hzpogg++EZqah
+fzzNnDgxOZfW342DX052PdgXo0NnkhCk005LvFt6M2mRn0fLgNVfyUZZoOp8cO5ZWbhXXlrhrgUt
+j2zKPK6Q94Zj4kdXHBGpAkrB8ZQ4EGGODE0Dqusm8WPXzB+9236IMHPU7lFbyjBrFNI7O4jg+qRI
+Ipi+7tX0FsilqEbmjG+OPwhZXrdqUqyF+rjKQuSRq7lOeDB4c6S2dq4OOny01i5HCbbyc9UvSHRm
+hOhGqUlzHyHLo3W7j+26V/MhkDXJ+Tx+qfylv4pbliwTteJJj+CZwzjv29qb6lxYi+38Bw10ERap
+m8UCRFBecVN7xXlcIfyeAl666Vi7EBJZv3EdFNrx1nlLwM65nYya7uj6L7IwJWotIUx8E0XH0/cU
+xS/dG8bxf9L/8652h5gq3LI+wTNGuEX0DMuz7BGQG+NtgabrZ6SsKGthGa7eULTpz0McWTLRU0y/
+/tkckpm5pDnXSFbIMskwwjECz82UZBSPpigdN/Pjg5d+0yWu7s3VJxw4ENWPPpzZ+j7sOXmdvn9P
+O1tQd60EO+3awASCBAAZQvWV3/yJ6FxPttbP+qeURpJoPEZfpN2UYZmd8HqtR0YbaOZ6Rln9nvpd
+K9fylXdw9z2xeCbjDWUttJB4VqZxGJM8eCTC1VDVyAOsQ5n7SY55dMkQbU+o4Z/4J5m8+wz50BBI
+LfruL1eZ6/CF6CdvxVRiJ10sXc0Tn2sVMXqkw7Adp1GYoCI9c6VFSFK74+n+y7LVFQ5HBnbQyKJc
+dvdLOXwZOPaFHC5UNXRmOpcwdPqyXUe+xIsOMYbzdlAnI9eGDNeRDktUa/Rh0CbZCxjmJzoZEYOE
+ZjsYZlEfp1Kb61t8z4m28hGLEg88T1Ihmxa2HeUWes1RpmgIOP+/2Lb3smj/l/fpSu4gabFgyCAV
+H5HdCYMScUv8SVu55+tpeO8ELoHHQUXV4rr084O4budzhgNSOPyLGDl5sfDUXiyusPCxS4JVO/KY
+6V2Qrtg/q2wtmXpEkZnGT+Qi3WDzwt4W81alztnYMP17oGLmxX71KV9OEiMZjI4WaaGt+OOINLtR
+qefioZ1NI2L1s5M0tybwTsyU9WERM+3pUwXIfJVsbMZRlNaO2OogcHbaR4UWvhOj+3CTG1sThiYQ
+MxMnp1Rpqx3nhyzqLO3TRrkYvxnA3cdPBn9EeqpgBMg7X3hCiMV3Fl5cj/WOMhtHYgY7BgeCXo46
+EFVZ4+WroGZ46xGiRDiIblo8bzLd7QCxvukzxy3mUDgsZQ8pds4N28weSUhBk5MAPbfBpRvXUVJx
+MhKqXucQU1Md1qSGLbuuIQuz9pAGp1JFUx/vEkCgm74daSoVWCZuB+1ZE4f48clvrBj51xMNf8CP
+EFE7vySzVb6X2H1i5X3Z+Y3DdIcWw4Y2FClfcJk4Mwq8Cq2GALGFEge9YSEE9YmyuU6OFeU0ICon
+iXAgZ72SM8fBwJPruLFbdsNYKW+oAfmPisXSWMcZmdSbfk0GYv+vKtu3eegSbWw1UsCVtZOh9E5Z
+uQ83l59CBqO9sV/SFU3WrrJ0qNWxrmXu9nJn5Qf5iCRoFGYNHYHkIG5FS6N00GEDZxGkxmro2d++
+Adj5LVHc/b1cYWmrux+jEqI8ZK8cyTB0XMbBA/HYbx9NXazr7znP4/Mlv3pZToEcYt+lgLHAArtU
+AdhybhbLIwNMq0gr6EwtDklBa3ns4Wx/rJU8H7LGs6gV8uqeaSketv+nz+sQhfctxZ1rx+5qzXfy
+FOQVpO23KDQunBi1Bl9k61Di4q9JWcyADBXPHXJzp7mL8Fk7zdvMAEfuED1phdRm6GgDYoYUs4yQ
+IrhSjFlWyk7hT8475xk3BIv++obvWSAv/3+pF6A6U2RXDChVmnG0JnPa9wYYtdzBmLfZKBjX+DjD
+yEMsuhPsCzuN4R6tBIIBWCVRKmKwdkatmpsQBgDw48u0/Arffl5/DRlS9ee+QffFecUitDdCK+kt
+X5L2fGYrL5g6SltncMIeV1ptx4nuSjC/O944q1KYtqvQiPFWJqEXIRMNbbYOC47sjLza0tEFrimN
+wxcrWGSzsy5R9beFQ1aHPcMrDWfCoviNRk2qPtxuKIC5Qk2ZuOmJLjCiLwUGEb0/1Mpzv3MqQa7d
+mRayXg3DZWJPajxNZv6eS357ElMvwGQmqafb2mlQJwWLsg9m9PG7uqEoyrqSc6MiuY+icLEFib9j
+OfRQrx70rTSKUfTr4MtP0aZZAefjCrpVIyTekhFDOk0Nmx057eonlyGgmGpl5/Uo+t1J1Z11Ya/l
+bNbfmebRISJeTVW0I8FhseAZMI1GSwp/ludJxSLYOgyRkh+GX134MexNo7O9F1SxLCfWaSG9Fc3s
+5ify04ua9/t8SGrYZPm/l3MkAAAAAAAAAAAAAA==
diff --git a/src/lib/libcrypto/pkcs7/t/msie-s-a-e.pem b/src/lib/libcrypto/pkcs7/t/msie-s-a-e.pem
new file mode 100644
index 0000000000..55dbd8f80b
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/t/msie-s-a-e.pem
@@ -0,0 +1,106 @@
+-----BEGIN PKCS7-----
+MIAGCSqGSIb3DQEHA6CAMIITUAIBADGCAcIwgcwCAQAwdjBiMREwDwYDVQQHEwhJ
+bnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlT
+aWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEGBAmILep9sJ
+uN2Pkg1gucowDQYJKoZIhvcNAQEBBQAEQKOxxpIbRTb31+qIQCBOpMVAGnwCLrPO
+OXnntxVveTrPhBnsJuoGNJcCMtuHl7tLkd38WsVwOfGXUprTqFpUcY8wgfACAQAw
+gZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
+EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsT
+GURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBW
+QUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQKzIddnXFqK/RRBG86ZVixoXfwAv
+ZdfvnDFsKzPn/A6DuDdE/hqJxnFpHiwGiDR/YbWj2ib+G74DSshgX8vj8ZQwghGD
+BgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgICAKAECLKM0K58I3HNgIIRWBDP8s+g
+l7/6JhZ5PBJ5vPpD1R4pnNDZRabsYu0Qzezdz1IK+maTAhF0SEuNZoEkzIgOIvu3
+UjW8x/2KcHwteABwgRiSk1JyNLwRED0RtvuJ40pIGDvDsHwBMcXEtKUMAOpGChms
+HUK1+B/GKancSDFOCeG3JCFnFdbuQFDIVHC6amWslc6ntqVs/sii2Gs4qdzDfQgl
+PV/A/FY0wi0j2O5cXRQJtZVKM/MYGjj5c1cy9Q7oymU5ATP/LARD0Tw5kBB7HVnD
+2qrmmmxcHakyxhXmwskaKS6Qxgqq6LPdgr603onxqEtwNSz5UbCq9mLXuCkFOVsQ
+/5mZcmmc7re3XJMQHRXkBlxEpZQ6HOUIEzlhRqCo2hhymyZK84rptjORQo6vNakM
+IC0Zn8O+6Xl1NlmbGzZakz6LJ4dczE7eG7LwrVus9Oq3V/WweG6rWMPV5d51oKMi
+BRb2pXXy80BAKh/9hvpP/V/HO1/+MPuk8tAn7ssmQoIAQcZxqLOmgqqFhy21oSEu
+rUY746Gp/vIV6Ax1MnfDA/fbjDllhJTl8ujZnfj8R1/oQa9fJMipV8CYQEAt3okZ
+V03kaVhhPGsv544/zRnhqjhgqjHASZGnluZCxDwHb1CE4UqYLp6IbkH3qosy2ntm
+a7WCsM3FN3o5dKFZXBgBEPT8HU9LLQ8B+T0Zvh8CQ719kkNBhnuzSYzmI48R5JHv
+zbROiU5v4p9FpssD13vXiOxzaMTKQqWk/roGHiNoKzKonS5RBwTxKfOsoCobCBaI
+IZCmJNr4cGI/p5GVEY4pCPljTq9w3HoiNrhwZ7r7II3wdXy0JjSiRkr3w1AKXm3v
+1H9kHZzc28Ekf7+De6VTjyKRPe1WYPETeY5mh9nIYUQz30/5gIxJwsPFOXeHMbLR
+iQjxTznk/uo4BtwV+HZPmf4tIQvAuFuTKYR9lP3XsZZN+bKkFYy8nHRYd4OErBBg
+93NsqBYROdzJ4pqxoJb6gt2EHCt3pazavgwDxzCJhcMtvBiYLEkDxUX77yS5sXYc
+k6NLIwFL5BPY9JX/QP1RaiJV+TtHg69YElW+rudX6VdLQ7mKCMTHGWbHU5oF+Dv4
+Kv8xsrjNU2spImfzY2coq3osLpFpOa8VhrLSwMXFDtej5OHq0M0qYpYm3op6B+Nz
+6pNYlMpveQv5Qjy9LTNMvLX4z+tnh6Siz8mJLmtghwCzC+DnyQGCn/Stzq6kF5aM
+Fork7RosB4FB8u6WjVrFZfTg5JUqZh6gCW3JHpQ70wTdpy6tDKDtNrbjKo7CGL8+
+shoSI7t2xa8W3OyyFXMEuJzTY2UCQ+QxTOWI9idkdZCCUMBXEvkraqG8rU4UKRCk
+iAGwEMzophEv+aSyJfdu6yJGjd+/wUCHMS3EmtOWHwtB5d5sVhErdQNA+JQN+wPU
+vBG2Jg3wGJTHNNx4WRnWRLWsH6SRcgx8zWXHjVgXIep8XjWQmOGBXbG87hktESqc
+DQPUv3MzieKfcpgQsboRnqSN1DymwvAu+PVsMNf8DHQKLdZ/iuzPzwRkfIVpmh+U
+ku1N8jMAAdX6tjQ48eLq/lJvjHJUnTdNTA18xhDvngKNaXQGPOO/dt+JfHQdmFQI
+WdWZSeCpm6jCiaxiV50FBGEuv3Ew0Y7FKHLKFu7hoNXIthoh2qo5ZH6QX4nt0nYR
+VvyvIcAB9BwC7OeqBTeusFJD/wGiQD3yFDYUekaRys2fcwguNqAdpjWsEETJxREw
+ZdbP0sDMSykae4wHyrODWcUmOiPc/9nU6c0t7bBzI8VQ7sZKJb0TVgSCxDHi9Qgb
+4qdh4ZqFMP0s+TQ4Ms5NWkC1eg0DSdkWSzGQ0QrUsGUgbupYYUoEyRmsz9PjW6l1
+wuWkE66qxSHFsg18/gA5XpLM82DP4EmkEwgC08Hww2lPRJN8VYFvlwbRMbSd1PtA
+Dd5dI/Oq1CHSL6enlncVkKr/S7aaKKyjAyn1HOT2FdPWdSYLE+F+dWc6vu+JeXc+
+7nSDO1DW3U6ZkZvTw4901GxgrzUfYajhBky25L29WUduGoerhkZds5wduSKQwBkY
+TUW/YrP6Ttrbx8B0wzDo64L2Rv6Tb14ElMc9KUY1I1yHKgXtl9oHEH3mpa/IGO+q
+PN1hBi+jg68lfb00FR7edvos4KWKAWWlZaYKm2ZeeHPjhNGcX/UcF8A23GLuSruR
+NDDy9KlI3NMtvmOhOD+WwFmmRjBk/jkZMlVM3GlpjP/l5TuzxEecK1pQiDGQl9S/
+574qGNKtAiqgC5+wyUFPqnp28K2+rsEu7jWWOlfOrNGg2KVO8kcqsQuUm7sjSW9N
+oHcVAoKSLHBWjFIzFUZpeDOASI1/21Ph4B6FTFJvEpzfYEXE9osz64DhlXDEyY33
+p86AiqAj6PUY4BjHLYAeA7ymphKzVOzq4pSH7qKsxDzUnj/Uj8P85A5jbzHmzOPf
+VnvQlZ7B1FqhdNP2SVqLmu+/tH9Wy0v7ZnItSQbyHDKP+Eib4B/ihaNIIoz/YKgD
+3eYgjp6ZyZR1KkSMpuNkpsihA7s3UsFyowEeo+7l3Wt/ScjCa/IBsxLLtI2EZAJo
+9WHYqsCl1HCzJHI9QCnlPz8U1FcNGCrL/66MKz2MMN8UFFqjYr61wexghxNwc7GD
+XR7Js4mhiF0GwPhAR3ZLiqzPAXAvn8YRf5fylMZ4LA9RO+SHFL/MxQxfrJOAgWB6
+pLPUuCWJXLm7os6rCC23RsyDDWe8N+JNF0/ryzr8MHeIJGsT+AYnZr08PeTbyr01
+JEoT7lPYT6PzX4F63QKKDl+mB+PwLMzYCXrxZcUmuay6/MV8w/f5T6vQXdoSw5pu
+WodBYwVReYh1IaEN+jiTapm9YBVmcIsJPO6abHowknSVOWSvST0AtAX57fFOTckm
+facfBK9s9T1lUUgF44Bh5e8f9qKqfOV44nqdCOEyUm0Dao497ieN4EgXBLNvOZY
+9+irMiXjp0lcyFvhrJOczfyCr9EiiaiH1TfSzKGKsf2W84iKn/JH6x2eOo7xjwJ4
+0BQDc6S1cUNEuqBhP6by0FioOXYOKVyifpxk84Eb+F/4CNdTJTvCPwsiegdfsX/Q
+53DvKVtXp9Ycam5JTmKRHXK/bMHF4ONv3p/O/kn/BqRx+fbbP2eMX8Z1F/ltHKfp
+6B+06HljUwQLBJs9XtCfqH5Zgdz9gad5WZF5ykFArmHDgeFlgggvbZ7z9vqnjN/T
+H68TxJzauYQ5vLHQ6wGXik4/4uq7/TqNmhxlQEM4zVkwsn203bUmKLyz+yl1zItD
+pn5zy1uXfGo99rBdUzdbdE9LmEFPMaFsaHd4a8oDaUroD7FgCbeDJJVld3ac6F8+
+3QbExPs48OrgA1kI3/UwXr52ldjiYzTLfAGR9BjqNFTw45FUHuMf8TEM5hcHx56w
+95eKAqraDk28o9k+M2UKpcmrdlWoWzdqVVFeWGpM8x9Y9Nt0lf/4VUQgrXjqTkUC
+QkJyqTeTeGgHrn3QBk2XAgpxZhaJs3InW0BkAlBmK99cMinUiJeFt5a4p5wPeXrV
+uh6V9m7Mpl9hzpogg++EZqahfzzNnDgxOZfW342DX052PdgXo0NnkhCk005LvFt6
+M2mRn0fLgNVfyUZZoOp8cO5ZWbhXXlrhrgUtj2zKPK6Q94Zj4kdXHBGpAkrB8ZQ4
+EGGODE0Dqusm8WPXzB+9236IMHPU7lFbyjBrFNI7O4jg+qRIIpi+7tX0FsilqEbm
+jG+OPwhZXrdqUqyF+rjKQuSRq7lOeDB4c6S2dq4OOny01i5HCbbyc9UvSHRmhOhG
+qUlzHyHLo3W7j+26V/MhkDXJ+Tx+qfylv4pbliwTteJJj+CZwzjv29qb6lxYi+38
+Bw10ERapm8UCRFBecVN7xXlcIfyeAl666Vi7EBJZv3EdFNrx1nlLwM65nYya7uj6
+L7IwJWotIUx8E0XH0/cUxS/dG8bxf9L/8652h5gq3LI+wTNGuEX0DMuz7BGQG+Nt
+gabrZ6SsKGthGa7eULTpz0McWTLRU0y//tkckpm5pDnXSFbIMskwwjECz82UZBSP
+pigdN/Pjg5d+0yWu7s3VJxw4ENWPPpzZ+j7sOXmdvn9PO1tQd60EO+3awBlC9ZXf
+/InoXE+21s/6p5RGkmg8Rl+k3ZRhmZ3weq1HRhto5npGWf2e+l0r1/KVd3D3PbF4
+JuMNZS20kHhWpnEYkzx4JMLVUNXIA6xDmftJjnl0yRBtT6jhn/gnmbz7DPnQEEgt
+u4vV5nr8IXoJ2/FVGInXSxdzROfaxUxeqTDsB2nUZigIj1zpUVIUrvj6f7LstUV
+DkcGdtDIolx290s5fBk49oUcLlQ1dGY6lzB0+rJdR77Eiw4xhvN2UCcj14YM15EO
+S1Rr9GHQJtkLGOYnOhkRg4RmOxhmUR+nUpvrW3zPibbyEYsSDzxPUiGbFrYd5RZ6
+zVGmaAg4/7/YtveyaP+X9+lK7iBpsWDIIBUfkd0JgxJxS/xJW7nn62l47wQugcdB
+RdXiuvTzg7hu53OGA1I4/IsYOXmx8NReLK6w8LFLglU78pjpXZCu2D+rbC2ZekSR
+mcZP5CLdYPPC3hbzVqXO2dgw/XugYubFfvUpX04SIxmMjhZpoa3444g0u1Gp5+Kh
+nU0jYvWzkzS3JvBOzJT1YREz7elTBch8lWxsxlGU1o7Y6iBwdtpHhRa+E6P7cJMb
+WxOGJhAzEyenVGmrHeeHLOos7dNGuRi/GcDdx08Gf0R6qmAEyDtfeEKIxXcWXlyP
+9Y4yG0diBjsGB4JejjoQVVnj5augZnjrEaJEOIhuWjxvMt3tALG+6TPHLeZQOCxl
+Dyl2zg3bzB5JSEGTkwA9t8GlG9dRUnEyEqpe5xBTUx3WpIYtu64hC7P2kAanUkVT
+H+8SQKCbvh1pKhVYJm4H7VkTh/jxyW+sGPnXEw1/wI8QUTu/JLNVvpfYfWLlfdn5
+jcN0hxbDhjYUKV9wmTgzCrwKrYYAsYUSB71hIQT1ibK5To4V5TQgKieJcCBnvZIz
+x8HAk+u4sVt2w1gpb6gB+Y+KxdJYxxmZ1Jt+TQZi/68q27d56BJtbDVSwJW1k6H0
+Tlm5DzeXn0IGo72xX9IVTdausnSo1bGuZe72cmflB/mIJGgUZg0dgeQgbkVLo3TQ
+YQNnEaTGaujZ374B2PktUdz9vVxhaau7H6MSojxkrxzJMHRcxsED8dhvH01drOvv
+Oc/j8yW/ellOgRxi36WAscACu1QB2HJuFssjA0yrSCvoTC0OSUFreezhbH+slTwf
+ssazqBXy6p5pKR62/6fP6xCF9y3FnWvH7mrNd/IU5BWk7bcoNC6cGLUGX2TrUOLi
+r0lZzIAMFc8dcnOnuYvwWTvN28wAR+4QPWmF1GboaANihhSzjJAiuFKMWVbKTuFP
+zjvnGTcEi/76hu9ZIC//f6kXoDpTZFcMKFWacbQmc9r3Bhi13MGYt9koGNf4OMPI
+Qyy6E+wLO43hHq0lUSpisHZGrZqbEAYA8OPLtPwK335efw0ZUvXnvkH3xXnFIrQ3
+QivpLV+S9nxmKy+YOkpbZ3DCHldabceJ7kowvzveOKtSmLar0IjxViahFyETDW22
+DguO7Iy82tLRBa4pjcMXK1hks7MuUfW3hUNWhz3DKw1nwqL4jUZNqj7cbiiAuUJN
+mbjpiS4woi8FBhG9P9TKc79zKkGu3ZkWsl4Nw2ViT2o8TWb+nkt+exJTL8BkJqmn
+29ppUCcFi7IPZvTxu7qhKMq6knOjIrmPonCxBYm/Yzn0UK8e9K00ilH06+DLT9Gm
+WQHn4wq6VSMk3pIRQzpNDZsdOe3qJ5choJhqZef1KPrdSdWddWGv5WzW35nm0SEi
+Xk1VtCPBYbHgGTCNRksKf5bnScUi2DoMkZIfhl9d+DHsTaOzvRdUsSwn1mkhvRXN
+7OYn8tOLmvf7fEhq2GT5v5dzJAAAAAA=
+-----END PKCS7-----
diff --git a/src/lib/libcrypto/pkcs7/t/nav-smime b/src/lib/libcrypto/pkcs7/t/nav-smime
new file mode 100644
index 0000000000..6ee4b597a1
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/t/nav-smime
@@ -0,0 +1,157 @@
+From angela@c2.net.au Thu May 14 13:32:27 1998
+X-UIDL: 83c94dd550e54329bf9571b72038b8c8
+Return-Path: angela@c2.net.au
+Received: from cryptsoft.com (play.cryptsoft.com [203.56.44.3]) by pandora.cryptsoft.com (8.8.3/8.7.3) with ESMTP id NAA27838 for <tjh@cryptsoft.com>; Thu, 14 May 1998 13:32:26 +1000 (EST)
+Message-ID: <355A6779.4B63E64C@cryptsoft.com>
+Date: Thu, 14 May 1998 13:39:37 +1000
+From: Angela van Lent <angela@c2.net.au>
+X-Mailer: Mozilla 4.03 [en] (Win95; U)
+MIME-Version: 1.0
+To: tjh@cryptsoft.com
+Subject: signed
+Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms9A58844C95949ECC78A1C54C"
+Content-Length: 2604
+Status: OR
+This is a cryptographically signed message in MIME format.
+--------------ms9A58844C95949ECC78A1C54C
+Content-Type: text/plain; charset=us-ascii
+Content-Transfer-Encoding: 7bit
+signed body
+--------------ms9A58844C95949ECC78A1C54C
+Content-Type: application/x-pkcs7-signature; name="smime.p7s"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="smime.p7s"
+Content-Description: S/MIME Cryptographic Signature
+MIIGHgYJKoZIhvcNAQcCoIIGDzCCBgsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
+BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR
+BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv
+ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE
+AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow
+gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu
+ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG
+A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m
+dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh
+hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg
+hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP
+igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds
+syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG
+A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
+ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB
+kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l
+MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB
+TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf
+mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s
+8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx
+ggF7MIIBdwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP
+BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ
+REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB
+AgIEfjAJBgUrDgMCGgUAoHowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAbBgkqhkiG9w0B
+CQ8xDjAMMAoGCCqGSIb3DQMHMBwGCSqGSIb3DQEJBTEPFw05ODA1MTQwMzM5MzdaMCMGCSqG
+SIb3DQEJBDEWBBQstNMnSV26ba8PapQEDhO21yNFrjANBgkqhkiG9w0BAQEFAARAW9Xb9YXv
+BfcNkutgFX9Gr8iXhBVsNtGEVrjrpkQwpKa7jHI8SjAlLhk/4RFwDHf+ISB9Np3Z1WDWnLcA
+9CWR6g==
+--------------ms9A58844C95949ECC78A1C54C--
+From angela@c2.net.au Thu May 14 13:33:16 1998
+X-UIDL: 8f076c44ff7c5967fd5b00c4588a8731
+Return-Path: angela@c2.net.au
+Received: from cryptsoft.com (play.cryptsoft.com [203.56.44.3]) by pandora.cryptsoft.com (8.8.3/8.7.3) with ESMTP id NAA27847 for <tjh@cryptsoft.com>; Thu, 14 May 1998 13:33:15 +1000 (EST)
+Message-ID: <355A67AB.2AF38806@cryptsoft.com>
+Date: Thu, 14 May 1998 13:40:27 +1000
+From: Angela van Lent <angela@c2.net.au>
+X-Mailer: Mozilla 4.03 [en] (Win95; U)
+MIME-Version: 1.0
+To: tjh@cryptsoft.com
+Subject: signed
+Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------msD7863B84BD61E02C407F2F5E"
+Content-Length: 2679
+Status: OR
+This is a cryptographically signed message in MIME format.
+--------------msD7863B84BD61E02C407F2F5E
+Content-Type: text/plain; charset=us-ascii
+Content-Transfer-Encoding: 7bit
+signed body 2
+--------------msD7863B84BD61E02C407F2F5E
+Content-Type: application/x-pkcs7-signature; name="smime.p7s"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="smime.p7s"
+Content-Description: S/MIME Cryptographic Signature
+MIIGVgYJKoZIhvcNAQcCoIIGRzCCBkMCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
+BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR
+BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv
+ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE
+AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow
+gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu
+ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG
+A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m
+dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh
+hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg
+hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP
+igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds
+syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG
+A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
+ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB
+kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l
+MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB
+TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf
+mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s
+8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx
+ggGzMIIBrwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP
+BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ
+REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB
+AgIEfjAJBgUrDgMCGgUAoIGxMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcN
+AQkFMQ8XDTk4MDUxNDAzNDAyN1owIwYJKoZIhvcNAQkEMRYEFOKcV8mNYJnM8rHQajcSEqJN
+rwdDMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMAcGBSsO
+AwIHMA0GCCqGSIb3DQMCAgFAMA0GCCqGSIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABEADPE/N
+coH+zTFuX5YpolupTKxKK8eEjc48TuADuO8bIHHDE/fEYaWunlwDuTlcFJl1ig0idffPB1qC
+Zp8SSVVY
+--------------msD7863B84BD61E02C407F2F5E--
+From angela@c2.net.au Thu May 14 14:05:32 1998
+X-UIDL: a7d629b4b9acacaee8b39371b860a32a
+Return-Path: angela@c2.net.au
+Received: from cryptsoft.com (play.cryptsoft.com [203.56.44.3]) by pandora.cryptsoft.com (8.8.3/8.7.3) with ESMTP id OAA28033 for <tjh@cryptsoft.com>; Thu, 14 May 1998 14:05:32 +1000 (EST)
+Message-ID: <355A6F3B.AC385981@cryptsoft.com>
+Date: Thu, 14 May 1998 14:12:43 +1000
+From: Angela van Lent <angela@c2.net.au>
+X-Mailer: Mozilla 4.03 [en] (Win95; U)
+MIME-Version: 1.0
+To: tjh@cryptsoft.com
+Subject: encrypted
+Content-Type: application/x-pkcs7-mime; name="smime.p7m"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="smime.p7m"
+Content-Description: S/MIME Encrypted Message
+Content-Length: 905
+Status: OR
+MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG
+A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD
+ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR+MA0GCSqGSIb3DQEBAQUABEA92N29Yk39RUY2tIVd
+exGT2MFX3J6H8LB8aDRJjw7843ALgJ5zXpM5+f80QkAWwEN2A6Pl3VxiCeKLi435zXVyMIHw
+AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI
+QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU
+UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0G
+CSqGSIb3DQEBAQUABECR9IfyHtvnjFmZ8B2oUCEs1vxMsG0u1kxKE4RMPFyDqDCEARq7zXMg
+nzSUI7Wgv5USSKDqcLRJeW+jvYURv/nJMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA
+oAQIrLqrij2ZMpeggAQoibtn6reRZWuWk5Iv5IAhgitr8EYE4w4ySQ7EMB6mTlBoFpccUMWX
+BwQgQn1UoWCvYAlhDzURdbui64Dc0rS2wtj+kE/InS6y25EEEPe4NUKaF8/UlE+lo3LtILQE
+CL3uV8k7m0iqAAAAAAAAAAAAAA==
diff --git a/src/lib/libcrypto/pkcs7/t/s.pem b/src/lib/libcrypto/pkcs7/t/s.pem
new file mode 100644
index 0000000000..4fa925b182
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/t/s.pem
@@ -0,0 +1,57 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9
+mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG
+fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/
+zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29
+p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b
+bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk
+IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG
+-----END RSA PRIVATE KEY-----
+issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA
+subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com
+serial :047D
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1149 (0x47d)
+        Signature Algorithm: md5withRSAEncryption
+        Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA
+        Validity
+            Not Before: May 13 05:40:58 1998 GMT
+            Not After : May 12 05:40:58 2000 GMT
+        Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Modulus:
+                    00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81:
+                    73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc:
+                    89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29:
+                    fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f:
+                    e7:e7:0c:4d:0b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Comment: 
+                Generated with SSLeay
+    Signature Algorithm: md5withRSAEncryption
+        52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55:
+        f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97:
+        d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b:
+        50:74:ad:92:cb:4e:90:e5:fa:7d
+-----BEGIN CERTIFICATE-----
+MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV
+MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE
+ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E
+IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw
+NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0
+aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG
+9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf
+lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB
+hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA
+UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8
+4A3ZItobUHStkstOkOX6fQ==
+-----END CERTIFICATE-----
diff --git a/src/lib/libcrypto/pkcs7/t/server.pem b/src/lib/libcrypto/pkcs7/t/server.pem
new file mode 100644
index 0000000000..989baf8709
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/t/server.pem
@@ -0,0 +1,57 @@
+issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA
+subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com
+serial :047D
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1149 (0x47d)
+        Signature Algorithm: md5withRSAEncryption
+        Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA
+        Validity
+            Not Before: May 13 05:40:58 1998 GMT
+            Not After : May 12 05:40:58 2000 GMT
+        Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                Modulus:
+                    00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81:
+                    73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc:
+                    89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29:
+                    fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f:
+                    e7:e7:0c:4d:0b
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            Netscape Comment: 
+                Generated with SSLeay
+    Signature Algorithm: md5withRSAEncryption
+        52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55:
+        f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97:
+        d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b:
+        50:74:ad:92:cb:4e:90:e5:fa:7d
+-----BEGIN CERTIFICATE-----
+MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV
+MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE
+ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E
+IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw
+NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m
+dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0
+aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG
+9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf
+lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB
+hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA
+UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8
+4A3ZItobUHStkstOkOX6fQ==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9
+mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG
+fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/
+zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29
+p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b
+bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk
+IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG
+-----END RSA PRIVATE KEY-----
diff --git a/src/lib/libcrypto/pkcs7/verify.c b/src/lib/libcrypto/pkcs7/verify.c
new file mode 100644
index 0000000000..b40f26032e
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/verify.c
@@ -0,0 +1,263 @@
+/* crypto/pkcs7/verify.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include "example.h"
+int verify_callback(int ok, X509_STORE_CTX *ctx);
+BIO *bio_err=NULL;
+BIO *bio_out=NULL;
+int main(argc,argv)
+int argc;
+char *argv[];
+        {
+        PKCS7 *p7;
+        PKCS7_SIGNER_INFO *si;
+        X509_STORE_CTX cert_ctx;
+        X509_STORE *cert_store=NULL;
+        BIO *data,*detached=NULL,*p7bio=NULL;
+        char buf[1024*4];
+        char *pp;
+        int i,printit=0;
+        STACK_OF(PKCS7_SIGNER_INFO) *sk;
+        bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+        bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
+#ifndef OPENSSL_NO_MD2
+        EVP_add_digest(EVP_md2());
+#endif
+#ifndef OPENSSL_NO_MD5
+        EVP_add_digest(EVP_md5());
+#endif
+#ifndef OPENSSL_NO_SHA1
+        EVP_add_digest(EVP_sha1());
+#endif
+#ifndef OPENSSL_NO_MDC2
+        EVP_add_digest(EVP_mdc2());
+#endif
+        data=BIO_new(BIO_s_file());
+        pp=NULL;
+        while (argc > 1)
+                {
+                argc--;
+                argv++;
+                if (strcmp(argv[0],"-p") == 0)
+                        {
+                        printit=1;
+                        }
+                else if ((strcmp(argv[0],"-d") == 0) && (argc >= 2))
+                        {
+                        detached=BIO_new(BIO_s_file());
+                        if (!BIO_read_filename(detached,argv[1]))
+                                goto err;
+                        argc--;
+                        argv++;
+                        }
+                else
+                        {
+                        pp=argv[0];
+                        if (!BIO_read_filename(data,argv[0]))
+                                goto err;
+                        }
+                }
+        if (pp == NULL)
+                BIO_set_fp(data,stdin,BIO_NOCLOSE);
+        /* Load the PKCS7 object from a file */
+        if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL,NULL)) == NULL) goto err;
+        /* This stuff is being setup for certificate verification.
+         * When using SSL, it could be replaced with a 
+         * cert_stre=SSL_CTX_get_cert_store(ssl_ctx); */
+        cert_store=X509_STORE_new();
+        X509_STORE_set_default_paths(cert_store);
+        X509_STORE_load_locations(cert_store,NULL,"../../certs");
+        X509_STORE_set_verify_cb_func(cert_store,verify_callback);
+        ERR_clear_error();
+        /* We need to process the data */
+        if ((PKCS7_get_detached(p7) || detached))
+                {
+                if (detached == NULL)
+                        {
+                        printf("no data to verify the signature on\n");
+                        exit(1);
+                        }
+                else
+                        p7bio=PKCS7_dataInit(p7,detached);
+                }
+        else
+                {
+                p7bio=PKCS7_dataInit(p7,NULL);
+                }
+        /* We now have to 'read' from p7bio to calculate digests etc. */
+        for (;;)
+                {
+                i=BIO_read(p7bio,buf,sizeof(buf));
+                /* print it? */
+                if (i <= 0) break;
+                }
+        /* We can now verify signatures */
+        sk=PKCS7_get_signer_info(p7);
+        if (sk == NULL)
+                {
+                printf("there are no signatures on this data\n");
+                exit(1);
+                }
+        /* Ok, first we need to, for each subject entry, see if we can verify */
+        for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sk); i++)
+                {
+                ASN1_UTCTIME *tm;
+                char *str1,*str2;
+                int rc;
+                si=sk_PKCS7_SIGNER_INFO_value(sk,i);
+                rc=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si);
+                if (rc <= 0)
+                        goto err;
+                printf("signer info\n");
+                if ((tm=get_signed_time(si)) != NULL)
+                        {
+                        BIO_printf(bio_out,"Signed time:");
+                        ASN1_UTCTIME_print(bio_out,tm);
+                        ASN1_UTCTIME_free(tm);
+                        BIO_printf(bio_out,"\n");
+                        }
+                if (get_signed_seq2string(si,&str1,&str2))
+                        {
+                        BIO_printf(bio_out,"String 1 is %s\n",str1);
+                        BIO_printf(bio_out,"String 2 is %s\n",str2);
+                        }
+                }
+        X509_STORE_free(cert_store);
+        printf("done\n");
+        exit(0);
+err:
+        ERR_load_crypto_strings();
+        ERR_print_errors_fp(stderr);
+        exit(1);
+        }
+/* should be X509 * but we can just have them as char *. */
+int verify_callback(int ok, X509_STORE_CTX *ctx)
+        {
+        char buf[256];
+        X509 *err_cert;
+        int err,depth;
+        err_cert=X509_STORE_CTX_get_current_cert(ctx);
+        err=    X509_STORE_CTX_get_error(ctx);
+        depth=  X509_STORE_CTX_get_error_depth(ctx);
+        X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
+        BIO_printf(bio_err,"depth=%d %s\n",depth,buf);
+        if (!ok)
+                {
+                BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
+                        X509_verify_cert_error_string(err));
+                if (depth < 6)
+                        {
+                        ok=1;
+                        X509_STORE_CTX_set_error(ctx,X509_V_OK);
+                        }
+                else
+                        {
+                        ok=0;
+                        X509_STORE_CTX_set_error(ctx,X509_V_ERR_CERT_CHAIN_TOO_LONG);
+                        }
+                }
+        switch (ctx->error)
+                {
+        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+                X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);
+                BIO_printf(bio_err,"issuer= %s\n",buf);
+                break;
+        case X509_V_ERR_CERT_NOT_YET_VALID:
+        case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+                BIO_printf(bio_err,"notBefore=");
+                ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
+                BIO_printf(bio_err,"\n");
+                break;
+        case X509_V_ERR_CERT_HAS_EXPIRED:
+        case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+                BIO_printf(bio_err,"notAfter=");
+                ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
+                BIO_printf(bio_err,"\n");
+                break;
+                }
+        BIO_printf(bio_err,"verify return:%d\n",ok);
+        return(ok);
+        }
diff --git a/src/lib/libcrypto/pqueue/Makefile b/src/lib/libcrypto/pqueue/Makefile
new file mode 100644
index 0000000000..d0c39d25ce
--- /dev/null
+++ b/src/lib/libcrypto/pqueue/Makefile
@@ -0,0 +1,84 @@
+#
+# OpenSSL/crypto/pqueue/Makefile
+#
+DIR=    pqueue
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=pqueue.c
+LIBOBJ=pqueue.o
+SRC= $(LIBSRC)
+EXHEADER= pqueue.h pq_compat.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+pqueue.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+pqueue.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+pqueue.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pqueue.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+pqueue.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pqueue.o: ../../include/openssl/pq_compat.h ../../include/openssl/safestack.h
+pqueue.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pqueue.o: ../cryptlib.h pqueue.c pqueue.h
diff --git a/src/lib/libcrypto/pqueue/pq_compat.h b/src/lib/libcrypto/pqueue/pq_compat.h
new file mode 100644
index 0000000000..fd36578882
--- /dev/null
+++ b/src/lib/libcrypto/pqueue/pq_compat.h
@@ -0,0 +1,147 @@
+/* crypto/pqueue/pqueue_compat.h */
+/* 
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <openssl/opensslconf.h>
+#include <openssl/bn.h>
+/* 
+ * The purpose of this header file is for supporting 64-bit integer
+ * manipulation on 32-bit (and lower) machines.  Currently the only
+ * such environment is VMS, Utrix and those with smaller default integer
+ * sizes than 32 bits.  For all such environment, we fall back to using
+ * BIGNUM.  We may need to fine tune the conditions for systems that
+ * are incorrectly configured.
+ *
+ * The only clients of this code are (1) pqueue for priority, and
+ * (2) DTLS, for sequence number manipulation.
+ */
+#if (defined(THIRTY_TWO_BIT) && !defined(BN_LLONG)) || defined(SIXTEEN_BIT) || defined(EIGHT_BIT)
+#define PQ_64BIT_IS_INTEGER 0
+#define PQ_64BIT_IS_BIGNUM 1
+#define PQ_64BIT     BIGNUM
+#define PQ_64BIT_CTX BN_CTX
+#define pq_64bit_init(x)           BN_init(x)
+#define pq_64bit_free(x)           BN_free(x)
+#define pq_64bit_ctx_new(ctx)      BN_CTX_new()
+#define pq_64bit_ctx_free(x)       BN_CTX_free(x)
+#define pq_64bit_assign(x, y)      BN_copy(x, y)
+#define pq_64bit_assign_word(x, y) BN_set_word(x, y)
+#define pq_64bit_gt(x, y)          BN_ucmp(x, y) >= 1 ? 1 : 0
+#define pq_64bit_eq(x, y)          BN_ucmp(x, y) == 0 ? 1 : 0
+#define pq_64bit_add_word(x, w)    BN_add_word(x, w)
+#define pq_64bit_sub(r, x, y)      BN_sub(r, x, y)
+#define pq_64bit_sub_word(x, w)    BN_sub_word(x, w)
+#define pq_64bit_mod(r, x, n, ctx) BN_mod(r, x, n, ctx)
+#define pq_64bit_bin2num(bn, bytes, len)   BN_bin2bn(bytes, len, bn)
+#define pq_64bit_num2bin(bn, bytes)        BN_bn2bin(bn, bytes)
+#define pq_64bit_get_word(x)               BN_get_word(x)
+#define pq_64bit_is_bit_set(x, offset)     BN_is_bit_set(x, offset)
+#define pq_64bit_lshift(r, x, shift)       BN_lshift(r, x, shift)
+#define pq_64bit_set_bit(x, num)           BN_set_bit(x, num)
+#define pq_64bit_get_length(x)             BN_num_bits((x))
+#else
+#define PQ_64BIT_IS_INTEGER 1
+#define PQ_64BIT_IS_BIGNUM 0
+#if defined(SIXTY_FOUR_BIT)
+#define PQ_64BIT BN_ULONG
+#define PQ_64BIT_PRINT "%lld"
+#elif defined(SIXTY_FOUR_BIT_LONG)
+#define PQ_64BIT BN_ULONG
+#define PQ_64BIT_PRINT "%ld"
+#elif defined(THIRTY_TWO_BIT)
+#define PQ_64BIT BN_ULLONG
+#define PQ_64BIT_PRINT "%lld"
+#endif
+#define PQ_64BIT_CTX      void
+#define pq_64bit_init(x)
+#define pq_64bit_free(x)
+#define pq_64bit_ctx_new(ctx)        (ctx)
+#define pq_64bit_ctx_free(x)
+#define pq_64bit_assign(x, y)        (*(x) = *(y))
+#define pq_64bit_assign_word(x, y)   (*(x) = y)
+#define pq_64bit_gt(x, y)                (*(x) > *(y))
+#define pq_64bit_eq(x, y)            (*(x) == *(y))
+#define pq_64bit_add_word(x, w)      (*(x) = (*(x) + (w)))
+#define pq_64bit_sub(r, x, y)        (*(r) = (*(x) - *(y)))
+#define pq_64bit_sub_word(x, w)      (*(x) = (*(x) - (w)))
+#define pq_64bit_mod(r, x, n, ctx)
+#define pq_64bit_bin2num(num, bytes, len) bytes_to_long_long(bytes, num)
+#define pq_64bit_num2bin(num, bytes)      long_long_to_bytes(num, bytes)
+#define pq_64bit_get_word(x)              *(x)
+#define pq_64bit_lshift(r, x, shift)      (*(r) = (*(x) << (shift)))
+#define pq_64bit_set_bit(x, num)          do { \
+                                              PQ_64BIT mask = 1; \
+                                              mask = mask << (num); \
+                                              *(x) |= mask; \
+                                          } while(0)
+#endif /* OPENSSL_SYS_VMS */
diff --git a/src/lib/libcrypto/pqueue/pq_test.c b/src/lib/libcrypto/pqueue/pq_test.c
new file mode 100644
index 0000000000..8d496dfc65
--- /dev/null
+++ b/src/lib/libcrypto/pqueue/pq_test.c
@@ -0,0 +1,95 @@
+/* crypto/pqueue/pq_test.c */
+/* 
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include "pqueue.h"
+int
+main(void)
+        {
+        pitem *item;
+        pqueue pq;
+        pq = pqueue_new();
+        item = pitem_new(3, NULL);
+        pqueue_insert(pq, item);
+        item = pitem_new(1, NULL);
+        pqueue_insert(pq, item);
+        item = pitem_new(2, NULL);
+        pqueue_insert(pq, item);
+        item = pqueue_find(pq, 1);
+        fprintf(stderr, "found %ld\n", item->priority);
+        item = pqueue_find(pq, 2);
+        fprintf(stderr, "found %ld\n", item->priority);
+        item = pqueue_find(pq, 3);
+        fprintf(stderr, "found %ld\n", item ? item->priority: 0);
+        pqueue_print(pq);
+        for(item = pqueue_pop(pq); item != NULL; item = pqueue_pop(pq))
+                pitem_free(item);
+        pqueue_free(pq);
+        return 0;
+        }
diff --git a/src/lib/libcrypto/pqueue/pqueue.c b/src/lib/libcrypto/pqueue/pqueue.c
new file mode 100644
index 0000000000..5cc18527f8
--- /dev/null
+++ b/src/lib/libcrypto/pqueue/pqueue.c
@@ -0,0 +1,236 @@
+/* crypto/pqueue/pqueue.c */
+/* 
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include "pqueue.h"
+typedef struct _pqueue
+        {
+        pitem *items;
+        int count;
+        } pqueue_s;
+pitem *
+pitem_new(PQ_64BIT priority, void *data)
+        {
+        pitem *item = (pitem *) OPENSSL_malloc(sizeof(pitem));
+        if (item == NULL) return NULL;
+        pq_64bit_init(&(item->priority));
+        pq_64bit_assign(&item->priority, &priority);
+        item->data = data;
+        item->next = NULL;
+        return item;
+        }
+void
+pitem_free(pitem *item)
+        {
+        if (item == NULL) return;
+        pq_64bit_free(&(item->priority));
+        OPENSSL_free(item);
+        }
+pqueue_s *
+pqueue_new()
+        {
+        pqueue_s *pq = (pqueue_s *) OPENSSL_malloc(sizeof(pqueue_s));
+        if (pq == NULL) return NULL;
+        memset(pq, 0x00, sizeof(pqueue_s));
+        return pq;
+        }
+void
+pqueue_free(pqueue_s *pq)
+        {
+        if (pq == NULL) return;
+        OPENSSL_free(pq);
+        }
+pitem *
+pqueue_insert(pqueue_s *pq, pitem *item)
+        {
+        pitem *curr, *next;
+        if (pq->items == NULL)
+                {
+                pq->items = item;
+                return item;
+                }
+        for(curr = NULL, next = pq->items; 
+                next != NULL;
+                curr = next, next = next->next)
+                {
+                if (pq_64bit_gt(&(next->priority), &(item->priority)))
+                        {
+                        item->next = next;
+                        if (curr == NULL) 
+                                pq->items = item;
+                        else  
+                                curr->next = item;
+                        return item;
+                        }
+                /* duplicates not allowed */
+                if (pq_64bit_eq(&(item->priority), &(next->priority)))
+                        return NULL;
+                }
+        item->next = NULL;
+        curr->next = item;
+        return item;
+        }
+pitem *
+pqueue_peek(pqueue_s *pq)
+        {
+        return pq->items;
+        }
+pitem *
+pqueue_pop(pqueue_s *pq)
+        {
+        pitem *item = pq->items;
+        if (pq->items != NULL)
+                pq->items = pq->items->next;
+        return item;
+        }
+pitem *
+pqueue_find(pqueue_s *pq, PQ_64BIT priority)
+        {
+        pitem *next, *prev = NULL;
+        pitem *found = NULL;
+        if ( pq->items == NULL)
+                return NULL;
+        for ( next = pq->items; next->next != NULL; 
+                  prev = next, next = next->next)
+                {
+                if ( pq_64bit_eq(&(next->priority), &priority))
+                        {
+                        found = next;
+                        break;
+                        }
+                }
+        
+        /* check the one last node */
+        if ( pq_64bit_eq(&(next->priority), &priority))
+                found = next;
+        if ( ! found)
+                return NULL;
+#if 0 /* find works in peek mode */
+        if ( prev == NULL)
+                pq->items = next->next;
+        else
+                prev->next = next->next;
+#endif
+        return found;
+        }
+#if PQ_64BIT_IS_INTEGER
+void
+pqueue_print(pqueue_s *pq)
+        {
+        pitem *item = pq->items;
+        while(item != NULL)
+                {
+                printf("item\t" PQ_64BIT_PRINT "\n", item->priority);
+                item = item->next;
+                }
+        }
+#endif
+pitem *
+pqueue_iterator(pqueue_s *pq)
+        {
+        return pqueue_peek(pq);
+        }
+pitem *
+pqueue_next(pitem **item)
+        {
+        pitem *ret;
+        if ( item == NULL || *item == NULL)
+                return NULL;
+        /* *item != NULL */
+        ret = *item;
+        *item = (*item)->next;
+        return ret;
+        }
diff --git a/src/lib/libcrypto/pqueue/pqueue.h b/src/lib/libcrypto/pqueue/pqueue.h
new file mode 100644
index 0000000000..02386d130e
--- /dev/null
+++ b/src/lib/libcrypto/pqueue/pqueue.h
@@ -0,0 +1,95 @@
+/* crypto/pqueue/pqueue.h */
+/* 
+ * DTLS implementation written by Nagendra Modadugu
+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_PQUEUE_H
+#define HEADER_PQUEUE_H
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/pq_compat.h>
+typedef struct _pqueue *pqueue;
+typedef struct _pitem
+        {
+        PQ_64BIT priority;
+        void *data;
+        struct _pitem *next;
+        } pitem;
+typedef struct _pitem *piterator;
+pitem *pitem_new(PQ_64BIT priority, void *data);
+void   pitem_free(pitem *item);
+pqueue pqueue_new(void);
+void   pqueue_free(pqueue pq);
+pitem *pqueue_insert(pqueue pq, pitem *item);
+pitem *pqueue_peek(pqueue pq);
+pitem *pqueue_pop(pqueue pq);
+pitem *pqueue_find(pqueue pq, PQ_64BIT priority);
+pitem *pqueue_iterator(pqueue pq);
+pitem *pqueue_next(piterator *iter);
+void   pqueue_print(pqueue pq);
+#endif /* ! HEADER_PQUEUE_H */
diff --git a/src/lib/libcrypto/rand/Makefile b/src/lib/libcrypto/rand/Makefile
new file mode 100644
index 0000000000..3c1ab5bbae
--- /dev/null
+++ b/src/lib/libcrypto/rand/Makefile
@@ -0,0 +1,159 @@
+#
+# OpenSSL/crypto/rand/Makefile
+#
+DIR=    rand
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST= randtest.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c \
+        rand_win.c rand_unix.c rand_os2.c rand_nw.c
+LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o \
+        rand_win.o rand_unix.o rand_os2.o rand_nw.o
+SRC= $(LIBSRC)
+EXHEADER= rand.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+md_rand.o: ../../e_os.h ../../include/openssl/asn1.h
+md_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+md_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+md_rand.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+md_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+md_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+md_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+md_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+md_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+md_rand.o: md_rand.c rand_lcl.h
+rand_egd.o: ../../include/openssl/buffer.h ../../include/openssl/e_os2.h
+rand_egd.o: ../../include/openssl/opensslconf.h
+rand_egd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+rand_egd.o: rand_egd.c
+rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+rand_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rand_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rand_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_err.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+rand_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_err.o: rand_err.c
+rand_lib.o: ../../e_os.h ../../include/openssl/bio.h
+rand_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rand_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+rand_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+rand_lib.o: ../../include/openssl/opensslconf.h
+rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_lib.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_lib.o: ../cryptlib.h rand_lib.c
+rand_nw.o: ../../e_os.h ../../include/openssl/asn1.h
+rand_nw.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+rand_nw.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rand_nw.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rand_nw.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rand_nw.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rand_nw.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_nw.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+rand_nw.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rand_nw.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h rand_nw.c
+rand_os2.o: ../../e_os.h ../../include/openssl/asn1.h
+rand_os2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+rand_os2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rand_os2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rand_os2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rand_os2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rand_os2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_os2.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+rand_os2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rand_os2.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h
+rand_os2.o: rand_os2.c
+rand_unix.o: ../../e_os.h ../../include/openssl/asn1.h
+rand_unix.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+rand_unix.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rand_unix.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rand_unix.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rand_unix.o: ../../include/openssl/objects.h
+rand_unix.o: ../../include/openssl/opensslconf.h
+rand_unix.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_unix.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+rand_unix.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rand_unix.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h
+rand_unix.o: rand_unix.c
+rand_win.o: ../../e_os.h ../../include/openssl/asn1.h
+rand_win.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rand_win.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rand_win.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rand_win.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_win.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+rand_win.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rand_win.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h
+rand_win.o: rand_win.c
+randfile.o: ../../e_os.h ../../include/openssl/buffer.h
+randfile.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+randfile.o: ../../include/openssl/opensslconf.h
+randfile.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+randfile.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+randfile.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+randfile.o: randfile.c
diff --git a/src/lib/libcrypto/rand/Makefile.ssl b/src/lib/libcrypto/rand/Makefile.ssl
new file mode 100644
index 0000000000..e5cbe5319c
--- /dev/null
+++ b/src/lib/libcrypto/rand/Makefile.ssl
@@ -0,0 +1,196 @@
+#
+# SSLeay/crypto/rand/Makefile
+#
+DIR=    rand
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST= randtest.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c \
+        rand_win.c rand_unix.c rand_os2.c
+LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o \
+        rand_win.o rand_unix.o rand_os2.o
+SRC= $(LIBSRC)
+EXHEADER= rand.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+md_rand.o: ../../e_os.h ../../include/openssl/aes.h
+md_rand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+md_rand.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+md_rand.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+md_rand.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+md_rand.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+md_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+md_rand.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+md_rand.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+md_rand.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+md_rand.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+md_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+md_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+md_rand.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+md_rand.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+md_rand.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+md_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+md_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+md_rand.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+md_rand.o: md_rand.c rand_lcl.h
+rand_egd.o: ../../include/openssl/buffer.h ../../include/openssl/e_os2.h
+rand_egd.o: ../../include/openssl/opensslconf.h
+rand_egd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+rand_egd.o: rand_egd.c
+rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+rand_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rand_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rand_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_err.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+rand_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_err.o: rand_err.c
+rand_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+rand_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rand_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rand_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+rand_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+rand_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+rand_lib.o: ../../include/openssl/opensslconf.h
+rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rand_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rand_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+rand_lib.o: ../cryptlib.h rand_lib.c
+rand_os2.o: ../../e_os.h ../../include/openssl/aes.h
+rand_os2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rand_os2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rand_os2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rand_os2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rand_os2.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rand_os2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rand_os2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rand_os2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rand_os2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rand_os2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rand_os2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rand_os2.o: ../../include/openssl/opensslconf.h
+rand_os2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_os2.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+rand_os2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rand_os2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+rand_os2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rand_os2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_os2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rand_os2.o: ../cryptlib.h rand_lcl.h rand_os2.c
+rand_unix.o: ../../e_os.h ../../include/openssl/aes.h
+rand_unix.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rand_unix.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rand_unix.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rand_unix.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rand_unix.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rand_unix.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rand_unix.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rand_unix.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rand_unix.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rand_unix.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rand_unix.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rand_unix.o: ../../include/openssl/opensslconf.h
+rand_unix.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_unix.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+rand_unix.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rand_unix.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+rand_unix.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rand_unix.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_unix.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rand_unix.o: ../cryptlib.h rand_lcl.h rand_unix.c
+rand_win.o: ../../e_os.h ../../include/openssl/aes.h
+rand_win.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rand_win.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rand_win.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rand_win.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rand_win.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rand_win.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rand_win.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rand_win.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rand_win.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rand_win.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rand_win.o: ../../include/openssl/opensslconf.h
+rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_win.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+rand_win.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rand_win.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+rand_win.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rand_win.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_win.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rand_win.o: ../cryptlib.h rand_lcl.h rand_win.c
+randfile.o: ../../e_os.h ../../include/openssl/buffer.h
+randfile.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+randfile.o: ../../include/openssl/opensslconf.h
+randfile.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+randfile.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+randfile.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+randfile.o: randfile.c
diff --git a/src/lib/libcrypto/rand/md_rand.c b/src/lib/libcrypto/rand/md_rand.c
new file mode 100644
index 0000000000..c84968df88
--- /dev/null
+++ b/src/lib/libcrypto/rand/md_rand.c
@@ -0,0 +1,581 @@
+/* crypto/rand/md_rand.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifdef MD_RAND_DEBUG
+# ifndef NDEBUG
+#   define NDEBUG
+# endif
+#endif
+#include <assert.h>
+#include <stdio.h>
+#include <string.h>
+#include "e_os.h"
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/fips.h>
+#ifdef BN_DEBUG
+# define PREDICT
+#endif
+/* #define PREDICT      1 */
+#define STATE_SIZE      1023
+static int state_num=0,state_index=0;
+static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];
+static unsigned char md[MD_DIGEST_LENGTH];
+static long md_count[2]={0,0};
+static double entropy=0;
+static int initialized=0;
+static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
+                                           * holds CRYPTO_LOCK_RAND
+                                           * (to prevent double locking) */
+/* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */
+static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */
+#ifdef PREDICT
+int rand_predictable=0;
+#endif
+const char *RAND_version="RAND" OPENSSL_VERSION_PTEXT;
+static void ssleay_rand_cleanup(void);
+static void ssleay_rand_seed(const void *buf, int num);
+static void ssleay_rand_add(const void *buf, int num, double add_entropy);
+static int ssleay_rand_bytes(unsigned char *buf, int num);
+static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);
+static int ssleay_rand_status(void);
+RAND_METHOD rand_ssleay_meth={
+        ssleay_rand_seed,
+        ssleay_rand_bytes,
+        ssleay_rand_cleanup,
+        ssleay_rand_add,
+        ssleay_rand_pseudo_bytes,
+        ssleay_rand_status
+        }; 
+RAND_METHOD *RAND_SSLeay(void)
+        {
+        return(&rand_ssleay_meth);
+        }
+static void ssleay_rand_cleanup(void)
+        {
+        OPENSSL_cleanse(state,sizeof(state));
+        state_num=0;
+        state_index=0;
+        OPENSSL_cleanse(md,MD_DIGEST_LENGTH);
+        md_count[0]=0;
+        md_count[1]=0;
+        entropy=0;
+        initialized=0;
+        }
+static void ssleay_rand_add(const void *buf, int num, double add)
+        {
+        int i,j,k,st_idx;
+        long md_c[2];
+        unsigned char local_md[MD_DIGEST_LENGTH];
+        EVP_MD_CTX m;
+        int do_not_lock;
+        /*
+         * (Based on the rand(3) manpage)
+         *
+         * The input is chopped up into units of 20 bytes (or less for
+         * the last block).  Each of these blocks is run through the hash
+         * function as follows:  The data passed to the hash function
+         * is the current 'md', the same number of bytes from the 'state'
+         * (the location determined by in incremented looping index) as
+         * the current 'block', the new key data 'block', and 'count'
+         * (which is incremented after each use).
+         * The result of this is kept in 'md' and also xored into the
+         * 'state' at the same locations that were used as input into the
+         * hash function.
+         */
+        /* check if we already have the lock */
+        if (crypto_lock_rand)
+                {
+                CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
+                do_not_lock = (locking_thread == CRYPTO_thread_id());
+                CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
+                }
+        else
+                do_not_lock = 0;
+        if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+        st_idx=state_index;
+        /* use our own copies of the counters so that even
+         * if a concurrent thread seeds with exactly the
+         * same data and uses the same subarray there's _some_
+         * difference */
+        md_c[0] = md_count[0];
+        md_c[1] = md_count[1];
+        memcpy(local_md, md, sizeof md);
+        /* state_index <= state_num <= STATE_SIZE */
+        state_index += num;
+        if (state_index >= STATE_SIZE)
+                {
+                state_index%=STATE_SIZE;
+                state_num=STATE_SIZE;
+                }
+        else if (state_num < STATE_SIZE)        
+                {
+                if (state_index > state_num)
+                        state_num=state_index;
+                }
+        /* state_index <= state_num <= STATE_SIZE */
+        /* state[st_idx], ..., state[(st_idx + num - 1) % STATE_SIZE]
+         * are what we will use now, but other threads may use them
+         * as well */
+        md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
+        if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+        EVP_MD_CTX_init(&m);
+        for (i=0; i<num; i+=MD_DIGEST_LENGTH)
+                {
+                j=(num-i);
+                j=(j > MD_DIGEST_LENGTH)?MD_DIGEST_LENGTH:j;
+                MD_Init(&m);
+                MD_Update(&m,local_md,MD_DIGEST_LENGTH);
+                k=(st_idx+j)-STATE_SIZE;
+                if (k > 0)
+                        {
+                        MD_Update(&m,&(state[st_idx]),j-k);
+                        MD_Update(&m,&(state[0]),k);
+                        }
+                else
+                        MD_Update(&m,&(state[st_idx]),j);
+                        
+                MD_Update(&m,buf,j);
+                MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
+                MD_Final(&m,local_md);
+                md_c[1]++;
+                buf=(const char *)buf + j;
+                for (k=0; k<j; k++)
+                        {
+                        /* Parallel threads may interfere with this,
+                         * but always each byte of the new state is
+                         * the XOR of some previous value of its
+                         * and local_md (itermediate values may be lost).
+                         * Alway using locking could hurt performance more
+                         * than necessary given that conflicts occur only
+                         * when the total seeding is longer than the random
+                         * state. */
+                        state[st_idx++]^=local_md[k];
+                        if (st_idx >= STATE_SIZE)
+                                st_idx=0;
+                        }
+                }
+        EVP_MD_CTX_cleanup(&m);
+        if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+        /* Don't just copy back local_md into md -- this could mean that
+         * other thread's seeding remains without effect (except for
+         * the incremented counter).  By XORing it we keep at least as
+         * much entropy as fits into md. */
+        for (k = 0; k < sizeof md; k++)
+                {
+                md[k] ^= local_md[k];
+                }
+        if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
+            entropy += add;
+        if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+        
+#if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)
+        assert(md_c[1] == md_count[1]);
+#endif
+        }
+static void ssleay_rand_seed(const void *buf, int num)
+        {
+        ssleay_rand_add(buf, num, num);
+        }
+static int ssleay_rand_bytes(unsigned char *buf, int num)
+        {
+        static volatile int stirred_pool = 0;
+        int i,j,k,st_num,st_idx;
+        int num_ceil;
+        int ok;
+        long md_c[2];
+        unsigned char local_md[MD_DIGEST_LENGTH];
+        EVP_MD_CTX m;
+#ifndef GETPID_IS_MEANINGLESS
+        pid_t curr_pid = getpid();
+#endif
+        int do_stir_pool = 0;
+#ifdef OPENSSL_FIPS
+        if(FIPS_mode())
+            {
+            FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD);
+            return 0;
+            }
+#endif
+#ifdef PREDICT
+        if (rand_predictable)
+                {
+                static unsigned char val=0;
+                for (i=0; i<num; i++)
+                        buf[i]=val++;
+                return(1);
+                }
+#endif
+        if (num <= 0)
+                return 1;
+        EVP_MD_CTX_init(&m);
+        /* round upwards to multiple of MD_DIGEST_LENGTH/2 */
+        num_ceil = (1 + (num-1)/(MD_DIGEST_LENGTH/2)) * (MD_DIGEST_LENGTH/2);
+        /*
+         * (Based on the rand(3) manpage:)
+         *
+         * For each group of 10 bytes (or less), we do the following:
+         *
+         * Input into the hash function the local 'md' (which is initialized from
+         * the global 'md' before any bytes are generated), the bytes that are to
+         * be overwritten by the random bytes, and bytes from the 'state'
+         * (incrementing looping index). From this digest output (which is kept
+         * in 'md'), the top (up to) 10 bytes are returned to the caller and the
+         * bottom 10 bytes are xored into the 'state'.
+         * 
+         * Finally, after we have finished 'num' random bytes for the
+         * caller, 'count' (which is incremented) and the local and global 'md'
+         * are fed into the hash function and the results are kept in the
+         * global 'md'.
+         */
+        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+        /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
+        CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
+        locking_thread = CRYPTO_thread_id();
+        CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
+        crypto_lock_rand = 1;
+        if (!initialized)
+                {
+                RAND_poll();
+                initialized = 1;
+                }
+        
+        if (!stirred_pool)
+                do_stir_pool = 1;
+        
+        ok = (entropy >= ENTROPY_NEEDED);
+        if (!ok)
+                {
+                /* If the PRNG state is not yet unpredictable, then seeing
+                 * the PRNG output may help attackers to determine the new
+                 * state; thus we have to decrease the entropy estimate.
+                 * Once we've had enough initial seeding we don't bother to
+                 * adjust the entropy count, though, because we're not ambitious
+                 * to provide *information-theoretic* randomness.
+                 *
+                 * NOTE: This approach fails if the program forks before
+                 * we have enough entropy. Entropy should be collected
+                 * in a separate input pool and be transferred to the
+                 * output pool only when the entropy limit has been reached.
+                 */
+                entropy -= num;
+                if (entropy < 0)
+                        entropy = 0;
+                }
+        if (do_stir_pool)
+                {
+                /* In the output function only half of 'md' remains secret,
+                 * so we better make sure that the required entropy gets
+                 * 'evenly distributed' through 'state', our randomness pool.
+                 * The input function (ssleay_rand_add) chains all of 'md',
+                 * which makes it more suitable for this purpose.
+                 */
+                int n = STATE_SIZE; /* so that the complete pool gets accessed */
+                while (n > 0)
+                        {
+#if MD_DIGEST_LENGTH > 20
+# error "Please adjust DUMMY_SEED."
+#endif
+#define DUMMY_SEED "...................." /* at least MD_DIGEST_LENGTH */
+                        /* Note that the seed does not matter, it's just that
+                         * ssleay_rand_add expects to have something to hash. */
+                        ssleay_rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0);
+                        n -= MD_DIGEST_LENGTH;
+                        }
+                if (ok)
+                        stirred_pool = 1;
+                }
+        st_idx=state_index;
+        st_num=state_num;
+        md_c[0] = md_count[0];
+        md_c[1] = md_count[1];
+        memcpy(local_md, md, sizeof md);
+        state_index+=num_ceil;
+        if (state_index > state_num)
+                state_index %= state_num;
+        /* state[st_idx], ..., state[(st_idx + num_ceil - 1) % st_num]
+         * are now ours (but other threads may use them too) */
+        md_count[0] += 1;
+        /* before unlocking, we must clear 'crypto_lock_rand' */
+        crypto_lock_rand = 0;
+        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+        while (num > 0)
+                {
+                /* num_ceil -= MD_DIGEST_LENGTH/2 */
+                j=(num >= MD_DIGEST_LENGTH/2)?MD_DIGEST_LENGTH/2:num;
+                num-=j;
+                MD_Init(&m);
+#ifndef GETPID_IS_MEANINGLESS
+                if (curr_pid) /* just in the first iteration to save time */
+                        {
+                        MD_Update(&m,(unsigned char*)&curr_pid,sizeof curr_pid);
+                        curr_pid = 0;
+                        }
+#endif
+                MD_Update(&m,local_md,MD_DIGEST_LENGTH);
+                MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
+#ifndef PURIFY
+                MD_Update(&m,buf,j); /* purify complains */
+#endif
+                k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;
+                if (k > 0)
+                        {
+                        MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2-k);
+                        MD_Update(&m,&(state[0]),k);
+                        }
+                else
+                        MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2);
+                MD_Final(&m,local_md);
+                for (i=0; i<MD_DIGEST_LENGTH/2; i++)
+                        {
+                        state[st_idx++]^=local_md[i]; /* may compete with other threads */
+                        if (st_idx >= st_num)
+                                st_idx=0;
+                        if (i < j)
+                                *(buf++)=local_md[i+MD_DIGEST_LENGTH/2];
+                        }
+                }
+        MD_Init(&m);
+        MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
+        MD_Update(&m,local_md,MD_DIGEST_LENGTH);
+        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+        MD_Update(&m,md,MD_DIGEST_LENGTH);
+        MD_Final(&m,md);
+        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+        EVP_MD_CTX_cleanup(&m);
+        if (ok)
+                return(1);
+        else
+                {
+                RANDerr(RAND_F_SSLEAY_RAND_BYTES,RAND_R_PRNG_NOT_SEEDED);
+                ERR_add_error_data(1, "You need to read the OpenSSL FAQ, "
+                        "http://www.openssl.org/support/faq.html");
+                return(0);
+                }
+        }
+/* pseudo-random bytes that are guaranteed to be unique but not
+   unpredictable */
+static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) 
+        {
+        int ret;
+        unsigned long err;
+        ret = RAND_bytes(buf, num);
+        if (ret == 0)
+                {
+                err = ERR_peek_error();
+                if (ERR_GET_LIB(err) == ERR_LIB_RAND &&
+                    ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED)
+                        (void)ERR_get_error();
+                }
+        return (ret);
+        }
+static int ssleay_rand_status(void)
+        {
+        int ret;
+        int do_not_lock;
+        /* check if we already have the lock
+         * (could happen if a RAND_poll() implementation calls RAND_status()) */
+        if (crypto_lock_rand)
+                {
+                CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
+                do_not_lock = (locking_thread == CRYPTO_thread_id());
+                CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
+                }
+        else
+                do_not_lock = 0;
+        
+        if (!do_not_lock)
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+                
+                /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
+                CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
+                locking_thread = CRYPTO_thread_id();
+                CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
+                crypto_lock_rand = 1;
+                }
+        
+        if (!initialized)
+                {
+                RAND_poll();
+                initialized = 1;
+                }
+        ret = entropy >= ENTROPY_NEEDED;
+        if (!do_not_lock)
+                {
+                /* before unlocking, we must clear 'crypto_lock_rand' */
+                crypto_lock_rand = 0;
+                
+                CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+                }
+        
+        return ret;
+        }
diff --git a/src/lib/libcrypto/rand/rand.h b/src/lib/libcrypto/rand/rand.h
index ac6c021763..604df9be6c 100644
--- a/src/lib/libcrypto/rand/rand.h
+++ b/src/lib/libcrypto/rand/rand.h
@@ -72,13 +72,10 @@ extern "C" {
 #endif
 #if defined(OPENSSL_FIPS)
-#define FIPS_RAND_SIZE_T size_t
+#define FIPS_RAND_SIZE_T int
 #endif
-/* Already defined in ossl_typ.h */
+typedef struct rand_meth_st
-/* typedef struct rand_meth_st RAND_METHOD; */
-struct rand_meth_st
        {
        void (*seed)(const void *buf, int num);
        int (*bytes)(unsigned char *buf, int num);
@@ -86,7 +83,7 @@ struct rand_meth_st
        void (*add)(const void *buf, int num, double entropy);
        int (*pseudorand)(unsigned char *buf, int num);
        int (*status)(void);
-        };
+        } RAND_METHOD;
 #ifdef BN_DEBUG
 extern int rand_predictable;
@@ -128,11 +125,17 @@ void ERR_load_RAND_strings(void);
 /* Error codes for the RAND functions. */
 /* Function codes. */
+#define RAND_F_FIPS_RAND_BYTES                           102
 #define RAND_F_RAND_GET_RAND_METHOD                      101
 #define RAND_F_SSLEAY_RAND_BYTES                         100
 /* Reason codes. */
+#define RAND_R_NON_FIPS_METHOD                           101
+#define RAND_R_PRNG_ASKING_FOR_TOO_MUCH                  105
+#define RAND_R_PRNG_NOT_REKEYED                          103
+#define RAND_R_PRNG_NOT_RESEEDED                         104
 #define RAND_R_PRNG_NOT_SEEDED                           100
+#define RAND_R_PRNG_STUCK                                102
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libcrypto/rand/rand_egd.c b/src/lib/libcrypto/rand/rand_egd.c
new file mode 100644
index 0000000000..cd666abfcb
--- /dev/null
+++ b/src/lib/libcrypto/rand/rand_egd.c
@@ -0,0 +1,303 @@
+/* crypto/rand/rand_egd.c */
+/* Written by Ulf Moeller and Lutz Jaenicke for the OpenSSL project. */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <openssl/e_os2.h>
+#include <openssl/rand.h>
+#include <openssl/buffer.h>
+/*
+ * Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
+ *
+ * This module supplies three routines:
+ *
+ * RAND_query_egd_bytes(path, buf, bytes)
+ *   will actually query "bytes" bytes of entropy form the egd-socket located
+ *   at path and will write them to buf (if supplied) or will directly feed
+ *   it to RAND_seed() if buf==NULL.
+ *   The number of bytes is not limited by the maximum chunk size of EGD,
+ *   which is 255 bytes. If more than 255 bytes are wanted, several chunks
+ *   of entropy bytes are requested. The connection is left open until the
+ *   query is competed.
+ *   RAND_query_egd_bytes() returns with
+ *     -1  if an error occured during connection or communication.
+ *     num the number of bytes read from the EGD socket. This number is either
+ *         the number of bytes requested or smaller, if the EGD pool is
+ *         drained and the daemon signals that the pool is empty.
+ *   This routine does not touch any RAND_status(). This is necessary, since
+ *   PRNG functions may call it during initialization.
+ *
+ * RAND_egd_bytes(path, bytes) will query "bytes" bytes and have them
+ *   used to seed the PRNG.
+ *   RAND_egd_bytes() is a wrapper for RAND_query_egd_bytes() with buf=NULL.
+ *   Unlike RAND_query_egd_bytes(), RAND_status() is used to test the
+ *   seed status so that the return value can reflect the seed state:
+ *     -1  if an error occured during connection or communication _or_
+ *         if the PRNG has still not received the required seeding.
+ *     num the number of bytes read from the EGD socket. This number is either
+ *         the number of bytes requested or smaller, if the EGD pool is
+ *         drained and the daemon signals that the pool is empty.
+ *
+ * RAND_egd(path) will query 255 bytes and use the bytes retreived to seed
+ *   the PRNG.
+ *   RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
+ */
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_VOS)
+int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
+        {
+        return(-1);
+        }
+int RAND_egd(const char *path)
+        {
+        return(-1);
+        }
+int RAND_egd_bytes(const char *path,int bytes)
+        {
+        return(-1);
+        }
+#else
+#include <openssl/opensslconf.h>
+#include OPENSSL_UNISTD
+#include <sys/types.h>
+#include <sys/socket.h>
+#ifndef NO_SYS_UN_H
+# ifdef OPENSSL_SYS_VXWORKS
+#   include <streams/un.h>
+# else
+#   include <sys/un.h>
+# endif
+#else
+struct  sockaddr_un {
+        short   sun_family;             /* AF_UNIX */
+        char    sun_path[108];          /* path name (gag) */
+};
+#endif /* NO_SYS_UN_H */
+#include <string.h>
+#include <errno.h>
+#ifndef offsetof
+#  define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER)
+#endif
+int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
+        {
+        int ret = 0;
+        struct sockaddr_un addr;
+        int len, num, numbytes;
+        int fd = -1;
+        int success;
+        unsigned char egdbuf[2], tempbuf[255], *retrievebuf;
+        memset(&addr, 0, sizeof(addr));
+        addr.sun_family = AF_UNIX;
+        if (strlen(path) >= sizeof(addr.sun_path))
+                return (-1);
+        BUF_strlcpy(addr.sun_path,path,sizeof addr.sun_path);
+        len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
+        fd = socket(AF_UNIX, SOCK_STREAM, 0);
+        if (fd == -1) return (-1);
+        success = 0;
+        while (!success)
+            {
+            if (connect(fd, (struct sockaddr *)&addr, len) == 0)
+               success = 1;
+            else
+                {
+                switch (errno)
+                    {
+#ifdef EINTR
+                    case EINTR:
+#endif
+#ifdef EAGAIN
+                    case EAGAIN:
+#endif
+#ifdef EINPROGRESS
+                    case EINPROGRESS:
+#endif
+#ifdef EALREADY
+                    case EALREADY:
+#endif
+                        /* No error, try again */
+                        break;
+#ifdef EISCONN
+                    case EISCONN:
+                        success = 1;
+                        break;
+#endif
+                    default:
+                        goto err;       /* failure */
+                    }
+                }
+            }
+        while(bytes > 0)
+            {
+            egdbuf[0] = 1;
+            egdbuf[1] = bytes < 255 ? bytes : 255;
+            numbytes = 0;
+            while (numbytes != 2)
+                {
+                num = write(fd, egdbuf + numbytes, 2 - numbytes);
+                if (num >= 0)
+                    numbytes += num;
+                else
+                    {
+                    switch (errno)
+                        {
+#ifdef EINTR
+                        case EINTR:
+#endif
+#ifdef EAGAIN
+                        case EAGAIN:
+#endif
+                            /* No error, try again */
+                            break;
+                        default:
+                            ret = -1;
+                            goto err;   /* failure */
+                        }
+                    }
+                }
+            numbytes = 0;
+            while (numbytes != 1)
+                {
+                num = read(fd, egdbuf, 1);
+                if (num == 0)
+                        goto err;       /* descriptor closed */
+                else if (num > 0)
+                    numbytes += num;
+                else
+                    {
+                    switch (errno)
+                        {
+#ifdef EINTR
+                        case EINTR:
+#endif
+#ifdef EAGAIN
+                        case EAGAIN:
+#endif
+                            /* No error, try again */
+                            break;
+                        default:
+                            ret = -1;
+                            goto err;   /* failure */
+                        }
+                    }
+                }
+            if(egdbuf[0] == 0)
+                goto err;
+            if (buf)
+                retrievebuf = buf + ret;
+            else
+                retrievebuf = tempbuf;
+            numbytes = 0;
+            while (numbytes != egdbuf[0])
+                {
+                num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes);
+                if (num == 0)
+                        goto err;       /* descriptor closed */
+                else if (num > 0)
+                    numbytes += num;
+                else
+                    {
+                    switch (errno)
+                        {
+#ifdef EINTR
+                        case EINTR:
+#endif
+#ifdef EAGAIN
+                        case EAGAIN:
+#endif
+                            /* No error, try again */
+                            break;
+                        default:
+                            ret = -1;
+                            goto err;   /* failure */
+                        }
+                    }
+                }
+            ret += egdbuf[0];
+            bytes -= egdbuf[0];
+            if (!buf)
+                RAND_seed(tempbuf, egdbuf[0]);
+            }
+ err:
+        if (fd != -1) close(fd);
+        return(ret);
+        }
+int RAND_egd_bytes(const char *path, int bytes)
+        {
+        int num, ret = 0;
+        num = RAND_query_egd_bytes(path, NULL, bytes);
+        if (num < 1) goto err;
+        if (RAND_status() == 1)
+            ret = num;
+ err:
+        return(ret);
+        }
+int RAND_egd(const char *path)
+        {
+        return (RAND_egd_bytes(path, 255));
+        }
+#endif
diff --git a/src/lib/libcrypto/rand/rand_err.c b/src/lib/libcrypto/rand/rand_err.c
index 386934dcd1..97f96e1aee 100644
--- a/src/lib/libcrypto/rand/rand_err.c
+++ b/src/lib/libcrypto/rand/rand_err.c
@@ -70,6 +70,7 @@
 static ERR_STRING_DATA RAND_str_functs[]=
        {
+{ERR_FUNC(RAND_F_FIPS_RAND_BYTES),      "FIPS_RAND_BYTES"},
 {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"},
 {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES),    "SSLEAY_RAND_BYTES"},
 {0,NULL}
@@ -77,7 +78,12 @@ static ERR_STRING_DATA RAND_str_functs[]=
 static ERR_STRING_DATA RAND_str_reasons[]=
        {
+{ERR_REASON(RAND_R_NON_FIPS_METHOD)      ,"non fips method"},
+{ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH),"prng asking for too much"},
+{ERR_REASON(RAND_R_PRNG_NOT_REKEYED)     ,"prng not rekeyed"},
+{ERR_REASON(RAND_R_PRNG_NOT_RESEEDED)    ,"prng not reseeded"},
 {ERR_REASON(RAND_R_PRNG_NOT_SEEDED)      ,"PRNG not seeded"},
+{ERR_REASON(RAND_R_PRNG_STUCK)           ,"prng stuck"},
 {0,NULL}
        };
@@ -85,12 +91,15 @@ static ERR_STRING_DATA RAND_str_reasons[]=
 void ERR_load_RAND_strings(void)
        {
-#ifndef OPENSSL_NO_ERR
+        static int init=1;
-        if (ERR_func_error_string(RAND_str_functs[0].error) == NULL)
+        if (init)
                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
                ERR_load_strings(0,RAND_str_functs);
                ERR_load_strings(0,RAND_str_reasons);
-                }
 #endif
+                }
        }
diff --git a/src/lib/libcrypto/rand/rand_lcl.h b/src/lib/libcrypto/rand/rand_lcl.h
new file mode 100644
index 0000000000..618a8ec899
--- /dev/null
+++ b/src/lib/libcrypto/rand/rand_lcl.h
@@ -0,0 +1,158 @@
+/* crypto/rand/rand_lcl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_RAND_LCL_H
+#define HEADER_RAND_LCL_H
+#define ENTROPY_NEEDED 32  /* require 256 bits = 32 bytes of randomness */
+#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
+#define USE_SHA1_RAND
+#elif !defined(OPENSSL_NO_MD5)
+#define USE_MD5_RAND
+#elif !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
+#define USE_MDC2_RAND
+#elif !defined(OPENSSL_NO_MD2)
+#define USE_MD2_RAND
+#else
+#error No message digest algorithm available
+#endif
+#endif
+#include <openssl/evp.h>
+#define MD_Update(a,b,c)        EVP_DigestUpdate(a,b,c)
+#define MD_Final(a,b)           EVP_DigestFinal_ex(a,b,NULL)
+#if defined(USE_MD5_RAND)
+#include <openssl/md5.h>
+#define MD_DIGEST_LENGTH        MD5_DIGEST_LENGTH
+#define MD_Init(a)              EVP_DigestInit_ex(a,EVP_md5(), NULL)
+#define MD(a,b,c)               EVP_Digest(a,b,c,NULL,EVP_md5(), NULL)
+#elif defined(USE_SHA1_RAND)
+#include <openssl/sha.h>
+#define MD_DIGEST_LENGTH        SHA_DIGEST_LENGTH
+#define MD_Init(a)              EVP_DigestInit_ex(a,EVP_sha1(), NULL)
+#define MD(a,b,c)               EVP_Digest(a,b,c,NULL,EVP_sha1(), NULL)
+#elif defined(USE_MDC2_RAND)
+#include <openssl/mdc2.h>
+#define MD_DIGEST_LENGTH        MDC2_DIGEST_LENGTH
+#define MD_Init(a)              EVP_DigestInit_ex(a,EVP_mdc2(), NULL)
+#define MD(a,b,c)               EVP_Digest(a,b,c,NULL,EVP_mdc2(), NULL)
+#elif defined(USE_MD2_RAND)
+#include <openssl/md2.h>
+#define MD_DIGEST_LENGTH        MD2_DIGEST_LENGTH
+#define MD_Init(a)              EVP_DigestInit_ex(a,EVP_md2(), NULL)
+#define MD(a,b,c)               EVP_Digest(a,b,c,NULL,EVP_md2(), NULL)
+#endif
+#endif
diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c
index 513e338985..a21bde79de 100644
--- a/src/lib/libcrypto/rand/rand_lib.c
+++ b/src/lib/libcrypto/rand/rand_lib.c
@@ -63,6 +63,8 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
+#include <openssl/fips.h>
+#include <openssl/fips_rand.h>
 #ifndef OPENSSL_NO_ENGINE
 /* non-NULL if default_RAND_meth is ENGINE-provided */
@@ -102,8 +104,22 @@ const RAND_METHOD *RAND_get_rand_method(void)
                        funct_ref = e;
                else
 #endif
-                        default_RAND_meth = RAND_SSLeay();
+#ifdef OPENSSL_FIPS
+                        if(FIPS_mode())
+                                default_RAND_meth=FIPS_rand_method();
+                        else
+#endif
+                                default_RAND_meth = RAND_SSLeay();
                }
+#ifdef OPENSSL_FIPS
+        if(FIPS_mode()
+                && default_RAND_meth != FIPS_rand_check())
+            {
+            RANDerr(RAND_F_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
+            return 0;
+            }
+#endif
        return default_RAND_meth;
        }
diff --git a/src/lib/libcrypto/rand/rand_nw.c b/src/lib/libcrypto/rand/rand_nw.c
new file mode 100644
index 0000000000..f177ffbe82
--- /dev/null
+++ b/src/lib/libcrypto/rand/rand_nw.c
@@ -0,0 +1,183 @@
+/* crypto/rand/rand_nw.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+#if defined (OPENSSL_SYS_NETWARE)
+#if defined(NETWARE_LIBC)
+#include <nks/thread.h>
+#else
+#include <nwthread.h>
+#endif
+extern int GetProcessSwitchCount(void);
+#if !defined(NETWARE_LIBC) || (CURRENT_NDK_THRESHOLD < 509220000)
+extern void *RunningProcess; /* declare here same as found in newer NDKs */
+extern unsigned long GetSuperHighResolutionTimer(void);
+#endif
+   /* the FAQ indicates we need to provide at least 20 bytes (160 bits) of seed
+   */
+int RAND_poll(void)
+{
+   unsigned long l;
+   unsigned long tsc;
+   int i; 
+      /* There are several options to gather miscellaneous data
+       * but for now we will loop checking the time stamp counter (rdtsc) and
+       * the SuperHighResolutionTimer.  Each iteration will collect 8 bytes
+       * of data but it is treated as only 1 byte of entropy.  The call to
+       * ThreadSwitchWithDelay() will introduce additional variability into
+       * the data returned by rdtsc.
+       *
+       * Applications can agument the seed material by adding additional
+       * stuff with RAND_add() and should probably do so.
+      */
+   l = GetProcessSwitchCount();
+   RAND_add(&l,sizeof(l),1);
+   
+   /* need to cast the void* to unsigned long here */
+   l = (unsigned long)RunningProcess;
+   RAND_add(&l,sizeof(l),1);
+   for( i=2; i<ENTROPY_NEEDED; i++)
+   {
+#ifdef __MWERKS__
+      asm 
+      {
+         rdtsc
+         mov tsc, eax        
+      }
+#else
+      asm volatile("rdtsc":"=A" (tsc));
+#endif
+      RAND_add(&tsc, sizeof(tsc), 1);
+      l = GetSuperHighResolutionTimer();
+      RAND_add(&l, sizeof(l), 0);
+# if defined(NETWARE_LIBC)
+      NXThreadYield();
+# else /* NETWARE_CLIB */
+      ThreadSwitchWithDelay();
+# endif
+   }
+   return 1;
+}
+#endif 
diff --git a/src/lib/libcrypto/rand/rand_os2.c b/src/lib/libcrypto/rand/rand_os2.c
new file mode 100644
index 0000000000..c3e36d4e5e
--- /dev/null
+++ b/src/lib/libcrypto/rand/rand_os2.c
@@ -0,0 +1,147 @@
+/* crypto/rand/rand_os2.c */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+#ifdef OPENSSL_SYS_OS2
+#define INCL_DOSPROCESS
+#define INCL_DOSPROFILE
+#define INCL_DOSMISC
+#define INCL_DOSMODULEMGR
+#include <os2.h>
+#define   CMD_KI_RDCNT    (0x63)
+typedef struct _CPUUTIL {
+    ULONG ulTimeLow;            /* Low 32 bits of time stamp      */
+    ULONG ulTimeHigh;           /* High 32 bits of time stamp     */
+    ULONG ulIdleLow;            /* Low 32 bits of idle time       */
+    ULONG ulIdleHigh;           /* High 32 bits of idle time      */
+    ULONG ulBusyLow;            /* Low 32 bits of busy time       */
+    ULONG ulBusyHigh;           /* High 32 bits of busy time      */
+    ULONG ulIntrLow;            /* Low 32 bits of interrupt time  */
+    ULONG ulIntrHigh;           /* High 32 bits of interrupt time */
+} CPUUTIL;
+APIRET APIENTRY(*DosPerfSysCall) (ULONG ulCommand, ULONG ulParm1, ULONG ulParm2, ULONG ulParm3) = NULL;
+APIRET APIENTRY(*DosQuerySysState) (ULONG func, ULONG arg1, ULONG pid, ULONG _res_, PVOID buf, ULONG bufsz) = NULL;
+HMODULE hDoscalls = 0;
+int RAND_poll(void)
+{
+    char failed_module[20];
+    QWORD qwTime;
+    ULONG SysVars[QSV_FOREGROUND_PROCESS];
+    if (hDoscalls == 0) {
+        ULONG rc = DosLoadModule(failed_module, sizeof(failed_module), "DOSCALLS", &hDoscalls);
+        if (rc == 0) {
+            rc = DosQueryProcAddr(hDoscalls, 976, NULL, (PFN *)&DosPerfSysCall);
+            if (rc)
+                DosPerfSysCall = NULL;
+            rc = DosQueryProcAddr(hDoscalls, 368, NULL, (PFN *)&DosQuerySysState);
+            if (rc)
+                DosQuerySysState = NULL;
+        }
+    }
+    /* Sample the hi-res timer, runs at around 1.1 MHz */
+    DosTmrQueryTime(&qwTime);
+    RAND_add(&qwTime, sizeof(qwTime), 2);
+    /* Sample a bunch of system variables, includes various process & memory statistics */
+    DosQuerySysInfo(1, QSV_FOREGROUND_PROCESS, SysVars, sizeof(SysVars));
+    RAND_add(SysVars, sizeof(SysVars), 4);
+    /* If available, sample CPU registers that count at CPU MHz
+     * Only fairly new CPUs (PPro & K6 onwards) & OS/2 versions support this
+     */
+    if (DosPerfSysCall) {
+        CPUUTIL util;
+        if (DosPerfSysCall(CMD_KI_RDCNT, (ULONG)&util, 0, 0) == 0) {
+            RAND_add(&util, sizeof(util), 10);
+        }
+        else {
+            DosPerfSysCall = NULL;
+        }
+    }
+    /* DosQuerySysState() gives us a huge quantity of process, thread, memory & handle stats */
+    if (DosQuerySysState) {
+        char *buffer = OPENSSL_malloc(256 * 1024);
+        if (DosQuerySysState(0x1F, 0, 0, 0, buffer, 256 * 1024) == 0) {
+            /* First 4 bytes in buffer is a pointer to the thread count
+             * there should be at least 1 byte of entropy per thread
+             */
+            RAND_add(buffer, 256 * 1024, **(ULONG **)buffer);
+        }
+        OPENSSL_free(buffer);
+        return 1;
+    }
+    return 0;
+}
+#endif /* OPENSSL_SYS_OS2 */
diff --git a/src/lib/libcrypto/rand/rand_unix.c b/src/lib/libcrypto/rand/rand_unix.c
new file mode 100644
index 0000000000..9376554fae
--- /dev/null
+++ b/src/lib/libcrypto/rand/rand_unix.c
@@ -0,0 +1,281 @@
+/* crypto/rand/rand_unix.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#define USE_SOCKETS
+#include "e_os.h"
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS))
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/times.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <time.h>
+#ifdef __OpenBSD__
+int RAND_poll(void)
+{
+        u_int32_t rnd = 0, i;
+        unsigned char buf[ENTROPY_NEEDED];
+        for (i = 0; i < sizeof(buf); i++) {
+                if (i % 4 == 0)
+                        rnd = arc4random();
+                buf[i] = rnd;
+                rnd >>= 8;
+        }
+        RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
+        memset(buf, 0, sizeof(buf));
+        return 1;
+}
+#else
+int RAND_poll(void)
+{
+        unsigned long l;
+        pid_t curr_pid = getpid();
+#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
+        unsigned char tmpbuf[ENTROPY_NEEDED];
+        int n = 0;
+#endif
+#ifdef DEVRANDOM
+        static const char *randomfiles[] = { DEVRANDOM };
+        struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])];
+        int fd,i;
+#endif
+#ifdef DEVRANDOM_EGD
+        static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };
+        const char **egdsocket = NULL;
+#endif
+#ifdef DEVRANDOM
+        memset(randomstats,0,sizeof(randomstats));
+        /* Use a random entropy pool device. Linux, FreeBSD and OpenBSD
+         * have this. Use /dev/urandom if you can as /dev/random may block
+         * if it runs out of random entries.  */
+        for (i=0; i<sizeof(randomfiles)/sizeof(randomfiles[0]) && n < ENTROPY_NEEDED; i++)
+                {
+                if ((fd = open(randomfiles[i], O_RDONLY
+#ifdef O_NONBLOCK
+                        |O_NONBLOCK
+#endif
+#ifdef O_BINARY
+                        |O_BINARY
+#endif
+#ifdef O_NOCTTY /* If it happens to be a TTY (god forbid), do not make it
+                   our controlling tty */
+                        |O_NOCTTY
+#endif
+                        )) >= 0)
+                        {
+                        struct timeval t = { 0, 10*1000 }; /* Spend 10ms on
+                                                              each file. */
+                        int r,j;
+                        fd_set fset;
+                        struct stat *st=&randomstats[i];
+                        /* Avoid using same input... Used to be O_NOFOLLOW
+                         * above, but it's not universally appropriate... */
+                        if (fstat(fd,st) != 0)  { close(fd); continue; }
+                        for (j=0;j<i;j++)
+                                {
+                                if (randomstats[j].st_ino==st->st_ino &&
+                                    randomstats[j].st_dev==st->st_dev)
+                                        break;
+                                }
+                        if (j<i)                { close(fd); continue; }
+                        do
+                                {
+                                FD_ZERO(&fset);
+                                FD_SET(fd, &fset);
+                                r = -1;
+                                if (select(fd+1,&fset,NULL,NULL,&t) < 0)
+                                        t.tv_usec=0;
+                                else if (FD_ISSET(fd, &fset))
+                                        {
+                                        r=read(fd,(unsigned char *)tmpbuf+n,
+                                               ENTROPY_NEEDED-n);
+                                        if (r > 0)
+                                                n += r;
+                                        }
+                                /* Some Unixen will update t, some
+                                   won't.  For those who won't, give
+                                   up here, otherwise, we will do
+                                   this once again for the remaining
+                                   time. */
+                                if (t.tv_usec == 10*1000)
+                                        t.tv_usec=0;
+                                }
+                        while ((r > 0 || (errno == EINTR || errno == EAGAIN))
+                                && t.tv_usec != 0 && n < ENTROPY_NEEDED);
+                        close(fd);
+                        }
+                }
+#endif
+#ifdef DEVRANDOM_EGD
+        /* Use an EGD socket to read entropy from an EGD or PRNGD entropy
+         * collecting daemon. */
+        for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED; egdsocket++)
+                {
+                int r;
+                r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf+n,
+                                         ENTROPY_NEEDED-n);
+                if (r > 0)
+                        n += r;
+                }
+#endif
+#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
+        if (n > 0)
+                {
+                RAND_add(tmpbuf,sizeof tmpbuf,n);
+                OPENSSL_cleanse(tmpbuf,n);
+                }
+#endif
+        /* put in some default random data, we need more than just this */
+        l=curr_pid;
+        RAND_add(&l,sizeof(l),0);
+        l=getuid();
+        RAND_add(&l,sizeof(l),0);
+        l=time(NULL);
+        RAND_add(&l,sizeof(l),0);
+#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
+        return 1;
+#else
+        return 0;
+#endif
+}
+#endif
+#endif
+#if defined(OPENSSL_SYS_VXWORKS)
+int RAND_poll(void)
+{
+    return 0;
+}
+#endif
diff --git a/src/lib/libcrypto/rand/rand_vms.c b/src/lib/libcrypto/rand/rand_vms.c
new file mode 100644
index 0000000000..1267a3acae
--- /dev/null
+++ b/src/lib/libcrypto/rand/rand_vms.c
@@ -0,0 +1,136 @@
+/* crypto/rand/rand_vms.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+#if defined(OPENSSL_SYS_VMS)
+#include <descrip.h>
+#include <jpidef.h>
+#include <ssdef.h>
+#include <starlet.h>
+#ifdef __DECC
+# pragma message disable DOLLARID
+#endif
+static struct items_data_st
+        {
+        short length, code;     /* length is amount of bytes */
+        } items_data[] =
+                { { 4, JPI$_BUFIO },
+                  { 4, JPI$_CPUTIM },
+                  { 4, JPI$_DIRIO },
+                  { 8, JPI$_LOGINTIM },
+                  { 4, JPI$_PAGEFLTS },
+                  { 4, JPI$_PID },
+                  { 4, JPI$_WSSIZE },
+                  { 0, 0 }
+                };
+                  
+int RAND_poll(void)
+        {
+        long pid, iosb[2];
+        int status = 0;
+        struct
+                {
+                short length, code;
+                long *buffer;
+                int *retlen;
+                } item[32], *pitem;
+        unsigned char data_buffer[256];
+        short total_length = 0;
+        struct items_data_st *pitems_data;
+        pitems_data = items_data;
+        pitem = item;
+        /* Setup */
+        while (pitems_data->length
+                && (total_length + pitems_data->length <= 256))
+                {
+                pitem->length = pitems_data->length;
+                pitem->code = pitems_data->code;
+                pitem->buffer = (long *)&data_buffer[total_length];
+                pitem->retlen = 0;
+                total_length += pitems_data->length;
+                pitems_data++;
+                pitem++;
+                }
+        pitem->length = pitem->code = 0;
+        /*
+         * Scan through all the processes in the system and add entropy with
+         * results from the processes that were possible to look at.
+         * However, view the information as only half trustable.
+         */
+        pid = -1;                       /* search context */
+        while ((status = sys$getjpiw(0, &pid,  0, item, iosb, 0, 0))
+                != SS$_NOMOREPROC)
+                {
+                if (status == SS$_NORMAL)
+                        {
+                        RAND_add(data_buffer, total_length, total_length/2);
+                        }
+                }
+        sys$gettim(iosb);
+        RAND_add((unsigned char *)iosb, sizeof(iosb), sizeof(iosb)/2);
+        return 1;
+}
+#endif
diff --git a/src/lib/libcrypto/rand/rand_win.c b/src/lib/libcrypto/rand/rand_win.c
new file mode 100644
index 0000000000..30c69161ef
--- /dev/null
+++ b/src/lib/libcrypto/rand/rand_win.c
@@ -0,0 +1,747 @@
+/* crypto/rand/rand_win.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+#include <windows.h>
+#ifndef _WIN32_WINNT
+# define _WIN32_WINNT 0x0400
+#endif
+#include <wincrypt.h>
+#include <tlhelp32.h>
+/* Intel hardware RNG CSP -- available from
+ * http://developer.intel.com/design/security/rng/redist_license.htm
+ */
+#define PROV_INTEL_SEC 22
+#define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
+static void readtimer(void);
+static void readscreen(void);
+/* It appears like CURSORINFO, PCURSORINFO and LPCURSORINFO are only defined
+   when WINVER is 0x0500 and up, which currently only happens on Win2000.
+   Unfortunately, those are typedefs, so they're a little bit difficult to
+   detect properly.  On the other hand, the macro CURSOR_SHOWING is defined
+   within the same conditional, so it can be use to detect the absence of said
+   typedefs. */
+#ifndef CURSOR_SHOWING
+/*
+ * Information about the global cursor.
+ */
+typedef struct tagCURSORINFO
+{
+    DWORD   cbSize;
+    DWORD   flags;
+    HCURSOR hCursor;
+    POINT   ptScreenPos;
+} CURSORINFO, *PCURSORINFO, *LPCURSORINFO;
+#define CURSOR_SHOWING     0x00000001
+#endif /* CURSOR_SHOWING */
+typedef BOOL (WINAPI *CRYPTACQUIRECONTEXTW)(HCRYPTPROV *, LPCWSTR, LPCWSTR,
+                                    DWORD, DWORD);
+typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV, DWORD, BYTE *);
+typedef BOOL (WINAPI *CRYPTRELEASECONTEXT)(HCRYPTPROV, DWORD);
+typedef HWND (WINAPI *GETFOREGROUNDWINDOW)(VOID);
+typedef BOOL (WINAPI *GETCURSORINFO)(PCURSORINFO);
+typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT);
+typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD);
+typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE);
+typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD);
+typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32);
+typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32);
+typedef BOOL (WINAPI *PROCESS32)(HANDLE, LPPROCESSENTRY32);
+typedef BOOL (WINAPI *THREAD32)(HANDLE, LPTHREADENTRY32);
+typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32);
+#include <lmcons.h>
+#ifndef OPENSSL_SYS_WINCE
+#include <lmstats.h>
+#endif
+#if 1 /* The NET API is Unicode only.  It requires the use of the UNICODE
+       * macro.  When UNICODE is defined LPTSTR becomes LPWSTR.  LMSTR was
+       * was added to the Platform SDK to allow the NET API to be used in
+       * non-Unicode applications provided that Unicode strings were still
+       * used for input.  LMSTR is defined as LPWSTR.
+       */
+typedef NET_API_STATUS (NET_API_FUNCTION * NETSTATGET)
+        (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*);
+typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE);
+#endif /* 1 */
+int RAND_poll(void)
+{
+        MEMORYSTATUS m;
+        HCRYPTPROV hProvider = 0;
+        BYTE buf[64];
+        DWORD w;
+        HWND h;
+        HMODULE advapi, kernel, user, netapi;
+        CRYPTACQUIRECONTEXTW acquire = 0;
+        CRYPTGENRANDOM gen = 0;
+        CRYPTRELEASECONTEXT release = 0;
+#if 1 /* There was previously a problem with NETSTATGET.  Currently, this
+       * section is still experimental, but if all goes well, this conditional
+       * will be removed
+       */
+        NETSTATGET netstatget = 0;
+        NETFREE netfree = 0;
+#endif /* 1 */
+        /* Determine the OS version we are on so we can turn off things 
+         * that do not work properly.
+         */
+        OSVERSIONINFO osverinfo ;
+        osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ;
+        GetVersionEx( &osverinfo ) ;
+#if defined(OPENSSL_SYS_WINCE) && WCEPLATFORM!=MS_HPC_PRO
+#ifndef CryptAcquireContext
+#define CryptAcquireContext CryptAcquireContextW
+#endif
+        /* poll the CryptoAPI PRNG */
+        /* The CryptoAPI returns sizeof(buf) bytes of randomness */
+        if (CryptAcquireContext(&hProvider, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT))
+                {
+                if (CryptGenRandom(hProvider, sizeof(buf), buf))
+                        RAND_add(buf, sizeof(buf), sizeof(buf));
+                CryptReleaseContext(hProvider, 0); 
+                }
+#endif
+#ifndef OPENSSL_SYS_WINCE
+        /*
+         * None of below libraries are present on Windows CE, which is
+         * why we #ifndef the whole section. This also excuses us from
+         * handling the GetProcAddress issue. The trouble is that in
+         * real Win32 API GetProcAddress is available in ANSI flavor
+         * only. In WinCE on the other hand GetProcAddress is a macro
+         * most commonly defined as GetProcAddressW, which accepts
+         * Unicode argument. If we were to call GetProcAddress under
+         * WinCE, I'd recommend to either redefine GetProcAddress as
+         * GetProcAddressA (there seem to be one in common CE spec) or
+         * implement own shim routine, which would accept ANSI argument
+         * and expand it to Unicode.
+         */
+        /* load functions dynamically - not available on all systems */
+        advapi = LoadLibrary(TEXT("ADVAPI32.DLL"));
+        kernel = LoadLibrary(TEXT("KERNEL32.DLL"));
+        user = LoadLibrary(TEXT("USER32.DLL"));
+        netapi = LoadLibrary(TEXT("NETAPI32.DLL"));
+#if 1 /* There was previously a problem with NETSTATGET.  Currently, this
+       * section is still experimental, but if all goes well, this conditional
+       * will be removed
+       */
+        if (netapi)
+                {
+                netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet");
+                netfree = (NETFREE) GetProcAddress(netapi,"NetApiBufferFree");
+                }
+        if (netstatget && netfree)
+                {
+                LPBYTE outbuf;
+                /* NetStatisticsGet() is a Unicode only function
+                 * STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0
+                 * contains 17 fields.  We treat each field as a source of
+                 * one byte of entropy.
+                 */
+                if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0)
+                        {
+                        RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45);
+                        netfree(outbuf);
+                        }
+                if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0)
+                        {
+                        RAND_add(outbuf, sizeof(STAT_SERVER_0), 17);
+                        netfree(outbuf);
+                        }
+                }
+        if (netapi)
+                FreeLibrary(netapi);
+#endif /* 1 */
+        /* It appears like this can cause an exception deep within ADVAPI32.DLL
+         * at random times on Windows 2000.  Reported by Jeffrey Altman.  
+         * Only use it on NT.
+         */
+        /* Wolfgang Marczy <WMarczy@topcall.co.at> reports that
+         * the RegQueryValueEx call below can hang on NT4.0 (SP6).
+         * So we don't use this at all for now. */
+#if 0
+        if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
+                osverinfo.dwMajorVersion < 5)
+                {
+                /* Read Performance Statistics from NT/2000 registry
+                 * The size of the performance data can vary from call
+                 * to call so we must guess the size of the buffer to use
+                 * and increase its size if we get an ERROR_MORE_DATA
+                 * return instead of ERROR_SUCCESS.
+                 */
+                LONG   rc=ERROR_MORE_DATA;
+                char * buf=NULL;
+                DWORD bufsz=0;
+                DWORD length;
+                while (rc == ERROR_MORE_DATA)
+                        {
+                        buf = realloc(buf,bufsz+8192);
+                        if (!buf)
+                                break;
+                        bufsz += 8192;
+                        length = bufsz;
+                        rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, TEXT("Global"),
+                                NULL, NULL, buf, &length);
+                        }
+                if (rc == ERROR_SUCCESS)
+                        {
+                        /* For entropy count assume only least significant
+                         * byte of each DWORD is random.
+                         */
+                        RAND_add(&length, sizeof(length), 0);
+                        RAND_add(buf, length, length / 4.0);
+                        /* Close the Registry Key to allow Windows to cleanup/close
+                         * the open handle
+                         * Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened
+                         *       when the RegQueryValueEx above is done.  However, if
+                         *       it is not explicitly closed, it can cause disk
+                         *       partition manipulation problems.
+                         */
+                        RegCloseKey(HKEY_PERFORMANCE_DATA);
+                        }
+                if (buf)
+                        free(buf);
+                }
+#endif
+        if (advapi)
+                {
+                /*
+                 * If it's available, then it's available in both ANSI
+                 * and UNICODE flavors even in Win9x, documentation says.
+                 * We favor Unicode...
+                 */
+                acquire = (CRYPTACQUIRECONTEXTW) GetProcAddress(advapi,
+                        "CryptAcquireContextW");
+                gen = (CRYPTGENRANDOM) GetProcAddress(advapi,
+                        "CryptGenRandom");
+                release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi,
+                        "CryptReleaseContext");
+                }
+        if (acquire && gen && release)
+                {
+                /* poll the CryptoAPI PRNG */
+                /* The CryptoAPI returns sizeof(buf) bytes of randomness */
+                if (acquire(&hProvider, 0, 0, PROV_RSA_FULL,
+                        CRYPT_VERIFYCONTEXT))
+                        {
+                        if (gen(hProvider, sizeof(buf), buf) != 0)
+                                {
+                                RAND_add(buf, sizeof(buf), 0);
+#if 0
+                                printf("randomness from PROV_RSA_FULL\n");
+#endif
+                                }
+                        release(hProvider, 0); 
+                        }
+                
+                /* poll the Pentium PRG with CryptoAPI */
+                if (acquire(&hProvider, 0, INTEL_DEF_PROV, PROV_INTEL_SEC, 0))
+                        {
+                        if (gen(hProvider, sizeof(buf), buf) != 0)
+                                {
+                                RAND_add(buf, sizeof(buf), sizeof(buf));
+#if 0
+                                printf("randomness from PROV_INTEL_SEC\n");
+#endif
+                                }
+                        release(hProvider, 0);
+                        }
+                }
+        if (advapi)
+                FreeLibrary(advapi);
+        if (user)
+                {
+                GETCURSORINFO cursor;
+                GETFOREGROUNDWINDOW win;
+                GETQUEUESTATUS queue;
+                win = (GETFOREGROUNDWINDOW) GetProcAddress(user, "GetForegroundWindow");
+                cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo");
+                queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus");
+                if (win)
+                        {
+                        /* window handle */
+                        h = win();
+                        RAND_add(&h, sizeof(h), 0);
+                        }
+                if (cursor)
+                        {
+                        /* unfortunately, its not safe to call GetCursorInfo()
+                         * on NT4 even though it exists in SP3 (or SP6) and
+                         * higher.
+                         */
+                        if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
+                                osverinfo.dwMajorVersion < 5)
+                                cursor = 0;
+                        }
+                if (cursor)
+                        {
+                        /* cursor position */
+                        /* assume 2 bytes of entropy */
+                        CURSORINFO ci;
+                        ci.cbSize = sizeof(CURSORINFO);
+                        if (cursor(&ci))
+                                RAND_add(&ci, ci.cbSize, 2);
+                        }
+                if (queue)
+                        {
+                        /* message queue status */
+                        /* assume 1 byte of entropy */
+                        w = queue(QS_ALLEVENTS);
+                        RAND_add(&w, sizeof(w), 1);
+                        }
+                FreeLibrary(user);
+                }
+        /* Toolhelp32 snapshot: enumerate processes, threads, modules and heap
+         * http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm
+         * (Win 9x and 2000 only, not available on NT)
+         *
+         * This seeding method was proposed in Peter Gutmann, Software
+         * Generation of Practically Strong Random Numbers,
+         * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html
+         * revised version at http://www.cryptoengines.com/~peter/06_random.pdf
+         * (The assignment of entropy estimates below is arbitrary, but based
+         * on Peter's analysis the full poll appears to be safe. Additional
+         * interactive seeding is encouraged.)
+         */
+        if (kernel)
+                {
+                CREATETOOLHELP32SNAPSHOT snap;
+                CLOSETOOLHELP32SNAPSHOT close_snap;
+                HANDLE handle;
+                HEAP32FIRST heap_first;
+                HEAP32NEXT heap_next;
+                HEAP32LIST heaplist_first, heaplist_next;
+                PROCESS32 process_first, process_next;
+                THREAD32 thread_first, thread_next;
+                MODULE32 module_first, module_next;
+                HEAPLIST32 hlist;
+                HEAPENTRY32 hentry;
+                PROCESSENTRY32 p;
+                THREADENTRY32 t;
+                MODULEENTRY32 m;
+                snap = (CREATETOOLHELP32SNAPSHOT)
+                        GetProcAddress(kernel, "CreateToolhelp32Snapshot");
+                close_snap = (CLOSETOOLHELP32SNAPSHOT)
+                        GetProcAddress(kernel, "CloseToolhelp32Snapshot");
+                heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First");
+                heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next");
+                heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst");
+                heaplist_next = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext");
+                process_first = (PROCESS32) GetProcAddress(kernel, "Process32First");
+                process_next = (PROCESS32) GetProcAddress(kernel, "Process32Next");
+                thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First");
+                thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next");
+                module_first = (MODULE32) GetProcAddress(kernel, "Module32First");
+                module_next = (MODULE32) GetProcAddress(kernel, "Module32Next");
+                if (snap && heap_first && heap_next && heaplist_first &&
+                        heaplist_next && process_first && process_next &&
+                        thread_first && thread_next && module_first &&
+                        module_next && (handle = snap(TH32CS_SNAPALL,0))
+                        != INVALID_HANDLE_VALUE)
+                        {
+                        /* heap list and heap walking */
+                        /* HEAPLIST32 contains 3 fields that will change with
+                         * each entry.  Consider each field a source of 1 byte
+                         * of entropy.
+                         * HEAPENTRY32 contains 5 fields that will change with 
+                         * each entry.  Consider each field a source of 1 byte
+                         * of entropy.
+                         */
+                        hlist.dwSize = sizeof(HEAPLIST32);              
+                        if (heaplist_first(handle, &hlist))
+                                do
+                                        {
+                                        RAND_add(&hlist, hlist.dwSize, 3);
+                                        hentry.dwSize = sizeof(HEAPENTRY32);
+                                        if (heap_first(&hentry,
+                                                hlist.th32ProcessID,
+                                                hlist.th32HeapID))
+                                                {
+                                                int entrycnt = 80;
+                                                do
+                                                        RAND_add(&hentry,
+                                                                hentry.dwSize, 5);
+                                                while (heap_next(&hentry)
+                                                        && --entrycnt > 0);
+                                                }
+                                        } while (heaplist_next(handle,
+                                                &hlist));
+                        
+                        /* process walking */
+                        /* PROCESSENTRY32 contains 9 fields that will change
+                         * with each entry.  Consider each field a source of
+                         * 1 byte of entropy.
+                         */
+                        p.dwSize = sizeof(PROCESSENTRY32);
+                        if (process_first(handle, &p))
+                                do
+                                        RAND_add(&p, p.dwSize, 9);
+                                while (process_next(handle, &p));
+                        /* thread walking */
+                        /* THREADENTRY32 contains 6 fields that will change
+                         * with each entry.  Consider each field a source of
+                         * 1 byte of entropy.
+                         */
+                        t.dwSize = sizeof(THREADENTRY32);
+                        if (thread_first(handle, &t))
+                                do
+                                        RAND_add(&t, t.dwSize, 6);
+                                while (thread_next(handle, &t));
+                        /* module walking */
+                        /* MODULEENTRY32 contains 9 fields that will change
+                         * with each entry.  Consider each field a source of
+                         * 1 byte of entropy.
+                         */
+                        m.dwSize = sizeof(MODULEENTRY32);
+                        if (module_first(handle, &m))
+                                do
+                                        RAND_add(&m, m.dwSize, 9);
+                                while (module_next(handle, &m));
+                        if (close_snap)
+                                close_snap(handle);
+                        else
+                                CloseHandle(handle);
+                        }
+                FreeLibrary(kernel);
+                }
+#endif /* !OPENSSL_SYS_WINCE */
+        /* timer data */
+        readtimer();
+        
+        /* memory usage statistics */
+        GlobalMemoryStatus(&m);
+        RAND_add(&m, sizeof(m), 1);
+        /* process ID */
+        w = GetCurrentProcessId();
+        RAND_add(&w, sizeof(w), 1);
+#if 0
+        printf("Exiting RAND_poll\n");
+#endif
+        return(1);
+}
+int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
+        {
+        double add_entropy=0;
+        switch (iMsg)
+                {
+        case WM_KEYDOWN:
+                        {
+                        static WPARAM key;
+                        if (key != wParam)
+                                add_entropy = 0.05;
+                        key = wParam;
+                        }
+                        break;
+        case WM_MOUSEMOVE:
+                        {
+                        static int lastx,lasty,lastdx,lastdy;
+                        int x,y,dx,dy;
+                        x=LOWORD(lParam);
+                        y=HIWORD(lParam);
+                        dx=lastx-x;
+                        dy=lasty-y;
+                        if (dx != 0 && dy != 0 && dx-lastdx != 0 && dy-lastdy != 0)
+                                add_entropy=.2;
+                        lastx=x, lasty=y;
+                        lastdx=dx, lastdy=dy;
+                        }
+                break;
+                }
+        readtimer();
+        RAND_add(&iMsg, sizeof(iMsg), add_entropy);
+        RAND_add(&wParam, sizeof(wParam), 0);
+        RAND_add(&lParam, sizeof(lParam), 0);
+ 
+        return (RAND_status());
+        }
+void RAND_screen(void) /* function available for backward compatibility */
+{
+        RAND_poll();
+        readscreen();
+}
+/* feed timing information to the PRNG */
+static void readtimer(void)
+{
+        DWORD w;
+        LARGE_INTEGER l;
+        static int have_perfc = 1;
+#if defined(_MSC_VER) && defined(_M_X86)
+        static int have_tsc = 1;
+        DWORD cyclecount;
+        if (have_tsc) {
+          __try {
+            __asm {
+              _emit 0x0f
+              _emit 0x31
+              mov cyclecount, eax
+              }
+            RAND_add(&cyclecount, sizeof(cyclecount), 1);
+          } __except(EXCEPTION_EXECUTE_HANDLER) {
+            have_tsc = 0;
+          }
+        }
+#else
+# define have_tsc 0
+#endif
+        if (have_perfc) {
+          if (QueryPerformanceCounter(&l) == 0)
+            have_perfc = 0;
+          else
+            RAND_add(&l, sizeof(l), 0);
+        }
+        if (!have_tsc && !have_perfc) {
+          w = GetTickCount();
+          RAND_add(&w, sizeof(w), 0);
+        }
+}
+/* feed screen contents to PRNG */
+/*****************************************************************************
+ *
+ * Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V.
+ *
+ * Code adapted from
+ * <URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];97193>;
+ * the original copyright message is:
+ *
+ *   (C) Copyright Microsoft Corp. 1993.  All rights reserved.
+ *
+ *   You have a royalty-free right to use, modify, reproduce and
+ *   distribute the Sample Files (and/or any modified version) in
+ *   any way you find useful, provided that you agree that
+ *   Microsoft has no warranty obligations or liability for any
+ *   Sample Application Files which are modified.
+ */
+static void readscreen(void)
+{
+#if !defined(OPENSSL_SYS_WINCE) && !defined(OPENSSL_SYS_WIN32_CYGWIN)
+  HDC           hScrDC;         /* screen DC */
+  HDC           hMemDC;         /* memory DC */
+  HBITMAP       hBitmap;        /* handle for our bitmap */
+  HBITMAP       hOldBitmap;     /* handle for previous bitmap */
+  BITMAP        bm;             /* bitmap properties */
+  unsigned int  size;           /* size of bitmap */
+  char          *bmbits;        /* contents of bitmap */
+  int           w;              /* screen width */
+  int           h;              /* screen height */
+  int           y;              /* y-coordinate of screen lines to grab */
+  int           n = 16;         /* number of screen lines to grab at a time */
+  /* Create a screen DC and a memory DC compatible to screen DC */
+  hScrDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL);
+  hMemDC = CreateCompatibleDC(hScrDC);
+  /* Get screen resolution */
+  w = GetDeviceCaps(hScrDC, HORZRES);
+  h = GetDeviceCaps(hScrDC, VERTRES);
+  /* Create a bitmap compatible with the screen DC */
+  hBitmap = CreateCompatibleBitmap(hScrDC, w, n);
+  /* Select new bitmap into memory DC */
+  hOldBitmap = SelectObject(hMemDC, hBitmap);
+  /* Get bitmap properties */
+  GetObject(hBitmap, sizeof(BITMAP), (LPSTR)&bm);
+  size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes;
+  bmbits = OPENSSL_malloc(size);
+  if (bmbits) {
+    /* Now go through the whole screen, repeatedly grabbing n lines */
+    for (y = 0; y < h-n; y += n)
+        {
+        unsigned char md[MD_DIGEST_LENGTH];
+        /* Bitblt screen DC to memory DC */
+        BitBlt(hMemDC, 0, 0, w, n, hScrDC, 0, y, SRCCOPY);
+        /* Copy bitmap bits from memory DC to bmbits */
+        GetBitmapBits(hBitmap, size, bmbits);
+        /* Get the hash of the bitmap */
+        MD(bmbits,size,md);
+        /* Seed the random generator with the hash value */
+        RAND_add(md, MD_DIGEST_LENGTH, 0);
+        }
+    OPENSSL_free(bmbits);
+  }
+  /* Select old bitmap back into memory DC */
+  hBitmap = SelectObject(hMemDC, hOldBitmap);
+  /* Clean up */
+  DeleteObject(hBitmap);
+  DeleteDC(hMemDC);
+  DeleteDC(hScrDC);
+#endif /* !OPENSSL_SYS_WINCE */
+}
+#endif
diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c
index 6c0ec9a41c..d847d8ebdf 100644
--- a/src/lib/libcrypto/rand/randfile.c
+++ b/src/lib/libcrypto/rand/randfile.c
@@ -102,8 +102,10 @@ int RAND_load_file(const char *file, long bytes)
        if (file == NULL) return(0);
-        if (stat(file,&sb) < 0) return(0);
+        i=stat(file,&sb);
-        RAND_add(&sb,sizeof(sb),0.0);
+        /* If the state fails, put some crap in anyway */
+        RAND_add(&sb,sizeof(sb),0);
+        if (i < 0) return(0);
        if (bytes == 0) return(ret);
        in=fopen(file,"rb");
@@ -126,12 +128,8 @@ int RAND_load_file(const char *file, long bytes)
                        n = BUFSIZE;
                i=fread(buf,1,n,in);
                if (i <= 0) break;
-#ifdef PURIFY
-                RAND_add(buf,i,(double)i);
-#else
                /* even if n != i, use the full array */
-                RAND_add(buf,n,(double)i);
+                RAND_add(buf,n,i);
-#endif
                ret+=i;
                if (bytes > 0)
                        {
@@ -235,7 +233,7 @@ const char *RAND_file_name(char *buf, size_t size)
        struct stat sb;
 #endif
-        if (OPENSSL_issetugid() == 0)
+        if (issetugid() == 0)
                s=getenv("RANDFILE");
        if (s != NULL && *s && strlen(s) + 1 < size)
                {
@@ -244,7 +242,7 @@ const char *RAND_file_name(char *buf, size_t size)
                }
        else
                {
-                if (OPENSSL_issetugid() == 0)
+                if (issetugid() == 0)
                        s=getenv("HOME");
 #ifdef DEFAULT_HOME
                if (s == NULL)
diff --git a/src/lib/libcrypto/rand/randtest.c b/src/lib/libcrypto/rand/randtest.c
new file mode 100644
index 0000000000..701932e6ee
--- /dev/null
+++ b/src/lib/libcrypto/rand/randtest.c
@@ -0,0 +1,216 @@
+/* crypto/rand/randtest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/rand.h>
+#include "../e_os.h"
+/* some FIPS 140-1 random number test */
+/* some simple tests */
+int main()
+        {
+        unsigned char buf[2500];
+        int i,j,k,s,sign,nsign,err=0;
+        unsigned long n1;
+        unsigned long n2[16];
+        unsigned long runs[2][34];
+        /*double d; */
+        long d;
+        i = RAND_pseudo_bytes(buf,2500);
+        if (i < 0)
+                {
+                printf ("init failed, the rand method is not properly installed\n");
+                err++;
+                goto err;
+                }
+        n1=0;
+        for (i=0; i<16; i++) n2[i]=0;
+        for (i=0; i<34; i++) runs[0][i]=runs[1][i]=0;
+        /* test 1 and 2 */
+        sign=0;
+        nsign=0;
+        for (i=0; i<2500; i++)
+                {
+                j=buf[i];
+                n2[j&0x0f]++;
+                n2[(j>>4)&0x0f]++;
+                for (k=0; k<8; k++)
+                        {
+                        s=(j&0x01);
+                        if (s == sign)
+                                nsign++;
+                        else
+                                {
+                                if (nsign > 34) nsign=34;
+                                if (nsign != 0)
+                                        {
+                                        runs[sign][nsign-1]++;
+                                        if (nsign > 6)
+                                                runs[sign][5]++;
+                                        }
+                                sign=s;
+                                nsign=1;
+                                }
+                        if (s) n1++;
+                        j>>=1;
+                        }
+                }
+                if (nsign > 34) nsign=34;
+                if (nsign != 0) runs[sign][nsign-1]++;
+        /* test 1 */
+        if (!((9654 < n1) && (n1 < 10346)))
+                {
+                printf("test 1 failed, X=%lu\n",n1);
+                err++;
+                }
+        printf("test 1 done\n");
+        /* test 2 */
+#ifdef undef
+        d=0;
+        for (i=0; i<16; i++)
+                d+=n2[i]*n2[i];
+        d=d*16.0/5000.0-5000.0;
+        if (!((1.03 < d) && (d < 57.4)))
+                {
+                printf("test 2 failed, X=%.2f\n",d);
+                err++;
+                }
+#endif
+        d=0;
+        for (i=0; i<16; i++)
+                d+=n2[i]*n2[i];
+        d=(d*8)/25-500000;
+        if (!((103 < d) && (d < 5740)))
+                {
+                printf("test 2 failed, X=%ld.%02ld\n",d/100L,d%100L);
+                err++;
+                }
+        printf("test 2 done\n");
+        /* test 3 */
+        for (i=0; i<2; i++)
+                {
+                if (!((2267 < runs[i][0]) && (runs[i][0] < 2733)))
+                        {
+                        printf("test 3 failed, bit=%d run=%d num=%lu\n",
+                                i,1,runs[i][0]);
+                        err++;
+                        }
+                if (!((1079 < runs[i][1]) && (runs[i][1] < 1421)))
+                        {
+                        printf("test 3 failed, bit=%d run=%d num=%lu\n",
+                                i,2,runs[i][1]);
+                        err++;
+                        }
+                if (!(( 502 < runs[i][2]) && (runs[i][2] <  748)))
+                        {
+                        printf("test 3 failed, bit=%d run=%d num=%lu\n",
+                                i,3,runs[i][2]);
+                        err++;
+                        }
+                if (!(( 223 < runs[i][3]) && (runs[i][3] <  402)))
+                        {
+                        printf("test 3 failed, bit=%d run=%d num=%lu\n",
+                                i,4,runs[i][3]);
+                        err++;
+                        }
+                if (!((  90 < runs[i][4]) && (runs[i][4] <  223)))
+                        {
+                        printf("test 3 failed, bit=%d run=%d num=%lu\n",
+                                i,5,runs[i][4]);
+                        err++;
+                        }
+                if (!((  90 < runs[i][5]) && (runs[i][5] <  223)))
+                        {
+                        printf("test 3 failed, bit=%d run=%d num=%lu\n",
+                                i,6,runs[i][5]);
+                        err++;
+                        }
+                }
+        printf("test 3 done\n");
+        
+        /* test 4 */
+        if (runs[0][33] != 0)
+                {
+                printf("test 4 failed, bit=%d run=%d num=%lu\n",
+                        0,34,runs[0][33]);
+                err++;
+                }
+        if (runs[1][33] != 0)
+                {
+                printf("test 4 failed, bit=%d run=%d num=%lu\n",
+                        1,34,runs[1][33]);
+                err++;
+                }
+        printf("test 4 done\n");
+ err:
+        err=((err)?1:0);
+        EXIT(err);
+        return(err);
+        }
diff --git a/src/lib/libcrypto/rc2/Makefile b/src/lib/libcrypto/rc2/Makefile
new file mode 100644
index 0000000000..73eac347e7
--- /dev/null
+++ b/src/lib/libcrypto/rc2/Makefile
@@ -0,0 +1,86 @@
+#
+# OpenSSL/crypto/rc2/Makefile
+#
+DIR=    rc2
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=rc2test.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
+LIBOBJ=rc2_ecb.o rc2_skey.o rc2_cbc.o rc2cfb64.o rc2ofb64.o
+SRC= $(LIBSRC)
+EXHEADER= rc2.h
+HEADER= rc2_locl.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+rc2_cbc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2_cbc.o: rc2_cbc.c rc2_locl.h
+rc2_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rc2_ecb.o: ../../include/openssl/rc2.h rc2_ecb.c rc2_locl.h
+rc2_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2_skey.o: rc2_locl.h rc2_skey.c
+rc2cfb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2cfb64.o: rc2_locl.h rc2cfb64.c
+rc2ofb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2ofb64.o: rc2_locl.h rc2ofb64.c
diff --git a/src/lib/libcrypto/rc2/Makefile.ssl b/src/lib/libcrypto/rc2/Makefile.ssl
new file mode 100644
index 0000000000..98d5960d5d
--- /dev/null
+++ b/src/lib/libcrypto/rc2/Makefile.ssl
@@ -0,0 +1,91 @@
+#
+# SSLeay/crypto/rc2/Makefile
+#
+DIR=    rc2
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=rc2test.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
+LIBOBJ=rc2_ecb.o rc2_skey.o rc2_cbc.o rc2cfb64.o rc2ofb64.o
+SRC= $(LIBSRC)
+EXHEADER= rc2.h
+HEADER= rc2_locl.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+rc2_cbc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2_cbc.o: rc2_cbc.c rc2_locl.h
+rc2_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rc2_ecb.o: ../../include/openssl/rc2.h rc2_ecb.c rc2_locl.h
+rc2_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2_skey.o: rc2_locl.h rc2_skey.c
+rc2cfb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2cfb64.o: rc2_locl.h rc2cfb64.c
+rc2ofb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2ofb64.o: rc2_locl.h rc2ofb64.c
diff --git a/src/lib/libcrypto/rc2/rc2.h b/src/lib/libcrypto/rc2/rc2.h
index 34c8362317..71788158d8 100644
--- a/src/lib/libcrypto/rc2/rc2.h
+++ b/src/lib/libcrypto/rc2/rc2.h
@@ -59,7 +59,6 @@
 #ifndef HEADER_RC2_H
 #define HEADER_RC2_H
-#include <openssl/opensslconf.h> /* OPENSSL_NO_RC2, RC2_INT */
 #ifdef OPENSSL_NO_RC2
 #error RC2 is disabled.
 #endif
@@ -67,6 +66,7 @@
 #define RC2_ENCRYPT     1
 #define RC2_DECRYPT     0
+#include <openssl/opensslconf.h> /* RC2_INT */
 #define RC2_BLOCK       8
 #define RC2_KEY_LENGTH  16
@@ -79,7 +79,10 @@ typedef struct rc2_key_st
        RC2_INT data[64];
        } RC2_KEY;
- 
+#ifdef OPENSSL_FIPS 
+void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,
+                                                                int bits);
+#endif
 void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
 void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key,
                     int enc);
diff --git a/src/lib/libcrypto/rc2/rc2_ecb.c b/src/lib/libcrypto/rc2/rc2_ecb.c
index fff86c7af8..d3e8c2718a 100644
--- a/src/lib/libcrypto/rc2/rc2_ecb.c
+++ b/src/lib/libcrypto/rc2/rc2_ecb.c
@@ -60,7 +60,7 @@
 #include "rc2_locl.h"
 #include <openssl/opensslv.h>
-const char RC2_version[]="RC2" OPENSSL_VERSION_PTEXT;
+const char *RC2_version="RC2" OPENSSL_VERSION_PTEXT;
 /* RC2 as implemented frm a posting from
 * Newsgroups: sci.crypt
diff --git a/src/lib/libcrypto/rc2/rc2_skey.c b/src/lib/libcrypto/rc2/rc2_skey.c
index 4953642056..9652865188 100644
--- a/src/lib/libcrypto/rc2/rc2_skey.c
+++ b/src/lib/libcrypto/rc2/rc2_skey.c
@@ -57,6 +57,8 @@
 */
 #include <openssl/rc2.h>
+#include <openssl/crypto.h>
+#include <openssl/fips.h>
 #include "rc2_locl.h"
 static unsigned char key_table[256]={
@@ -84,17 +86,25 @@ static unsigned char key_table[256]={
        0xfe,0x7f,0xc1,0xad,
        };
-#if defined(_MSC_VER) && defined(_ARM_)
-#pragma optimize("g",off)
-#endif
 /* It has come to my attention that there are 2 versions of the RC2
 * key schedule.  One which is normal, and anther which has a hook to
 * use a reduced key length.
 * BSAFE uses the 'retarded' version.  What I previously shipped is
 * the same as specifying 1024 for the 'bits' parameter.  Bsafe uses
 * a version where the bits parameter is the same as len*8 */
+#ifdef OPENSSL_FIPS
+void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
+        {
+        if (FIPS_mode())
+                FIPS_BAD_ABORT(RC2)
+        private_RC2_set_key(key, len, data, bits);
+        }
+void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,
+                                                                int bits)
+#else
 void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
+#endif
        {
        int i,j;
        unsigned char *k;
@@ -140,6 +150,3 @@ void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
                *(ki--)=((k[i]<<8)|k[i-1])&0xffff;
        }
-#if defined(_MSC_VER)
-#pragma optimize("",on)
-#endif
diff --git a/src/lib/libcrypto/rc2/rc2speed.c b/src/lib/libcrypto/rc2/rc2speed.c
new file mode 100644
index 0000000000..4d0e1242ea
--- /dev/null
+++ b/src/lib/libcrypto/rc2/rc2speed.c
@@ -0,0 +1,274 @@
+/* crypto/rc2/rc2speed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+#define TIMES
+#endif
+#include <stdio.h>
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+#include <signal.h>
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.                           -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#include <openssl/rc2.h>
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+#ifndef CLK_TCK
+#define HZ      100.0
+#else   /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif  /* CLK_TCK */
+#endif  /* HZ */
+#define BUFSIZE ((long)1024)
+long run=0;
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+#define START   0
+#define STOP    1
+double Time_F(int s)
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+int main(int argc, char **argv)
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static unsigned char key[] ={
+                        0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                        0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
+                        };
+        RC2_KEY sch;
+        double a,b,c,d;
+#ifndef SIGALRM
+        long ca,cb,cc;
+#endif
+#ifndef TIMES
+        printf("To get the most accurate results, try to run this\n");
+        printf("program when this computer is idle.\n");
+#endif
+#ifndef SIGALRM
+        printf("First we calculate the approximate speed ...\n");
+        RC2_set_key(&sch,16,key,128);
+        count=10;
+        do      {
+                long i;
+                unsigned long data[2];
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        RC2_encrypt(data,&sch);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count/512;
+        cb=count;
+        cc=count*8/BUFSIZE+1;
+        printf("Doing RC2_set_key %ld times\n",ca);
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        printf("Doing RC2_set_key for 10 seconds\n");
+        alarm(10);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(ca); count+=4)
+                {
+                RC2_set_key(&sch,16,key,128);
+                RC2_set_key(&sch,16,key,128);
+                RC2_set_key(&sch,16,key,128);
+                RC2_set_key(&sch,16,key,128);
+                }
+        d=Time_F(STOP);
+        printf("%ld RC2_set_key's in %.2f seconds\n",count,d);
+        a=((double)COUNT(ca))/d;
+#ifdef SIGALRM
+        printf("Doing RC2_encrypt's for 10 seconds\n");
+        alarm(10);
+#else
+        printf("Doing RC2_encrypt %ld times\n",cb);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cb); count+=4)
+                {
+                unsigned long data[2];
+                RC2_encrypt(data,&sch);
+                RC2_encrypt(data,&sch);
+                RC2_encrypt(data,&sch);
+                RC2_encrypt(data,&sch);
+                }
+        d=Time_F(STOP);
+        printf("%ld RC2_encrypt's in %.2f second\n",count,d);
+        b=((double)COUNT(cb)*8)/d;
+#ifdef SIGALRM
+        printf("Doing RC2_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+                BUFSIZE);
+        alarm(10);
+#else
+        printf("Doing RC2_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+                BUFSIZE);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cc); count++)
+                RC2_cbc_encrypt(buf,buf,BUFSIZE,&sch,
+                        &(key[0]),RC2_ENCRYPT);
+        d=Time_F(STOP);
+        printf("%ld RC2_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+                count,BUFSIZE,d);
+        c=((double)COUNT(cc)*BUFSIZE)/d;
+        printf("RC2 set_key       per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
+        printf("RC2 raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
+        printf("RC2 cbc     bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
+        exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libcrypto/rc2/rc2test.c b/src/lib/libcrypto/rc2/rc2test.c
new file mode 100644
index 0000000000..b67bafb49f
--- /dev/null
+++ b/src/lib/libcrypto/rc2/rc2test.c
@@ -0,0 +1,271 @@
+/* crypto/rc2/rc2test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* This has been a quickly hacked 'ideatest.c'.  When I add tests for other
+ * RC2 modes, more of the code will be uncommented. */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "../e_os.h"
+#ifdef OPENSSL_NO_RC2
+int main(int argc, char *argv[])
+{
+    printf("No RC2 support\n");
+    return(0);
+}
+#else
+#include <openssl/rc2.h>
+static unsigned char RC2key[4][16]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
+         0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F},
+        };
+static unsigned char RC2plain[4][8]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        };
+static unsigned char RC2cipher[4][8]={
+        {0x1C,0x19,0x8A,0x83,0x8D,0xF0,0x28,0xB7},
+        {0x21,0x82,0x9C,0x78,0xA9,0xF9,0xC0,0x74},
+        {0x13,0xDB,0x35,0x17,0xD3,0x21,0x86,0x9E},
+        {0x50,0xDC,0x01,0x62,0xBD,0x75,0x7F,0x31},
+        };
+/************/
+#ifdef undef
+unsigned char k[16]={
+        0x00,0x01,0x00,0x02,0x00,0x03,0x00,0x04,
+        0x00,0x05,0x00,0x06,0x00,0x07,0x00,0x08};
+unsigned char in[8]={0x00,0x00,0x00,0x01,0x00,0x02,0x00,0x03};
+unsigned char  c[8]={0x11,0xFB,0xED,0x2B,0x01,0x98,0x6D,0xE5};
+unsigned char out[80];
+char *text="Hello to all people out there";
+static unsigned char cfb_key[16]={
+        0xe1,0xf0,0xc3,0xd2,0xa5,0xb4,0x87,0x96,
+        0x69,0x78,0x4b,0x5a,0x2d,0x3c,0x0f,0x1e,
+        };
+static unsigned char cfb_iv[80]={0x34,0x12,0x78,0x56,0xab,0x90,0xef,0xcd};
+static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8];
+#define CFB_TEST_SIZE 24
+static unsigned char plain[CFB_TEST_SIZE]=
+        {
+        0x4e,0x6f,0x77,0x20,0x69,0x73,
+        0x20,0x74,0x68,0x65,0x20,0x74,
+        0x69,0x6d,0x65,0x20,0x66,0x6f,
+        0x72,0x20,0x61,0x6c,0x6c,0x20
+        };
+static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
+        0x59,0xD8,0xE2,0x65,0x00,0x58,0x6C,0x3F,
+        0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A,
+        0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45
+/*      0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38,
+        0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9,
+        0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
+        }; 
+/*static int cfb64_test(unsigned char *cfb_cipher);*/
+static char *pt(unsigned char *p);
+#endif
+int main(int argc, char *argv[])
+        {
+        int i,n,err=0;
+        RC2_KEY key; 
+        unsigned char buf[8],buf2[8];
+        for (n=0; n<4; n++)
+                {
+                RC2_set_key(&key,16,&(RC2key[n][0]),0 /* or 1024 */);
+                RC2_ecb_encrypt(&(RC2plain[n][0]),buf,&key,RC2_ENCRYPT);
+                if (memcmp(&(RC2cipher[n][0]),buf,8) != 0)
+                        {
+                        printf("ecb rc2 error encrypting\n");
+                        printf("got     :");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",buf[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",RC2cipher[n][i]);
+                        err=20;
+                        printf("\n");
+                        }
+                RC2_ecb_encrypt(buf,buf2,&key,RC2_DECRYPT);
+                if (memcmp(&(RC2plain[n][0]),buf2,8) != 0)
+                        {
+                        printf("ecb RC2 error decrypting\n");
+                        printf("got     :");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",buf[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",RC2plain[n][i]);
+                        printf("\n");
+                        err=3;
+                        }
+                }
+        if (err == 0) printf("ecb RC2 ok\n");
+#ifdef undef
+        memcpy(iv,k,8);
+        idea_cbc_encrypt((unsigned char *)text,out,strlen(text)+1,&key,iv,1);
+        memcpy(iv,k,8);
+        idea_cbc_encrypt(out,out,8,&dkey,iv,0);
+        idea_cbc_encrypt(&(out[8]),&(out[8]),strlen(text)+1-8,&dkey,iv,0);
+        if (memcmp(text,out,strlen(text)+1) != 0)
+                {
+                printf("cbc idea bad\n");
+                err=4;
+                }
+        else
+                printf("cbc idea ok\n");
+        printf("cfb64 idea ");
+        if (cfb64_test(cfb_cipher64))
+                {
+                printf("bad\n");
+                err=5;
+                }
+        else
+                printf("ok\n");
+#endif
+        EXIT(err);
+        return(err);
+        }
+#ifdef undef
+static int cfb64_test(unsigned char *cfb_cipher)
+        {
+        IDEA_KEY_SCHEDULE eks,dks;
+        int err=0,i,n;
+        idea_set_encrypt_key(cfb_key,&eks);
+        idea_set_decrypt_key(&eks,&dks);
+        memcpy(cfb_tmp,cfb_iv,8);
+        n=0;
+        idea_cfb64_encrypt(plain,cfb_buf1,(long)12,&eks,
+                cfb_tmp,&n,IDEA_ENCRYPT);
+        idea_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
+                (long)CFB_TEST_SIZE-12,&eks,
+                cfb_tmp,&n,IDEA_ENCRYPT);
+        if (memcmp(cfb_cipher,cfb_buf1,CFB_TEST_SIZE) != 0)
+                {
+                err=1;
+                printf("idea_cfb64_encrypt encrypt error\n");
+                for (i=0; i<CFB_TEST_SIZE; i+=8)
+                        printf("%s\n",pt(&(cfb_buf1[i])));
+                }
+        memcpy(cfb_tmp,cfb_iv,8);
+        n=0;
+        idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,&eks,
+                cfb_tmp,&n,IDEA_DECRYPT);
+        idea_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
+                (long)CFB_TEST_SIZE-17,&dks,
+                cfb_tmp,&n,IDEA_DECRYPT);
+        if (memcmp(plain,cfb_buf2,CFB_TEST_SIZE) != 0)
+                {
+                err=1;
+                printf("idea_cfb_encrypt decrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf2[i])));
+                }
+        return(err);
+        }
+static char *pt(unsigned char *p)
+        {
+        static char bufs[10][20];
+        static int bnum=0;
+        char *ret;
+        int i;
+        static char *f="0123456789ABCDEF";
+        ret= &(bufs[bnum++][0]);
+        bnum%=10;
+        for (i=0; i<8; i++)
+                {
+                ret[i*2]=f[(p[i]>>4)&0xf];
+                ret[i*2+1]=f[p[i]&0xf];
+                }
+        ret[16]='\0';
+        return(ret);
+        }
+        
+#endif
+#endif
diff --git a/src/lib/libcrypto/rc2/tab.c b/src/lib/libcrypto/rc2/tab.c
new file mode 100644
index 0000000000..25dc14eeba
--- /dev/null
+++ b/src/lib/libcrypto/rc2/tab.c
@@ -0,0 +1,86 @@
+#include <stdio.h>
+unsigned char ebits_to_num[256]={
+        0xbd,0x56,0xea,0xf2,0xa2,0xf1,0xac,0x2a,
+        0xb0,0x93,0xd1,0x9c,0x1b,0x33,0xfd,0xd0,
+        0x30,0x04,0xb6,0xdc,0x7d,0xdf,0x32,0x4b,
+        0xf7,0xcb,0x45,0x9b,0x31,0xbb,0x21,0x5a,
+        0x41,0x9f,0xe1,0xd9,0x4a,0x4d,0x9e,0xda,
+        0xa0,0x68,0x2c,0xc3,0x27,0x5f,0x80,0x36,
+        0x3e,0xee,0xfb,0x95,0x1a,0xfe,0xce,0xa8,
+        0x34,0xa9,0x13,0xf0,0xa6,0x3f,0xd8,0x0c,
+        0x78,0x24,0xaf,0x23,0x52,0xc1,0x67,0x17,
+        0xf5,0x66,0x90,0xe7,0xe8,0x07,0xb8,0x60,
+        0x48,0xe6,0x1e,0x53,0xf3,0x92,0xa4,0x72,
+        0x8c,0x08,0x15,0x6e,0x86,0x00,0x84,0xfa,
+        0xf4,0x7f,0x8a,0x42,0x19,0xf6,0xdb,0xcd,
+        0x14,0x8d,0x50,0x12,0xba,0x3c,0x06,0x4e,
+        0xec,0xb3,0x35,0x11,0xa1,0x88,0x8e,0x2b,
+        0x94,0x99,0xb7,0x71,0x74,0xd3,0xe4,0xbf,
+        0x3a,0xde,0x96,0x0e,0xbc,0x0a,0xed,0x77,
+        0xfc,0x37,0x6b,0x03,0x79,0x89,0x62,0xc6,
+        0xd7,0xc0,0xd2,0x7c,0x6a,0x8b,0x22,0xa3,
+        0x5b,0x05,0x5d,0x02,0x75,0xd5,0x61,0xe3,
+        0x18,0x8f,0x55,0x51,0xad,0x1f,0x0b,0x5e,
+        0x85,0xe5,0xc2,0x57,0x63,0xca,0x3d,0x6c,
+        0xb4,0xc5,0xcc,0x70,0xb2,0x91,0x59,0x0d,
+        0x47,0x20,0xc8,0x4f,0x58,0xe0,0x01,0xe2,
+        0x16,0x38,0xc4,0x6f,0x3b,0x0f,0x65,0x46,
+        0xbe,0x7e,0x2d,0x7b,0x82,0xf9,0x40,0xb5,
+        0x1d,0x73,0xf8,0xeb,0x26,0xc7,0x87,0x97,
+        0x25,0x54,0xb1,0x28,0xaa,0x98,0x9d,0xa5,
+        0x64,0x6d,0x7a,0xd4,0x10,0x81,0x44,0xef,
+        0x49,0xd6,0xae,0x2e,0xdd,0x76,0x5c,0x2f,
+        0xa7,0x1c,0xc9,0x09,0x69,0x9a,0x83,0xcf,
+        0x29,0x39,0xb9,0xe9,0x4c,0xff,0x43,0xab,
+        };
+unsigned char num_to_ebits[256]={
+        0x5d,0xbe,0x9b,0x8b,0x11,0x99,0x6e,0x4d,
+        0x59,0xf3,0x85,0xa6,0x3f,0xb7,0x83,0xc5,
+        0xe4,0x73,0x6b,0x3a,0x68,0x5a,0xc0,0x47,
+        0xa0,0x64,0x34,0x0c,0xf1,0xd0,0x52,0xa5,
+        0xb9,0x1e,0x96,0x43,0x41,0xd8,0xd4,0x2c,
+        0xdb,0xf8,0x07,0x77,0x2a,0xca,0xeb,0xef,
+        0x10,0x1c,0x16,0x0d,0x38,0x72,0x2f,0x89,
+        0xc1,0xf9,0x80,0xc4,0x6d,0xae,0x30,0x3d,
+        0xce,0x20,0x63,0xfe,0xe6,0x1a,0xc7,0xb8,
+        0x50,0xe8,0x24,0x17,0xfc,0x25,0x6f,0xbb,
+        0x6a,0xa3,0x44,0x53,0xd9,0xa2,0x01,0xab,
+        0xbc,0xb6,0x1f,0x98,0xee,0x9a,0xa7,0x2d,
+        0x4f,0x9e,0x8e,0xac,0xe0,0xc6,0x49,0x46,
+        0x29,0xf4,0x94,0x8a,0xaf,0xe1,0x5b,0xc3,
+        0xb3,0x7b,0x57,0xd1,0x7c,0x9c,0xed,0x87,
+        0x40,0x8c,0xe2,0xcb,0x93,0x14,0xc9,0x61,
+        0x2e,0xe5,0xcc,0xf6,0x5e,0xa8,0x5c,0xd6,
+        0x75,0x8d,0x62,0x95,0x58,0x69,0x76,0xa1,
+        0x4a,0xb5,0x55,0x09,0x78,0x33,0x82,0xd7,
+        0xdd,0x79,0xf5,0x1b,0x0b,0xde,0x26,0x21,
+        0x28,0x74,0x04,0x97,0x56,0xdf,0x3c,0xf0,
+        0x37,0x39,0xdc,0xff,0x06,0xa4,0xea,0x42,
+        0x08,0xda,0xb4,0x71,0xb0,0xcf,0x12,0x7a,
+        0x4e,0xfa,0x6c,0x1d,0x84,0x00,0xc8,0x7f,
+        0x91,0x45,0xaa,0x2b,0xc2,0xb1,0x8f,0xd5,
+        0xba,0xf2,0xad,0x19,0xb2,0x67,0x36,0xf7,
+        0x0f,0x0a,0x92,0x7d,0xe3,0x9d,0xe9,0x90,
+        0x3e,0x23,0x27,0x66,0x13,0xec,0x81,0x15,
+        0xbd,0x22,0xbf,0x9f,0x7e,0xa9,0x51,0x4b,
+        0x4c,0xfb,0x02,0xd3,0x70,0x86,0x31,0xe7,
+        0x3b,0x05,0x03,0x54,0x60,0x48,0x65,0x18,
+        0xd2,0xcd,0x5f,0x32,0x88,0x0e,0x35,0xfd,
+        };
+        
+main()
+        {
+        int i,j;
+        for (i=0; i<256; i++)
+                {
+                for (j=0; j<256; j++)
+                        if (ebits_to_num[j] == i)
+                                {
+                                printf("0x%02x,",j);
+                                break;
+                                }
+                }
+        }
diff --git a/src/lib/libcrypto/rc4/Makefile b/src/lib/libcrypto/rc4/Makefile
new file mode 100644
index 0000000000..187ed5c668
--- /dev/null
+++ b/src/lib/libcrypto/rc4/Makefile
@@ -0,0 +1,115 @@
+#
+# OpenSSL/crypto/rc4/Makefile
+#
+DIR=    rc4
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+AR=             ar r
+RC4_ENC=rc4_enc.o rc4_skey.o
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+GENERAL=Makefile
+TEST=rc4test.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rc4_skey.c rc4_enc.c
+LIBOBJ=$(RC4_ENC)
+SRC= $(LIBSRC)
+EXHEADER= rc4.h
+HEADER= $(EXHEADER) rc4_locl.h
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+# ELF
+rx86-elf.s: asm/rc4-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) rc4-586.pl elf $(CFLAGS) > ../$@)
+# COFF
+rx86-cof.s: asm/rc4-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) rc4-586.pl coff $(CFLAGS) > ../$@)
+# a.out
+rx86-out.s: asm/rc4-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) rc4-586.pl a.out $(CFLAGS) > ../$@)
+rc4-x86_64.s: asm/rc4-x86_64.pl;        $(PERL) asm/rc4-x86_64.pl $@
+rc4-ia64.s: asm/rc4-ia64.S
+        @case `awk '/^#define RC4_INT/{print$$NF}' $(TOP)/include/openssl/opensslconf.h` in \
+        int)    set -x; $(CC) $(CFLAGS) -DSZ=4 -E asm/rc4-ia64.S > $@ ;; \
+        char)   set -x; $(CC) $(CFLAGS) -DSZ=1 -E asm/rc4-ia64.S > $@ ;; \
+        *)      exit 1 ;; \
+        esac
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+rc4_enc.o: ../../e_os.h ../../include/openssl/bio.h
+rc4_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rc4_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rc4_enc.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rc4_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rc4_enc.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h
+rc4_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rc4_enc.o: ../cryptlib.h rc4_enc.c rc4_locl.h
+rc4_skey.o: ../../e_os.h ../../include/openssl/bio.h
+rc4_skey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rc4_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rc4_skey.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rc4_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rc4_skey.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h
+rc4_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rc4_skey.o: ../cryptlib.h rc4_locl.h rc4_skey.c
diff --git a/src/lib/libcrypto/rc4/Makefile.ssl b/src/lib/libcrypto/rc4/Makefile.ssl
new file mode 100644
index 0000000000..3e602662be
--- /dev/null
+++ b/src/lib/libcrypto/rc4/Makefile.ssl
@@ -0,0 +1,110 @@
+#
+# SSLeay/crypto/rc4/Makefile
+#
+DIR=    rc4
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+RC4_ENC=rc4_enc.o
+# or use
+#RC4_ENC=asm/rx86-elf.o
+#RC4_ENC=asm/rx86-out.o
+#RC4_ENC=asm/rx86-sol.o
+#RC4_ENC=asm/rx86bdsi.o
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+GENERAL=Makefile
+TEST=rc4test.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rc4_skey.c rc4_enc.c
+LIBOBJ=rc4_skey.o $(RC4_ENC)
+SRC= $(LIBSRC)
+EXHEADER= rc4.h
+HEADER= $(EXHEADER) rc4_locl.h
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+# elf
+asm/rx86-elf.s: asm/rc4-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) rc4-586.pl elf $(CFLAGS) > rx86-elf.s)
+# a.out
+asm/rx86-out.o: asm/rx86unix.cpp
+        $(CPP) -DOUT asm/rx86unix.cpp | as -o asm/rx86-out.o
+# bsdi
+asm/rx86bsdi.o: asm/rx86unix.cpp
+        $(CPP) -DBSDI asm/rx86unix.cpp | sed 's/ :/:/' | as -o asm/rx86bsdi.o
+asm/rx86unix.cpp: asm/rc4-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) rc4-586.pl cpp >rx86unix.cpp)
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f asm/rx86unix.cpp asm/*-elf.* *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+rc4_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc4.h
+rc4_enc.o: rc4_enc.c rc4_locl.h
+rc4_skey.o: ../../include/openssl/opensslconf.h
+rc4_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/rc4.h
+rc4_skey.o: rc4_locl.h rc4_skey.c
diff --git a/src/lib/libcrypto/rc4/asm/rc4-586.pl b/src/lib/libcrypto/rc4/asm/rc4-586.pl
index ef7eee766c..d6e98f0811 100644
--- a/src/lib/libcrypto/rc4/asm/rc4-586.pl
+++ b/src/lib/libcrypto/rc4/asm/rc4-586.pl
@@ -200,23 +200,22 @@ sub RC4
        &lea    ($ty,&DWP(0,$in,$ty));
        &mov    (&swtmp(2),$ty);
-        &movz   ($tx,&BP(0,$d,$x));
        # strangely enough unrolled loop performs over 20% slower...
        &set_label("RC4_CHAR_loop");
+                &movz   ($tx,&BP(0,$d,$x));
                &add    (&LB($y),&LB($tx));
                &movz   ($ty,&BP(0,$d,$y));
                &movb   (&BP(0,$d,$y),&LB($tx));
                &movb   (&BP(0,$d,$x),&LB($ty));
                &add    (&LB($ty),&LB($tx));
                &movz   ($ty,&BP(0,$d,$ty));
-                &add    (&LB($x),1);
                &xorb   (&LB($ty),&BP(0,$in));
-                &lea    ($in,&DWP(1,$in));
-                &movz   ($tx,&BP(0,$d,$x));
-                &cmp    ($in,&swtmp(2));
                &movb   (&BP(0,$out),&LB($ty));
-                &lea    ($out,&DWP(1,$out));
+                &inc    (&LB($x));
+                &inc    ($in);
+                &inc    ($out);
+                &cmp    ($in,&swtmp(2));
        &jb     (&label("RC4_CHAR_loop"));
        &set_label("finished");
diff --git a/src/lib/libcrypto/rc4/asm/rc4-amd64.pl b/src/lib/libcrypto/rc4/asm/rc4-amd64.pl
new file mode 100755
index 0000000000..9e0da8af99
--- /dev/null
+++ b/src/lib/libcrypto/rc4/asm/rc4-amd64.pl
@@ -0,0 +1,227 @@
+#!/usr/bin/env perl
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. Rights for redistribution and usage in source and binary
+# forms are granted according to the OpenSSL license.
+# ====================================================================
+#
+# 2.22x RC4 tune-up:-) It should be noted though that my hand [as in
+# "hand-coded assembler"] doesn't stand for the whole improvement
+# coefficient. It turned out that eliminating RC4_CHAR from config
+# line results in ~40% improvement (yes, even for C implementation).
+# Presumably it has everything to do with AMD cache architecture and
+# RAW or whatever penalties. Once again! The module *requires* config
+# line *without* RC4_CHAR! As for coding "secret," I bet on partial
+# register arithmetics. For example instead of 'inc %r8; and $255,%r8'
+# I simply 'inc %r8b'. Even though optimization manual discourages
+# to operate on partial registers, it turned out to be the best bet.
+# At least for AMD... How IA32E would perform remains to be seen...
+# As was shown by Marc Bevand reordering of couple of load operations
+# results in even higher performance gain of 3.3x:-) At least on
+# Opteron... For reference, 1x in this case is RC4_CHAR C-code
+# compiled with gcc 3.3.2, which performs at ~54MBps per 1GHz clock.
+# Latter means that if you want to *estimate* what to expect from
+# *your* CPU, then multiply 54 by 3.3 and clock frequency in GHz.
+# Intel P4 EM64T core was found to run the AMD64 code really slow...
+# The only way to achieve comparable performance on P4 is to keep
+# RC4_CHAR. Kind of ironic, huh? As it's apparently impossible to
+# compose blended code, which would perform even within 30% marginal
+# on either AMD and Intel platforms, I implement both cases. See
+# rc4_skey.c for further details... This applies to 0.9.8 and later.
+# In 0.9.7 context RC4_CHAR codepath is never engaged and ~70 bytes
+# of code remain redundant.
+$output=shift;
+$win64a=1 if ($output =~ /win64a.[s|asm]/);
+open STDOUT,">$output" || die "can't open $output: $!";
+if (defined($win64a)) {
+    $dat="%rcx";        # arg1
+    $len="%rdx";        # arg2
+    $inp="%rsi";        # r8, arg3 moves here
+    $out="%rdi";        # r9, arg4 moves here
+} else {
+    $dat="%rdi";        # arg1
+    $len="%rsi";        # arg2
+    $inp="%rdx";        # arg3
+    $out="%rcx";        # arg4
+}
+$XX="%r10";
+$TX="%r8";
+$YY="%r11";
+$TY="%r9";
+sub PTR() {
+    my $ret=shift;
+    if (defined($win64a)) {
+        $ret =~ s/\[([\S]+)\+([\S]+)\]/[$2+$1]/g;   # [%rN+%rM*4]->[%rM*4+%rN]
+        $ret =~ s/:([^\[]+)\[([^\]]+)\]/:[$2+$1]/g; # :off[ea]->:[ea+off]
+    } else {
+        $ret =~ s/[\+\*]/,/g;           # [%rN+%rM*4]->[%rN,%rM,4]
+        $ret =~ s/\[([^\]]+)\]/($1)/g;  # [%rN]->(%rN)
+    }
+    $ret;
+}
+$code=<<___ if (!defined($win64a));
+.text
+.globl  RC4
+.type   RC4,\@function
+.align  16
+RC4:    or      $len,$len
+        jne     .Lentry
+        repret
+.Lentry:
+___
+$code=<<___ if (defined($win64a));
+_TEXT   SEGMENT
+PUBLIC  RC4
+ALIGN   16
+RC4     PROC
+        or      $len,$len
+        jne     .Lentry
+        repret
+.Lentry:
+        push    %rdi
+        push    %rsi
+        sub     \$40,%rsp
+        mov     %r8,$inp
+        mov     %r9,$out
+___
+$code.=<<___;
+        add     \$8,$dat
+        movl    `&PTR("DWORD:-8[$dat]")`,$XX#d
+        movl    `&PTR("DWORD:-4[$dat]")`,$YY#d
+        cmpl    \$-1,`&PTR("DWORD:256[$dat]")`
+        je      .LRC4_CHAR
+        test    \$-8,$len
+        jz      .Lloop1
+.align  16
+.Lloop8:
+        inc     $XX#b
+        movl    `&PTR("DWORD:[$dat+$XX*4]")`,$TX#d
+        add     $TX#b,$YY#b
+        movl    `&PTR("DWORD:[$dat+$YY*4]")`,$TY#d
+        movl    $TX#d,`&PTR("DWORD:[$dat+$YY*4]")`
+        movl    $TY#d,`&PTR("DWORD:[$dat+$XX*4]")`
+        add     $TX#b,$TY#b
+        inc     $XX#b
+        movl    `&PTR("DWORD:[$dat+$XX*4]")`,$TX#d
+        movb    `&PTR("BYTE:[$dat+$TY*4]")`,%al
+___
+for ($i=1;$i<=6;$i++) {
+$code.=<<___;
+        add     $TX#b,$YY#b
+        ror     \$8,%rax
+        movl    `&PTR("DWORD:[$dat+$YY*4]")`,$TY#d
+        movl    $TX#d,`&PTR("DWORD:[$dat+$YY*4]")`
+        movl    $TY#d,`&PTR("DWORD:[$dat+$XX*4]")`
+        add     $TX#b,$TY#b
+        inc     $XX#b
+        movl    `&PTR("DWORD:[$dat+$XX*4]")`,$TX#d
+        movb    `&PTR("BYTE:[$dat+$TY*4]")`,%al
+___
+}
+$code.=<<___;
+        add     $TX#b,$YY#b
+        ror     \$8,%rax
+        movl    `&PTR("DWORD:[$dat+$YY*4]")`,$TY#d
+        movl    $TX#d,`&PTR("DWORD:[$dat+$YY*4]")`
+        movl    $TY#d,`&PTR("DWORD:[$dat+$XX*4]")`
+        sub     \$8,$len
+        add     $TY#b,$TX#b
+        movb    `&PTR("BYTE:[$dat+$TX*4]")`,%al
+        ror     \$8,%rax
+        add     \$8,$inp
+        add     \$8,$out
+        xor     `&PTR("QWORD:-8[$inp]")`,%rax
+        mov     %rax,`&PTR("QWORD:-8[$out]")`
+        test    \$-8,$len
+        jnz     .Lloop8
+        cmp     \$0,$len
+        jne     .Lloop1
+.Lexit:
+        movl    $XX#d,`&PTR("DWORD:-8[$dat]")`
+        movl    $YY#d,`&PTR("DWORD:-4[$dat]")`
+___
+$code.=<<___ if (defined($win64a));
+        add     \$40,%rsp
+        pop     %rsi
+        pop     %rdi
+___
+$code.=<<___;
+        repret
+.align  16
+.Lloop1:
+        movzb   `&PTR("BYTE:[$inp]")`,%eax
+        inc     $XX#b
+        movl    `&PTR("DWORD:[$dat+$XX*4]")`,$TX#d
+        add     $TX#b,$YY#b
+        movl    `&PTR("DWORD:[$dat+$YY*4]")`,$TY#d
+        movl    $TX#d,`&PTR("DWORD:[$dat+$YY*4]")`
+        movl    $TY#d,`&PTR("DWORD:[$dat+$XX*4]")`
+        add     $TY#b,$TX#b
+        movl    `&PTR("DWORD:[$dat+$TX*4]")`,$TY#d
+        xor     $TY,%rax
+        inc     $inp
+        movb    %al,`&PTR("BYTE:[$out]")`
+        inc     $out
+        dec     $len
+        jnz     .Lloop1
+        jmp     .Lexit
+.align  16
+.LRC4_CHAR:
+        inc     $XX#b
+        movzb   `&PTR("BYTE:[$dat+$XX]")`,$TX#d
+        add     $TX#b,$YY#b
+        movzb   `&PTR("BYTE:[$dat+$YY]")`,$TY#d
+        movb    $TX#b,`&PTR("BYTE:[$dat+$YY]")`
+        movb    $TY#b,`&PTR("BYTE:[$dat+$XX]")`
+        add     $TX#b,$TY#b
+        movzb   `&PTR("BYTE:[$dat+$TY]")`,$TY#d
+        xorb    `&PTR("BYTE:[$inp]")`,$TY#b
+        movb    $TY#b,`&PTR("BYTE:[$out]")`
+        inc     $inp
+        inc     $out
+        dec     $len
+        jnz     .LRC4_CHAR
+        jmp     .Lexit
+___
+$code.=<<___ if (defined($win64a));
+RC4     ENDP
+_TEXT   ENDS
+END
+___
+$code.=<<___ if (!defined($win64a));
+.size   RC4,.-RC4
+___
+$code =~ s/#([bwd])/$1/gm;
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
+if (defined($win64a)) {
+    $code =~ s/\.align/ALIGN/gm;
+    $code =~ s/[\$%]//gm;
+    $code =~ s/\.L/\$L/gm;
+    $code =~ s/([\w]+)([\s]+)([\S]+),([\S]+)/$1$2$4,$3/gm;
+    $code =~ s/([QD]*WORD|BYTE):/$1 PTR/gm;
+    $code =~ s/mov[bwlq]/mov/gm;
+    $code =~ s/movzb/movzx/gm;
+    $code =~ s/repret/DB\t0F3h,0C3h/gm;
+    $code =~ s/cmpl/cmp/gm;
+    $code =~ s/xorb/xor/gm;
+} else {
+    $code =~ s/([QD]*WORD|BYTE)://gm;
+    $code =~ s/repret/.byte\t0xF3,0xC3/gm;
+}
+print $code;
diff --git a/src/lib/libcrypto/rc4/asm/rc4-ia64.S b/src/lib/libcrypto/rc4/asm/rc4-ia64.S
new file mode 100644
index 0000000000..8210c47d04
--- /dev/null
+++ b/src/lib/libcrypto/rc4/asm/rc4-ia64.S
@@ -0,0 +1,159 @@
+// ====================================================================
+// Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+// project.
+//
+// Rights for redistribution and usage in source and binary forms are
+// granted according to the OpenSSL license. Warranty of any kind is
+// disclaimed.
+// ====================================================================
+.ident  "rc4-ia64.S, Version 2.0"
+.ident  "IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+// What's wrong with compiler generated code? Because of the nature of
+// C language, compiler doesn't [dare to] reorder load and stores. But
+// being memory-bound, RC4 should benefit from reorder [on in-order-
+// execution core such as IA-64]. But what can we reorder? At the very
+// least we can safely reorder references to key schedule in respect
+// to input and output streams. Secondly, from the first [close] glance
+// it appeared that it's possible to pull up some references to
+// elements of the key schedule itself. Original rationale ["prior
+// loads are not safe only for "degenerated" key schedule, when some
+// elements equal to the same value"] was kind of sloppy. I should have
+// formulated as it really was: if we assume that pulling up reference
+// to key[x+1] is not safe, then it would mean that key schedule would
+// "degenerate," which is never the case. The problem is that this
+// holds true in respect to references to key[x], but not to key[y].
+// Legitimate "collisions" do occur within every 256^2 bytes window.
+// Fortunately there're enough free instruction slots to keep prior
+// reference to key[x+1], detect "collision" and compensate for it.
+// All this without sacrificing a single clock cycle:-) Throughput is
+// ~210MBps on 900MHz CPU, which is is >3x faster than gcc generated
+// code and +30% - if compared to HP-UX C. Unrolling loop below should
+// give >30% on top of that...
+.text
+.explicit
+#if defined(_HPUX_SOURCE) && !defined(_LP64)
+# define ADDP   addp4
+#else
+# define ADDP   add
+#endif
+#ifndef SZ
+#define SZ      4       // this is set to sizeof(RC4_INT)
+#endif
+// SZ==4 seems to be optimal. At least SZ==8 is not any faster, not for
+// assembler implementation, while SZ==1 code is ~30% slower.
+#if SZ==1       // RC4_INT is unsigned char
+# define        LDKEY   ld1
+# define        STKEY   st1
+# define        OFF     0
+#elif SZ==4     // RC4_INT is unsigned int
+# define        LDKEY   ld4
+# define        STKEY   st4
+# define        OFF     2
+#elif SZ==8     // RC4_INT is unsigned long
+# define        LDKEY   ld8
+# define        STKEY   st8
+# define        OFF     3
+#endif
+out=r8;         // [expanded] output pointer
+inp=r9;         // [expanded] output pointer
+prsave=r10;
+key=r28;        // [expanded] pointer to RC4_KEY
+ksch=r29;       // (key->data+255)[&~(sizeof(key->data)-1)]
+xx=r30;
+yy=r31;
+// void RC4(RC4_KEY *key,size_t len,const void *inp,void *out);
+.global RC4#
+.proc   RC4#
+.align  32
+.skip   16
+RC4:
+        .prologue
+        .save   ar.pfs,r2
+{ .mii; alloc   r2=ar.pfs,4,12,0,16
+        .save   pr,prsave
+        mov     prsave=pr
+        ADDP    key=0,in0               };;
+{ .mib; cmp.eq  p6,p0=0,in1                     // len==0?
+        .save   ar.lc,r3
+        mov     r3=ar.lc
+(p6)    br.ret.spnt.many        b0      };;     // emergency exit
+        .body
+        .rotr   dat[4],key_x[4],tx[2],rnd[2],key_y[2],ty[1];
+{ .mib; LDKEY   xx=[key],SZ                     // load key->x
+        add     in1=-1,in1                      // adjust len for loop counter
+        nop.b   0                       }
+{ .mib; ADDP    inp=0,in2
+        ADDP    out=0,in3
+        brp.loop.imp    .Ltop,.Lexit-16 };;
+{ .mmi; LDKEY   yy=[key]                        // load key->y
+        add     ksch=SZ,key
+        mov     ar.lc=in1               }
+{ .mmi; mov     key_y[1]=r0                     // guarantee inequality
+                                                // in first iteration
+        add     xx=1,xx
+        mov     pr.rot=1<<16            };;
+{ .mii; nop.m   0
+        dep     key_x[1]=xx,r0,OFF,8
+        mov     ar.ec=3                 };;     // note that epilogue counter
+                                                // is off by 1. I compensate
+                                                // for this at exit...
+.Ltop:
+// The loop is scheduled for 4*(n+2) spin-rate on Itanium 2, which
+// theoretically gives asymptotic performance of clock frequency
+// divided by 4 bytes per seconds, or 400MBps on 1.6GHz CPU. This is
+// for sizeof(RC4_INT)==4. For smaller RC4_INT STKEY inadvertently
+// splits the last bundle and you end up with 5*n spin-rate:-(
+// Originally the loop was scheduled for 3*n and relied on key
+// schedule to be aligned at 256*sizeof(RC4_INT) boundary. But
+// *(out++)=dat, which maps to st1, had same effect [inadvertent
+// bundle split] and holded the loop back. Rescheduling for 4*n
+// made it possible to eliminate dependence on specific alignment
+// and allow OpenSSH keep "abusing" our API. Reaching for 3*n would
+// require unrolling, sticking to variable shift instruction for
+// collecting output [to avoid starvation for integer shifter] and
+// copying of key schedule to controlled place in stack [so that
+// deposit instruction can serve as substitute for whole
+// key->data+((x&255)<<log2(sizeof(key->data[0])))]...
+{ .mmi; (p19)   st1     [out]=dat[3],1                  // *(out++)=dat
+        (p16)   add     xx=1,xx                         // x++
+        (p18)   dep     rnd[1]=rnd[1],r0,OFF,8  }       // ((tx+ty)&255)<<OFF
+{ .mmi; (p16)   add     key_x[1]=ksch,key_x[1]          // &key[xx&255]
+        (p17)   add     key_y[1]=ksch,key_y[1]  };;     // &key[yy&255] 
+{ .mmi; (p16)   LDKEY   tx[0]=[key_x[1]]                // tx=key[xx]
+        (p17)   LDKEY   ty[0]=[key_y[1]]                // ty=key[yy]   
+        (p16)   dep     key_x[0]=xx,r0,OFF,8    }       // (xx&255)<<OFF
+{ .mmi; (p18)   add     rnd[1]=ksch,rnd[1]              // &key[(tx+ty)&255]
+        (p16)   cmp.ne.unc p20,p21=key_x[1],key_y[1] };;
+{ .mmi; (p18)   LDKEY   rnd[1]=[rnd[1]]                 // rnd=key[(tx+ty)&255]
+        (p16)   ld1     dat[0]=[inp],1          }       // dat=*(inp++)
+.pred.rel       "mutex",p20,p21
+{ .mmi; (p21)   add     yy=yy,tx[1]                     // (p16)
+        (p20)   add     yy=yy,tx[0]                     // (p16) y+=tx
+        (p21)   mov     tx[0]=tx[1]             };;     // (p16)
+{ .mmi; (p17)   STKEY   [key_y[1]]=tx[1]                // key[yy]=tx
+        (p17)   STKEY   [key_x[2]]=ty[0]                // key[xx]=ty
+        (p16)   dep     key_y[0]=yy,r0,OFF,8    }       // &key[yy&255]
+{ .mmb; (p17)   add     rnd[0]=tx[1],ty[0]              // tx+=ty
+        (p18)   xor     dat[2]=dat[2],rnd[1]            // dat^=rnd
+        br.ctop.sptk    .Ltop                   };;
+.Lexit:
+{ .mib; STKEY   [key]=yy,-SZ                    // save key->y
+        mov     pr=prsave,0x1ffff
+        nop.b   0                       }
+{ .mib; st1     [out]=dat[3],1                  // compensate for truncated
+                                                // epilogue counter
+        add     xx=-1,xx
+        nop.b   0                       };;
+{ .mib; STKEY   [key]=xx                        // save key->x
+        mov     ar.lc=r3
+        br.ret.sptk.many        b0      };;
+.endp   RC4#
diff --git a/src/lib/libcrypto/rc4/rc4.c b/src/lib/libcrypto/rc4/rc4.c
new file mode 100644
index 0000000000..b39c070292
--- /dev/null
+++ b/src/lib/libcrypto/rc4/rc4.c
@@ -0,0 +1,192 @@
+/* crypto/rc4/rc4.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/rc4.h>
+char *usage[]={
+"usage: rc4 args\n",
+"\n",
+" -in arg         - input file - default stdin\n",
+" -out arg        - output file - default stdout\n",
+" -key key        - password\n",
+NULL
+};
+int main(int argc, char *argv[])
+        {
+        FILE *in=NULL,*out=NULL;
+        char *infile=NULL,*outfile=NULL,*keystr=NULL;
+        RC4_KEY key;
+        char buf[BUFSIZ];
+        int badops=0,i;
+        char **pp;
+        unsigned char md[MD5_DIGEST_LENGTH];
+        argc--;
+        argv++;
+        while (argc >= 1)
+                {
+                if      (strcmp(*argv,"-in") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        infile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-out") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        outfile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-key") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        keystr= *(++argv);
+                        }
+                else
+                        {
+                        fprintf(stderr,"unknown option %s\n",*argv);
+                        badops=1;
+                        break;
+                        }
+                argc--;
+                argv++;
+                }
+        if (badops)
+                {
+bad:
+                for (pp=usage; (*pp != NULL); pp++)
+                        fprintf(stderr,"%s",*pp);
+                exit(1);
+                }
+        if (infile == NULL)
+                in=stdin;
+        else
+                {
+                in=fopen(infile,"r");
+                if (in == NULL)
+                        {
+                        perror("open");
+                        exit(1);
+                        }
+                }
+        if (outfile == NULL)
+                out=stdout;
+        else
+                {
+                out=fopen(outfile,"w");
+                if (out == NULL)
+                        {
+                        perror("open");
+                        exit(1);
+                        }
+                }
+                
+#ifdef OPENSSL_SYS_MSDOS
+        /* This should set the file to binary mode. */
+        {
+#include <fcntl.h>
+        setmode(fileno(in),O_BINARY);
+        setmode(fileno(out),O_BINARY);
+        }
+#endif
+        if (keystr == NULL)
+                { /* get key */
+                i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0);
+                if (i != 0)
+                        {
+                        OPENSSL_cleanse(buf,BUFSIZ);
+                        fprintf(stderr,"bad password read\n");
+                        exit(1);
+                        }
+                keystr=buf;
+                }
+        EVP_Digest((unsigned char *)keystr,(unsigned long)strlen(keystr),md,NULL,EVP_md5());
+        OPENSSL_cleanse(keystr,strlen(keystr));
+        RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
+        
+        for(;;)
+                {
+                i=fread(buf,1,BUFSIZ,in);
+                if (i == 0) break;
+                if (i < 0)
+                        {
+                        perror("read");
+                        exit(1);
+                        }
+                RC4(&key,(unsigned int)i,(unsigned char *)buf,
+                        (unsigned char *)buf);
+                i=fwrite(buf,(unsigned int)i,1,out);
+                if (i != 1)
+                        {
+                        perror("write");
+                        exit(1);
+                        }
+                }
+        fclose(out);
+        fclose(in);
+        exit(0);
+        return(1);
+        }
diff --git a/src/lib/libcrypto/rc4/rc4.h b/src/lib/libcrypto/rc4/rc4.h
index 7aec04fe93..ae0cea75b8 100644
--- a/src/lib/libcrypto/rc4/rc4.h
+++ b/src/lib/libcrypto/rc4/rc4.h
@@ -59,11 +59,12 @@
 #ifndef HEADER_RC4_H
 #define HEADER_RC4_H
-#include <openssl/opensslconf.h> /* OPENSSL_NO_RC4, RC4_INT */
 #ifdef OPENSSL_NO_RC4
 #error RC4 is disabled.
 #endif
+#include <openssl/opensslconf.h> /* RC4_INT */
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -76,6 +77,9 @@ typedef struct rc4_key_st
 
 const char *RC4_options(void);
+#ifdef OPENSSL_FIPS
+void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
+#endif
 void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
 void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
                unsigned char *outdata);
diff --git a/src/lib/libcrypto/rc4/rc4_enc.c b/src/lib/libcrypto/rc4/rc4_enc.c
index 0660ea60a2..d5f18a3a70 100644
--- a/src/lib/libcrypto/rc4/rc4_enc.c
+++ b/src/lib/libcrypto/rc4/rc4_enc.c
@@ -157,7 +157,7 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
                if (!is_endian.little)
                        {       /* BIG-ENDIAN CASE */
 # define BESHFT(c)      (((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1))
-                        for (;len&~(sizeof(RC4_CHUNK)-1);len-=sizeof(RC4_CHUNK))
+                        for (;len&-sizeof(RC4_CHUNK);len-=sizeof(RC4_CHUNK))
                                {
                                ichunk  = *(RC4_CHUNK *)indata;
                                otp  = RC4_STEP<<BESHFT(0);
@@ -210,7 +210,7 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
                else
                        {       /* LITTLE-ENDIAN CASE */
 # define LESHFT(c)      (((c)*8)&(sizeof(RC4_CHUNK)*8-1))
-                        for (;len&~(sizeof(RC4_CHUNK)-1);len-=sizeof(RC4_CHUNK))
+                        for (;len&-sizeof(RC4_CHUNK);len-=sizeof(RC4_CHUNK))
                                {
                                ichunk  = *(RC4_CHUNK *)indata;
                                otp  = RC4_STEP;
diff --git a/src/lib/libcrypto/rc4/rc4_skey.c b/src/lib/libcrypto/rc4/rc4_skey.c
index 46b77ec321..60510624fd 100644
--- a/src/lib/libcrypto/rc4/rc4_skey.c
+++ b/src/lib/libcrypto/rc4/rc4_skey.c
@@ -57,10 +57,12 @@
 */
 #include <openssl/rc4.h>
+#include <openssl/crypto.h>
+#include <openssl/fips.h>
 #include "rc4_locl.h"
 #include <openssl/opensslv.h>
-const char RC4_version[]="RC4" OPENSSL_VERSION_PTEXT;
+const char *RC4_version="RC4" OPENSSL_VERSION_PTEXT;
 const char *RC4_options(void)
        {
@@ -85,7 +87,7 @@ const char *RC4_options(void)
 * Date: Wed, 14 Sep 1994 06:35:31 GMT
 */
-void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
+FIPS_NON_FIPS_VCIPHER_Init(RC4)
        {
        register RC4_INT tmp;
        register int id1,id2;
@@ -93,59 +95,26 @@ void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
        unsigned int i;
        
        d= &(key->data[0]);
+        for (i=0; i<256; i++)
+                d[i]=i;
        key->x = 0;     
        key->y = 0;     
        id1=id2=0;     
-#define SK_LOOP(d,n) { \
+#define SK_LOOP(n) { \
                tmp=d[(n)]; \
                id2 = (data[id1] + tmp + id2) & 0xff; \
                if (++id1 == len) id1=0; \
                d[(n)]=d[id2]; \
                d[id2]=tmp; }
-#if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM)
-# if    defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
-        defined(__INTEL__) || \
-        defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64)
-        if (sizeof(RC4_INT) > 1) {
-                /*
-                 * Unlike all other x86 [and x86_64] implementations,
-                 * Intel P4 core [including EM64T] was found to perform
-                 * poorly with wider RC4_INT. Performance improvement
-                 * for IA-32 hand-coded assembler turned out to be 2.8x
-                 * if re-coded for RC4_CHAR! It's however inappropriate
-                 * to just switch to RC4_CHAR for x86[_64], as non-P4
-                 * implementations suffer from significant performance
-                 * losses then, e.g. PIII exhibits >2x deterioration,
-                 * and so does Opteron. In order to assure optimal
-                 * all-round performance, we detect P4 at run-time by
-                 * checking upon reserved bit 20 in CPU capability
-                 * vector and set up compressed key schedule, which is
-                 * recognized by correspondingly updated assembler
-                 * module... Bit 20 is set up by OPENSSL_ia32_cpuid.
-                 *
-                 *                              <appro@fy.chalmers.se>
-                 */
-                if (OPENSSL_ia32cap_P & (1<<20)) {
-                        unsigned char *cp=(unsigned char *)d;
-                        for (i=0;i<256;i++) cp[i]=i;
-                        for (i=0;i<256;i++) SK_LOOP(cp,i);
-                        /* mark schedule as compressed! */
-                        d[256/sizeof(RC4_INT)]=-1;
-                        return;
-                }
-        }
-# endif
-#endif
-        for (i=0; i < 256; i++) d[i]=i;
        for (i=0; i < 256; i+=4)
                {
-                SK_LOOP(d,i+0);
+                SK_LOOP(i+0);
-                SK_LOOP(d,i+1);
+                SK_LOOP(i+1);
-                SK_LOOP(d,i+2);
+                SK_LOOP(i+2);
-                SK_LOOP(d,i+3);
+                SK_LOOP(i+3);
                }
        }
    
diff --git a/src/lib/libcrypto/rc4/rc4s.cpp b/src/lib/libcrypto/rc4/rc4s.cpp
new file mode 100644
index 0000000000..3814fde997
--- /dev/null
+++ b/src/lib/libcrypto/rc4/rc4s.cpp
@@ -0,0 +1,73 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/rc4.h>
+void main(int argc,char *argv[])
+        {
+        unsigned char buffer[1024];
+        RC4_KEY ctx;
+        unsigned long s1,s2,e1,e2;
+        unsigned char k[16];
+        unsigned long data[2];
+        unsigned char iv[8];
+        int i,num=64,numm;
+        int j=0;
+        if (argc >= 2)
+                num=atoi(argv[1]);
+        if (num == 0) num=256;
+        if (num > 1024-16) num=1024-16;
+        numm=num+8;
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<10; i++) /**/
+                        {
+                        RC4(&ctx,numm,buffer,buffer);
+                        GetTSC(s1);
+                        RC4(&ctx,numm,buffer,buffer);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        RC4(&ctx,num,buffer,buffer);
+                        GetTSC(e2);
+                        RC4(&ctx,num,buffer,buffer);
+                        }
+                printf("RC4 (%d bytes) %d %d (%d) - 8 bytes\n",num,
+                        e1-s1,e2-s2,(e1-s1)-(e2-s2));
+                }
+        }
diff --git a/src/lib/libcrypto/rc4/rc4speed.c b/src/lib/libcrypto/rc4/rc4speed.c
new file mode 100644
index 0000000000..ced98c52df
--- /dev/null
+++ b/src/lib/libcrypto/rc4/rc4speed.c
@@ -0,0 +1,250 @@
+/* crypto/rc4/rc4speed.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
+/* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
+#define TIMES
+#endif
+#include <stdio.h>
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+#include <signal.h>
+#ifndef _IRIX
+#include <time.h>
+#endif
+#ifdef TIMES
+#include <sys/types.h>
+#include <sys/times.h>
+#endif
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.                           -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+#ifndef TIMES
+#include <sys/timeb.h>
+#endif
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#include <openssl/rc4.h>
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+#ifndef CLK_TCK
+#define HZ      100.0
+#else /* CLK_TCK */
+#define HZ ((double)CLK_TCK)
+#endif
+#endif
+#define BUFSIZE ((long)1024)
+long run=0;
+double Time_F(int s);
+#ifdef SIGALRM
+#if defined(__STDC__) || defined(sgi) || defined(_AIX)
+#define SIGRETTYPE void
+#else
+#define SIGRETTYPE int
+#endif
+SIGRETTYPE sig_done(int sig);
+SIGRETTYPE sig_done(int sig)
+        {
+        signal(SIGALRM,sig_done);
+        run=0;
+#ifdef LINT
+        sig=sig;
+#endif
+        }
+#endif
+#define START   0
+#define STOP    1
+double Time_F(int s)
+        {
+        double ret;
+#ifdef TIMES
+        static struct tms tstart,tend;
+        if (s == START)
+                {
+                times(&tstart);
+                return(0);
+                }
+        else
+                {
+                times(&tend);
+                ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#else /* !times() */
+        static struct timeb tstart,tend;
+        long i;
+        if (s == START)
+                {
+                ftime(&tstart);
+                return(0);
+                }
+        else
+                {
+                ftime(&tend);
+                i=(long)tend.millitm-(long)tstart.millitm;
+                ret=((double)(tend.time-tstart.time))+((double)i)/1e3;
+                return((ret == 0.0)?1e-6:ret);
+                }
+#endif
+        }
+int main(int argc, char **argv)
+        {
+        long count;
+        static unsigned char buf[BUFSIZE];
+        static unsigned char key[] ={
+                        0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+                        0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10,
+                        };
+        RC4_KEY sch;
+        double a,b,c,d;
+#ifndef SIGALRM
+        long ca,cb,cc;
+#endif
+#ifndef TIMES
+        printf("To get the most accurate results, try to run this\n");
+        printf("program when this computer is idle.\n");
+#endif
+#ifndef SIGALRM
+        printf("First we calculate the approximate speed ...\n");
+        RC4_set_key(&sch,16,key);
+        count=10;
+        do      {
+                long i;
+                unsigned long data[2];
+                count*=2;
+                Time_F(START);
+                for (i=count; i; i--)
+                        RC4(&sch,8,buf,buf);
+                d=Time_F(STOP);
+                } while (d < 3.0);
+        ca=count/512;
+        cc=count*8/BUFSIZE+1;
+        printf("Doing RC4_set_key %ld times\n",ca);
+#define COND(d) (count != (d))
+#define COUNT(d) (d)
+#else
+#define COND(c) (run)
+#define COUNT(d) (count)
+        signal(SIGALRM,sig_done);
+        printf("Doing RC4_set_key for 10 seconds\n");
+        alarm(10);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(ca); count+=4)
+                {
+                RC4_set_key(&sch,16,key);
+                RC4_set_key(&sch,16,key);
+                RC4_set_key(&sch,16,key);
+                RC4_set_key(&sch,16,key);
+                }
+        d=Time_F(STOP);
+        printf("%ld RC4_set_key's in %.2f seconds\n",count,d);
+        a=((double)COUNT(ca))/d;
+#ifdef SIGALRM
+        printf("Doing RC4 on %ld byte blocks for 10 seconds\n",BUFSIZE);
+        alarm(10);
+#else
+        printf("Doing RC4 %ld times on %ld byte blocks\n",cc,BUFSIZE);
+#endif
+        Time_F(START);
+        for (count=0,run=1; COND(cc); count++)
+                RC4(&sch,BUFSIZE,buf,buf);
+        d=Time_F(STOP);
+        printf("%ld RC4's of %ld byte blocks in %.2f second\n",
+                count,BUFSIZE,d);
+        c=((double)COUNT(cc)*BUFSIZE)/d;
+        printf("RC4 set_key per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
+        printf("RC4   bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
+        exit(0);
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
+        return(0);
+#endif
+        }
diff --git a/src/lib/libcrypto/rc4/rc4test.c b/src/lib/libcrypto/rc4/rc4test.c
new file mode 100644
index 0000000000..b9d8f20975
--- /dev/null
+++ b/src/lib/libcrypto/rc4/rc4test.c
@@ -0,0 +1,203 @@
+/* crypto/rc4/rc4test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "../e_os.h"
+#ifdef OPENSSL_NO_RC4
+int main(int argc, char *argv[])
+{
+    printf("No RC4 support\n");
+    return(0);
+}
+#else
+#include <openssl/rc4.h>
+static unsigned char keys[7][30]={
+        {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
+        {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
+        {8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {4,0xef,0x01,0x23,0x45},
+        {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
+        {4,0xef,0x01,0x23,0x45},
+        };
+static unsigned char data_len[7]={8,8,8,20,28,10};
+static unsigned char data[7][30]={
+        {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xff},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+           0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+           0x00,0x00,0x00,0x00,0xff},
+        {0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
+           0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
+           0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0,
+           0x12,0x34,0x56,0x78,0xff},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
+        {0},
+        };
+static unsigned char output[7][30]={
+        {0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96,0x00},
+        {0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79,0x00},
+        {0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a,0x00},
+        {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,
+         0xbd,0x61,0x5a,0x11,0x62,0xe1,0xc7,0xba,
+         0x36,0xb6,0x78,0x58,0x00},
+        {0x66,0xa0,0x94,0x9f,0x8a,0xf7,0xd6,0x89,
+         0x1f,0x7f,0x83,0x2b,0xa8,0x33,0xc0,0x0c,
+         0x89,0x2e,0xbe,0x30,0x14,0x3c,0xe2,0x87,
+         0x40,0x01,0x1e,0xcf,0x00},
+        {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61,0x00},
+        {0},
+        };
+int main(int argc, char *argv[])
+        {
+        int i,err=0;
+        int j;
+        unsigned char *p;
+        RC4_KEY key;
+        unsigned char buf[512],obuf[512];
+        for (i=0; i<512; i++) buf[i]=0x01;
+        for (i=0; i<6; i++)
+                {
+                RC4_set_key(&key,keys[i][0],&(keys[i][1]));
+                memset(obuf,0x00,sizeof(obuf));
+                RC4(&key,data_len[i],&(data[i][0]),obuf);
+                if (memcmp(obuf,output[i],data_len[i]+1) != 0)
+                        {
+                        printf("error calculating RC4\n");
+                        printf("output:");
+                        for (j=0; j<data_len[i]+1; j++)
+                                printf(" %02x",obuf[j]);
+                        printf("\n");
+                        printf("expect:");
+                        p= &(output[i][0]);
+                        for (j=0; j<data_len[i]+1; j++)
+                                printf(" %02x",*(p++));
+                        printf("\n");
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                }
+        printf("test end processing ");
+        for (i=0; i<data_len[3]; i++)
+                {
+                RC4_set_key(&key,keys[3][0],&(keys[3][1]));
+                memset(obuf,0x00,sizeof(obuf));
+                RC4(&key,i,&(data[3][0]),obuf);
+                if ((memcmp(obuf,output[3],i) != 0) || (obuf[i] != 0))
+                        {
+                        printf("error in RC4 length processing\n");
+                        printf("output:");
+                        for (j=0; j<i+1; j++)
+                                printf(" %02x",obuf[j]);
+                        printf("\n");
+                        printf("expect:");
+                        p= &(output[3][0]);
+                        for (j=0; j<i; j++)
+                                printf(" %02x",*(p++));
+                        printf(" 00\n");
+                        err++;
+                        }
+                else
+                        {
+                        printf(".");
+                        fflush(stdout);
+                        }
+                }
+        printf("done\n");
+        printf("test multi-call ");
+        for (i=0; i<data_len[3]; i++)
+                {
+                RC4_set_key(&key,keys[3][0],&(keys[3][1]));
+                memset(obuf,0x00,sizeof(obuf));
+                RC4(&key,i,&(data[3][0]),obuf);
+                RC4(&key,data_len[3]-i,&(data[3][i]),&(obuf[i]));
+                if (memcmp(obuf,output[3],data_len[3]+1) != 0)
+                        {
+                        printf("error in RC4 multi-call processing\n");
+                        printf("output:");
+                        for (j=0; j<data_len[3]+1; j++)
+                                printf(" %02x",obuf[j]);
+                        printf("\n");
+                        printf("expect:");
+                        p= &(output[3][0]);
+                        for (j=0; j<data_len[3]+1; j++)
+                                printf(" %02x",*(p++));
+                        err++;
+                        }
+                else
+                        {
+                        printf(".");
+                        fflush(stdout);
+                        }
+                }
+        printf("done\n");
+        EXIT(err);
+        return(0);
+        }
+#endif
diff --git a/src/lib/libcrypto/rc4/rrc4.doc b/src/lib/libcrypto/rc4/rrc4.doc
new file mode 100644
index 0000000000..2f9a953c12
--- /dev/null
+++ b/src/lib/libcrypto/rc4/rrc4.doc
@@ -0,0 +1,278 @@
+Newsgroups: sci.crypt,alt.security,comp.security.misc,alt.privacy
+Path: ghost.dsi.unimi.it!univ-lyon1.fr!jussieu.fr!zaphod.crihan.fr!warwick!clyde.open.ac.uk!strath-cs!bnr.co.uk!bt!pipex!howland.reston.ans.net!europa.eng.gtefsd.com!MathWorks.Com!yeshua.marcam.com!charnel.ecst.csuchico.edu!csusac!csus.edu!netcom.com!sterndark
+From: sterndark@netcom.com (David Sterndark)
+Subject: RC4 Algorithm revealed.
+Message-ID: <sternCvKL4B.Hyy@netcom.com>
+Sender: sterndark@netcom.com 
+Organization: NETCOM On-line Communication Services (408 261-4700 guest)
+X-Newsreader: TIN [version 1.2 PL1]
+Date: Wed, 14 Sep 1994 06:35:31 GMT
+Lines: 263
+Xref: ghost.dsi.unimi.it sci.crypt:27332 alt.security:14732 comp.security.misc:11701 alt.privacy:16026
+I am shocked,  shocked, I tell you,  shocked, to discover
+that the cypherpunks have illegaly and criminally revealed
+a crucial RSA trade secret and harmed the security of
+America by reverse engineering the RC4 algorithm and
+publishing it to the world.
+ 
+On Saturday morning an anonymous cypherpunk wrote:
+ 
+ 
+   SUBJECT:  RC4 Source Code
+ 
+ 
+   I've tested this.  It is compatible with the RC4 object module
+   that comes in the various RSA toolkits.  
+ 
+   /* rc4.h */
+   typedef struct rc4_key
+   {      
+        unsigned char state[256];       
+        unsigned char x;        
+        unsigned char y;
+   } rc4_key;
+   void prepare_key(unsigned char *key_data_ptr,int key_data_len,
+   rc4_key *key);
+   void rc4(unsigned char *buffer_ptr,int buffer_len,rc4_key * key);
+   
+   
+   /*rc4.c */
+   #include "rc4.h"
+   static void swap_byte(unsigned char *a, unsigned char *b);
+   void prepare_key(unsigned char *key_data_ptr, int key_data_len,
+   rc4_key *key)
+   {
+        unsigned char swapByte;
+        unsigned char index1;
+        unsigned char index2;
+        unsigned char* state;
+        short counter;     
+        
+        state = &key->state[0];         
+        for(counter = 0; counter < 256; counter++)              
+        state[counter] = counter;               
+        key->x = 0;     
+        key->y = 0;     
+        index1 = 0;     
+        index2 = 0;             
+        for(counter = 0; counter < 256; counter++)      
+        {               
+             index2 = (key_data_ptr[index1] + state[counter] +
+                index2) % 256;                
+             swap_byte(&state[counter], &state[index2]);            
+   
+             index1 = (index1 + 1) % key_data_len;  
+        }       
+    }
+    
+    void rc4(unsigned char *buffer_ptr, int buffer_len, rc4_key *key)
+    { 
+        unsigned char x;
+        unsigned char y;
+        unsigned char* state;
+        unsigned char xorIndex;
+        short counter;              
+        
+        x = key->x;     
+        y = key->y;     
+        
+        state = &key->state[0];         
+        for(counter = 0; counter < buffer_len; counter ++)      
+        {               
+             x = (x + 1) % 256;                      
+             y = (state[x] + y) % 256;               
+             swap_byte(&state[x], &state[y]);                        
+                  
+             xorIndex = (state[x] + state[y]) % 256;                 
+                  
+             buffer_ptr[counter] ^= state[xorIndex];         
+         }               
+         key->x = x;     
+         key->y = y;
+    }
+    
+    static void swap_byte(unsigned char *a, unsigned char *b)
+    {
+        unsigned char swapByte; 
+        
+        swapByte = *a; 
+        *a = *b;      
+        *b = swapByte;
+    }
+ 
+ 
+ 
+Another cypherpunk, this one not anonymous, tested the
+output from this algorithm against the output from
+official RC4 object code
+ 
+ 
+   Date: Tue, 13 Sep 94 18:37:56 PDT
+   From: ekr@eit.COM (Eric Rescorla)
+   Message-Id: <9409140137.AA17743@eitech.eit.com>
+   Subject: RC4 compatibility testing
+   Cc: cypherpunks@toad.com
+   
+   One data point:
+   
+   I can't say anything about the internals of RC4 versus the
+   algorithm that Bill Sommerfeld is rightly calling 'Alleged RC4',
+   since I don't know anything about RC4's internals. 
+   
+   However, I do have a (legitimately acquired) copy of BSAFE2 and
+   so I'm able to compare the output of this algorithm to the output
+   of genuine RC4 as found in BSAFE. I chose a set of test vectors
+   and ran them through both algorithms. The algorithms appear to
+   give identical results, at least with these key/plaintext pairs.
+   
+   I note that this is the algorithm _without_ Hal Finney's
+   proposed modification
+   
+   (see <199409130605.XAA24133@jobe.shell.portal.com>).
+   
+   The vectors I used (together with the ciphertext they produce)
+   follow at the end of this message.
+   
+   -Ekr
+   
+   Disclaimer: This posting does not reflect the opinions of EIT.
+   
+   --------------------results follow--------------
+   Test vector 0
+   Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef 
+   Input: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef 
+   0 Output: 0x75 0xb7 0x87 0x80 0x99 0xe0 0xc5 0x96 
+   
+   Test vector 1
+   Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef 
+   Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
+   0 Output: 0x74 0x94 0xc2 0xe7 0x10 0x4b 0x08 0x79 
+   
+   Test vector 2
+   Key: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
+   Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
+   0 Output: 0xde 0x18 0x89 0x41 0xa3 0x37 0x5d 0x3a 
+   
+   Test vector 3
+   Key: 0xef 0x01 0x23 0x45 
+   Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
+   0 Output: 0xd6 0xa1 0x41 0xa7 0xec 0x3c 0x38 0xdf 0xbd 0x61 
+   
+   Test vector 4
+   Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef 
+   Input: 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
+   0x01 
+   0 Output: 0x75 0x95 0xc3 0xe6 0x11 0x4a 0x09 0x78 0x0c 0x4a 0xd4 
+   0x52 0x33 0x8e 0x1f 0xfd 0x9a 0x1b 0xe9 0x49 0x8f 
+   0x81 0x3d 0x76 0x53 0x34 0x49 0xb6 0x77 0x8d 0xca 
+   0xd8 0xc7 0x8a 0x8d 0x2b 0xa9 0xac 0x66 0x08 0x5d 
+   0x0e 0x53 0xd5 0x9c 0x26 0xc2 0xd1 0xc4 0x90 0xc1 
+   0xeb 0xbe 0x0c 0xe6 0x6d 0x1b 0x6b 0x1b 0x13 0xb6 
+   0xb9 0x19 0xb8 0x47 0xc2 0x5a 0x91 0x44 0x7a 0x95 
+   0xe7 0x5e 0x4e 0xf1 0x67 0x79 0xcd 0xe8 0xbf 0x0a 
+   0x95 0x85 0x0e 0x32 0xaf 0x96 0x89 0x44 0x4f 0xd3 
+   0x77 0x10 0x8f 0x98 0xfd 0xcb 0xd4 0xe7 0x26 0x56 
+   0x75 0x00 0x99 0x0b 0xcc 0x7e 0x0c 0xa3 0xc4 0xaa 
+   0xa3 0x04 0xa3 0x87 0xd2 0x0f 0x3b 0x8f 0xbb 0xcd 
+   0x42 0xa1 0xbd 0x31 0x1d 0x7a 0x43 0x03 0xdd 0xa5 
+   0xab 0x07 0x88 0x96 0xae 0x80 0xc1 0x8b 0x0a 0xf6 
+   0x6d 0xff 0x31 0x96 0x16 0xeb 0x78 0x4e 0x49 0x5a 
+   0xd2 0xce 0x90 0xd7 0xf7 0x72 0xa8 0x17 0x47 0xb6 
+   0x5f 0x62 0x09 0x3b 0x1e 0x0d 0xb9 0xe5 0xba 0x53 
+   0x2f 0xaf 0xec 0x47 0x50 0x83 0x23 0xe6 0x71 0x32 
+   0x7d 0xf9 0x44 0x44 0x32 0xcb 0x73 0x67 0xce 0xc8 
+   0x2f 0x5d 0x44 0xc0 0xd0 0x0b 0x67 0xd6 0x50 0xa0 
+   0x75 0xcd 0x4b 0x70 0xde 0xdd 0x77 0xeb 0x9b 0x10 
+   0x23 0x1b 0x6b 0x5b 0x74 0x13 0x47 0x39 0x6d 0x62 
+   0x89 0x74 0x21 0xd4 0x3d 0xf9 0xb4 0x2e 0x44 0x6e 
+   0x35 0x8e 0x9c 0x11 0xa9 0xb2 0x18 0x4e 0xcb 0xef 
+   0x0c 0xd8 0xe7 0xa8 0x77 0xef 0x96 0x8f 0x13 0x90 
+   0xec 0x9b 0x3d 0x35 0xa5 0x58 0x5c 0xb0 0x09 0x29 
+   0x0e 0x2f 0xcd 0xe7 0xb5 0xec 0x66 0xd9 0x08 0x4b 
+   0xe4 0x40 0x55 0xa6 0x19 0xd9 0xdd 0x7f 0xc3 0x16 
+   0x6f 0x94 0x87 0xf7 0xcb 0x27 0x29 0x12 0x42 0x64 
+   0x45 0x99 0x85 0x14 0xc1 0x5d 0x53 0xa1 0x8c 0x86 
+   0x4c 0xe3 0xa2 0xb7 0x55 0x57 0x93 0x98 0x81 0x26 
+   0x52 0x0e 0xac 0xf2 0xe3 0x06 0x6e 0x23 0x0c 0x91 
+   0xbe 0xe4 0xdd 0x53 0x04 0xf5 0xfd 0x04 0x05 0xb3 
+   0x5b 0xd9 0x9c 0x73 0x13 0x5d 0x3d 0x9b 0xc3 0x35 
+   0xee 0x04 0x9e 0xf6 0x9b 0x38 0x67 0xbf 0x2d 0x7b 
+   0xd1 0xea 0xa5 0x95 0xd8 0xbf 0xc0 0x06 0x6f 0xf8 
+   0xd3 0x15 0x09 0xeb 0x0c 0x6c 0xaa 0x00 0x6c 0x80 
+   0x7a 0x62 0x3e 0xf8 0x4c 0x3d 0x33 0xc1 0x95 0xd2 
+   0x3e 0xe3 0x20 0xc4 0x0d 0xe0 0x55 0x81 0x57 0xc8 
+   0x22 0xd4 0xb8 0xc5 0x69 0xd8 0x49 0xae 0xd5 0x9d 
+   0x4e 0x0f 0xd7 0xf3 0x79 0x58 0x6b 0x4b 0x7f 0xf6 
+   0x84 0xed 0x6a 0x18 0x9f 0x74 0x86 0xd4 0x9b 0x9c 
+   0x4b 0xad 0x9b 0xa2 0x4b 0x96 0xab 0xf9 0x24 0x37 
+   0x2c 0x8a 0x8f 0xff 0xb1 0x0d 0x55 0x35 0x49 0x00 
+   0xa7 0x7a 0x3d 0xb5 0xf2 0x05 0xe1 0xb9 0x9f 0xcd 
+   0x86 0x60 0x86 0x3a 0x15 0x9a 0xd4 0xab 0xe4 0x0f 
+   0xa4 0x89 0x34 0x16 0x3d 0xdd 0xe5 0x42 0xa6 0x58 
+   0x55 0x40 0xfd 0x68 0x3c 0xbf 0xd8 0xc0 0x0f 0x12 
+   0x12 0x9a 0x28 0x4d 0xea 0xcc 0x4c 0xde 0xfe 0x58 
+   0xbe 0x71 0x37 0x54 0x1c 0x04 0x71 0x26 0xc8 0xd4 
+   0x9e 0x27 0x55 0xab 0x18 0x1a 0xb7 0xe9 0x40 0xb0 
+   0xc0 
+   
+-- 
+ ---------------------------------------------------------------------
+We have the right to defend ourselves and our
+property, because of the kind of animals that we              James A. Donald
+are.  True law derives from this right, not from
+the arbitrary power of the omnipotent state.                jamesd@netcom.com
diff --git a/src/lib/libcrypto/rc5/Makefile b/src/lib/libcrypto/rc5/Makefile
new file mode 100644
index 0000000000..efb0f36b59
--- /dev/null
+++ b/src/lib/libcrypto/rc5/Makefile
@@ -0,0 +1,103 @@
+#
+# OpenSSL/crypto/rc5/Makefile
+#
+DIR=    rc5
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+RC5_ENC=                rc5_enc.o
+# or use
+#DES_ENC=       r586-elf.o
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+GENERAL=Makefile
+TEST=rc5test.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rc5_skey.c rc5_ecb.c rc5_enc.c rc5cfb64.c rc5ofb64.c 
+LIBOBJ=rc5_skey.o rc5_ecb.o $(RC5_ENC) rc5cfb64.o rc5ofb64.o
+SRC= $(LIBSRC)
+EXHEADER= rc5.h
+HEADER= rc5_locl.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+# ELF
+r586-elf.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) rc5-586.pl elf $(CFLAGS) > ../$@)
+# COFF
+r586-cof.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) rc5-586.pl coff $(CFLAGS) > ../$@)
+# a.out
+r586-out.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) rc5-586.pl a.out $(CFLAGS) > ../$@)
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+rc5_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rc5_ecb.o: ../../include/openssl/rc5.h rc5_ecb.c rc5_locl.h
+rc5_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc5.h
+rc5_enc.o: rc5_enc.c rc5_locl.h
+rc5_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc5.h
+rc5_skey.o: rc5_locl.h rc5_skey.c
+rc5cfb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc5.h
+rc5cfb64.o: rc5_locl.h rc5cfb64.c
+rc5ofb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc5.h
+rc5ofb64.o: rc5_locl.h rc5ofb64.c
diff --git a/src/lib/libcrypto/rc5/Makefile.ssl b/src/lib/libcrypto/rc5/Makefile.ssl
new file mode 100644
index 0000000000..3f9632f8f7
--- /dev/null
+++ b/src/lib/libcrypto/rc5/Makefile.ssl
@@ -0,0 +1,108 @@
+#
+# SSLeay/crypto/rc5/Makefile
+#
+DIR=    rc5
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+RC5_ENC=                rc5_enc.o
+# or use
+#DES_ENC=       r586-elf.o
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+GENERAL=Makefile
+TEST=rc5test.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rc5_skey.c rc5_ecb.c rc5_enc.c rc5cfb64.c rc5ofb64.c 
+LIBOBJ=rc5_skey.o rc5_ecb.o $(RC5_ENC) rc5cfb64.o rc5ofb64.o
+SRC= $(LIBSRC)
+EXHEADER= rc5.h
+HEADER= rc5_locl.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+# elf
+asm/r586-elf.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) rc5-586.pl elf $(CFLAGS) > r586-elf.s)
+# a.out
+asm/r586-out.o: asm/r586unix.cpp
+        $(CPP) -DOUT asm/r586unix.cpp | as -o asm/r586-out.o
+# bsdi
+asm/r586bsdi.o: asm/r586unix.cpp
+        $(CPP) -DBSDI asm/r586unix.cpp | sed 's/ :/:/' | as -o asm/r586bsdi.o
+asm/r586unix.cpp: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+        (cd asm; $(PERL) rc5-586.pl cpp >r586unix.cpp)
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f asm/r586unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+rc5_ecb.o: ../../include/openssl/opensslv.h ../../include/openssl/rc5.h
+rc5_ecb.o: rc5_ecb.c rc5_locl.h
+rc5_enc.o: ../../include/openssl/rc5.h rc5_enc.c rc5_locl.h
+rc5_skey.o: ../../include/openssl/rc5.h rc5_locl.h rc5_skey.c
+rc5cfb64.o: ../../include/openssl/rc5.h rc5_locl.h rc5cfb64.c
+rc5ofb64.o: ../../include/openssl/rc5.h rc5_locl.h rc5ofb64.c
diff --git a/src/lib/libcrypto/rc5/rc5.h b/src/lib/libcrypto/rc5/rc5.h
new file mode 100644
index 0000000000..aa3f26920b
--- /dev/null
+++ b/src/lib/libcrypto/rc5/rc5.h
@@ -0,0 +1,119 @@
+/* crypto/rc5/rc5.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#ifndef HEADER_RC5_H
+#define HEADER_RC5_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#ifdef OPENSSL_NO_RC5
+#error RC5 is disabled.
+#endif
+#define RC5_ENCRYPT     1
+#define RC5_DECRYPT     0
+/* 32 bit.  For Alpha, things may get weird */
+#define RC5_32_INT unsigned long
+#define RC5_32_BLOCK            8
+#define RC5_32_KEY_LENGTH       16 /* This is a default, max is 255 */
+/* This are the only values supported.  Tweak the code if you want more
+ * The most supported modes will be
+ * RC5-32/12/16
+ * RC5-32/16/8
+ */
+#define RC5_8_ROUNDS    8
+#define RC5_12_ROUNDS   12
+#define RC5_16_ROUNDS   16
+typedef struct rc5_key_st
+        {
+        /* Number of rounds */
+        int rounds;
+        RC5_32_INT data[2*(RC5_16_ROUNDS+1)];
+        } RC5_32_KEY;
+#ifdef OPENSSL_FIPS 
+void private_RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
+        int rounds);
+#endif
+void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
+        int rounds);
+void RC5_32_ecb_encrypt(const unsigned char *in,unsigned char *out,RC5_32_KEY *key,
+        int enc);
+void RC5_32_encrypt(unsigned long *data,RC5_32_KEY *key);
+void RC5_32_decrypt(unsigned long *data,RC5_32_KEY *key);
+void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, RC5_32_KEY *ks, unsigned char *iv,
+                        int enc);
+void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                          long length, RC5_32_KEY *schedule,
+                          unsigned char *ivec, int *num, int enc);
+void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                          long length, RC5_32_KEY *schedule,
+                          unsigned char *ivec, int *num);
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/rc5/rc5_locl.h b/src/lib/libcrypto/rc5/rc5_locl.h
new file mode 100644
index 0000000000..282dd38822
--- /dev/null
+++ b/src/lib/libcrypto/rc5/rc5_locl.h
@@ -0,0 +1,207 @@
+/* crypto/rc5/rc5_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdlib.h>
+#undef c2l
+#define c2l(c,l)        (l =((unsigned long)(*((c)++)))    , \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<<24L)
+/* NOTE - c is not incremented as per c2l */
+#undef c2ln
+#define c2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
+                        case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
+                        case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
+                        case 5: l2|=((unsigned long)(*(--(c))));     \
+                        case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
+                        case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
+                        case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
+                        case 1: l1|=((unsigned long)(*(--(c))));     \
+                                } \
+                        }
+#undef l2c
+#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+/* NOTE - c is not incremented as per l2c */
+#undef l2cn
+#define l2cn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+                        case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+                        case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+                        case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+                        case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+                        case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+                        case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+                        case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+                                } \
+                        }
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))    ; \
+                        case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+                        case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+                        case 4: l1 =((unsigned long)(*(--(c))))    ; \
+                        case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+                        case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+                                } \
+                        }
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                        case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+                                } \
+                        }
+#undef n2l
+#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++))))
+#undef l2n
+#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+#if (defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)) || defined(__ICC)
+#define ROTATE_l32(a,n)     _lrotl(a,n)
+#define ROTATE_r32(a,n)     _lrotr(a,n)
+#elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
+# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+#  define ROTATE_l32(a,n)       ({ register unsigned int ret;   \
+                                        asm ("roll %%cl,%0"     \
+                                                : "=r"(ret)     \
+                                                : "c"(n),"0"(a) \
+                                                : "cc");        \
+                                        ret;                    \
+                                })
+#  define ROTATE_r32(a,n)       ({ register unsigned int ret;   \
+                                        asm ("rorl %%cl,%0"     \
+                                                : "=r"(ret)     \
+                                                : "c"(n),"0"(a) \
+                                                : "cc");        \
+                                        ret;                    \
+                                })
+# endif
+#endif
+#ifndef ROTATE_l32
+#define ROTATE_l32(a,n)     (((a)<<(n&0x1f))|(((a)&0xffffffff)>>(32-(n&0x1f))))
+#endif
+#ifndef ROTATE_r32
+#define ROTATE_r32(a,n)     (((a)<<(32-(n&0x1f)))|(((a)&0xffffffff)>>(n&0x1f)))
+#endif
+#define RC5_32_MASK     0xffffffffL
+#define RC5_16_P        0xB7E1
+#define RC5_16_Q        0x9E37
+#define RC5_32_P        0xB7E15163L
+#define RC5_32_Q        0x9E3779B9L
+#define RC5_64_P        0xB7E151628AED2A6BLL
+#define RC5_64_Q        0x9E3779B97F4A7C15LL
+#define E_RC5_32(a,b,s,n) \
+        a^=b; \
+        a=ROTATE_l32(a,b); \
+        a+=s[n]; \
+        a&=RC5_32_MASK; \
+        b^=a; \
+        b=ROTATE_l32(b,a); \
+        b+=s[n+1]; \
+        b&=RC5_32_MASK;
+#define D_RC5_32(a,b,s,n) \
+        b-=s[n+1]; \
+        b&=RC5_32_MASK; \
+        b=ROTATE_r32(b,a); \
+        b^=a; \
+        a-=s[n]; \
+        a&=RC5_32_MASK; \
+        a=ROTATE_r32(a,b); \
+        a^=b;
diff --git a/src/lib/libcrypto/rc5/rc5s.cpp b/src/lib/libcrypto/rc5/rc5s.cpp
new file mode 100644
index 0000000000..1c5518bc80
--- /dev/null
+++ b/src/lib/libcrypto/rc5/rc5s.cpp
@@ -0,0 +1,70 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/rc5.h>
+void main(int argc,char *argv[])
+        {
+        RC5_32_KEY key;
+        unsigned long s1,s2,e1,e2;
+        unsigned long data[2];
+        int i,j;
+        static unsigned char d[16]={0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
+        RC5_32_set_key(&key, 16,d,12);
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<1000; i++) /**/
+                        {
+                        RC5_32_encrypt(&data[0],&key);
+                        GetTSC(s1);
+                        RC5_32_encrypt(&data[0],&key);
+                        RC5_32_encrypt(&data[0],&key);
+                        RC5_32_encrypt(&data[0],&key);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        RC5_32_encrypt(&data[0],&key);
+                        RC5_32_encrypt(&data[0],&key);
+                        RC5_32_encrypt(&data[0],&key);
+                        RC5_32_encrypt(&data[0],&key);
+                        GetTSC(e2);
+                        RC5_32_encrypt(&data[0],&key);
+                        }
+                printf("cast %d %d (%d)\n",
+                        e1-s1,e2-s2,((e2-s2)-(e1-s1)));
+                }
+        }
diff --git a/src/lib/libcrypto/rc5/rc5test.c b/src/lib/libcrypto/rc5/rc5test.c
new file mode 100644
index 0000000000..ce3d0cc16f
--- /dev/null
+++ b/src/lib/libcrypto/rc5/rc5test.c
@@ -0,0 +1,386 @@
+/* crypto/rc5/rc5test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* This has been a quickly hacked 'ideatest.c'.  When I add tests for other
+ * RC5 modes, more of the code will be uncommented. */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "../e_os.h"
+#ifdef OPENSSL_NO_RC5
+int main(int argc, char *argv[])
+{
+    printf("No RC5 support\n");
+    return(0);
+}
+#else
+#include <openssl/rc5.h>
+static unsigned char RC5key[5][16]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+         0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x91,0x5f,0x46,0x19,0xbe,0x41,0xb2,0x51,
+         0x63,0x55,0xa5,0x01,0x10,0xa9,0xce,0x91},
+        {0x78,0x33,0x48,0xe7,0x5a,0xeb,0x0f,0x2f,
+         0xd7,0xb1,0x69,0xbb,0x8d,0xc1,0x67,0x87},
+        {0xdc,0x49,0xdb,0x13,0x75,0xa5,0x58,0x4f,
+         0x64,0x85,0xb4,0x13,0xb5,0xf1,0x2b,0xaf},
+        {0x52,0x69,0xf1,0x49,0xd4,0x1b,0xa0,0x15,
+         0x24,0x97,0x57,0x4d,0x7f,0x15,0x31,0x25},
+        };
+static unsigned char RC5plain[5][8]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x21,0xA5,0xDB,0xEE,0x15,0x4B,0x8F,0x6D},
+        {0xF7,0xC0,0x13,0xAC,0x5B,0x2B,0x89,0x52},
+        {0x2F,0x42,0xB3,0xB7,0x03,0x69,0xFC,0x92},
+        {0x65,0xC1,0x78,0xB2,0x84,0xD1,0x97,0xCC},
+        };
+static unsigned char RC5cipher[5][8]={
+        {0x21,0xA5,0xDB,0xEE,0x15,0x4B,0x8F,0x6D},
+        {0xF7,0xC0,0x13,0xAC,0x5B,0x2B,0x89,0x52},
+        {0x2F,0x42,0xB3,0xB7,0x03,0x69,0xFC,0x92},
+        {0x65,0xC1,0x78,0xB2,0x84,0xD1,0x97,0xCC},
+        {0xEB,0x44,0xE4,0x15,0xDA,0x31,0x98,0x24},
+        };
+#define RC5_CBC_NUM 27
+static unsigned char rc5_cbc_cipher[RC5_CBC_NUM][8]={
+        {0x7a,0x7b,0xba,0x4d,0x79,0x11,0x1d,0x1e},
+        {0x79,0x7b,0xba,0x4d,0x78,0x11,0x1d,0x1e},
+        {0x7a,0x7b,0xba,0x4d,0x79,0x11,0x1d,0x1f},
+        {0x7a,0x7b,0xba,0x4d,0x79,0x11,0x1d,0x1f},
+        {0x8b,0x9d,0xed,0x91,0xce,0x77,0x94,0xa6},
+        {0x2f,0x75,0x9f,0xe7,0xad,0x86,0xa3,0x78},
+        {0xdc,0xa2,0x69,0x4b,0xf4,0x0e,0x07,0x88},
+        {0xdc,0xa2,0x69,0x4b,0xf4,0x0e,0x07,0x88},
+        {0xdc,0xfe,0x09,0x85,0x77,0xec,0xa5,0xff},
+        {0x96,0x46,0xfb,0x77,0x63,0x8f,0x9c,0xa8},
+        {0xb2,0xb3,0x20,0x9d,0xb6,0x59,0x4d,0xa4},
+        {0x54,0x5f,0x7f,0x32,0xa5,0xfc,0x38,0x36},
+        {0x82,0x85,0xe7,0xc1,0xb5,0xbc,0x74,0x02},
+        {0xfc,0x58,0x6f,0x92,0xf7,0x08,0x09,0x34},
+        {0xcf,0x27,0x0e,0xf9,0x71,0x7f,0xf7,0xc4},
+        {0xe4,0x93,0xf1,0xc1,0xbb,0x4d,0x6e,0x8c},
+        {0x5c,0x4c,0x04,0x1e,0x0f,0x21,0x7a,0xc3},
+        {0x92,0x1f,0x12,0x48,0x53,0x73,0xb4,0xf7},
+        {0x5b,0xa0,0xca,0x6b,0xbe,0x7f,0x5f,0xad},
+        {0xc5,0x33,0x77,0x1c,0xd0,0x11,0x0e,0x63},
+        {0x29,0x4d,0xdb,0x46,0xb3,0x27,0x8d,0x60},
+        {0xda,0xd6,0xbd,0xa9,0xdf,0xe8,0xf7,0xe8},
+        {0x97,0xe0,0x78,0x78,0x37,0xed,0x31,0x7f},
+        {0x78,0x75,0xdb,0xf6,0x73,0x8c,0x64,0x78},
+        {0x8f,0x34,0xc3,0xc6,0x81,0xc9,0x96,0x95},
+        {0x7c,0xb3,0xf1,0xdf,0x34,0xf9,0x48,0x11},
+        {0x7f,0xd1,0xa0,0x23,0xa5,0xbb,0xa2,0x17},
+        };
+static unsigned char rc5_cbc_key[RC5_CBC_NUM][17]={
+        { 1,0x00},
+        { 1,0x00},
+        { 1,0x00},
+        { 1,0x00},
+        { 1,0x00},
+        { 1,0x11},
+        { 1,0x00},
+        { 4,0x00,0x00,0x00,0x00},
+        { 1,0x00},
+        { 1,0x00},
+        { 1,0x00},
+        { 1,0x00},
+        { 4,0x01,0x02,0x03,0x04},
+        { 4,0x01,0x02,0x03,0x04},
+        { 4,0x01,0x02,0x03,0x04},
+        { 8,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+        { 8,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+        { 8,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+        { 8,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+        {16,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
+            0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+        {16,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
+            0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+        {16,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
+            0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+        { 5,0x01,0x02,0x03,0x04,0x05},
+        { 5,0x01,0x02,0x03,0x04,0x05},
+        { 5,0x01,0x02,0x03,0x04,0x05},
+        { 5,0x01,0x02,0x03,0x04,0x05},
+        { 5,0x01,0x02,0x03,0x04,0x05},
+        };
+static unsigned char rc5_cbc_plain[RC5_CBC_NUM][8]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
+        {0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+        {0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+        {0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+        {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
+        {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
+        {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
+        {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
+        {0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+        {0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+        {0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+        {0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+        {0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+        {0x10,0x20,0x30,0x40,0x50,0x60,0x70,0x80},
+        {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
+        {0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
+        {0x08,0x08,0x08,0x08,0x08,0x08,0x08,0x08},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x01},
+        };
+static int rc5_cbc_rounds[RC5_CBC_NUM]={
+         0, 0, 0, 0, 0, 1, 2, 2,
+         8, 8,12,16, 8,12,16,12,
+         8,12,16, 8,12,16,12, 8,
+         8, 8, 8,
+        };
+static unsigned char rc5_cbc_iv[RC5_CBC_NUM][8]={
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+        {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+        {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+        {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+        {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+        {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+        {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+        {0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x78,0x75,0xdb,0xf6,0x73,0x8c,0x64,0x78},
+        {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
+        {0x7c,0xb3,0xf1,0xdf,0x34,0xf9,0x48,0x11},
+        };
+int main(int argc, char *argv[])
+        {
+        int i,n,err=0;
+        RC5_32_KEY key; 
+        unsigned char buf[8],buf2[8],ivb[8];
+        for (n=0; n<5; n++)
+                {
+                RC5_32_set_key(&key,16,&(RC5key[n][0]),12);
+                RC5_32_ecb_encrypt(&(RC5plain[n][0]),buf,&key,RC5_ENCRYPT);
+                if (memcmp(&(RC5cipher[n][0]),buf,8) != 0)
+                        {
+                        printf("ecb RC5 error encrypting (%d)\n",n+1);
+                        printf("got     :");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",buf[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",RC5cipher[n][i]);
+                        err=20;
+                        printf("\n");
+                        }
+                RC5_32_ecb_encrypt(buf,buf2,&key,RC5_DECRYPT);
+                if (memcmp(&(RC5plain[n][0]),buf2,8) != 0)
+                        {
+                        printf("ecb RC5 error decrypting (%d)\n",n+1);
+                        printf("got     :");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",buf2[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",RC5plain[n][i]);
+                        printf("\n");
+                        err=3;
+                        }
+                }
+        if (err == 0) printf("ecb RC5 ok\n");
+        for (n=0; n<RC5_CBC_NUM; n++)
+                {
+                i=rc5_cbc_rounds[n];
+                if (i < 8) continue;
+                RC5_32_set_key(&key,rc5_cbc_key[n][0],&(rc5_cbc_key[n][1]),i);
+                memcpy(ivb,&(rc5_cbc_iv[n][0]),8);
+                RC5_32_cbc_encrypt(&(rc5_cbc_plain[n][0]),buf,8,
+                        &key,&(ivb[0]),RC5_ENCRYPT);
+                if (memcmp(&(rc5_cbc_cipher[n][0]),buf,8) != 0)
+                        {
+                        printf("cbc RC5 error encrypting (%d)\n",n+1);
+                        printf("got     :");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",buf[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",rc5_cbc_cipher[n][i]);
+                        err=30;
+                        printf("\n");
+                        }
+                memcpy(ivb,&(rc5_cbc_iv[n][0]),8);
+                RC5_32_cbc_encrypt(buf,buf2,8,
+                        &key,&(ivb[0]),RC5_DECRYPT);
+                if (memcmp(&(rc5_cbc_plain[n][0]),buf2,8) != 0)
+                        {
+                        printf("cbc RC5 error decrypting (%d)\n",n+1);
+                        printf("got     :");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",buf2[i]);
+                        printf("\n");
+                        printf("expected:");
+                        for (i=0; i<8; i++)
+                                printf("%02X ",rc5_cbc_plain[n][i]);
+                        printf("\n");
+                        err=3;
+                        }
+                }
+        if (err == 0) printf("cbc RC5 ok\n");
+        EXIT(err);
+        return(err);
+        }
+#ifdef undef
+static int cfb64_test(unsigned char *cfb_cipher)
+        {
+        IDEA_KEY_SCHEDULE eks,dks;
+        int err=0,i,n;
+        idea_set_encrypt_key(cfb_key,&eks);
+        idea_set_decrypt_key(&eks,&dks);
+        memcpy(cfb_tmp,cfb_iv,8);
+        n=0;
+        idea_cfb64_encrypt(plain,cfb_buf1,(long)12,&eks,
+                cfb_tmp,&n,IDEA_ENCRYPT);
+        idea_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
+                (long)CFB_TEST_SIZE-12,&eks,
+                cfb_tmp,&n,IDEA_ENCRYPT);
+        if (memcmp(cfb_cipher,cfb_buf1,CFB_TEST_SIZE) != 0)
+                {
+                err=1;
+                printf("idea_cfb64_encrypt encrypt error\n");
+                for (i=0; i<CFB_TEST_SIZE; i+=8)
+                        printf("%s\n",pt(&(cfb_buf1[i])));
+                }
+        memcpy(cfb_tmp,cfb_iv,8);
+        n=0;
+        idea_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,&eks,
+                cfb_tmp,&n,IDEA_DECRYPT);
+        idea_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
+                (long)CFB_TEST_SIZE-17,&dks,
+                cfb_tmp,&n,IDEA_DECRYPT);
+        if (memcmp(plain,cfb_buf2,CFB_TEST_SIZE) != 0)
+                {
+                err=1;
+                printf("idea_cfb_encrypt decrypt error\n");
+                for (i=0; i<24; i+=8)
+                        printf("%s\n",pt(&(cfb_buf2[i])));
+                }
+        return(err);
+        }
+static char *pt(unsigned char *p)
+        {
+        static char bufs[10][20];
+        static int bnum=0;
+        char *ret;
+        int i;
+        static char *f="0123456789ABCDEF";
+        ret= &(bufs[bnum++][0]);
+        bnum%=10;
+        for (i=0; i<8; i++)
+                {
+                ret[i*2]=f[(p[i]>>4)&0xf];
+                ret[i*2+1]=f[p[i]&0xf];
+                }
+        ret[16]='\0';
+        return(ret);
+        }
+        
+#endif
+#endif
diff --git a/src/lib/libcrypto/ripemd/Makefile b/src/lib/libcrypto/ripemd/Makefile
new file mode 100644
index 0000000000..d55875c20c
--- /dev/null
+++ b/src/lib/libcrypto/ripemd/Makefile
@@ -0,0 +1,99 @@
+#
+# OpenSSL/crypto/ripemd/Makefile
+#
+DIR=    ripemd
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+RIP_ASM_OBJ=
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+GENERAL=Makefile
+TEST=rmdtest.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rmd_dgst.c rmd_one.c
+LIBOBJ=rmd_dgst.o rmd_one.o $(RMD160_ASM_OBJ)
+SRC= $(LIBSRC)
+EXHEADER= ripemd.h
+HEADER= rmd_locl.h rmdconst.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+# ELF
+rm86-elf.s: asm/rmd-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) rmd-586.pl elf $(CFLAGS) > ../$@)
+# COFF
+rm86-cof.s: asm/rmd-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) rmd-586.pl coff $(CFLAGS) > ../$@)
+# a.out
+rm86-out.s: asm/rmd-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) rmd-586.pl a.out $(CFLAGS) > ../$@)
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h
+rmd_dgst.o: ../md32_common.h rmd_dgst.c rmd_locl.h rmdconst.h
+rmd_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rmd_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rmd_one.o: ../../include/openssl/ossl_typ.h ../../include/openssl/ripemd.h
+rmd_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rmd_one.o: ../../include/openssl/symhacks.h rmd_one.c
diff --git a/src/lib/libcrypto/ripemd/Makefile.ssl b/src/lib/libcrypto/ripemd/Makefile.ssl
new file mode 100644
index 0000000000..f22ac790ae
--- /dev/null
+++ b/src/lib/libcrypto/ripemd/Makefile.ssl
@@ -0,0 +1,108 @@
+#
+# SSLeay/crypto/ripemd/Makefile
+#
+DIR=    ripemd
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+RIP_ASM_OBJ=
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+GENERAL=Makefile
+TEST=rmdtest.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=rmd_dgst.c rmd_one.c
+LIBOBJ=rmd_dgst.o rmd_one.o $(RMD160_ASM_OBJ)
+SRC= $(LIBSRC)
+EXHEADER= ripemd.h
+HEADER= rmd_locl.h rmdconst.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+# elf
+asm/rm86-elf.s: asm/rmd-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) rmd-586.pl elf $(CFLAGS) > rm86-elf.s)
+# a.out
+asm/rm86-out.o: asm/rm86unix.cpp
+        $(CPP) -DOUT asm/rm86unix.cpp | as -o asm/rm86-out.o
+# bsdi
+asm/rm86bsdi.o: asm/rm86unix.cpp
+        $(CPP) -DBSDI asm/rm86unix.cpp | sed 's/ :/:/' | as -o asm/rm86bsdi.o
+asm/rm86unix.cpp: asm/rmd-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) rmd-586.pl cpp >rm86unix.cpp)
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f asm/rm86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h
+rmd_dgst.o: ../md32_common.h rmd_dgst.c rmd_locl.h rmdconst.h
+rmd_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rmd_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rmd_one.o: ../../include/openssl/ripemd.h ../../include/openssl/safestack.h
+rmd_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rmd_one.o: rmd_one.c
diff --git a/src/lib/libcrypto/ripemd/README b/src/lib/libcrypto/ripemd/README
index 7097707264..f1ffc8b134 100644
--- a/src/lib/libcrypto/ripemd/README
+++ b/src/lib/libcrypto/ripemd/README
@@ -4,7 +4,7 @@ http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html
 This is my implementation of RIPEMD-160.  The pentium assember is a little
 off the pace since I only get 1050 cycles, while the best is 1013.
 I have a few ideas for how to get another 20 or so cycles, but at
-this point I will not bother right now.  I belive the trick will be
+this point I will not bother right now.  I believe the trick will be
 to remove my 'copy X array onto stack' until inside the RIP1() finctions the
 first time round.  To do this I need another register and will only have one
 temporary one.  A bit tricky....  I can also cleanup the saving of the 5 words
diff --git a/src/lib/libcrypto/ripemd/asm/rips.cpp b/src/lib/libcrypto/ripemd/asm/rips.cpp
new file mode 100644
index 0000000000..f7a13677a9
--- /dev/null
+++ b/src/lib/libcrypto/ripemd/asm/rips.cpp
@@ -0,0 +1,82 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/ripemd.h>
+#define ripemd160_block_x86 ripemd160_block_asm_host_order
+extern "C" {
+void ripemd160_block_x86(RIPEMD160_CTX *ctx, unsigned char *buffer,int num);
+}
+void main(int argc,char *argv[])
+        {
+        unsigned char buffer[64*256];
+        RIPEMD160_CTX ctx;
+        unsigned long s1,s2,e1,e2;
+        unsigned char k[16];
+        unsigned long data[2];
+        unsigned char iv[8];
+        int i,num=0,numm;
+        int j=0;
+        if (argc >= 2)
+                num=atoi(argv[1]);
+        if (num == 0) num=16;
+        if (num > 250) num=16;
+        numm=num+2;
+#if 0
+        num*=64;
+        numm*=64;
+#endif
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<10; i++) /**/
+                        {
+                        ripemd160_block_x86(&ctx,buffer,numm);
+                        GetTSC(s1);
+                        ripemd160_block_x86(&ctx,buffer,numm);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        ripemd160_block_x86(&ctx,buffer,num);
+                        GetTSC(e2);
+                        ripemd160_block_x86(&ctx,buffer,num);
+                        }
+                printf("ripemd160 (%d bytes) %d %d (%.2f)\n",num*64,
+                        e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
+                }
+        }
diff --git a/src/lib/libcrypto/ripemd/asm/rmd-586.pl b/src/lib/libcrypto/ripemd/asm/rmd-586.pl
index 4f3c4c967f..0ab6f76bff 100644
--- a/src/lib/libcrypto/ripemd/asm/rmd-586.pl
+++ b/src/lib/libcrypto/ripemd/asm/rmd-586.pl
@@ -1,7 +1,7 @@
 #!/usr/local/bin/perl
 # Normal is the
-# ripemd160_block_asm_data_order(RIPEMD160_CTX *c, ULONG *X,int blocks);
+# ripemd160_block_asm_host_order(RIPEMD160_CTX *c, ULONG *X,int blocks);
 $normal=0;
@@ -56,7 +56,7 @@ $KR3=0x7A6D76E9;
         8, 5,12, 9,12, 5,14, 6, 8,13, 6, 5,15,13,11,11,
        );
-&ripemd160_block("ripemd160_block_asm_data_order");
+&ripemd160_block("ripemd160_block_asm_host_order");
 &asm_finish();
 sub Xv
diff --git a/src/lib/libcrypto/ripemd/ripemd.h b/src/lib/libcrypto/ripemd/ripemd.h
index 033a5965b5..7d0d998189 100644
--- a/src/lib/libcrypto/ripemd/ripemd.h
+++ b/src/lib/libcrypto/ripemd/ripemd.h
@@ -60,7 +60,6 @@
 #define HEADER_RIPEMD_H
 #include <openssl/e_os2.h>
-#include <stddef.h>
 #ifdef  __cplusplus
 extern "C" {
@@ -88,13 +87,16 @@ typedef struct RIPEMD160state_st
        RIPEMD160_LONG A,B,C,D,E;
        RIPEMD160_LONG Nl,Nh;
        RIPEMD160_LONG data[RIPEMD160_LBLOCK];
-        unsigned int   num;
+        int num;
        } RIPEMD160_CTX;
+#ifdef OPENSSL_FIPS
+int private_RIPEMD160_Init(RIPEMD160_CTX *c);
+#endif
 int RIPEMD160_Init(RIPEMD160_CTX *c);
-int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len);
+int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len);
 int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
-unsigned char *RIPEMD160(const unsigned char *d, size_t n,
+unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
        unsigned char *md);
 void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b);
 #ifdef  __cplusplus
diff --git a/src/lib/libcrypto/ripemd/rmd160.c b/src/lib/libcrypto/ripemd/rmd160.c
new file mode 100644
index 0000000000..b0ec574498
--- /dev/null
+++ b/src/lib/libcrypto/ripemd/rmd160.c
@@ -0,0 +1,127 @@
+/* crypto/ripemd/rmd160.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/ripemd.h>
+#define BUFSIZE 1024*16
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+#if !defined(_OSD_POSIX) && !defined(__DJGPP__)
+int read(int, void *, unsigned int);
+#endif
+int main(int argc, char **argv)
+        {
+        int i,err=0;
+        FILE *IN;
+        if (argc == 1)
+                {
+                do_fp(stdin);
+                }
+        else
+                {
+                for (i=1; i<argc; i++)
+                        {
+                        IN=fopen(argv[i],"r");
+                        if (IN == NULL)
+                                {
+                                perror(argv[i]);
+                                err++;
+                                continue;
+                                }
+                        printf("RIPEMD160(%s)= ",argv[i]);
+                        do_fp(IN);
+                        fclose(IN);
+                        }
+                }
+        exit(err);
+        }
+void do_fp(FILE *f)
+        {
+        RIPEMD160_CTX c;
+        unsigned char md[RIPEMD160_DIGEST_LENGTH];
+        int fd;
+        int i;
+        static unsigned char buf[BUFSIZE];
+        fd=fileno(f);
+        RIPEMD160_Init(&c);
+        for (;;)
+                {
+                i=read(fd,buf,BUFSIZE);
+                if (i <= 0) break;
+                RIPEMD160_Update(&c,buf,(unsigned long)i);
+                }
+        RIPEMD160_Final(&(md[0]),&c);
+        pt(md);
+        }
+void pt(unsigned char *md)
+        {
+        int i;
+        for (i=0; i<RIPEMD160_DIGEST_LENGTH; i++)
+                printf("%02x",md[i]);
+        printf("\n");
+        }
diff --git a/src/lib/libcrypto/ripemd/rmd_dgst.c b/src/lib/libcrypto/ripemd/rmd_dgst.c
index 61626284b8..58ff010d11 100644
--- a/src/lib/libcrypto/ripemd/rmd_dgst.c
+++ b/src/lib/libcrypto/ripemd/rmd_dgst.c
@@ -58,18 +58,19 @@
 #include <stdio.h>
 #include "rmd_locl.h"
+#include <openssl/fips.h>
 #include <openssl/opensslv.h>
-const char RMD160_version[]="RIPE-MD160" OPENSSL_VERSION_PTEXT;
+const char *RMD160_version="RIPE-MD160" OPENSSL_VERSION_PTEXT;
 #  ifdef RMD160_ASM
-     void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p,size_t num);
+     void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p,int num);
 #    define ripemd160_block ripemd160_block_x86
 #  else
-     void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num);
+     void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,int num);
 #  endif
-int RIPEMD160_Init(RIPEMD160_CTX *c)
+FIPS_NON_FIPS_MD_Init(RIPEMD160)
        {
        c->A=RIPEMD160_A;
        c->B=RIPEMD160_B;
@@ -82,14 +83,215 @@ int RIPEMD160_Init(RIPEMD160_CTX *c)
        return 1;
        }
+#ifndef ripemd160_block_host_order
+#ifdef X
+#undef X
+#endif
+#define X(i)    XX[i]
+void ripemd160_block_host_order (RIPEMD160_CTX *ctx, const void *p, int num)
+        {
+        const RIPEMD160_LONG *XX=p;
+        register volatile unsigned MD32_REG_T A,B,C,D,E;
+        register unsigned MD32_REG_T a,b,c,d,e;
+        for (;num--;XX+=HASH_LBLOCK)
+                {
+        A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;
+        RIP1(A,B,C,D,E,WL00,SL00);
+        RIP1(E,A,B,C,D,WL01,SL01);
+        RIP1(D,E,A,B,C,WL02,SL02);
+        RIP1(C,D,E,A,B,WL03,SL03);
+        RIP1(B,C,D,E,A,WL04,SL04);
+        RIP1(A,B,C,D,E,WL05,SL05);
+        RIP1(E,A,B,C,D,WL06,SL06);
+        RIP1(D,E,A,B,C,WL07,SL07);
+        RIP1(C,D,E,A,B,WL08,SL08);
+        RIP1(B,C,D,E,A,WL09,SL09);
+        RIP1(A,B,C,D,E,WL10,SL10);
+        RIP1(E,A,B,C,D,WL11,SL11);
+        RIP1(D,E,A,B,C,WL12,SL12);
+        RIP1(C,D,E,A,B,WL13,SL13);
+        RIP1(B,C,D,E,A,WL14,SL14);
+        RIP1(A,B,C,D,E,WL15,SL15);
+        RIP2(E,A,B,C,D,WL16,SL16,KL1);
+        RIP2(D,E,A,B,C,WL17,SL17,KL1);
+        RIP2(C,D,E,A,B,WL18,SL18,KL1);
+        RIP2(B,C,D,E,A,WL19,SL19,KL1);
+        RIP2(A,B,C,D,E,WL20,SL20,KL1);
+        RIP2(E,A,B,C,D,WL21,SL21,KL1);
+        RIP2(D,E,A,B,C,WL22,SL22,KL1);
+        RIP2(C,D,E,A,B,WL23,SL23,KL1);
+        RIP2(B,C,D,E,A,WL24,SL24,KL1);
+        RIP2(A,B,C,D,E,WL25,SL25,KL1);
+        RIP2(E,A,B,C,D,WL26,SL26,KL1);
+        RIP2(D,E,A,B,C,WL27,SL27,KL1);
+        RIP2(C,D,E,A,B,WL28,SL28,KL1);
+        RIP2(B,C,D,E,A,WL29,SL29,KL1);
+        RIP2(A,B,C,D,E,WL30,SL30,KL1);
+        RIP2(E,A,B,C,D,WL31,SL31,KL1);
+        RIP3(D,E,A,B,C,WL32,SL32,KL2);
+        RIP3(C,D,E,A,B,WL33,SL33,KL2);
+        RIP3(B,C,D,E,A,WL34,SL34,KL2);
+        RIP3(A,B,C,D,E,WL35,SL35,KL2);
+        RIP3(E,A,B,C,D,WL36,SL36,KL2);
+        RIP3(D,E,A,B,C,WL37,SL37,KL2);
+        RIP3(C,D,E,A,B,WL38,SL38,KL2);
+        RIP3(B,C,D,E,A,WL39,SL39,KL2);
+        RIP3(A,B,C,D,E,WL40,SL40,KL2);
+        RIP3(E,A,B,C,D,WL41,SL41,KL2);
+        RIP3(D,E,A,B,C,WL42,SL42,KL2);
+        RIP3(C,D,E,A,B,WL43,SL43,KL2);
+        RIP3(B,C,D,E,A,WL44,SL44,KL2);
+        RIP3(A,B,C,D,E,WL45,SL45,KL2);
+        RIP3(E,A,B,C,D,WL46,SL46,KL2);
+        RIP3(D,E,A,B,C,WL47,SL47,KL2);
+        RIP4(C,D,E,A,B,WL48,SL48,KL3);
+        RIP4(B,C,D,E,A,WL49,SL49,KL3);
+        RIP4(A,B,C,D,E,WL50,SL50,KL3);
+        RIP4(E,A,B,C,D,WL51,SL51,KL3);
+        RIP4(D,E,A,B,C,WL52,SL52,KL3);
+        RIP4(C,D,E,A,B,WL53,SL53,KL3);
+        RIP4(B,C,D,E,A,WL54,SL54,KL3);
+        RIP4(A,B,C,D,E,WL55,SL55,KL3);
+        RIP4(E,A,B,C,D,WL56,SL56,KL3);
+        RIP4(D,E,A,B,C,WL57,SL57,KL3);
+        RIP4(C,D,E,A,B,WL58,SL58,KL3);
+        RIP4(B,C,D,E,A,WL59,SL59,KL3);
+        RIP4(A,B,C,D,E,WL60,SL60,KL3);
+        RIP4(E,A,B,C,D,WL61,SL61,KL3);
+        RIP4(D,E,A,B,C,WL62,SL62,KL3);
+        RIP4(C,D,E,A,B,WL63,SL63,KL3);
+        RIP5(B,C,D,E,A,WL64,SL64,KL4);
+        RIP5(A,B,C,D,E,WL65,SL65,KL4);
+        RIP5(E,A,B,C,D,WL66,SL66,KL4);
+        RIP5(D,E,A,B,C,WL67,SL67,KL4);
+        RIP5(C,D,E,A,B,WL68,SL68,KL4);
+        RIP5(B,C,D,E,A,WL69,SL69,KL4);
+        RIP5(A,B,C,D,E,WL70,SL70,KL4);
+        RIP5(E,A,B,C,D,WL71,SL71,KL4);
+        RIP5(D,E,A,B,C,WL72,SL72,KL4);
+        RIP5(C,D,E,A,B,WL73,SL73,KL4);
+        RIP5(B,C,D,E,A,WL74,SL74,KL4);
+        RIP5(A,B,C,D,E,WL75,SL75,KL4);
+        RIP5(E,A,B,C,D,WL76,SL76,KL4);
+        RIP5(D,E,A,B,C,WL77,SL77,KL4);
+        RIP5(C,D,E,A,B,WL78,SL78,KL4);
+        RIP5(B,C,D,E,A,WL79,SL79,KL4);
+        a=A; b=B; c=C; d=D; e=E;
+        /* Do other half */
+        A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;
+        RIP5(A,B,C,D,E,WR00,SR00,KR0);
+        RIP5(E,A,B,C,D,WR01,SR01,KR0);
+        RIP5(D,E,A,B,C,WR02,SR02,KR0);
+        RIP5(C,D,E,A,B,WR03,SR03,KR0);
+        RIP5(B,C,D,E,A,WR04,SR04,KR0);
+        RIP5(A,B,C,D,E,WR05,SR05,KR0);
+        RIP5(E,A,B,C,D,WR06,SR06,KR0);
+        RIP5(D,E,A,B,C,WR07,SR07,KR0);
+        RIP5(C,D,E,A,B,WR08,SR08,KR0);
+        RIP5(B,C,D,E,A,WR09,SR09,KR0);
+        RIP5(A,B,C,D,E,WR10,SR10,KR0);
+        RIP5(E,A,B,C,D,WR11,SR11,KR0);
+        RIP5(D,E,A,B,C,WR12,SR12,KR0);
+        RIP5(C,D,E,A,B,WR13,SR13,KR0);
+        RIP5(B,C,D,E,A,WR14,SR14,KR0);
+        RIP5(A,B,C,D,E,WR15,SR15,KR0);
+        RIP4(E,A,B,C,D,WR16,SR16,KR1);
+        RIP4(D,E,A,B,C,WR17,SR17,KR1);
+        RIP4(C,D,E,A,B,WR18,SR18,KR1);
+        RIP4(B,C,D,E,A,WR19,SR19,KR1);
+        RIP4(A,B,C,D,E,WR20,SR20,KR1);
+        RIP4(E,A,B,C,D,WR21,SR21,KR1);
+        RIP4(D,E,A,B,C,WR22,SR22,KR1);
+        RIP4(C,D,E,A,B,WR23,SR23,KR1);
+        RIP4(B,C,D,E,A,WR24,SR24,KR1);
+        RIP4(A,B,C,D,E,WR25,SR25,KR1);
+        RIP4(E,A,B,C,D,WR26,SR26,KR1);
+        RIP4(D,E,A,B,C,WR27,SR27,KR1);
+        RIP4(C,D,E,A,B,WR28,SR28,KR1);
+        RIP4(B,C,D,E,A,WR29,SR29,KR1);
+        RIP4(A,B,C,D,E,WR30,SR30,KR1);
+        RIP4(E,A,B,C,D,WR31,SR31,KR1);
+        RIP3(D,E,A,B,C,WR32,SR32,KR2);
+        RIP3(C,D,E,A,B,WR33,SR33,KR2);
+        RIP3(B,C,D,E,A,WR34,SR34,KR2);
+        RIP3(A,B,C,D,E,WR35,SR35,KR2);
+        RIP3(E,A,B,C,D,WR36,SR36,KR2);
+        RIP3(D,E,A,B,C,WR37,SR37,KR2);
+        RIP3(C,D,E,A,B,WR38,SR38,KR2);
+        RIP3(B,C,D,E,A,WR39,SR39,KR2);
+        RIP3(A,B,C,D,E,WR40,SR40,KR2);
+        RIP3(E,A,B,C,D,WR41,SR41,KR2);
+        RIP3(D,E,A,B,C,WR42,SR42,KR2);
+        RIP3(C,D,E,A,B,WR43,SR43,KR2);
+        RIP3(B,C,D,E,A,WR44,SR44,KR2);
+        RIP3(A,B,C,D,E,WR45,SR45,KR2);
+        RIP3(E,A,B,C,D,WR46,SR46,KR2);
+        RIP3(D,E,A,B,C,WR47,SR47,KR2);
+        RIP2(C,D,E,A,B,WR48,SR48,KR3);
+        RIP2(B,C,D,E,A,WR49,SR49,KR3);
+        RIP2(A,B,C,D,E,WR50,SR50,KR3);
+        RIP2(E,A,B,C,D,WR51,SR51,KR3);
+        RIP2(D,E,A,B,C,WR52,SR52,KR3);
+        RIP2(C,D,E,A,B,WR53,SR53,KR3);
+        RIP2(B,C,D,E,A,WR54,SR54,KR3);
+        RIP2(A,B,C,D,E,WR55,SR55,KR3);
+        RIP2(E,A,B,C,D,WR56,SR56,KR3);
+        RIP2(D,E,A,B,C,WR57,SR57,KR3);
+        RIP2(C,D,E,A,B,WR58,SR58,KR3);
+        RIP2(B,C,D,E,A,WR59,SR59,KR3);
+        RIP2(A,B,C,D,E,WR60,SR60,KR3);
+        RIP2(E,A,B,C,D,WR61,SR61,KR3);
+        RIP2(D,E,A,B,C,WR62,SR62,KR3);
+        RIP2(C,D,E,A,B,WR63,SR63,KR3);
+        RIP1(B,C,D,E,A,WR64,SR64);
+        RIP1(A,B,C,D,E,WR65,SR65);
+        RIP1(E,A,B,C,D,WR66,SR66);
+        RIP1(D,E,A,B,C,WR67,SR67);
+        RIP1(C,D,E,A,B,WR68,SR68);
+        RIP1(B,C,D,E,A,WR69,SR69);
+        RIP1(A,B,C,D,E,WR70,SR70);
+        RIP1(E,A,B,C,D,WR71,SR71);
+        RIP1(D,E,A,B,C,WR72,SR72);
+        RIP1(C,D,E,A,B,WR73,SR73);
+        RIP1(B,C,D,E,A,WR74,SR74);
+        RIP1(A,B,C,D,E,WR75,SR75);
+        RIP1(E,A,B,C,D,WR76,SR76);
+        RIP1(D,E,A,B,C,WR77,SR77);
+        RIP1(C,D,E,A,B,WR78,SR78);
+        RIP1(B,C,D,E,A,WR79,SR79);
+        D     =ctx->B+c+D;
+        ctx->B=ctx->C+d+E;
+        ctx->C=ctx->D+e+A;
+        ctx->D=ctx->E+a+B;
+        ctx->E=ctx->A+b+C;
+        ctx->A=D;
+                }
+        }
+#endif
 #ifndef ripemd160_block_data_order
 #ifdef X
 #undef X
 #endif
-void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, size_t num)
+void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, int num)
        {
        const unsigned char *data=p;
-        register unsigned MD32_REG_T A,B,C,D,E;
+        register volatile unsigned MD32_REG_T A,B,C,D,E;
        unsigned MD32_REG_T a,b,c,d,e,l;
 #ifndef MD32_XARRAY
        /* See comment in crypto/sha/sha_locl.h for details. */
diff --git a/src/lib/libcrypto/ripemd/rmd_locl.h b/src/lib/libcrypto/ripemd/rmd_locl.h
index f14b346e66..7b835dfbd4 100644
--- a/src/lib/libcrypto/ripemd/rmd_locl.h
+++ b/src/lib/libcrypto/ripemd/rmd_locl.h
@@ -72,20 +72,28 @@
 */
 #ifdef RMD160_ASM
 # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
-#  define ripemd160_block_data_order ripemd160_block_asm_data_order
+#  define ripemd160_block_host_order ripemd160_block_asm_host_order
 # endif
 #endif
-void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,size_t num);
+void ripemd160_block_host_order (RIPEMD160_CTX *c, const void *p,int num);
+void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,int num);
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+#define ripemd160_block_data_order ripemd160_block_host_order
+#endif
 #define DATA_ORDER_IS_LITTLE_ENDIAN
 #define HASH_LONG               RIPEMD160_LONG
+#define HASH_LONG_LOG2          RIPEMD160_LONG_LOG2
 #define HASH_CTX                RIPEMD160_CTX
 #define HASH_CBLOCK             RIPEMD160_CBLOCK
+#define HASH_LBLOCK             RIPEMD160_LBLOCK
 #define HASH_UPDATE             RIPEMD160_Update
 #define HASH_TRANSFORM          RIPEMD160_Transform
 #define HASH_FINAL              RIPEMD160_Final
+#define HASH_BLOCK_HOST_ORDER   ripemd160_block_host_order
 #define HASH_MAKE_STRING(c,s)   do {    \
        unsigned long ll;               \
        ll=(c)->A; HOST_l2c(ll,(s));    \
@@ -94,7 +102,9 @@ void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,size_t num);
        ll=(c)->D; HOST_l2c(ll,(s));    \
        ll=(c)->E; HOST_l2c(ll,(s));    \
        } while (0)
+#if !defined(L_ENDIAN) || defined(ripemd160_block_data_order)
 #define HASH_BLOCK_DATA_ORDER   ripemd160_block_data_order
+#endif
 #include "md32_common.h"
diff --git a/src/lib/libcrypto/ripemd/rmd_one.c b/src/lib/libcrypto/ripemd/rmd_one.c
index 3efb13758f..b88446b267 100644
--- a/src/lib/libcrypto/ripemd/rmd_one.c
+++ b/src/lib/libcrypto/ripemd/rmd_one.c
@@ -61,7 +61,7 @@
 #include <openssl/ripemd.h>
 #include <openssl/crypto.h>
-unsigned char *RIPEMD160(const unsigned char *d, size_t n,
+unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
             unsigned char *md)
        {
        RIPEMD160_CTX c;
diff --git a/src/lib/libcrypto/ripemd/rmdtest.c b/src/lib/libcrypto/ripemd/rmdtest.c
new file mode 100644
index 0000000000..d4c709e646
--- /dev/null
+++ b/src/lib/libcrypto/ripemd/rmdtest.c
@@ -0,0 +1,145 @@
+/* crypto/ripemd/rmdtest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "../e_os.h"
+#ifdef OPENSSL_NO_RIPEMD
+int main(int argc, char *argv[])
+{
+    printf("No ripemd support\n");
+    return(0);
+}
+#else
+#include <openssl/ripemd.h>
+#include <openssl/evp.h>
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+static char *test[]={
+        "",
+        "a",
+        "abc",
+        "message digest",
+        "abcdefghijklmnopqrstuvwxyz",
+        "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+        "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+        NULL,
+        };
+static char *ret[]={
+        "9c1185a5c5e9fc54612808977ee8f548b2258d31",
+        "0bdc9d2d256b3ee9daae347be6f4dc835a467ffe",
+        "8eb208f7e05d987a9b044a8e98c6b087f15a0bfc",
+        "5d0689ef49d2fae572b881b123a85ffa21595f36",
+        "f71c27109c692c1b56bbdceb5b9d2865b3708dbc",
+        "12a053384a9c0c88e405a06c27dcf49ada62eb2b",
+        "b0e20b6e3116640286ed3a87a5713079b21f5189",
+        "9b752e45573d4b39f4dbd3323cab82bf63326bfb",
+        };
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+        {
+        int i,err=0;
+        unsigned char **P,**R;
+        char *p;
+        unsigned char md[RIPEMD160_DIGEST_LENGTH];
+        P=(unsigned char **)test;
+        R=(unsigned char **)ret;
+        i=1;
+        while (*P != NULL)
+                {
+#ifdef CHARSET_EBCDIC
+                ebcdic2ascii((char *)*P, (char *)*P, strlen((char *)*P));
+#endif
+                EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_ripemd160(), NULL);
+                p=pt(md);
+                if (strcmp(p,(char *)*R) != 0)
+                        {
+                        printf("error calculating RIPEMD160 on '%s'\n",*P);
+                        printf("got %s instead of %s\n",p,*R);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                i++;
+                R++;
+                P++;
+                }
+        EXIT(err);
+        return(0);
+        }
+static char *pt(unsigned char *md)
+        {
+        int i;
+        static char buf[80];
+        for (i=0; i<RIPEMD160_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
+#endif
diff --git a/src/lib/libcrypto/rsa/Makefile b/src/lib/libcrypto/rsa/Makefile
new file mode 100644
index 0000000000..13900812ac
--- /dev/null
+++ b/src/lib/libcrypto/rsa/Makefile
@@ -0,0 +1,239 @@
+#
+# OpenSSL/crypto/rsa/Makefile
+#
+DIR=    rsa
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=rsa_test.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
+        rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \
+        rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c
+LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
+        rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \
+        rsa_pss.o rsa_x931.o rsa_asn1.o rsa_depr.o
+SRC= $(LIBSRC)
+EXHEADER= rsa.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+rsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+rsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+rsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+rsa_asn1.o: ../../include/openssl/opensslconf.h
+rsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_asn1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_asn1.o: ../cryptlib.h rsa_asn1.c
+rsa_chk.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_chk.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+rsa_chk.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_chk.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_chk.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_chk.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_chk.o: rsa_chk.c
+rsa_depr.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_depr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_depr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_depr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_depr.o: ../cryptlib.h rsa_depr.c
+rsa_eay.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_eay.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c
+rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+rsa_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rsa_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
+rsa_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_err.o: ../../include/openssl/symhacks.h rsa_err.c
+rsa_gen.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_gen.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_gen.o: ../cryptlib.h rsa_gen.c
+rsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+rsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_lib.o: ../cryptlib.h rsa_lib.c
+rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_none.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_none.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_none.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_none.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_none.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_none.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_none.c
+rsa_null.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_null.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_null.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_null.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_null.c
+rsa_oaep.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_oaep.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_oaep.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_oaep.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+rsa_oaep.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_oaep.o: ../../include/openssl/opensslconf.h
+rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_oaep.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_oaep.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_oaep.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_oaep.o: ../cryptlib.h rsa_oaep.c
+rsa_pk1.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_pk1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_pk1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_pk1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_pk1.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c
+rsa_pss.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_pss.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_pss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_pss.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_pss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+rsa_pss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_pss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rsa_pss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+rsa_pss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_pss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rsa_pss.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pss.c
+rsa_saos.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_saos.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_saos.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+rsa_saos.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+rsa_saos.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_saos.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_saos.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_saos.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_saos.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+rsa_saos.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_saos.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_saos.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rsa_saos.o: ../cryptlib.h rsa_saos.c
+rsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+rsa_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rsa_sign.o: ../cryptlib.h rsa_sign.c
+rsa_ssl.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_ssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_ssl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_ssl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_ssl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_ssl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_ssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_ssl.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_ssl.c
+rsa_x931.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_x931.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_x931.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_x931.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_x931.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_x931.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_x931.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_x931.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_x931.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_x931.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_x931.c
diff --git a/src/lib/libcrypto/rsa/Makefile.ssl b/src/lib/libcrypto/rsa/Makefile.ssl
new file mode 100644
index 0000000000..8089344a04
--- /dev/null
+++ b/src/lib/libcrypto/rsa/Makefile.ssl
@@ -0,0 +1,241 @@
+#
+# SSLeay/crypto/rsa/Makefile
+#
+DIR=    rsa
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=rsa_test.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
+        rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \
+        rsa_asn1.c
+LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
+        rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \
+        rsa_asn1.o
+SRC= $(LIBSRC)
+EXHEADER= rsa.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+rsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+rsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+rsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+rsa_asn1.o: ../../include/openssl/opensslconf.h
+rsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_asn1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_asn1.o: ../cryptlib.h rsa_asn1.c
+rsa_chk.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_chk.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+rsa_chk.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_chk.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_chk.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_chk.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_chk.o: rsa_chk.c
+rsa_eay.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_eay.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c
+rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+rsa_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_err.o: rsa_err.c
+rsa_gen.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_gen.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_gen.o: ../cryptlib.h rsa_gen.c
+rsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
+rsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_lib.o: ../../include/openssl/ui.h ../cryptlib.h rsa_lib.c
+rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_none.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_none.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_none.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_none.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_none.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_none.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_none.c
+rsa_null.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_null.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_null.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_null.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_null.c
+rsa_oaep.o: ../../e_os.h ../../include/openssl/aes.h
+rsa_oaep.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_oaep.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rsa_oaep.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rsa_oaep.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rsa_oaep.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rsa_oaep.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_oaep.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rsa_oaep.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rsa_oaep.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rsa_oaep.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_oaep.o: ../../include/openssl/opensslconf.h
+rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_oaep.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+rsa_oaep.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rsa_oaep.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+rsa_oaep.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_oaep.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_oaep.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rsa_oaep.o: ../cryptlib.h rsa_oaep.c
+rsa_pk1.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_pk1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_pk1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_pk1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_pk1.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c
+rsa_saos.o: ../../e_os.h ../../include/openssl/aes.h
+rsa_saos.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_saos.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rsa_saos.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rsa_saos.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rsa_saos.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rsa_saos.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_saos.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rsa_saos.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rsa_saos.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rsa_saos.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_saos.o: ../../include/openssl/opensslconf.h
+rsa_saos.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_saos.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+rsa_saos.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rsa_saos.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+rsa_saos.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_saos.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_saos.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rsa_saos.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rsa_saos.o: ../cryptlib.h rsa_saos.c
+rsa_sign.o: ../../e_os.h ../../include/openssl/aes.h
+rsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rsa_sign.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rsa_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rsa_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rsa_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_sign.o: ../../include/openssl/opensslconf.h
+rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+rsa_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rsa_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_sign.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rsa_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rsa_sign.o: ../cryptlib.h rsa_sign.c
+rsa_ssl.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_ssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_ssl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_ssl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_ssl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_ssl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_ssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_ssl.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_ssl.c
diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h
index 6b5e4f8a9a..dbed701e89 100644
--- a/src/lib/libcrypto/rsa/rsa.h
+++ b/src/lib/libcrypto/rsa/rsa.h
@@ -64,25 +64,25 @@
 #ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
+#include <openssl/bn.h>
 #include <openssl/crypto.h>
 #include <openssl/ossl_typ.h>
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/bn.h>
-#endif
 #ifdef OPENSSL_NO_RSA
 #error RSA is disabled.
 #endif
+#if defined(OPENSSL_FIPS)
+#define FIPS_RSA_SIZE_T int
+#endif
 #ifdef  __cplusplus
 extern "C" {
 #endif
-/* Declared already in ossl_typ.h */
+typedef struct rsa_st RSA;
-/* typedef struct rsa_st RSA; */
-/* typedef struct rsa_meth_st RSA_METHOD; */
-struct rsa_meth_st
+typedef struct rsa_meth_st
        {
        const char *name;
        int (*rsa_pub_enc)(int flen,const unsigned char *from,
@@ -97,7 +97,7 @@ struct rsa_meth_st
        int (*rsa_priv_dec)(int flen,const unsigned char *from,
                            unsigned char *to,
                            RSA *rsa,int padding);
-        int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa,BN_CTX *ctx); /* Can be null */
+        int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa); /* Can be null */
        int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                          const BIGNUM *m, BN_CTX *ctx,
                          BN_MONT_CTX *m_ctx); /* Can be null */
@@ -118,12 +118,8 @@ struct rsa_meth_st
        int (*rsa_verify)(int dtype,
                const unsigned char *m, unsigned int m_length,
                unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
-/* If this callback is NULL, the builtin software RSA key-gen will be used. This
- * is for behavioural compatibility whilst the code gets rewired, but one day
+        } RSA_METHOD;
- * it would be nice to assume there are no such things as "builtin software"
- * implementations. */
-        int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
-        };
 struct rsa_st
        {
@@ -156,19 +152,12 @@ struct rsa_st
         * NULL */
        char *bignum_data;
        BN_BLINDING *blinding;
-        BN_BLINDING *mt_blinding;
        };
-#ifndef OPENSSL_RSA_MAX_MODULUS_BITS
+#define OPENSSL_RSA_MAX_MODULUS_BITS    16384
-# define OPENSSL_RSA_MAX_MODULUS_BITS   16384
-#endif
-#ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
+#define OPENSSL_RSA_SMALL_MODULUS_BITS  3072
-# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
+#define OPENSSL_RSA_MAX_PUBEXP_BITS     64 /* exponent limit enforced for "small" modulus only */
-#endif
-#ifndef OPENSSL_RSA_MAX_PUBEXP_BITS
-# define OPENSSL_RSA_MAX_PUBEXP_BITS    64 /* exponent limit enforced for "large" modulus only */
-#endif
 #define RSA_3   0x3L
 #define RSA_F4  0x10001L
@@ -195,27 +184,13 @@ struct rsa_st
                                                * default (ignoring RSA_FLAG_BLINDING),
                                                * but other engines might not need it
                                                */
-#define RSA_FLAG_NO_CONSTTIME           0x0100 /* new with 0.9.8f; the built-in RSA
+#define RSA_FLAG_NO_EXP_CONSTTIME       0x0100 /* new with 0.9.7h; the built-in RSA
-                                                * implementation now uses constant time
-                                                * operations by default in private key operations,
-                                                * e.g., constant time modular exponentiation, 
-                                                * modular inverse without leaking branches, 
-                                                * division without leaking branches. This 
-                                                * flag disables these constant time 
-                                                * operations and results in faster RSA 
-                                                * private key operations.
-                                                */ 
-#ifndef OPENSSL_NO_DEPRECATED
-#define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME /* deprecated name for the flag*/
-                                                /* new with 0.9.7h; the built-in RSA
                                                * implementation now uses constant time
                                                * modular exponentiation for secret exponents
                                                * by default. This flag causes the
                                                * faster variable sliding window method to
                                                * be used for all exponents.
                                                */
-#endif
 #define RSA_PKCS1_PADDING       1
 #define RSA_SSLV23_PADDING      2
@@ -231,17 +206,18 @@ struct rsa_st
 RSA *   RSA_new(void);
 RSA *   RSA_new_method(ENGINE *engine);
 int     RSA_size(const RSA *);
-/* Deprecated version */
-#ifndef OPENSSL_NO_DEPRECATED
 RSA *   RSA_generate_key(int bits, unsigned long e,void
                (*callback)(int,int,void *),void *cb_arg);
-#endif /* !defined(OPENSSL_NO_DEPRECATED) */
-/* New version */
-int     RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
 int     RSA_check_key(const RSA *);
+#ifdef OPENSSL_FIPS
+int RSA_X931_derive(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
+                        void (*cb)(int, int, void *), void *cb_arg,
+                        const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
+                        const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
+                        const BIGNUM *e);
+RSA *RSA_X931_generate_key(int bits, const BIGNUM *e,
+             void (*cb)(int,int,void *), void *cb_arg);
+#endif
        /* next 4 return -1 on error */
 int     RSA_public_encrypt(int flen, const unsigned char *from,
                unsigned char *to, RSA *rsa,int padding);
@@ -281,19 +257,11 @@ int	RSA_print_fp(FILE *fp, const RSA *r,int offset);
 int     RSA_print(BIO *bp, const RSA *r,int offset);
 #endif
-int i2d_RSA_NET(const RSA *a, unsigned char **pp,
+int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey);
-                int (*cb)(char *buf, int len, const char *prompt, int verify),
+RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey);
-                int sgckey);
-RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
-                 int (*cb)(char *buf, int len, const char *prompt, int verify),
-                 int sgckey);
-int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
+int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)());
-                     int (*cb)(char *buf, int len, const char *prompt,
+RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)());
-                               int verify));
-RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
-                      int (*cb)(char *buf, int len, const char *prompt,
-                                int verify));
 /* The following 2 functions sign and verify a X509_SIG ASN1 object
 * inside PKCS#1 padded RSA encryption */
@@ -313,7 +281,6 @@ int RSA_verify_ASN1_OCTET_STRING(int type,
 int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
 void RSA_blinding_off(RSA *rsa);
-BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx);
 int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen,
        const unsigned char *f,int fl);
@@ -369,21 +336,14 @@ void ERR_load_RSA_strings(void);
 /* Function codes. */
 #define RSA_F_MEMORY_LOCK                                100
-#define RSA_F_RSA_BUILTIN_KEYGEN                         129
 #define RSA_F_RSA_CHECK_KEY                              123
 #define RSA_F_RSA_EAY_PRIVATE_DECRYPT                    101
 #define RSA_F_RSA_EAY_PRIVATE_ENCRYPT                    102
 #define RSA_F_RSA_EAY_PUBLIC_DECRYPT                     103
 #define RSA_F_RSA_EAY_PUBLIC_ENCRYPT                     104
 #define RSA_F_RSA_GENERATE_KEY                           105
-#define RSA_F_RSA_MEMORY_LOCK                            130
 #define RSA_F_RSA_NEW_METHOD                             106
 #define RSA_F_RSA_NULL                                   124
-#define RSA_F_RSA_NULL_MOD_EXP                           131
-#define RSA_F_RSA_NULL_PRIVATE_DECRYPT                   132
-#define RSA_F_RSA_NULL_PRIVATE_ENCRYPT                   133
-#define RSA_F_RSA_NULL_PUBLIC_DECRYPT                    134
-#define RSA_F_RSA_NULL_PUBLIC_ENCRYPT                    135
 #define RSA_F_RSA_PADDING_ADD_NONE                       107
 #define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP                 121
 #define RSA_F_RSA_PADDING_ADD_PKCS1_PSS                  125
@@ -399,7 +359,6 @@ void ERR_load_RSA_strings(void);
 #define RSA_F_RSA_PADDING_CHECK_X931                     128
 #define RSA_F_RSA_PRINT                                  115
 #define RSA_F_RSA_PRINT_FP                               116
-#define RSA_F_RSA_SETUP_BLINDING                         136
 #define RSA_F_RSA_SIGN                                   117
 #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING                 118
 #define RSA_F_RSA_VERIFY                                 119
@@ -433,7 +392,6 @@ void ERR_load_RSA_strings(void);
 #define RSA_R_KEY_SIZE_TOO_SMALL                         120
 #define RSA_R_LAST_OCTET_INVALID                         134
 #define RSA_R_MODULUS_TOO_LARGE                          105
-#define RSA_R_NO_PUBLIC_EXPONENT                         140
 #define RSA_R_NULL_BEFORE_BLOCK_MISSING                  113
 #define RSA_R_N_DOES_NOT_EQUAL_P_Q                       127
 #define RSA_R_OAEP_DECODING_ERROR                        121
diff --git a/src/lib/libcrypto/rsa/rsa_asn1.c b/src/lib/libcrypto/rsa/rsa_asn1.c
index bbbf26d50e..1455a7e0e4 100644
--- a/src/lib/libcrypto/rsa/rsa_asn1.c
+++ b/src/lib/libcrypto/rsa/rsa_asn1.c
@@ -63,10 +63,10 @@
 #include <openssl/asn1t.h>
 static ASN1_METHOD method={
-        (I2D_OF(void))     i2d_RSAPrivateKey,
+        (int (*)())  i2d_RSAPrivateKey,
-        (D2I_OF(void))     d2i_RSAPrivateKey,
+        (char *(*)())d2i_RSAPrivateKey,
-        (void *(*)(void))  RSA_new,
+        (char *(*)())RSA_new,
-        (void (*)(void *)) RSA_free};
+        (void (*)()) RSA_free};
 ASN1_METHOD *RSAPrivateKey_asn1_meth(void)
        {
diff --git a/src/lib/libcrypto/rsa/rsa_chk.c b/src/lib/libcrypto/rsa/rsa_chk.c
index 9d848db8c6..002f2cb487 100644
--- a/src/lib/libcrypto/rsa/rsa_chk.c
+++ b/src/lib/libcrypto/rsa/rsa_chk.c
@@ -75,7 +75,7 @@ int RSA_check_key(const RSA *key)
                }
        
        /* p prime? */
-        r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL);
+        r = BN_is_prime(key->p, BN_prime_checks, NULL, NULL, NULL);
        if (r != 1)
                {
                ret = r;
@@ -85,7 +85,7 @@ int RSA_check_key(const RSA *key)
                }
        
        /* q prime? */
-        r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL);
+        r = BN_is_prime(key->q, BN_prime_checks, NULL, NULL, NULL);
        if (r != 1)
                {
                ret = r;
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index ffadaab9a4..610889dc80 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -56,7 +56,7 @@
 * [including the GNU Public Licence.]
 */
 /* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -115,7 +115,7 @@
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
-#ifndef RSA_NULL
+#if !defined(RSA_NULL) && !defined(OPENSSL_FIPS)
 static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
                unsigned char *to, RSA *rsa,int padding);
@@ -125,7 +125,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
                unsigned char *to, RSA *rsa,int padding);
 static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
                unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx);
+static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa);
 static int RSA_eay_init(RSA *rsa);
 static int RSA_eay_finish(RSA *rsa);
 static RSA_METHOD rsa_pkcs1_eay_meth={
@@ -141,8 +141,7 @@ static RSA_METHOD rsa_pkcs1_eay_meth={
        0, /* flags */
        NULL,
        0, /* rsa_sign */
-        0, /* rsa_verify */
+        0  /* rsa_verify */
-        NULL /* rsa_keygen */
        };
 const RSA_METHOD *RSA_PKCS1_SSLeay(void)
@@ -150,53 +149,19 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void)
        return(&rsa_pkcs1_eay_meth);
        }
-/* Usage example;
- *    MONT_HELPER(rsa->_method_mod_p, bn_ctx, rsa->p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
- */
-#define MONT_HELPER(method_mod, ctx, m, pre_cond, err_instr) \
-        if ((pre_cond) && ((method_mod) == NULL) && \
-                        !BN_MONT_CTX_set_locked(&(method_mod), \
-                                CRYPTO_LOCK_RSA, \
-                                (m), (ctx))) \
-                err_instr
 static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
             unsigned char *to, RSA *rsa, int padding)
        {
-        BIGNUM *f,*ret;
+        BIGNUM f,ret;
        int i,j,k,num=0,r= -1;
        unsigned char *buf=NULL;
        BN_CTX *ctx=NULL;
-        if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
+        BN_init(&f);
-                {
+        BN_init(&ret);
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
-                return -1;
-                }
-        if (BN_ucmp(rsa->n, rsa->e) <= 0)
-                {
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
-                return -1;
-                }
-        /* for large moduli, enforce exponent limit */
-        if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
-                {
-                if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
-                        {
-                        RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
-                        return -1;
-                        }
-                }
-        
        if ((ctx=BN_CTX_new()) == NULL) goto err;
-        BN_CTX_start(ctx);
-        f = BN_CTX_get(ctx);
-        ret = BN_CTX_get(ctx);
        num=BN_num_bytes(rsa->n);
-        buf = OPENSSL_malloc(num);
+        if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
-        if (!f || !ret || !buf)
                {
                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE);
                goto err;
@@ -224,34 +189,37 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
                }
        if (i <= 0) goto err;
-        if (BN_bin2bn(buf,num,f) == NULL) goto err;
+        if (BN_bin2bn(buf,num,&f) == NULL) goto err;
        
-        if (BN_ucmp(f, rsa->n) >= 0)
+        if (BN_ucmp(&f, rsa->n) >= 0)
-                {
+                {       
                /* usually the padding functions would catch this */
                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
                goto err;
                }
-        MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
+        if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+                {
+                if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n,
+                                        CRYPTO_LOCK_RSA, rsa->n, ctx))
+                        goto err;
+                }
-        if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
+        if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
                rsa->_method_mod_n)) goto err;
        /* put in leading 0 bytes if the number is less than the
         * length of the modulus */
-        j=BN_num_bytes(ret);
+        j=BN_num_bytes(&ret);
-        i=BN_bn2bin(ret,&(to[num-j]));
+        i=BN_bn2bin(&ret,&(to[num-j]));
        for (k=0; k<(num-i); k++)
                to[k]=0;
        r=num;
 err:
-        if (ctx != NULL)
+        if (ctx != NULL) BN_CTX_free(ctx);
-                {
+        BN_clear_free(&f);
-                BN_CTX_end(ctx);
+        BN_clear_free(&ret);
-                BN_CTX_free(ctx);
-                }
        if (buf != NULL) 
                {
                OPENSSL_cleanse(buf,num);
@@ -260,115 +228,98 @@ err:
        return(r);
        }
-static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
+static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
-{
+        {
-        BN_BLINDING *ret;
+        int ret = 1;
-        int got_write_lock = 0;
+        CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+        /* Check again inside the lock - the macro's check is racey */
+        if(rsa->blinding == NULL)
+                ret = RSA_blinding_on(rsa, ctx);
+        CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+        return ret;
+        }
-        CRYPTO_r_lock(CRYPTO_LOCK_RSA);
+#define BLINDING_HELPER(rsa, ctx, err_instr) \
+        do { \
+                if((!((rsa)->flags & RSA_FLAG_NO_BLINDING)) && \
+                    ((rsa)->blinding == NULL) && \
+                    !rsa_eay_blinding(rsa, ctx)) \
+                    err_instr \
+        } while(0)
-        if (rsa->blinding == NULL)
+static BN_BLINDING *setup_blinding(RSA *rsa, BN_CTX *ctx)
-                {
+        {
-                CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
+        BIGNUM *A, *Ai;
-                CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+        BN_BLINDING *ret = NULL;
-                got_write_lock = 1;
-                if (rsa->blinding == NULL)
+        /* added in OpenSSL 0.9.6j and 0.9.7b */
-                        rsa->blinding = RSA_setup_blinding(rsa, ctx);
-                }
-        ret = rsa->blinding;
+        /* NB: similar code appears in RSA_blinding_on (rsa_lib.c);
-        if (ret == NULL)
+         * this should be placed in a new function of its own, but for reasons
-                goto err;
+         * of binary compatibility can't */
-        if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id())
+        BN_CTX_start(ctx);
+        A = BN_CTX_get(ctx);
+        if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
                {
-                /* rsa->blinding is ours! */
+                /* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */
+                RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0);
-                *local = 1;
+                if (!BN_pseudo_rand_range(A,rsa->n)) goto err;
                }
        else
                {
-                /* resort to rsa->mt_blinding instead */
+                if (!BN_rand_range(A,rsa->n)) goto err;
-                *local = 0; /* instructs rsa_blinding_convert(), rsa_blinding_invert()
-                             * that the BN_BLINDING is shared, meaning that accesses
-                             * require locks, and that the blinding factor must be
-                             * stored outside the BN_BLINDING
-                             */
-                if (rsa->mt_blinding == NULL)
-                        {
-                        if (!got_write_lock)
-                                {
-                                CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
-                                CRYPTO_w_lock(CRYPTO_LOCK_RSA);
-                                got_write_lock = 1;
-                                }
-                        
-                        if (rsa->mt_blinding == NULL)
-                                rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);
-                        }
-                ret = rsa->mt_blinding;
                }
+        if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
- err:
+        if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
-        if (got_write_lock)
+                goto err;
-                CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+        ret = BN_BLINDING_new(A,Ai,rsa->n);
-        else
+        BN_free(Ai);
-                CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
+err:
+        BN_CTX_end(ctx);
        return ret;
-}
+        }
-static int rsa_blinding_convert(BN_BLINDING *b, int local, BIGNUM *f,
-        BIGNUM *r, BN_CTX *ctx)
-{
-        if (local)
-                return BN_BLINDING_convert_ex(f, NULL, b, ctx);
-        else
-                {
-                int ret;
-                CRYPTO_r_lock(CRYPTO_LOCK_RSA_BLINDING);
-                ret = BN_BLINDING_convert_ex(f, r, b, ctx);
-                CRYPTO_r_unlock(CRYPTO_LOCK_RSA_BLINDING);
-                return ret;
-                }
-}
-static int rsa_blinding_invert(BN_BLINDING *b, int local, BIGNUM *f,
-        BIGNUM *r, BN_CTX *ctx)
-{
-        if (local)
-                return BN_BLINDING_invert_ex(f, NULL, b, ctx);
-        else
-                {
-                int ret;
-                CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING);
-                ret = BN_BLINDING_invert_ex(f, r, b, ctx);
-                CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING);
-                return ret;
-                }
-}
 /* signing */
 static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
             unsigned char *to, RSA *rsa, int padding)
        {
-        BIGNUM *f, *ret, *br, *res;
+        BIGNUM f,ret, *res;
        int i,j,k,num=0,r= -1;
        unsigned char *buf=NULL;
        BN_CTX *ctx=NULL;
        int local_blinding = 0;
        BN_BLINDING *blinding = NULL;
+        BN_init(&f);
+        BN_init(&ret);
+        if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
+                {
+                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
+                return -1;
+                }
+        if (BN_ucmp(rsa->n, rsa->e) <= 0)
+                {
+                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
+                return -1;
+                }
+        /* for large moduli, enforce exponent limit */
+        if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
+                {
+                if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
+                        {
+                        RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
+                        return -1;
+                        }
+                }
        if ((ctx=BN_CTX_new()) == NULL) goto err;
-        BN_CTX_start(ctx);
+        num=BN_num_bytes(rsa->n);
-        f   = BN_CTX_get(ctx);
+        if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
-        br  = BN_CTX_get(ctx);
-        ret = BN_CTX_get(ctx);
-        num = BN_num_bytes(rsa->n);
-        buf = OPENSSL_malloc(num);
-        if(!f || !ret || !buf)
                {
                RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
                goto err;
@@ -379,9 +330,6 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
        case RSA_PKCS1_PADDING:
                i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen);
                break;
-        case RSA_X931_PADDING:
-                i=RSA_padding_add_X931(buf,num,from,flen);
-                break;
        case RSA_NO_PADDING:
                i=RSA_padding_add_none(buf,num,from,flen);
                break;
@@ -392,18 +340,26 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
                }
        if (i <= 0) goto err;
-        if (BN_bin2bn(buf,num,f) == NULL) goto err;
+        if (BN_bin2bn(buf,num,&f) == NULL) goto err;
        
-        if (BN_ucmp(f, rsa->n) >= 0)
+        if (BN_ucmp(&f, rsa->n) >= 0)
                {       
                /* usually the padding functions would catch this */
                RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
                goto err;
                }
+        BLINDING_HELPER(rsa, ctx, goto err;);
+        blinding = rsa->blinding;
+        
+        /* Now unless blinding is disabled, 'blinding' is non-NULL.
+         * But the BN_BLINDING object may be owned by some other thread
+         * (we don't want to keep it constant and we don't want to use
+         * lots of locking to avoid race conditions, so only a single
+         * thread can use it; other threads have to use local blinding
+         * factors) */
        if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
                {
-                blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
                if (blinding == NULL)
                        {
                        RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
@@ -412,8 +368,20 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
                }
        
        if (blinding != NULL)
-                if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx))
+                {
-                        goto err;
+                if (blinding->thread_id != CRYPTO_thread_id())
+                        {
+                        /* we need a local one-time blinding factor */
+                        blinding = setup_blinding(rsa, ctx);
+                        if (blinding == NULL)
+                                goto err;
+                        local_blinding = 1;
+                        }
+                }
+        if (blinding)
+                if (!BN_BLINDING_convert(&f, blinding, ctx)) goto err;
        if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
                ((rsa->p != NULL) &&
@@ -422,42 +390,37 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
                (rsa->dmq1 != NULL) &&
                (rsa->iqmp != NULL)) )
                { 
-                if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err;
+                if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err;
                }
        else
                {
                BIGNUM local_d;
                BIGNUM *d = NULL;
                
-                if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+                if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
                        {
                        BN_init(&local_d);
                        d = &local_d;
-                        BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+                        BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
                        }
                else
-                        d= rsa->d;
+                        d = rsa->d;
+                if (!rsa->meth->bn_mod_exp(&ret,&f,d,rsa->n,ctx,NULL)) goto err;
-                MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
-                if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
-                                rsa->_method_mod_n)) goto err;
                }
        if (blinding)
-                if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx))
+                if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err;
-                        goto err;
        if (padding == RSA_X931_PADDING)
                {
-                BN_sub(f, rsa->n, ret);
+                BN_sub(&f, rsa->n, &ret);
-                if (BN_cmp(ret, f))
+                if (BN_cmp(&ret, &f))
-                        res = f;
+                        res = &f;
                else
-                        res = ret;
+                        res = &ret;
                }
        else
-                res = ret;
+                res = &ret;
        /* put in leading 0 bytes if the number is less than the
         * length of the modulus */
@@ -468,11 +431,11 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
        r=num;
 err:
-        if (ctx != NULL)
+        if (ctx != NULL) BN_CTX_free(ctx);
-                {
+        BN_clear_free(&ret);
-                BN_CTX_end(ctx);
+        BN_clear_free(&f);
-                BN_CTX_free(ctx);
+        if (local_blinding)
-                }
+                BN_BLINDING_free(blinding);
        if (buf != NULL)
                {
                OPENSSL_cleanse(buf,num);
@@ -484,7 +447,7 @@ err:
 static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
             unsigned char *to, RSA *rsa, int padding)
        {
-        BIGNUM *f, *ret, *br;
+        BIGNUM f,ret;
        int j,num=0,r= -1;
        unsigned char *p;
        unsigned char *buf=NULL;
@@ -492,14 +455,14 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
        int local_blinding = 0;
        BN_BLINDING *blinding = NULL;
-        if((ctx = BN_CTX_new()) == NULL) goto err;
+        BN_init(&f);
-        BN_CTX_start(ctx);
+        BN_init(&ret);
-        f   = BN_CTX_get(ctx);
+        ctx=BN_CTX_new();
-        br  = BN_CTX_get(ctx);
+        if (ctx == NULL) goto err;
-        ret = BN_CTX_get(ctx);
-        num = BN_num_bytes(rsa->n);
+        num=BN_num_bytes(rsa->n);
-        buf = OPENSSL_malloc(num);
-        if(!f || !ret || !buf)
+        if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
                {
                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
                goto err;
@@ -514,17 +477,25 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
                }
        /* make data into a big number */
-        if (BN_bin2bn(from,(int)flen,f) == NULL) goto err;
+        if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err;
-        if (BN_ucmp(f, rsa->n) >= 0)
+        if (BN_ucmp(&f, rsa->n) >= 0)
                {
                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
                goto err;
                }
+        BLINDING_HELPER(rsa, ctx, goto err;);
+        blinding = rsa->blinding;
+        
+        /* Now unless blinding is disabled, 'blinding' is non-NULL.
+         * But the BN_BLINDING object may be owned by some other thread
+         * (we don't want to keep it constant and we don't want to use
+         * lots of locking to avoid race conditions, so only a single
+         * thread can use it; other threads have to use local blinding
+         * factors) */
        if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
                {
-                blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
                if (blinding == NULL)
                        {
                        RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);
@@ -533,8 +504,20 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
                }
        
        if (blinding != NULL)
-                if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx))
+                {
-                        goto err;
+                if (blinding->thread_id != CRYPTO_thread_id())
+                        {
+                        /* we need a local one-time blinding factor */
+                        blinding = setup_blinding(rsa, ctx);
+                        if (blinding == NULL)
+                                goto err;
+                        local_blinding = 1;
+                        }
+                }
+        if (blinding)
+                if (!BN_BLINDING_convert(&f, blinding, ctx)) goto err;
        /* do the decrypt */
        if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
@@ -544,33 +527,29 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
                (rsa->dmq1 != NULL) &&
                (rsa->iqmp != NULL)) )
                {
-                if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err;
+                if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err;
                }
        else
                {
                BIGNUM local_d;
                BIGNUM *d = NULL;
                
-                if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+                if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
                        {
                        d = &local_d;
-                        BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+                        BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
                        }
                else
                        d = rsa->d;
+                if (!rsa->meth->bn_mod_exp(&ret,&f,d,rsa->n,ctx,NULL))
-                MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
+                        goto err;
-                if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
-                                rsa->_method_mod_n))
-                  goto err;
                }
        if (blinding)
-                if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx))
+                if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err;
-                        goto err;
        p=buf;
-        j=BN_bn2bin(ret,p); /* j is only used with no-padding mode */
+        j=BN_bn2bin(&ret,p); /* j is only used with no-padding mode */
        switch (padding)
                {
@@ -596,11 +575,11 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
 err:
-        if (ctx != NULL)
+        if (ctx != NULL) BN_CTX_free(ctx);
-                {
+        BN_clear_free(&f);
-                BN_CTX_end(ctx);
+        BN_clear_free(&ret);
-                BN_CTX_free(ctx);
+        if (local_blinding)
-                }
+                BN_BLINDING_free(blinding);
        if (buf != NULL)
                {
                OPENSSL_cleanse(buf,num);
@@ -613,7 +592,7 @@ err:
 static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
             unsigned char *to, RSA *rsa, int padding)
        {
-        BIGNUM *f,*ret;
+        BIGNUM f,ret;
        int i,num=0,r= -1;
        unsigned char *p;
        unsigned char *buf=NULL;
@@ -640,14 +619,15 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
                        return -1;
                        }
                }
-        
-        if((ctx = BN_CTX_new()) == NULL) goto err;
+        BN_init(&f);
-        BN_CTX_start(ctx);
+        BN_init(&ret);
-        f = BN_CTX_get(ctx);
+        ctx=BN_CTX_new();
-        ret = BN_CTX_get(ctx);
+        if (ctx == NULL) goto err;
        num=BN_num_bytes(rsa->n);
-        buf = OPENSSL_malloc(num);
+        buf=(unsigned char *)OPENSSL_malloc(num);
-        if(!f || !ret || !buf)
+        if (buf == NULL)
                {
                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE);
                goto err;
@@ -661,33 +641,37 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
                goto err;
                }
-        if (BN_bin2bn(from,flen,f) == NULL) goto err;
+        if (BN_bin2bn(from,flen,&f) == NULL) goto err;
-        if (BN_ucmp(f, rsa->n) >= 0)
+        if (BN_ucmp(&f, rsa->n) >= 0)
                {
                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
                goto err;
                }
-        MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
+        /* do the decrypt */
+        if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+                {
+                if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n,
+                                        CRYPTO_LOCK_RSA, rsa->n, ctx))
+                        goto err;
+                }
-        if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
+        if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
                rsa->_method_mod_n)) goto err;
-        if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12))
+        if ((padding == RSA_X931_PADDING) && ((ret.d[0] & 0xf) != 12))
-                BN_sub(ret, rsa->n, ret);
+                BN_sub(&ret, rsa->n, &ret);
        p=buf;
-        i=BN_bn2bin(ret,p);
+        i=BN_bn2bin(&ret,p);
        switch (padding)
                {
        case RSA_PKCS1_PADDING:
                r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
                break;
-        case RSA_X931_PADDING:
-                r=RSA_padding_check_X931(to,num,buf,i,num);
-                break;
        case RSA_NO_PADDING:
                r=RSA_padding_check_none(to,num,buf,i,num);
                break;
@@ -699,11 +683,9 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
 err:
-        if (ctx != NULL)
+        if (ctx != NULL) BN_CTX_free(ctx);
-                {
+        BN_clear_free(&f);
-                BN_CTX_end(ctx);
+        BN_clear_free(&ret);
-                BN_CTX_free(ctx);
-                }
        if (buf != NULL)
                {
                OPENSSL_cleanse(buf,num);
@@ -712,111 +694,59 @@ err:
        return(r);
        }
-static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
        {
-        BIGNUM *r1,*m1,*vrfy;
+        BIGNUM r1,m1,vrfy;
-        BIGNUM local_dmp1,local_dmq1,local_c,local_r1;
+        BIGNUM local_dmp1, local_dmq1;
-        BIGNUM *dmp1,*dmq1,*c,*pr1;
+        BIGNUM *dmp1, *dmq1;
        int ret=0;
+        BN_CTX *ctx;
-        BN_CTX_start(ctx);
+        BN_init(&m1);
-        r1 = BN_CTX_get(ctx);
+        BN_init(&r1);
-        m1 = BN_CTX_get(ctx);
+        BN_init(&vrfy);
-        vrfy = BN_CTX_get(ctx);
+        if ((ctx=BN_CTX_new()) == NULL) goto err;
-        {
-                BIGNUM local_p, local_q;
-                BIGNUM *p = NULL, *q = NULL;
-                /* Make sure BN_mod_inverse in Montgomery intialization uses the
-                 * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set)
-                 */
-                if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-                        {
-                        BN_init(&local_p);
-                        p = &local_p;
-                        BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
-                        BN_init(&local_q);
-                        q = &local_q;
-                        BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME);
-                        }
-                else
-                        {
-                        p = rsa->p;
-                        q = rsa->q;
-                        }
-                MONT_HELPER(rsa->_method_mod_p, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
-                MONT_HELPER(rsa->_method_mod_q, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
-        }
-        MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
-        /* compute I mod q */
+        if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
-        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-                {
-                c = &local_c;
-                BN_with_flags(c, I, BN_FLG_CONSTTIME);
-                if (!BN_mod(r1,c,rsa->q,ctx)) goto err;
-                }
-        else
                {
-                if (!BN_mod(r1,I,rsa->q,ctx)) goto err;
+                if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p,
+                                        CRYPTO_LOCK_RSA, rsa->p, ctx))
+                        goto err;
+                if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_q,
+                                        CRYPTO_LOCK_RSA, rsa->q, ctx))
+                        goto err;
                }
-        /* compute r1^dmq1 mod q */
+        if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
-        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+        if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
                {
                dmq1 = &local_dmq1;
-                BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
+                BN_with_flags(dmq1, rsa->dmq1, BN_FLG_EXP_CONSTTIME);
                }
        else
                dmq1 = rsa->dmq1;
-        if (!rsa->meth->bn_mod_exp(m1,r1,dmq1,rsa->q,ctx,
+        if (!rsa->meth->bn_mod_exp(&m1,&r1,dmq1,rsa->q,ctx,
                rsa->_method_mod_q)) goto err;
-        /* compute I mod p */
+        if (!BN_mod(&r1,I,rsa->p,ctx)) goto err;
-        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+        if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
-                {
-                c = &local_c;
-                BN_with_flags(c, I, BN_FLG_CONSTTIME);
-                if (!BN_mod(r1,c,rsa->p,ctx)) goto err;
-                }
-        else
-                {
-                if (!BN_mod(r1,I,rsa->p,ctx)) goto err;
-                }
-        /* compute r1^dmp1 mod p */
-        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
                {
                dmp1 = &local_dmp1;
-                BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
+                BN_with_flags(dmp1, rsa->dmp1, BN_FLG_EXP_CONSTTIME);
                }
        else
                dmp1 = rsa->dmp1;
-        if (!rsa->meth->bn_mod_exp(r0,r1,dmp1,rsa->p,ctx,
+        if (!rsa->meth->bn_mod_exp(r0,&r1,dmp1,rsa->p,ctx,
                rsa->_method_mod_p)) goto err;
-        if (!BN_sub(r0,r0,m1)) goto err;
+        if (!BN_sub(r0,r0,&m1)) goto err;
        /* This will help stop the size of r0 increasing, which does
         * affect the multiply if it optimised for a power of 2 size */
-        if (BN_is_negative(r0))
+        if (r0->neg)
                if (!BN_add(r0,r0,rsa->p)) goto err;
-        if (!BN_mul(r1,r0,rsa->iqmp,ctx)) goto err;
+        if (!BN_mul(&r1,r0,rsa->iqmp,ctx)) goto err;
+        if (!BN_mod(r0,&r1,rsa->p,ctx)) goto err;
-        /* Turn BN_FLG_CONSTTIME flag on before division operation */
-        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-                {
-                pr1 = &local_r1;
-                BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
-                }
-        else
-                pr1 = r1;
-        if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err;
        /* If p < q it is occasionally possible for the correction of
         * adding 'p' if r0 is negative above to leave the result still
         * negative. This can break the private key operations: the following
@@ -824,23 +754,23 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
         * This will *never* happen with OpenSSL generated keys because
         * they ensure p > q [steve]
         */
-        if (BN_is_negative(r0))
+        if (r0->neg)
                if (!BN_add(r0,r0,rsa->p)) goto err;
-        if (!BN_mul(r1,r0,rsa->q,ctx)) goto err;
+        if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err;
-        if (!BN_add(r0,r1,m1)) goto err;
+        if (!BN_add(r0,&r1,&m1)) goto err;
        if (rsa->e && rsa->n)
                {
-                if (!rsa->meth->bn_mod_exp(vrfy,r0,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) goto err;
+                if (!rsa->meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err;
                /* If 'I' was greater than (or equal to) rsa->n, the operation
                 * will be equivalent to using 'I mod n'. However, the result of
                 * the verify will *always* be less than 'n' so we don't check
                 * for absolute equality, just congruency. */
-                if (!BN_sub(vrfy, vrfy, I)) goto err;
+                if (!BN_sub(&vrfy, &vrfy, I)) goto err;
-                if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) goto err;
+                if (!BN_mod(&vrfy, &vrfy, rsa->n, ctx)) goto err;
-                if (BN_is_negative(vrfy))
+                if (vrfy.neg)
-                        if (!BN_add(vrfy, vrfy, rsa->n)) goto err;
+                        if (!BN_add(&vrfy, &vrfy, rsa->n)) goto err;
-                if (!BN_is_zero(vrfy))
+                if (!BN_is_zero(&vrfy))
                        {
                        /* 'I' and 'vrfy' aren't congruent mod n. Don't leak
                         * miscalculated CRT output, just do a raw (slower)
@@ -849,20 +779,22 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
                        BIGNUM local_d;
                        BIGNUM *d = NULL;
                
-                        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+                        if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
                                {
                                d = &local_d;
-                                BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+                                BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
                                }
                        else
                                d = rsa->d;
-                        if (!rsa->meth->bn_mod_exp(r0,I,d,rsa->n,ctx,
+                        if (!rsa->meth->bn_mod_exp(r0,I,d,rsa->n,ctx,NULL)) goto err;
-                                                   rsa->_method_mod_n)) goto err;
                        }
                }
        ret=1;
 err:
-        BN_CTX_end(ctx);
+        BN_clear_free(&m1);
+        BN_clear_free(&r1);
+        BN_clear_free(&vrfy);
+        BN_CTX_free(ctx);
        return(ret);
        }
diff --git a/src/lib/libcrypto/rsa/rsa_err.c b/src/lib/libcrypto/rsa/rsa_err.c
index fe3ba1b44b..ddcb28e663 100644
--- a/src/lib/libcrypto/rsa/rsa_err.c
+++ b/src/lib/libcrypto/rsa/rsa_err.c
@@ -71,21 +71,14 @@
 static ERR_STRING_DATA RSA_str_functs[]=
        {
 {ERR_FUNC(RSA_F_MEMORY_LOCK),   "MEMORY_LOCK"},
-{ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN),    "RSA_BUILTIN_KEYGEN"},
 {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
 {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT),       "RSA_EAY_PRIVATE_DECRYPT"},
 {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT),       "RSA_EAY_PRIVATE_ENCRYPT"},
 {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT),        "RSA_EAY_PUBLIC_DECRYPT"},
 {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT),        "RSA_EAY_PUBLIC_ENCRYPT"},
 {ERR_FUNC(RSA_F_RSA_GENERATE_KEY),      "RSA_generate_key"},
-{ERR_FUNC(RSA_F_RSA_MEMORY_LOCK),       "RSA_memory_lock"},
 {ERR_FUNC(RSA_F_RSA_NEW_METHOD),        "RSA_new_method"},
 {ERR_FUNC(RSA_F_RSA_NULL),      "RSA_NULL"},
-{ERR_FUNC(RSA_F_RSA_NULL_MOD_EXP),      "RSA_NULL_MOD_EXP"},
-{ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT),      "RSA_NULL_PRIVATE_DECRYPT"},
-{ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT),      "RSA_NULL_PRIVATE_ENCRYPT"},
-{ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT),       "RSA_NULL_PUBLIC_DECRYPT"},
-{ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT),       "RSA_NULL_PUBLIC_ENCRYPT"},
 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE),  "RSA_padding_add_none"},
 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP),    "RSA_padding_add_PKCS1_OAEP"},
 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS),     "RSA_padding_add_PKCS1_PSS"},
@@ -101,7 +94,6 @@ static ERR_STRING_DATA RSA_str_functs[]=
 {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931),        "RSA_padding_check_X931"},
 {ERR_FUNC(RSA_F_RSA_PRINT),     "RSA_print"},
 {ERR_FUNC(RSA_F_RSA_PRINT_FP),  "RSA_print_fp"},
-{ERR_FUNC(RSA_F_RSA_SETUP_BLINDING),    "RSA_setup_blinding"},
 {ERR_FUNC(RSA_F_RSA_SIGN),      "RSA_sign"},
 {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING),    "RSA_sign_ASN1_OCTET_STRING"},
 {ERR_FUNC(RSA_F_RSA_VERIFY),    "RSA_verify"},
@@ -138,21 +130,20 @@ static ERR_STRING_DATA RSA_str_reasons[]=
 {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL)    ,"key size too small"},
 {ERR_REASON(RSA_R_LAST_OCTET_INVALID)    ,"last octet invalid"},
 {ERR_REASON(RSA_R_MODULUS_TOO_LARGE)     ,"modulus too large"},
-{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT)    ,"no public exponent"},
 {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
 {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q)  ,"n does not equal p q"},
 {ERR_REASON(RSA_R_OAEP_DECODING_ERROR)   ,"oaep decoding error"},
+{ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED)  ,"salt length recovery failed"},
 {ERR_REASON(RSA_R_PADDING_CHECK_FAILED)  ,"padding check failed"},
 {ERR_REASON(RSA_R_P_NOT_PRIME)           ,"p not prime"},
 {ERR_REASON(RSA_R_Q_NOT_PRIME)           ,"q not prime"},
 {ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"},
-{ERR_REASON(RSA_R_SLEN_CHECK_FAILED)     ,"salt length check failed"},
-{ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED)  ,"salt length recovery failed"},
 {ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK) ,"sslv3 rollback attack"},
 {ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
 {ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"},
 {ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE)  ,"unknown padding type"},
 {ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
+{ERR_REASON(RSA_R_SLEN_CHECK_FAILED)     ,"salt length check failed"},
 {0,NULL}
        };
@@ -160,12 +151,15 @@ static ERR_STRING_DATA RSA_str_reasons[]=
 void ERR_load_RSA_strings(void)
        {
-#ifndef OPENSSL_NO_ERR
+        static int init=1;
-        if (ERR_func_error_string(RSA_str_functs[0].error) == NULL)
+        if (init)
                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
                ERR_load_strings(0,RSA_str_functs);
                ERR_load_strings(0,RSA_str_reasons);
-                }
 #endif
+                }
        }
diff --git a/src/lib/libcrypto/rsa/rsa_gen.c b/src/lib/libcrypto/rsa/rsa_gen.c
index 767f7ab682..dd1422cc98 100644
--- a/src/lib/libcrypto/rsa/rsa_gen.c
+++ b/src/lib/libcrypto/rsa/rsa_gen.c
@@ -56,42 +56,26 @@
 * [including the GNU Public Licence.]
 */
-/* NB: these functions have been "upgraded", the deprecated versions (which are
- * compatibility wrappers using these functions) are in rsa_depr.c.
- * - Geoff
- */
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
-static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
+#ifndef OPENSSL_FIPS
-/* NB: this wrapper would normally be placed in rsa_lib.c and the static
+RSA *RSA_generate_key(int bits, unsigned long e_value,
- * implementation would probably be in rsa_eay.c. Nonetheless, is kept here so
+             void (*callback)(int,int,void *), void *cb_arg)
- * that we don't introduce a new linker dependency. Eg. any application that
- * wasn't previously linking object code related to key-generation won't have to
- * now just because key-generation is part of RSA_METHOD. */
-int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
-        {
-        if(rsa->meth->rsa_keygen)
-                return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
-        return rsa_builtin_keygen(rsa, bits, e_value, cb);
-        }
-static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
        {
+        RSA *rsa=NULL;
        BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
-        BIGNUM local_r0,local_d,local_p;
+        int bitsp,bitsq,ok= -1,n=0,i;
-        BIGNUM *pr0,*d,*p;
+        BN_CTX *ctx=NULL,*ctx2=NULL;
-        int bitsp,bitsq,ok= -1,n=0;
-        BN_CTX *ctx=NULL;
        ctx=BN_CTX_new();
        if (ctx == NULL) goto err;
+        ctx2=BN_CTX_new();
+        if (ctx2 == NULL) goto err;
        BN_CTX_start(ctx);
        r0 = BN_CTX_get(ctx);
        r1 = BN_CTX_get(ctx);
@@ -101,58 +85,49 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
        bitsp=(bits+1)/2;
        bitsq=bits-bitsp;
+        rsa=RSA_new();
+        if (rsa == NULL) goto err;
-        /* We need the RSA components non-NULL */
+        /* set e */ 
-        if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
+        rsa->e=BN_new();
-        if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err;
+        if (rsa->e == NULL) goto err;
-        if(!rsa->e && ((rsa->e=BN_new()) == NULL)) goto err;
-        if(!rsa->p && ((rsa->p=BN_new()) == NULL)) goto err;
-        if(!rsa->q && ((rsa->q=BN_new()) == NULL)) goto err;
-        if(!rsa->dmp1 && ((rsa->dmp1=BN_new()) == NULL)) goto err;
-        if(!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err;
-        if(!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err;
-        BN_copy(rsa->e, e_value);
+#if 1
+        /* The problem is when building with 8, 16, or 32 BN_ULONG,
+         * unsigned long can be larger */
+        for (i=0; i<sizeof(unsigned long)*8; i++)
+                {
+                if (e_value & (1UL<<i))
+                        BN_set_bit(rsa->e,i);
+                }
+#else
+        if (!BN_set_word(rsa->e,e_value)) goto err;
+#endif
        /* generate p and q */
        for (;;)
                {
-                if(!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
+                rsa->p=BN_generate_prime(NULL,bitsp,0,NULL,NULL,callback,cb_arg);
-                        goto err;
+                if (rsa->p == NULL) goto err;
                if (!BN_sub(r2,rsa->p,BN_value_one())) goto err;
                if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
                if (BN_is_one(r1)) break;
-                if(!BN_GENCB_call(cb, 2, n++))
+                if (callback != NULL) callback(2,n++,cb_arg);
-                        goto err;
+                BN_free(rsa->p);
                }
-        if(!BN_GENCB_call(cb, 3, 0))
+        if (callback != NULL) callback(3,0,cb_arg);
-                goto err;
        for (;;)
                {
-                /* When generating ridiculously small keys, we can get stuck
+                rsa->q=BN_generate_prime(NULL,bitsq,0,NULL,NULL,callback,cb_arg);
-                 * continually regenerating the same prime values. Check for
+                if (rsa->q == NULL) goto err;
-                 * this and bail if it happens 3 times. */
-                unsigned int degenerate = 0;
-                do
-                        {
-                        if(!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
-                                goto err;
-                        } while((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3));
-                if(degenerate == 3)
-                        {
-                        ok = 0; /* we set our own err */
-                        RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,RSA_R_KEY_SIZE_TOO_SMALL);
-                        goto err;
-                        }
                if (!BN_sub(r2,rsa->q,BN_value_one())) goto err;
                if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
-                if (BN_is_one(r1))
+                if (BN_is_one(r1) && (BN_cmp(rsa->p,rsa->q) != 0))
                        break;
-                if(!BN_GENCB_call(cb, 2, n++))
+                if (callback != NULL) callback(2,n++,cb_arg);
-                        goto err;
+                BN_free(rsa->q);
                }
-        if(!BN_GENCB_call(cb, 3, 1))
+        if (callback != NULL) callback(3,1,cb_arg);
-                goto err;
        if (BN_cmp(rsa->p,rsa->q) < 0)
                {
                tmp=rsa->p;
@@ -161,59 +136,66 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
                }
        /* calculate n */
+        rsa->n=BN_new();
+        if (rsa->n == NULL) goto err;
        if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err;
        /* calculate d */
        if (!BN_sub(r1,rsa->p,BN_value_one())) goto err;        /* p-1 */
        if (!BN_sub(r2,rsa->q,BN_value_one())) goto err;        /* q-1 */
        if (!BN_mul(r0,r1,r2,ctx)) goto err;    /* (p-1)(q-1) */
-        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-                {
-                  pr0 = &local_r0;
-                  BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
-                }
-        else
-          pr0 = r0;
-        if (!BN_mod_inverse(rsa->d,rsa->e,pr0,ctx)) goto err;   /* d */
-        /* set up d for correct BN_FLG_CONSTTIME flag */
+/* should not be needed, since gcd(p-1,e) == 1 and gcd(q-1,e) == 1 */
-        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+/*      for (;;)
                {
-                d = &local_d;
+                if (!BN_gcd(r3,r0,rsa->e,ctx)) goto err;
-                BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+                if (BN_is_one(r3)) break;
+                if (1)
+                        {
+                        if (!BN_add_word(rsa->e,2L)) goto err;
+                        continue;
+                        }
+                RSAerr(RSA_F_RSA_GENERATE_KEY,RSA_R_BAD_E_VALUE);
+                goto err;
                }
-        else
+*/
-                d = rsa->d;
+        rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2);     /* d */
+        if (rsa->d == NULL) goto err;
        /* calculate d mod (p-1) */
-        if (!BN_mod(rsa->dmp1,d,r1,ctx)) goto err;
+        rsa->dmp1=BN_new();
+        if (rsa->dmp1 == NULL) goto err;
+        if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx)) goto err;
        /* calculate d mod (q-1) */
-        if (!BN_mod(rsa->dmq1,d,r2,ctx)) goto err;
+        rsa->dmq1=BN_new();
+        if (rsa->dmq1 == NULL) goto err;
+        if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx)) goto err;
        /* calculate inverse of q mod p */
-        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+        rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2);
-                {
+        if (rsa->iqmp == NULL) goto err;
-                p = &local_p;
-                BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
-                }
-        else
-                p = rsa->p;
-        if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
        ok=1;
 err:
        if (ok == -1)
                {
-                RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,ERR_LIB_BN);
+                RSAerr(RSA_F_RSA_GENERATE_KEY,ERR_LIB_BN);
                ok=0;
                }
        if (ctx != NULL)
-                {
                BN_CTX_end(ctx);
-                BN_CTX_free(ctx);
+        BN_CTX_free(ctx);
+        BN_CTX_free(ctx2);
+        
+        if (!ok)
+                {
+                if (rsa != NULL) RSA_free(rsa);
+                return(NULL);
                }
+        else
-        return ok;
+                return(rsa);
        }
+#endif
diff --git a/src/lib/libcrypto/rsa/rsa_lib.c b/src/lib/libcrypto/rsa/rsa_lib.c
index 104aa4c1f2..e4d622851e 100644
--- a/src/lib/libcrypto/rsa/rsa_lib.c
+++ b/src/lib/libcrypto/rsa/rsa_lib.c
@@ -67,7 +67,7 @@
 #include <openssl/engine.h>
 #endif
-const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT;
+const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT;
 static const RSA_METHOD *default_RSA_meth=NULL;
@@ -179,7 +179,6 @@ RSA *RSA_new_method(ENGINE *engine)
        ret->_method_mod_p=NULL;
        ret->_method_mod_q=NULL;
        ret->blinding=NULL;
-        ret->mt_blinding=NULL;
        ret->bignum_data=NULL;
        ret->flags=ret->meth->flags;
        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
@@ -233,7 +232,6 @@ void RSA_free(RSA *r)
        if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
        if (r->iqmp != NULL) BN_clear_free(r->iqmp);
        if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
-        if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
        if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
        OPENSSL_free(r);
        }
@@ -316,117 +314,59 @@ void RSA_blinding_off(RSA *rsa)
        rsa->flags |= RSA_FLAG_NO_BLINDING;
        }
-int RSA_blinding_on(RSA *rsa, BN_CTX *ctx)
+int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
        {
-        int ret=0;
+        BIGNUM *A,*Ai = NULL;
-        if (rsa->blinding != NULL)
-                RSA_blinding_off(rsa);
-        rsa->blinding = RSA_setup_blinding(rsa, ctx);
-        if (rsa->blinding == NULL)
-                goto err;
-        rsa->flags |= RSA_FLAG_BLINDING;
-        rsa->flags &= ~RSA_FLAG_NO_BLINDING;
-        ret=1;
-err:
-        return(ret);
-        }
-static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p,
-        const BIGNUM *q, BN_CTX *ctx)
-{
-        BIGNUM *ret = NULL, *r0, *r1, *r2;
-        if (d == NULL || p == NULL || q == NULL)
-                return NULL;
-        BN_CTX_start(ctx);
-        r0 = BN_CTX_get(ctx);
-        r1 = BN_CTX_get(ctx);
-        r2 = BN_CTX_get(ctx);
-        if (r2 == NULL)
-                goto err;
-        if (!BN_sub(r1, p, BN_value_one())) goto err;
-        if (!BN_sub(r2, q, BN_value_one())) goto err;
-        if (!BN_mul(r0, r1, r2, ctx)) goto err;
-        ret = BN_mod_inverse(NULL, d, r0, ctx);
-err:
-        BN_CTX_end(ctx);
-        return ret;
-}
-BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
-{
-        BIGNUM local_n;
-        BIGNUM *e,*n;
        BN_CTX *ctx;
-        BN_BLINDING *ret = NULL;
+        int ret=0;
-        if (in_ctx == NULL)
+        if (p_ctx == NULL)
                {
-                if ((ctx = BN_CTX_new()) == NULL) return 0;
+                if ((ctx=BN_CTX_new()) == NULL) goto err;
                }
        else
-                ctx = in_ctx;
+                ctx=p_ctx;
-        BN_CTX_start(ctx);
+        /* XXXXX: Shouldn't this be RSA_blinding_off(rsa)? */
-        e  = BN_CTX_get(ctx);
+        if (rsa->blinding != NULL)
-        if (e == NULL)
                {
-                RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
+                BN_BLINDING_free(rsa->blinding);
-                goto err;
+                rsa->blinding = NULL;
                }
-        if (rsa->e == NULL)
+        /* NB: similar code appears in setup_blinding (rsa_eay.c);
-                {
+         * this should be placed in a new function of its own, but for reasons
-                e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
+         * of binary compatibility can't */
-                if (e == NULL)
-                        {
-                        RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT);
-                        goto err;
-                        }
-                }
-        else
-                e = rsa->e;
-        
+        BN_CTX_start(ctx);
+        A = BN_CTX_get(ctx);
        if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
                {
-                /* if PRNG is not properly seeded, resort to secret
+                /* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */
-                 * exponent as unpredictable seed */
+                RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0);
-                RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0);
+                if (!BN_pseudo_rand_range(A,rsa->n)) goto err;
                }
+        else
-        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
                {
-                /* Set BN_FLG_CONSTTIME flag */
+                if (!BN_rand_range(A,rsa->n)) goto err;
-                n = &local_n;
-                BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);
                }
-        else
+        if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
-                n = rsa->n;
-        ret = BN_BLINDING_create_param(NULL, e, n, ctx,
+        if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
-                        rsa->meth->bn_mod_exp, rsa->_method_mod_n);
-        if (ret == NULL)
-                {
-                RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
                goto err;
-                }
+        if ((rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n)) == NULL) goto err;
-        BN_BLINDING_set_thread_id(ret, CRYPTO_thread_id());
+        /* to make things thread-safe without excessive locking,
+         * rsa->blinding will be used just by the current thread: */
+        rsa->blinding->thread_id = CRYPTO_thread_id();
+        rsa->flags |= RSA_FLAG_BLINDING;
+        rsa->flags &= ~RSA_FLAG_NO_BLINDING;
+        ret=1;
 err:
+        if (Ai != NULL) BN_free(Ai);
        BN_CTX_end(ctx);
-        if (in_ctx == NULL)
+        if (ctx != p_ctx) BN_CTX_free(ctx);
-                BN_CTX_free(ctx);
+        return(ret);
-        if(rsa->e == NULL)
+        }
-                BN_free(e);
-        return ret;
-}
 int RSA_memory_lock(RSA *r)
        {
@@ -449,7 +389,7 @@ int RSA_memory_lock(RSA *r)
                j+= (*t[i])->top;
        if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL)
                {
-                RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE);
+                RSAerr(RSA_F_MEMORY_LOCK,ERR_R_MALLOC_FAILURE);
                return(0);
                }
        bn=(BIGNUM *)p;
diff --git a/src/lib/libcrypto/rsa/rsa_null.c b/src/lib/libcrypto/rsa/rsa_null.c
new file mode 100644
index 0000000000..64057fbdcf
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_null.c
@@ -0,0 +1,150 @@
+/* rsa_null.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+/* This is a dummy RSA implementation that just returns errors when called.
+ * It is designed to allow some RSA functions to work while stopping those
+ * covered by the RSA patent. That is RSA, encryption, decryption, signing
+ * and verify is not allowed but RSA key generation, key checking and other
+ * operations (like storing RSA keys) are permitted.
+ */
+static int RSA_null_public_encrypt(int flen, const unsigned char *from,
+                unsigned char *to, RSA *rsa,int padding);
+static int RSA_null_private_encrypt(int flen, const unsigned char *from,
+                unsigned char *to, RSA *rsa,int padding);
+static int RSA_null_public_decrypt(int flen, const unsigned char *from,
+                unsigned char *to, RSA *rsa,int padding);
+static int RSA_null_private_decrypt(int flen, const unsigned char *from,
+                unsigned char *to, RSA *rsa,int padding);
+#if 0 /* not currently used */
+static int RSA_null_mod_exp(const BIGNUM *r0, const BIGNUM *i, RSA *rsa);
+#endif
+static int RSA_null_init(RSA *rsa);
+static int RSA_null_finish(RSA *rsa);
+static RSA_METHOD rsa_null_meth={
+        "Null RSA",
+        RSA_null_public_encrypt,
+        RSA_null_public_decrypt,
+        RSA_null_private_encrypt,
+        RSA_null_private_decrypt,
+        NULL,
+        NULL,
+        RSA_null_init,
+        RSA_null_finish,
+        0,
+        NULL,
+        };
+const RSA_METHOD *RSA_null_method(void)
+        {
+        return(&rsa_null_meth);
+        }
+static int RSA_null_public_encrypt(int flen, const unsigned char *from,
+             unsigned char *to, RSA *rsa, int padding)
+        {
+        RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+        return -1;
+        }
+static int RSA_null_private_encrypt(int flen, const unsigned char *from,
+             unsigned char *to, RSA *rsa, int padding)
+        {
+        RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+        return -1;
+        }
+static int RSA_null_private_decrypt(int flen, const unsigned char *from,
+             unsigned char *to, RSA *rsa, int padding)
+        {
+        RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+        return -1;
+        }
+static int RSA_null_public_decrypt(int flen, const unsigned char *from,
+             unsigned char *to, RSA *rsa, int padding)
+        {
+        RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+        return -1;
+        }
+#if 0 /* not currently used */
+static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
+        {
+        RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+        return -1;
+        }
+#endif
+static int RSA_null_init(RSA *rsa)
+        {
+        return(1);
+        }
+static int RSA_null_finish(RSA *rsa)
+        {
+        return(1);
+        }
diff --git a/src/lib/libcrypto/rsa/rsa_oaep.c b/src/lib/libcrypto/rsa/rsa_oaep.c
index 3652677a99..d43ecaca63 100644
--- a/src/lib/libcrypto/rsa/rsa_oaep.c
+++ b/src/lib/libcrypto/rsa/rsa_oaep.c
@@ -28,9 +28,6 @@
 #include <openssl/rand.h>
 #include <openssl/sha.h>
-int MGF1(unsigned char *mask, long len,
-        const unsigned char *seed, long seedlen);
 int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
        const unsigned char *from, int flen,
        const unsigned char *param, int plen)
@@ -76,11 +73,13 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
           20);
 #endif
-        MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH);
+        PKCS1_MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH,
+                                                                EVP_sha1());
        for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
                db[i] ^= dbmask[i];
-        MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH);
+        PKCS1_MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH,
+                                                                EVP_sha1());
        for (i = 0; i < SHA_DIGEST_LENGTH; i++)
                seed[i] ^= seedmask[i];
@@ -96,7 +95,6 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
        const unsigned char *maskeddb;
        int lzero;
        unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];
-        unsigned char *padded_from;
        int bad = 0;
        if (--num < 2 * SHA_DIGEST_LENGTH + 1)
@@ -107,6 +105,8 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
        lzero = num - flen;
        if (lzero < 0)
                {
+                /* lzero == -1 */
                /* signalling this error immediately after detection might allow
                 * for side-channel attacks (e.g. timing if 'plen' is huge
                 * -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA Optimal
@@ -114,30 +114,22 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
                 * so we use a 'bad' flag */
                bad = 1;
                lzero = 0;
-                flen = num; /* don't overflow the memcpy to padded_from */
                }
+        maskeddb = from - lzero + SHA_DIGEST_LENGTH;
        dblen = num - SHA_DIGEST_LENGTH;
-        db = OPENSSL_malloc(dblen + num);
+        db = OPENSSL_malloc(dblen);
        if (db == NULL)
                {
-                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
+                RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
                return -1;
                }
-        /* Always do this zero-padding copy (even when lzero == 0)
+        PKCS1_MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen, EVP_sha1());
-         * to avoid leaking timing info about the value of lzero. */
+        for (i = lzero; i < SHA_DIGEST_LENGTH; i++)
-        padded_from = db + dblen;
+                seed[i] ^= from[i - lzero];
-        memset(padded_from, 0, lzero);
-        memcpy(padded_from + lzero, from, flen);
-        maskeddb = padded_from + SHA_DIGEST_LENGTH;
-        MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
-        for (i = 0; i < SHA_DIGEST_LENGTH; i++)
-                seed[i] ^= padded_from[i];
  
-        MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);
+        PKCS1_MGF1(db, dblen, seed, SHA_DIGEST_LENGTH, EVP_sha1());
        for (i = 0; i < dblen; i++)
                db[i] ^= maskeddb[i];
@@ -150,13 +142,13 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
                for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
                        if (db[i] != 0x00)
                                break;
-                if (i == dblen || db[i] != 0x01)
+                if (db[i] != 0x01 || i++ >= dblen)
                        goto decoding_err;
                else
                        {
                        /* everything looks OK */
-                        mlen = dblen - ++i;
+                        mlen = dblen - i;
                        if (tlen < mlen)
                                {
                                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
diff --git a/src/lib/libcrypto/rsa/rsa_saos.c b/src/lib/libcrypto/rsa/rsa_saos.c
index f98e0a80a6..24fc94835e 100644
--- a/src/lib/libcrypto/rsa/rsa_saos.c
+++ b/src/lib/libcrypto/rsa/rsa_saos.c
@@ -107,8 +107,7 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype,
        RSA *rsa)
        {
        int i,ret=0;
-        unsigned char *s;
+        unsigned char *p,*s;
-        const unsigned char *p;
        ASN1_OCTET_STRING *sig=NULL;
        if (siglen != (unsigned int)RSA_size(rsa))
diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c
index 71aabeea1b..db86f1ac58 100644
--- a/src/lib/libcrypto/rsa/rsa_sign.c
+++ b/src/lib/libcrypto/rsa/rsa_sign.c
@@ -146,7 +146,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
             unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
        {
        int i,ret=0,sigtype;
-        unsigned char *s;
+        unsigned char *p,*s;
        X509_SIG *sig=NULL;
        if (siglen != (unsigned int)RSA_size(rsa))
@@ -181,7 +181,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
                                RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
                else ret = 1;
        } else {
-                const unsigned char *p=s;
+                p=s;
                sig=d2i_X509_SIG(NULL,&p,(long)i);
                if (sig == NULL) goto err;
diff --git a/src/lib/libcrypto/rsa/rsa_test.c b/src/lib/libcrypto/rsa/rsa_test.c
new file mode 100644
index 0000000000..218bb2a39b
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_test.c
@@ -0,0 +1,318 @@
+/* test vectors from p1ovect1.txt */
+#include <stdio.h>
+#include <string.h>
+#include "e_os.h"
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#ifdef OPENSSL_NO_RSA
+int main(int argc, char *argv[])
+{
+    printf("No RSA support\n");
+    return(0);
+}
+#else
+#include <openssl/rsa.h>
+#define SetKey \
+  key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
+  key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \
+  key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \
+  key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \
+  key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \
+  key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \
+  key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \
+  key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \
+  memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
+  return (sizeof(ctext_ex) - 1);
+static int key1(RSA *key, unsigned char *c)
+    {
+    static unsigned char n[] =
+"\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
+"\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
+"\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"
+"\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"
+"\xF5";
+    static unsigned char e[] = "\x11";
+    static unsigned char d[] =
+"\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"
+"\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"
+"\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"
+"\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51";
+    static unsigned char p[] =
+"\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
+"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12"
+"\x0D";
+    
+    static unsigned char q[] =
+"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
+"\x89";
+    static unsigned char dmp1[] =
+"\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF"
+"\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05";
+    static unsigned char dmq1[] =
+"\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99"
+"\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D"
+"\x51";
+    static unsigned char iqmp[] =
+"\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8"
+"\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26";
+    static unsigned char ctext_ex[] =
+"\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89"
+"\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52"
+"\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44"
+"\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2";
+    SetKey;
+    }
+static int key2(RSA *key, unsigned char *c)
+    {
+    static unsigned char n[] =
+"\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8"
+"\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26"
+"\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8"
+"\x34\x77\xCF";
+    static unsigned char e[] = "\x3";
+    static unsigned char d[] =
+"\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2"
+"\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41"
+"\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21"
+"\xE5\xEB";
+    static unsigned char p[] =
+"\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92"
+"\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91";
+    static unsigned char q[] =
+"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F";
+    
+    static unsigned char dmp1[] =
+"\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61"
+"\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B";
+    static unsigned char dmq1[] =
+"\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90"
+"\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F";
+    static unsigned char iqmp[] =
+"\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13"
+"\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D";
+    static unsigned char ctext_ex[] =
+"\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"
+"\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"
+"\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"
+"\x62\x51";
+    SetKey;
+    }
+static int key3(RSA *key, unsigned char *c)
+    {
+    static unsigned char n[] =
+"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
+"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
+"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
+"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
+"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
+"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
+"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
+"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
+"\xCB";
+    static unsigned char e[] = "\x11";
+    static unsigned char d[] =
+"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
+"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
+"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
+"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
+"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
+"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
+"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
+"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
+"\xC1";
+    static unsigned char p[] =
+"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
+"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
+"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
+"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
+"\x99";
+    static unsigned char q[] =
+"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
+"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
+"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
+"\x03";
+    static unsigned char dmp1[] =
+"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
+"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
+"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
+"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
+    static unsigned char dmq1[] =
+"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
+"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
+"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
+"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
+    
+    static unsigned char iqmp[] =
+"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
+"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
+"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
+"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
+"\xF7";
+    static unsigned char ctext_ex[] =
+"\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7"
+"\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce"
+"\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3"
+"\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06"
+"\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86"
+"\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4"
+"\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a"
+"\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1";
+    SetKey;
+    }
+static int pad_unknown(void)
+{
+    unsigned long l;
+    while ((l = ERR_get_error()) != 0)
+      if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE)
+        return(1);
+    return(0);
+}
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+int main(int argc, char *argv[])
+    {
+    int err=0;
+    int v;
+    RSA *key;
+    unsigned char ptext[256];
+    unsigned char ctext[256];
+    static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
+    unsigned char ctext_ex[256];
+    int plen;
+    int clen = 0;
+    int num;
+    CRYPTO_malloc_debug_init();
+    CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+    RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */
+    plen = sizeof(ptext_ex) - 1;
+    for (v = 0; v < 6; v++)
+        {
+        key = RSA_new();
+        switch (v%3) {
+    case 0:
+        clen = key1(key, ctext_ex);
+        break;
+    case 1:
+        clen = key2(key, ctext_ex);
+        break;
+    case 2:
+        clen = key3(key, ctext_ex);
+        break;
+        }
+        if (v/3 > 1) key->flags |= RSA_FLAG_NO_EXP_CONSTTIME;
+        num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
+                                 RSA_PKCS1_PADDING);
+        if (num != clen)
+            {
+            printf("PKCS#1 v1.5 encryption failed!\n");
+            err=1;
+            goto oaep;
+            }
+  
+        num = RSA_private_decrypt(num, ctext, ptext, key,
+                                  RSA_PKCS1_PADDING);
+        if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
+            {
+            printf("PKCS#1 v1.5 decryption failed!\n");
+            err=1;
+            }
+        else
+            printf("PKCS #1 v1.5 encryption/decryption ok\n");
+    oaep:
+        ERR_clear_error();
+        num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
+                                 RSA_PKCS1_OAEP_PADDING);
+        if (num == -1 && pad_unknown())
+            {
+            printf("No OAEP support\n");
+            goto next;
+            }
+        if (num != clen)
+            {
+            printf("OAEP encryption failed!\n");
+            err=1;
+            goto next;
+            }
+  
+        num = RSA_private_decrypt(num, ctext, ptext, key,
+                                  RSA_PKCS1_OAEP_PADDING);
+        if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
+            {
+            printf("OAEP decryption (encrypted data) failed!\n");
+            err=1;
+            }
+        else if (memcmp(ctext, ctext_ex, num) == 0)
+            {
+            printf("OAEP test vector %d passed!\n", v);
+            goto next;
+            }
+    
+        /* Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT).
+           Try decrypting ctext_ex */
+        num = RSA_private_decrypt(clen, ctext_ex, ptext, key,
+                                  RSA_PKCS1_OAEP_PADDING);
+        if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
+            {
+            printf("OAEP decryption (test vector data) failed!\n");
+            err=1;
+            }
+        else
+            printf("OAEP encryption/decryption ok\n");
+    next:
+        RSA_free(key);
+        }
+    CRYPTO_cleanup_all_ex_data();
+    ERR_remove_state(0);
+    CRYPTO_mem_leaks_fp(stderr);
+    return err;
+    }
+#endif
diff --git a/src/lib/libcrypto/seed/Makefile b/src/lib/libcrypto/seed/Makefile
new file mode 100644
index 0000000000..f9de27b288
--- /dev/null
+++ b/src/lib/libcrypto/seed/Makefile
@@ -0,0 +1,87 @@
+#
+# crypto/seed/Makefile
+#
+DIR=    seed
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=seed.c seed_ecb.c seed_cbc.c seed_cfb.c seed_ofb.c
+LIBOBJ=seed.o seed_ecb.o seed_cbc.o seed_cfb.o seed_ofb.o
+SRC= $(LIBSRC)
+EXHEADER= seed.h
+HEADER= seed_locl.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+seed.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+seed.o: ../../include/openssl/seed.h seed.c seed_locl.h
+seed_cbc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+seed_cbc.o: ../../include/openssl/seed.h seed_cbc.c seed_locl.h
+seed_cfb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+seed_cfb.o: ../../include/openssl/seed.h seed_cfb.c seed_locl.h
+seed_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/seed.h
+seed_ecb.o: seed_ecb.c
+seed_ofb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+seed_ofb.o: ../../include/openssl/seed.h seed_locl.h seed_ofb.c
diff --git a/src/lib/libcrypto/seed/seed.c b/src/lib/libcrypto/seed/seed.c
new file mode 100644
index 0000000000..125dd7d66f
--- /dev/null
+++ b/src/lib/libcrypto/seed/seed.c
@@ -0,0 +1,286 @@
+/*
+ * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.  
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Neither the name of author nor the names of its contributors may
+ *    be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+#ifndef OPENSSL_NO_SEED
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef WIN32
+#include <memory.h>
+#endif
+#include <openssl/seed.h>
+#include "seed_locl.h"
+static seed_word SS[4][256] = { {
+        0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0, 0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124,
+        0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c, 0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360,
+        0x28082028, 0x04444044, 0x20002020, 0x1d8d919c, 0x20c0e0e0, 0x22c2e2e0, 0x08c8c0c8, 0x17071314,
+        0x2585a1a4, 0x0f8f838c, 0x03030300, 0x3b4b7378, 0x3b8bb3b8, 0x13031310, 0x12c2d2d0, 0x2ecee2ec,
+        0x30407070, 0x0c8c808c, 0x3f0f333c, 0x2888a0a8, 0x32023230, 0x1dcdd1dc, 0x36c6f2f4, 0x34447074,
+        0x2ccce0ec, 0x15859194, 0x0b0b0308, 0x17475354, 0x1c4c505c, 0x1b4b5358, 0x3d8db1bc, 0x01010100,
+        0x24042024, 0x1c0c101c, 0x33437370, 0x18889098, 0x10001010, 0x0cccc0cc, 0x32c2f2f0, 0x19c9d1d8,
+        0x2c0c202c, 0x27c7e3e4, 0x32427270, 0x03838380, 0x1b8b9398, 0x11c1d1d0, 0x06868284, 0x09c9c1c8,
+        0x20406060, 0x10405050, 0x2383a3a0, 0x2bcbe3e8, 0x0d0d010c, 0x3686b2b4, 0x1e8e929c, 0x0f4f434c,
+        0x3787b3b4, 0x1a4a5258, 0x06c6c2c4, 0x38487078, 0x2686a2a4, 0x12021210, 0x2f8fa3ac, 0x15c5d1d4,
+        0x21416160, 0x03c3c3c0, 0x3484b0b4, 0x01414140, 0x12425250, 0x3d4d717c, 0x0d8d818c, 0x08080008,
+        0x1f0f131c, 0x19899198, 0x00000000, 0x19091118, 0x04040004, 0x13435350, 0x37c7f3f4, 0x21c1e1e0,
+        0x3dcdf1fc, 0x36467274, 0x2f0f232c, 0x27072324, 0x3080b0b0, 0x0b8b8388, 0x0e0e020c, 0x2b8ba3a8,
+        0x2282a2a0, 0x2e4e626c, 0x13839390, 0x0d4d414c, 0x29496168, 0x3c4c707c, 0x09090108, 0x0a0a0208,
+        0x3f8fb3bc, 0x2fcfe3ec, 0x33c3f3f0, 0x05c5c1c4, 0x07878384, 0x14041014, 0x3ecef2fc, 0x24446064,
+        0x1eced2dc, 0x2e0e222c, 0x0b4b4348, 0x1a0a1218, 0x06060204, 0x21012120, 0x2b4b6368, 0x26466264,
+        0x02020200, 0x35c5f1f4, 0x12829290, 0x0a8a8288, 0x0c0c000c, 0x3383b3b0, 0x3e4e727c, 0x10c0d0d0,
+        0x3a4a7278, 0x07474344, 0x16869294, 0x25c5e1e4, 0x26062224, 0x00808080, 0x2d8da1ac, 0x1fcfd3dc,
+        0x2181a1a0, 0x30003030, 0x37073334, 0x2e8ea2ac, 0x36063234, 0x15051114, 0x22022220, 0x38083038,
+        0x34c4f0f4, 0x2787a3a4, 0x05454144, 0x0c4c404c, 0x01818180, 0x29c9e1e8, 0x04848084, 0x17879394,
+        0x35053134, 0x0bcbc3c8, 0x0ecec2cc, 0x3c0c303c, 0x31417170, 0x11011110, 0x07c7c3c4, 0x09898188,
+        0x35457174, 0x3bcbf3f8, 0x1acad2d8, 0x38c8f0f8, 0x14849094, 0x19495158, 0x02828280, 0x04c4c0c4,
+        0x3fcff3fc, 0x09494148, 0x39093138, 0x27476364, 0x00c0c0c0, 0x0fcfc3cc, 0x17c7d3d4, 0x3888b0b8,
+        0x0f0f030c, 0x0e8e828c, 0x02424240, 0x23032320, 0x11819190, 0x2c4c606c, 0x1bcbd3d8, 0x2484a0a4,
+        0x34043034, 0x31c1f1f0, 0x08484048, 0x02c2c2c0, 0x2f4f636c, 0x3d0d313c, 0x2d0d212c, 0x00404040,
+        0x3e8eb2bc, 0x3e0e323c, 0x3c8cb0bc, 0x01c1c1c0, 0x2a8aa2a8, 0x3a8ab2b8, 0x0e4e424c, 0x15455154,
+        0x3b0b3338, 0x1cccd0dc, 0x28486068, 0x3f4f737c, 0x1c8c909c, 0x18c8d0d8, 0x0a4a4248, 0x16465254,
+        0x37477374, 0x2080a0a0, 0x2dcde1ec, 0x06464244, 0x3585b1b4, 0x2b0b2328, 0x25456164, 0x3acaf2f8,
+        0x23c3e3e0, 0x3989b1b8, 0x3181b1b0, 0x1f8f939c, 0x1e4e525c, 0x39c9f1f8, 0x26c6e2e4, 0x3282b2b0,
+        0x31013130, 0x2acae2e8, 0x2d4d616c, 0x1f4f535c, 0x24c4e0e4, 0x30c0f0f0, 0x0dcdc1cc, 0x08888088,
+        0x16061214, 0x3a0a3238, 0x18485058, 0x14c4d0d4, 0x22426260, 0x29092128, 0x07070304, 0x33033330,
+        0x28c8e0e8, 0x1b0b1318, 0x05050104, 0x39497178, 0x10809090, 0x2a4a6268, 0x2a0a2228, 0x1a8a9298
+},      {
+        0x38380830, 0xe828c8e0, 0x2c2d0d21, 0xa42686a2, 0xcc0fcfc3, 0xdc1eced2, 0xb03383b3, 0xb83888b0,
+        0xac2f8fa3, 0x60204060, 0x54154551, 0xc407c7c3, 0x44044440, 0x6c2f4f63, 0x682b4b63, 0x581b4b53,
+        0xc003c3c3, 0x60224262, 0x30330333, 0xb43585b1, 0x28290921, 0xa02080a0, 0xe022c2e2, 0xa42787a3,
+        0xd013c3d3, 0x90118191, 0x10110111, 0x04060602, 0x1c1c0c10, 0xbc3c8cb0, 0x34360632, 0x480b4b43,
+        0xec2fcfe3, 0x88088880, 0x6c2c4c60, 0xa82888a0, 0x14170713, 0xc404c4c0, 0x14160612, 0xf434c4f0,
+        0xc002c2c2, 0x44054541, 0xe021c1e1, 0xd416c6d2, 0x3c3f0f33, 0x3c3d0d31, 0x8c0e8e82, 0x98188890,
+        0x28280820, 0x4c0e4e42, 0xf436c6f2, 0x3c3e0e32, 0xa42585a1, 0xf839c9f1, 0x0c0d0d01, 0xdc1fcfd3,
+        0xd818c8d0, 0x282b0b23, 0x64264662, 0x783a4a72, 0x24270723, 0x2c2f0f23, 0xf031c1f1, 0x70324272,
+        0x40024242, 0xd414c4d0, 0x40014141, 0xc000c0c0, 0x70334373, 0x64274763, 0xac2c8ca0, 0x880b8b83,
+        0xf437c7f3, 0xac2d8da1, 0x80008080, 0x1c1f0f13, 0xc80acac2, 0x2c2c0c20, 0xa82a8aa2, 0x34340430,
+        0xd012c2d2, 0x080b0b03, 0xec2ecee2, 0xe829c9e1, 0x5c1d4d51, 0x94148490, 0x18180810, 0xf838c8f0,
+        0x54174753, 0xac2e8ea2, 0x08080800, 0xc405c5c1, 0x10130313, 0xcc0dcdc1, 0x84068682, 0xb83989b1,
+        0xfc3fcff3, 0x7c3d4d71, 0xc001c1c1, 0x30310131, 0xf435c5f1, 0x880a8a82, 0x682a4a62, 0xb03181b1,
+        0xd011c1d1, 0x20200020, 0xd417c7d3, 0x00020202, 0x20220222, 0x04040400, 0x68284860, 0x70314171,
+        0x04070703, 0xd81bcbd3, 0x9c1d8d91, 0x98198991, 0x60214161, 0xbc3e8eb2, 0xe426c6e2, 0x58194951,
+        0xdc1dcdd1, 0x50114151, 0x90108090, 0xdc1cccd0, 0x981a8a92, 0xa02383a3, 0xa82b8ba3, 0xd010c0d0,
+        0x80018181, 0x0c0f0f03, 0x44074743, 0x181a0a12, 0xe023c3e3, 0xec2ccce0, 0x8c0d8d81, 0xbc3f8fb3,
+        0x94168692, 0x783b4b73, 0x5c1c4c50, 0xa02282a2, 0xa02181a1, 0x60234363, 0x20230323, 0x4c0d4d41,
+        0xc808c8c0, 0x9c1e8e92, 0x9c1c8c90, 0x383a0a32, 0x0c0c0c00, 0x2c2e0e22, 0xb83a8ab2, 0x6c2e4e62,
+        0x9c1f8f93, 0x581a4a52, 0xf032c2f2, 0x90128292, 0xf033c3f3, 0x48094941, 0x78384870, 0xcc0cccc0,
+        0x14150511, 0xf83bcbf3, 0x70304070, 0x74354571, 0x7c3f4f73, 0x34350531, 0x10100010, 0x00030303,
+        0x64244460, 0x6c2d4d61, 0xc406c6c2, 0x74344470, 0xd415c5d1, 0xb43484b0, 0xe82acae2, 0x08090901,
+        0x74364672, 0x18190911, 0xfc3ecef2, 0x40004040, 0x10120212, 0xe020c0e0, 0xbc3d8db1, 0x04050501,
+        0xf83acaf2, 0x00010101, 0xf030c0f0, 0x282a0a22, 0x5c1e4e52, 0xa82989a1, 0x54164652, 0x40034343,
+        0x84058581, 0x14140410, 0x88098981, 0x981b8b93, 0xb03080b0, 0xe425c5e1, 0x48084840, 0x78394971,
+        0x94178793, 0xfc3cccf0, 0x1c1e0e12, 0x80028282, 0x20210121, 0x8c0c8c80, 0x181b0b13, 0x5c1f4f53,
+        0x74374773, 0x54144450, 0xb03282b2, 0x1c1d0d11, 0x24250521, 0x4c0f4f43, 0x00000000, 0x44064642,
+        0xec2dcde1, 0x58184850, 0x50124252, 0xe82bcbe3, 0x7c3e4e72, 0xd81acad2, 0xc809c9c1, 0xfc3dcdf1,
+        0x30300030, 0x94158591, 0x64254561, 0x3c3c0c30, 0xb43686b2, 0xe424c4e0, 0xb83b8bb3, 0x7c3c4c70,
+        0x0c0e0e02, 0x50104050, 0x38390931, 0x24260622, 0x30320232, 0x84048480, 0x68294961, 0x90138393,
+        0x34370733, 0xe427c7e3, 0x24240420, 0xa42484a0, 0xc80bcbc3, 0x50134353, 0x080a0a02, 0x84078783,
+        0xd819c9d1, 0x4c0c4c40, 0x80038383, 0x8c0f8f83, 0xcc0ecec2, 0x383b0b33, 0x480a4a42, 0xb43787b3
+},      {
+        0xa1a82989, 0x81840585, 0xd2d416c6, 0xd3d013c3, 0x50541444, 0x111c1d0d, 0xa0ac2c8c, 0x21242505,
+        0x515c1d4d, 0x43400343, 0x10181808, 0x121c1e0e, 0x51501141, 0xf0fc3ccc, 0xc2c80aca, 0x63602343,
+        0x20282808, 0x40440444, 0x20202000, 0x919c1d8d, 0xe0e020c0, 0xe2e022c2, 0xc0c808c8, 0x13141707,
+        0xa1a42585, 0x838c0f8f, 0x03000303, 0x73783b4b, 0xb3b83b8b, 0x13101303, 0xd2d012c2, 0xe2ec2ece,
+        0x70703040, 0x808c0c8c, 0x333c3f0f, 0xa0a82888, 0x32303202, 0xd1dc1dcd, 0xf2f436c6, 0x70743444,
+        0xe0ec2ccc, 0x91941585, 0x03080b0b, 0x53541747, 0x505c1c4c, 0x53581b4b, 0xb1bc3d8d, 0x01000101,
+        0x20242404, 0x101c1c0c, 0x73703343, 0x90981888, 0x10101000, 0xc0cc0ccc, 0xf2f032c2, 0xd1d819c9,
+        0x202c2c0c, 0xe3e427c7, 0x72703242, 0x83800383, 0x93981b8b, 0xd1d011c1, 0x82840686, 0xc1c809c9,
+        0x60602040, 0x50501040, 0xa3a02383, 0xe3e82bcb, 0x010c0d0d, 0xb2b43686, 0x929c1e8e, 0x434c0f4f,
+        0xb3b43787, 0x52581a4a, 0xc2c406c6, 0x70783848, 0xa2a42686, 0x12101202, 0xa3ac2f8f, 0xd1d415c5,
+        0x61602141, 0xc3c003c3, 0xb0b43484, 0x41400141, 0x52501242, 0x717c3d4d, 0x818c0d8d, 0x00080808,
+        0x131c1f0f, 0x91981989, 0x00000000, 0x11181909, 0x00040404, 0x53501343, 0xf3f437c7, 0xe1e021c1,
+        0xf1fc3dcd, 0x72743646, 0x232c2f0f, 0x23242707, 0xb0b03080, 0x83880b8b, 0x020c0e0e, 0xa3a82b8b,
+        0xa2a02282, 0x626c2e4e, 0x93901383, 0x414c0d4d, 0x61682949, 0x707c3c4c, 0x01080909, 0x02080a0a,
+        0xb3bc3f8f, 0xe3ec2fcf, 0xf3f033c3, 0xc1c405c5, 0x83840787, 0x10141404, 0xf2fc3ece, 0x60642444,
+        0xd2dc1ece, 0x222c2e0e, 0x43480b4b, 0x12181a0a, 0x02040606, 0x21202101, 0x63682b4b, 0x62642646,
+        0x02000202, 0xf1f435c5, 0x92901282, 0x82880a8a, 0x000c0c0c, 0xb3b03383, 0x727c3e4e, 0xd0d010c0,
+        0x72783a4a, 0x43440747, 0x92941686, 0xe1e425c5, 0x22242606, 0x80800080, 0xa1ac2d8d, 0xd3dc1fcf,
+        0xa1a02181, 0x30303000, 0x33343707, 0xa2ac2e8e, 0x32343606, 0x11141505, 0x22202202, 0x30383808,
+        0xf0f434c4, 0xa3a42787, 0x41440545, 0x404c0c4c, 0x81800181, 0xe1e829c9, 0x80840484, 0x93941787,
+        0x31343505, 0xc3c80bcb, 0xc2cc0ece, 0x303c3c0c, 0x71703141, 0x11101101, 0xc3c407c7, 0x81880989,
+        0x71743545, 0xf3f83bcb, 0xd2d81aca, 0xf0f838c8, 0x90941484, 0x51581949, 0x82800282, 0xc0c404c4,
+        0xf3fc3fcf, 0x41480949, 0x31383909, 0x63642747, 0xc0c000c0, 0xc3cc0fcf, 0xd3d417c7, 0xb0b83888,
+        0x030c0f0f, 0x828c0e8e, 0x42400242, 0x23202303, 0x91901181, 0x606c2c4c, 0xd3d81bcb, 0xa0a42484,
+        0x30343404, 0xf1f031c1, 0x40480848, 0xc2c002c2, 0x636c2f4f, 0x313c3d0d, 0x212c2d0d, 0x40400040,
+        0xb2bc3e8e, 0x323c3e0e, 0xb0bc3c8c, 0xc1c001c1, 0xa2a82a8a, 0xb2b83a8a, 0x424c0e4e, 0x51541545,
+        0x33383b0b, 0xd0dc1ccc, 0x60682848, 0x737c3f4f, 0x909c1c8c, 0xd0d818c8, 0x42480a4a, 0x52541646,
+        0x73743747, 0xa0a02080, 0xe1ec2dcd, 0x42440646, 0xb1b43585, 0x23282b0b, 0x61642545, 0xf2f83aca,
+        0xe3e023c3, 0xb1b83989, 0xb1b03181, 0x939c1f8f, 0x525c1e4e, 0xf1f839c9, 0xe2e426c6, 0xb2b03282,
+        0x31303101, 0xe2e82aca, 0x616c2d4d, 0x535c1f4f, 0xe0e424c4, 0xf0f030c0, 0xc1cc0dcd, 0x80880888,
+        0x12141606, 0x32383a0a, 0x50581848, 0xd0d414c4, 0x62602242, 0x21282909, 0x03040707, 0x33303303,
+        0xe0e828c8, 0x13181b0b, 0x01040505, 0x71783949, 0x90901080, 0x62682a4a, 0x22282a0a, 0x92981a8a
+},      {
+        0x08303838, 0xc8e0e828, 0x0d212c2d, 0x86a2a426, 0xcfc3cc0f, 0xced2dc1e, 0x83b3b033, 0x88b0b838,
+        0x8fa3ac2f, 0x40606020, 0x45515415, 0xc7c3c407, 0x44404404, 0x4f636c2f, 0x4b63682b, 0x4b53581b,
+        0xc3c3c003, 0x42626022, 0x03333033, 0x85b1b435, 0x09212829, 0x80a0a020, 0xc2e2e022, 0x87a3a427,
+        0xc3d3d013, 0x81919011, 0x01111011, 0x06020406, 0x0c101c1c, 0x8cb0bc3c, 0x06323436, 0x4b43480b,
+        0xcfe3ec2f, 0x88808808, 0x4c606c2c, 0x88a0a828, 0x07131417, 0xc4c0c404, 0x06121416, 0xc4f0f434,
+        0xc2c2c002, 0x45414405, 0xc1e1e021, 0xc6d2d416, 0x0f333c3f, 0x0d313c3d, 0x8e828c0e, 0x88909818,
+        0x08202828, 0x4e424c0e, 0xc6f2f436, 0x0e323c3e, 0x85a1a425, 0xc9f1f839, 0x0d010c0d, 0xcfd3dc1f,
+        0xc8d0d818, 0x0b23282b, 0x46626426, 0x4a72783a, 0x07232427, 0x0f232c2f, 0xc1f1f031, 0x42727032,
+        0x42424002, 0xc4d0d414, 0x41414001, 0xc0c0c000, 0x43737033, 0x47636427, 0x8ca0ac2c, 0x8b83880b,
+        0xc7f3f437, 0x8da1ac2d, 0x80808000, 0x0f131c1f, 0xcac2c80a, 0x0c202c2c, 0x8aa2a82a, 0x04303434,
+        0xc2d2d012, 0x0b03080b, 0xcee2ec2e, 0xc9e1e829, 0x4d515c1d, 0x84909414, 0x08101818, 0xc8f0f838,
+        0x47535417, 0x8ea2ac2e, 0x08000808, 0xc5c1c405, 0x03131013, 0xcdc1cc0d, 0x86828406, 0x89b1b839,
+        0xcff3fc3f, 0x4d717c3d, 0xc1c1c001, 0x01313031, 0xc5f1f435, 0x8a82880a, 0x4a62682a, 0x81b1b031,
+        0xc1d1d011, 0x00202020, 0xc7d3d417, 0x02020002, 0x02222022, 0x04000404, 0x48606828, 0x41717031,
+        0x07030407, 0xcbd3d81b, 0x8d919c1d, 0x89919819, 0x41616021, 0x8eb2bc3e, 0xc6e2e426, 0x49515819,
+        0xcdd1dc1d, 0x41515011, 0x80909010, 0xccd0dc1c, 0x8a92981a, 0x83a3a023, 0x8ba3a82b, 0xc0d0d010,
+        0x81818001, 0x0f030c0f, 0x47434407, 0x0a12181a, 0xc3e3e023, 0xcce0ec2c, 0x8d818c0d, 0x8fb3bc3f,
+        0x86929416, 0x4b73783b, 0x4c505c1c, 0x82a2a022, 0x81a1a021, 0x43636023, 0x03232023, 0x4d414c0d,
+        0xc8c0c808, 0x8e929c1e, 0x8c909c1c, 0x0a32383a, 0x0c000c0c, 0x0e222c2e, 0x8ab2b83a, 0x4e626c2e,
+        0x8f939c1f, 0x4a52581a, 0xc2f2f032, 0x82929012, 0xc3f3f033, 0x49414809, 0x48707838, 0xccc0cc0c,
+        0x05111415, 0xcbf3f83b, 0x40707030, 0x45717435, 0x4f737c3f, 0x05313435, 0x00101010, 0x03030003,
+        0x44606424, 0x4d616c2d, 0xc6c2c406, 0x44707434, 0xc5d1d415, 0x84b0b434, 0xcae2e82a, 0x09010809,
+        0x46727436, 0x09111819, 0xcef2fc3e, 0x40404000, 0x02121012, 0xc0e0e020, 0x8db1bc3d, 0x05010405,
+        0xcaf2f83a, 0x01010001, 0xc0f0f030, 0x0a22282a, 0x4e525c1e, 0x89a1a829, 0x46525416, 0x43434003,
+        0x85818405, 0x04101414, 0x89818809, 0x8b93981b, 0x80b0b030, 0xc5e1e425, 0x48404808, 0x49717839,
+        0x87939417, 0xccf0fc3c, 0x0e121c1e, 0x82828002, 0x01212021, 0x8c808c0c, 0x0b13181b, 0x4f535c1f,
+        0x47737437, 0x44505414, 0x82b2b032, 0x0d111c1d, 0x05212425, 0x4f434c0f, 0x00000000, 0x46424406,
+        0xcde1ec2d, 0x48505818, 0x42525012, 0xcbe3e82b, 0x4e727c3e, 0xcad2d81a, 0xc9c1c809, 0xcdf1fc3d,
+        0x00303030, 0x85919415, 0x45616425, 0x0c303c3c, 0x86b2b436, 0xc4e0e424, 0x8bb3b83b, 0x4c707c3c,
+        0x0e020c0e, 0x40505010, 0x09313839, 0x06222426, 0x02323032, 0x84808404, 0x49616829, 0x83939013,
+        0x07333437, 0xc7e3e427, 0x04202424, 0x84a0a424, 0xcbc3c80b, 0x43535013, 0x0a02080a, 0x87838407,
+        0xc9d1d819, 0x4c404c0c, 0x83838003, 0x8f838c0f, 0xcec2cc0e, 0x0b33383b, 0x4a42480a, 0x87b3b437
+}       };
+/* key schedule constants - golden ratio */
+#define KC0     0x9e3779b9
+#define KC1     0x3c6ef373
+#define KC2     0x78dde6e6
+#define KC3     0xf1bbcdcc
+#define KC4     0xe3779b99
+#define KC5     0xc6ef3733
+#define KC6     0x8dde6e67
+#define KC7     0x1bbcdccf
+#define KC8     0x3779b99e
+#define KC9     0x6ef3733c
+#define KC10    0xdde6e678
+#define KC11    0xbbcdccf1
+#define KC12    0x779b99e3
+#define KC13    0xef3733c6
+#define KC14    0xde6e678d
+#define KC15    0xbcdccf1b
+void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks)
+{
+        seed_word x1, x2, x3, x4;
+        seed_word t0, t1;
+        char2word(rawkey   , x1);
+        char2word(rawkey+4 , x2);
+        char2word(rawkey+8 , x3);
+        char2word(rawkey+12, x4);
+        t0 = (x1 + x3 - KC0) & 0xffffffff;
+        t1 = (x2 - x4 + KC0) & 0xffffffff;                     KEYUPDATE_TEMP(t0, t1, &ks->data[0]);
+        KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC1);      KEYUPDATE_TEMP(t0, t1, &ks->data[2]);
+        KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC2);      KEYUPDATE_TEMP(t0, t1, &ks->data[4]);
+        KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC3);      KEYUPDATE_TEMP(t0, t1, &ks->data[6]);
+        KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC4);      KEYUPDATE_TEMP(t0, t1, &ks->data[8]);
+        KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC5);      KEYUPDATE_TEMP(t0, t1, &ks->data[10]);
+        KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC6);      KEYUPDATE_TEMP(t0, t1, &ks->data[12]);
+        KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC7);      KEYUPDATE_TEMP(t0, t1, &ks->data[14]);
+        KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC8);      KEYUPDATE_TEMP(t0, t1, &ks->data[16]);
+        KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC9);      KEYUPDATE_TEMP(t0, t1, &ks->data[18]);
+        KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC10);     KEYUPDATE_TEMP(t0, t1, &ks->data[20]);
+        KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC11);     KEYUPDATE_TEMP(t0, t1, &ks->data[22]);
+        KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC12);     KEYUPDATE_TEMP(t0, t1, &ks->data[24]);
+        KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC13);     KEYUPDATE_TEMP(t0, t1, &ks->data[26]);
+        KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC14);     KEYUPDATE_TEMP(t0, t1, &ks->data[28]);
+        KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC15);     KEYUPDATE_TEMP(t0, t1, &ks->data[30]);
+}
+void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks)
+{
+        seed_word x1, x2, x3, x4;
+        seed_word t0, t1;
+        char2word(s,    x1);
+        char2word(s+4,  x2);
+        char2word(s+8,  x3);
+        char2word(s+12, x4);
+        
+        E_SEED(t0, t1, x1, x2, x3, x4, 0);
+        E_SEED(t0, t1, x3, x4, x1, x2, 2);
+        E_SEED(t0, t1, x1, x2, x3, x4, 4);
+        E_SEED(t0, t1, x3, x4, x1, x2, 6);
+        E_SEED(t0, t1, x1, x2, x3, x4, 8);
+        E_SEED(t0, t1, x3, x4, x1, x2, 10);
+        E_SEED(t0, t1, x1, x2, x3, x4, 12);
+        E_SEED(t0, t1, x3, x4, x1, x2, 14);
+        E_SEED(t0, t1, x1, x2, x3, x4, 16);
+        E_SEED(t0, t1, x3, x4, x1, x2, 18);
+        E_SEED(t0, t1, x1, x2, x3, x4, 20);
+        E_SEED(t0, t1, x3, x4, x1, x2, 22);
+        E_SEED(t0, t1, x1, x2, x3, x4, 24);
+        E_SEED(t0, t1, x3, x4, x1, x2, 26);
+        E_SEED(t0, t1, x1, x2, x3, x4, 28);
+        E_SEED(t0, t1, x3, x4, x1, x2, 30);
+        word2char(x3, d);
+        word2char(x4, d+4);
+        word2char(x1, d+8);
+        word2char(x2, d+12);
+}
+void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks)
+{
+        seed_word x1, x2, x3, x4;
+        seed_word t0, t1;
+        char2word(s,    x1);
+        char2word(s+4,  x2);
+        char2word(s+8,  x3);
+        char2word(s+12, x4);
+        
+        E_SEED(t0, t1, x1, x2, x3, x4, 30);
+        E_SEED(t0, t1, x3, x4, x1, x2, 28);
+        E_SEED(t0, t1, x1, x2, x3, x4, 26);
+        E_SEED(t0, t1, x3, x4, x1, x2, 24);
+        E_SEED(t0, t1, x1, x2, x3, x4, 22);
+        E_SEED(t0, t1, x3, x4, x1, x2, 20);
+        E_SEED(t0, t1, x1, x2, x3, x4, 18);
+        E_SEED(t0, t1, x3, x4, x1, x2, 16);
+        E_SEED(t0, t1, x1, x2, x3, x4, 14);
+        E_SEED(t0, t1, x3, x4, x1, x2, 12);
+        E_SEED(t0, t1, x1, x2, x3, x4, 10);
+        E_SEED(t0, t1, x3, x4, x1, x2, 8);
+        E_SEED(t0, t1, x1, x2, x3, x4, 6);
+        E_SEED(t0, t1, x3, x4, x1, x2, 4);
+        E_SEED(t0, t1, x1, x2, x3, x4, 2);
+        E_SEED(t0, t1, x3, x4, x1, x2, 0);
+        word2char(x3, d);
+        word2char(x4, d+4);
+        word2char(x1, d+8);
+        word2char(x2, d+12);
+}
+#endif /* OPENSSL_NO_SEED */
diff --git a/src/lib/libcrypto/seed/seed.h b/src/lib/libcrypto/seed/seed.h
new file mode 100644
index 0000000000..427915ed9a
--- /dev/null
+++ b/src/lib/libcrypto/seed/seed.h
@@ -0,0 +1,135 @@
+/*
+ * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.  
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Neither the name of author nor the names of its contributors may
+ *    be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_SEED_H
+#define HEADER_SEED_H
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_SEED
+#error SEED is disabled.
+#endif
+#ifdef AES_LONG /* look whether we need 'long' to get 32 bits */
+# ifndef SEED_LONG
+#  define SEED_LONG 1
+# endif
+#endif
+#if !defined(NO_SYS_TYPES_H)
+# include <sys/types.h>
+#endif
+#define SEED_BLOCK_SIZE 16
+#define SEED_KEY_LENGTH 16
+#ifdef  __cplusplus
+extern "C" {
+#endif
+typedef struct seed_key_st {
+#ifdef SEED_LONG
+    unsigned long data[32];
+#else
+    unsigned int data[32];
+#endif
+} SEED_KEY_SCHEDULE;
+void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks);
+void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks);
+void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks);
+void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out, const SEED_KEY_SCHEDULE *ks, int enc);
+void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,
+        size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int enc);
+void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+        size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int *num, int enc);
+void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+        size_t len, const SEED_KEY_SCHEDULE *ks, unsigned char ivec[SEED_BLOCK_SIZE], int *num);
+#ifdef  __cplusplus
+}
+#endif
+#endif /* HEADER_SEED_H */
diff --git a/src/lib/libcrypto/seed/seed_cbc.c b/src/lib/libcrypto/seed/seed_cbc.c
new file mode 100644
index 0000000000..4f718ccb44
--- /dev/null
+++ b/src/lib/libcrypto/seed/seed_cbc.c
@@ -0,0 +1,129 @@
+/* crypto/seed/seed_cbc.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+#include "seed_locl.h"
+#include <string.h>
+void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                      size_t len, const SEED_KEY_SCHEDULE *ks,
+                      unsigned char ivec[SEED_BLOCK_SIZE], int enc)
+        {
+        size_t n;
+        unsigned char tmp[SEED_BLOCK_SIZE];
+        const unsigned char *iv = ivec;
+        if (enc)
+                {
+                while (len >= SEED_BLOCK_SIZE)
+                        {
+                        for (n = 0; n < SEED_BLOCK_SIZE; ++n)
+                                out[n] = in[n] ^ iv[n];
+                        SEED_encrypt(out, out, ks);
+                        iv = out;
+                        len -= SEED_BLOCK_SIZE;
+                        in  += SEED_BLOCK_SIZE;
+                        out += SEED_BLOCK_SIZE;
+                        }
+                if (len)
+                        {
+                        for (n = 0; n < len; ++n)
+                                out[n] = in[n] ^ iv[n];
+                        for (n = len; n < SEED_BLOCK_SIZE; ++n)
+                                out[n] = iv[n];
+                        SEED_encrypt(out, out, ks);
+                        iv = out;
+                        }
+                memcpy(ivec, iv, SEED_BLOCK_SIZE);
+                }
+        else if (in != out) /* decrypt */
+                {
+                while (len >= SEED_BLOCK_SIZE)
+                        {
+                        SEED_decrypt(in, out, ks);
+                        for (n = 0; n < SEED_BLOCK_SIZE; ++n)
+                                out[n] ^= iv[n];
+                        iv = in;
+                        len -= SEED_BLOCK_SIZE;
+                        in  += SEED_BLOCK_SIZE;
+                        out += SEED_BLOCK_SIZE;
+                        }
+                if (len)
+                        {
+                        SEED_decrypt(in, tmp, ks);
+                        for (n = 0; n < len; ++n)
+                                out[n] = tmp[n] ^ iv[n];
+                        iv = in;
+                        }
+                memcpy(ivec, iv, SEED_BLOCK_SIZE);
+                }
+        else /* decrypt, overlap */
+                {
+                while (len >= SEED_BLOCK_SIZE)
+                        {
+                        memcpy(tmp, in, SEED_BLOCK_SIZE);
+                        SEED_decrypt(in, out, ks);
+                        for (n = 0; n < SEED_BLOCK_SIZE; ++n)
+                                out[n] ^= ivec[n];
+                        memcpy(ivec, tmp, SEED_BLOCK_SIZE);
+                        len -= SEED_BLOCK_SIZE;
+                        in  += SEED_BLOCK_SIZE;
+                        out += SEED_BLOCK_SIZE;
+                        }
+                if (len)
+                        {
+                        memcpy(tmp, in, SEED_BLOCK_SIZE);
+                        SEED_decrypt(tmp, tmp, ks);
+                        for (n = 0; n < len; ++n)
+                                out[n] = tmp[n] ^ ivec[n];
+                        memcpy(ivec, tmp, SEED_BLOCK_SIZE);
+                        }
+                }
+        }
diff --git a/src/lib/libcrypto/seed/seed_cfb.c b/src/lib/libcrypto/seed/seed_cfb.c
new file mode 100644
index 0000000000..07d878a788
--- /dev/null
+++ b/src/lib/libcrypto/seed/seed_cfb.c
@@ -0,0 +1,144 @@
+/* crypto/seed/seed_cfb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "seed_locl.h"
+#include <string.h>
+void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                         size_t len, const SEED_KEY_SCHEDULE *ks,
+                         unsigned char ivec[SEED_BLOCK_SIZE], int *num, int enc)
+        {
+        int n;
+        unsigned char c;
+        n = *num;
+        if (enc)
+                {
+                while (len--)
+                        {
+                        if (n == 0)
+                                SEED_encrypt(ivec, ivec, ks);
+                        ivec[n] = *(out++) = *(in++) ^ ivec[n];
+                        n = (n+1) % SEED_BLOCK_SIZE;
+                        }
+                }
+        else
+                {
+                while (len--)
+                        {
+                        if (n == 0)
+                                SEED_encrypt(ivec, ivec, ks);
+                        c = *(in);
+                        *(out++) = *(in++) ^ ivec[n];
+                        ivec[n] = c;
+                        n = (n+1) % SEED_BLOCK_SIZE;
+                        }
+                }
+        *num = n;
+        }
diff --git a/src/lib/libcrypto/seed/seed_ecb.c b/src/lib/libcrypto/seed/seed_ecb.c
new file mode 100644
index 0000000000..e63f5ae14e
--- /dev/null
+++ b/src/lib/libcrypto/seed/seed_ecb.c
@@ -0,0 +1,60 @@
+/* crypto/seed/seed_ecb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+#include <openssl/seed.h>
+void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out, const SEED_KEY_SCHEDULE *ks, int enc) 
+        {
+        if (enc)
+                SEED_encrypt(in, out, ks);
+        else
+                SEED_decrypt(in, out, ks);
+        }
diff --git a/src/lib/libcrypto/seed/seed_locl.h b/src/lib/libcrypto/seed/seed_locl.h
new file mode 100644
index 0000000000..fd456b6422
--- /dev/null
+++ b/src/lib/libcrypto/seed/seed_locl.h
@@ -0,0 +1,116 @@
+/*
+ * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.  
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Neither the name of author nor the names of its contributors may
+ *    be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+#ifndef HEADER_SEED_LOCL_H
+#define HEADER_SEED_LOCL_H
+#include "openssl/e_os2.h"
+#include <openssl/seed.h>
+#ifdef SEED_LONG /* need 32-bit type */
+typedef unsigned long seed_word;
+#else
+typedef unsigned int seed_word;
+#endif
+#ifdef  __cplusplus
+extern "C" {
+#endif
+#define G_FUNC(v)       \
+        SS[0][(unsigned char)      (v) & 0xff] ^ SS[1][(unsigned char) ((v)>>8) & 0xff] ^ \
+        SS[2][(unsigned char)((v)>>16) & 0xff] ^ SS[3][(unsigned char)((v)>>24) & 0xff]
+#define char2word(c, i)  \
+        (i) = ((((seed_word)(c)[0]) << 24) | (((seed_word)(c)[1]) << 16) | (((seed_word)(c)[2]) << 8) | ((seed_word)(c)[3]))
+#define word2char(l, c)  \
+        *((c)+0) = (unsigned char)((l)>>24) & 0xff; \
+        *((c)+1) = (unsigned char)((l)>>16) & 0xff; \
+        *((c)+2) = (unsigned char)((l)>> 8) & 0xff; \
+        *((c)+3) = (unsigned char)((l))     & 0xff
+#define KEYSCHEDULE_UPDATE0(T0, T1, X1, X2, X3, X4, KC)  \
+        (T0) = (X3);                                     \
+        (X3) = (((X3)<<8) ^ ((X4)>>24)) & 0xffffffff;    \
+        (X4) = (((X4)<<8) ^ ((T0)>>24)) & 0xffffffff;    \
+        (T0) = ((X1) + (X3) - (KC))     & 0xffffffff;    \
+        (T1) = ((X2) + (KC) - (X4))     & 0xffffffff
+#define KEYSCHEDULE_UPDATE1(T0, T1, X1, X2, X3, X4, KC)  \
+        (T0) = (X1);                                     \
+        (X1) = (((X1)>>8) ^ ((X2)<<24)) & 0xffffffff;    \
+        (X2) = (((X2)>>8) ^ ((T0)<<24)) & 0xffffffff;    \
+        (T0) = ((X1) + (X3) - (KC))     & 0xffffffff;     \
+        (T1) = ((X2) + (KC) - (X4))     & 0xffffffff
+#define KEYUPDATE_TEMP(T0, T1, K)   \
+        (K)[0] = G_FUNC((T0));      \
+        (K)[1] = G_FUNC((T1))
+#define XOR_SEEDBLOCK(DST, SRC)      \
+        ((DST))[0] ^= ((SRC))[0];    \
+        ((DST))[1] ^= ((SRC))[1];    \
+        ((DST))[2] ^= ((SRC))[2];    \
+        ((DST))[3] ^= ((SRC))[3]
+#define MOV_SEEDBLOCK(DST, SRC)      \
+        ((DST))[0] = ((SRC))[0];     \
+        ((DST))[1] = ((SRC))[1];     \
+        ((DST))[2] = ((SRC))[2];     \
+        ((DST))[3] = ((SRC))[3]
+# define CHAR2WORD(C, I)              \
+        char2word((C),    (I)[0]);    \
+        char2word((C+4),  (I)[1]);    \
+        char2word((C+8),  (I)[2]);    \
+        char2word((C+12), (I)[3])
+# define WORD2CHAR(I, C)              \
+        word2char((I)[0], (C));       \
+        word2char((I)[1], (C+4));     \
+        word2char((I)[2], (C+8));     \
+        word2char((I)[3], (C+12))
+# define E_SEED(T0, T1, X1, X2, X3, X4, rbase)   \
+        (T0) = (X3) ^ (ks->data)[(rbase)];       \
+        (T1) = (X4) ^ (ks->data)[(rbase)+1];     \
+        (T1) ^= (T0);                            \
+        (T1) = G_FUNC((T1));                     \
+        (T0) = ((T0) + (T1)) & 0xffffffff;       \
+        (T0) = G_FUNC((T0));                     \
+        (T1) = ((T1) + (T0)) & 0xffffffff;       \
+        (T1) = G_FUNC((T1));                     \
+        (T0) = ((T0) + (T1)) & 0xffffffff;       \
+        (X1) ^= (T0);                            \
+        (X2) ^= (T1)
+#ifdef  __cplusplus
+}
+#endif
+#endif /* HEADER_SEED_LOCL_H */
diff --git a/src/lib/libcrypto/seed/seed_ofb.c b/src/lib/libcrypto/seed/seed_ofb.c
new file mode 100644
index 0000000000..e2f3f57a38
--- /dev/null
+++ b/src/lib/libcrypto/seed/seed_ofb.c
@@ -0,0 +1,128 @@
+/* crypto/seed/seed_ofb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include "seed_locl.h"
+#include <string.h>
+void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                         size_t len, const SEED_KEY_SCHEDULE *ks,
+                         unsigned char ivec[SEED_BLOCK_SIZE], int *num)
+        {
+        int n;
+        n = *num;
+        
+        while (len--)
+                {
+                if (n == 0)
+                        SEED_encrypt(ivec, ivec, ks);
+                *(out++) = *(in++) ^ ivec[n];
+                n = (n+1) % SEED_BLOCK_SIZE;
+                }
+        *num = n;
+        }
diff --git a/src/lib/libcrypto/sha/Makefile b/src/lib/libcrypto/sha/Makefile
new file mode 100644
index 0000000000..ac64fb61d3
--- /dev/null
+++ b/src/lib/libcrypto/sha/Makefile
@@ -0,0 +1,139 @@
+#
+# OpenSSL/crypto/sha/Makefile
+#
+DIR=    sha
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+SHA1_ASM_OBJ=
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
+GENERAL=Makefile
+TEST=shatest.c sha1test.c sha256t.c sha512t.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c sha256.c sha512.c
+LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o sha256.o sha512.o $(SHA1_ASM_OBJ)
+SRC= $(LIBSRC)
+EXHEADER= sha.h
+HEADER= sha_locl.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+# ELF
+sx86-elf.s: asm/sha1-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) sha1-586.pl elf $(CFLAGS) $(PROCESSOR) > ../$@)
+s512sse2-elf.s: asm/sha512-sse2.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) sha512-sse2.pl elf $(CFLAGS) $(PROCESSOR) > ../$@)
+# COFF
+sx86-cof.s: asm/sha1-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) sha1-586.pl coff $(CFLAGS) $(PROCESSOR) > ../$@)
+s512sse2-cof.s:     asm/sha512-sse2.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) sha512-sse2.pl coff $(CFLAGS) $(PROCESSOR) > ../$@)
+# a.out
+sx86-out.s: asm/sha1-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) sha1-586.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@)
+s512sse2-out.s:     asm/sha512-sse2.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) sha512-sse2.pl a.out $(CFLAGS) $(PROCESSOR) > ../$@)
+sha1-ia64.s:   asm/sha1-ia64.pl
+        (cd asm; $(PERL) sha1-ia64.pl $(CFLAGS) ) > $@
+sha256-ia64.s: asm/sha512-ia64.pl
+        (cd asm; $(PERL) sha512-ia64.pl ../$@ $(CFLAGS))
+sha512-ia64.s: asm/sha512-ia64.pl
+        (cd asm; $(PERL) sha512-ia64.pl ../$@ $(CFLAGS))
+# Solaris make has to be explicitly told
+sha1-x86_64.s:  asm/sha1-x86_64.pl;     $(PERL) asm/sha1-x86_64.pl $@
+sha256-x86_64.s:asm/sha512-x86_64.pl;   $(PERL) asm/sha512-x86_64.pl $@
+sha512-x86_64.s:asm/sha512-x86_64.pl;   $(PERL) asm/sha512-x86_64.pl $@
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.s *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+sha1_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+sha1_one.o: ../../include/openssl/opensslconf.h
+sha1_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+sha1_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+sha1_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+sha1_one.o: sha1_one.c
+sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+sha1dgst.o: ../md32_common.h sha1dgst.c sha_locl.h
+sha256.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+sha256.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+sha256.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+sha256.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+sha256.o: ../../include/openssl/symhacks.h ../md32_common.h sha256.c
+sha512.o: ../../e_os.h ../../include/openssl/bio.h
+sha512.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+sha512.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+sha512.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+sha512.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+sha512.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+sha512.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+sha512.o: ../cryptlib.h sha512.c
+sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+sha_dgst.o: ../md32_common.h sha_dgst.c sha_locl.h
+sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+sha_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+sha_one.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+sha_one.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+sha_one.o: ../../include/openssl/symhacks.h sha_one.c
diff --git a/src/lib/libcrypto/sha/Makefile.ssl b/src/lib/libcrypto/sha/Makefile.ssl
new file mode 100644
index 0000000000..4ba201c787
--- /dev/null
+++ b/src/lib/libcrypto/sha/Makefile.ssl
@@ -0,0 +1,116 @@
+#
+# SSLeay/crypto/sha/Makefile
+#
+DIR=    sha
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+SHA1_ASM_OBJ=
+CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+GENERAL=Makefile
+TEST=shatest.c sha1test.c
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c
+LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o $(SHA1_ASM_OBJ)
+SRC= $(LIBSRC)
+EXHEADER= sha.h
+HEADER= sha_locl.h $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+# elf
+asm/sx86-elf.s: asm/sha1-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) sha1-586.pl elf $(CFLAGS) $(PROCESSOR) > sx86-elf.s)
+# a.out
+asm/sx86-out.o: asm/sx86unix.cpp
+        $(CPP) -DOUT asm/sx86unix.cpp | as -o asm/sx86-out.o
+# bsdi
+asm/sx86bsdi.o: asm/sx86unix.cpp
+        $(CPP) -DBSDI asm/sx86unix.cpp | sed 's/ :/:/' | as -o asm/sx86bsdi.o
+asm/sx86unix.cpp: asm/sha1-586.pl ../perlasm/x86asm.pl
+        (cd asm; $(PERL) sha1-586.pl cpp $(PROCESSOR) >sx86unix.cpp)
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f asm/sx86unix.cpp asm/*-elf.* *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+sha1_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+sha1_one.o: ../../include/openssl/opensslconf.h
+sha1_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+sha1_one.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+sha1_one.o: ../../include/openssl/symhacks.h sha1_one.c
+sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+sha1dgst.o: ../md32_common.h sha1dgst.c sha_locl.h
+sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+sha_dgst.o: ../md32_common.h sha_dgst.c sha_locl.h
+sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+sha_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+sha_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+sha_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+sha_one.o: sha_one.c
diff --git a/src/lib/libcrypto/sha/asm/README b/src/lib/libcrypto/sha/asm/README
new file mode 100644
index 0000000000..b7e755765f
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/README
@@ -0,0 +1 @@
+C2.pl works
diff --git a/src/lib/libcrypto/sha/asm/sha1-586.pl b/src/lib/libcrypto/sha/asm/sha1-586.pl
index 0b4dab2bd5..041acc0348 100644
--- a/src/lib/libcrypto/sha/asm/sha1-586.pl
+++ b/src/lib/libcrypto/sha/asm/sha1-586.pl
@@ -1,16 +1,4 @@
-#!/usr/bin/env perl
+#!/usr/local/bin/perl
-# ====================================================================
-# [Re]written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
-# project. The module is, however, dual licensed under OpenSSL and
-# CRYPTOGAMS licenses depending on where you obtain it. For further
-# details see http://www.openssl.org/~appro/cryptogams/.
-# ====================================================================
-# "[Re]written" was achieved in two major overhauls. In 2004 BODY_*
-# functions were re-implemented to address P4 performance issue [see
-# commentary below], and in 2006 the rest was rewritten in order to
-# gain freedom to liberate licensing terms.
 # It was noted that Intel IA-32 C compiler generates code which
 # performs ~30% *faster* on P4 CPU than original *hand-coded*
@@ -21,7 +9,7 @@
 #
 #               compared with original  compared with Intel cc
 #               assembler impl.         generated code
-# Pentium       -16%                    +48%
+# Pentium       -25%                    +37%
 # PIII/AMD      +8%                     +16%
 # P4            +85%(!)                 +45%
 #
@@ -29,115 +17,174 @@
 # improvement on P4 outweights the loss and incorporate this
 # re-tuned code to 0.9.7 and later.
 # ----------------------------------------------------------------
+# Those who for any particular reason absolutely must score on
+# Pentium can replace this module with one from 0.9.6 distribution.
+# This "offer" shall be revoked the moment programming interface to
+# this module is changed, in which case this paragraph should be
+# removed.
+# ----------------------------------------------------------------
 #                                       <appro@fy.chalmers.se>
-$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
+$normal=0;
-push(@INC,"${dir}","${dir}../../perlasm");
+push(@INC,"perlasm","../../perlasm");
 require "x86asm.pl";
 &asm_init($ARGV[0],"sha1-586.pl",$ARGV[$#ARGV] eq "386");
 $A="eax";
-$B="ebx";
+$B="ecx";
-$C="ecx";
+$C="ebx";
 $D="edx";
 $E="edi";
 $T="esi";
 $tmp1="ebp";
-@V=($A,$B,$C,$D,$E,$T);
+$off=9*4;
+@K=(0x5a827999,0x6ed9eba1,0x8f1bbcdc,0xca62c1d6);
+&sha1_block_data("sha1_block_asm_data_order");
+&asm_finish();
+sub Nn
+        {
+        local($p)=@_;
+        local(%n)=($A,$T,$B,$A,$C,$B,$D,$C,$E,$D,$T,$E);
+        return($n{$p});
+        }
+sub Np
+        {
+        local($p)=@_;
+        local(%n)=($A,$T,$B,$A,$C,$B,$D,$C,$E,$D,$T,$E);
+        local(%n)=($A,$B,$B,$C,$C,$D,$D,$E,$E,$T,$T,$A);
+        return($n{$p});
+        }
+sub Na
+        {
+        local($n)=@_;
+        return( (($n   )&0x0f),
+                (($n+ 2)&0x0f),
+                (($n+ 8)&0x0f),
+                (($n+13)&0x0f),
+                (($n+ 1)&0x0f));
+        }
+sub X_expand
+        {
+        local($in)=@_;
+        &comment("First, load the words onto the stack in network byte order");
+        for ($i=0; $i<16; $i+=2)
+                {
+                &mov($A,&DWP(($i+0)*4,$in,"",0));# unless $i == 0;
+                 &mov($B,&DWP(($i+1)*4,$in,"",0));
+                &bswap($A);
+                 &bswap($B);
+                &mov(&swtmp($i+0),$A);
+                 &mov(&swtmp($i+1),$B);
+                }
+        &comment("We now have the X array on the stack");
+        &comment("starting at sp-4");
+        }
+# Rules of engagement
+# F is always trashable at the start, the running total.
+# E becomes the next F so it can be trashed after it has been 'accumulated'
+# F becomes A in the next round.  We don't need to access it much.
+# During the X update part, the result ends up in $X[$n0].
 sub BODY_00_15
        {
-        local($n,$a,$b,$c,$d,$e,$f)=@_;
+        local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
        &comment("00_15 $n");
-        &mov($f,$c);                    # f to hold F_00_19(b,c,d)
+        &mov($tmp1,$a);
-         if ($n==0)  { &mov($tmp1,$a); }
+         &mov($f,$c);                   # f to hold F_00_19(b,c,d)
-         else        { &mov($a,$tmp1); }
        &rotl($tmp1,5);                 # tmp1=ROTATE(a,5)
         &xor($f,$d);
+        &and($f,$b);
+         &rotr($b,2);                   # b=ROTATE(b,30)
        &add($tmp1,$e);                 # tmp1+=e;
-         &and($f,$b);
+         &mov($e,&swtmp($n));           # e becomes volatile and
-        &mov($e,&swtmp($n%16));         # e becomes volatile and is loaded
+                                        # is loaded with xi
-                                        # with xi, also note that e becomes
+        &xor($f,$d);                    # f holds F_00_19(b,c,d)
-                                        # f in next round...
+         &lea($tmp1,&DWP($K,$tmp1,$e,1));# tmp1+=K_00_19+xi
-         &xor($f,$d);                   # f holds F_00_19(b,c,d)
+        
-        &rotr($b,2);                    # b=ROTATE(b,30)
+        &add($f,$tmp1);                 # f+=tmp1
-         &lea($tmp1,&DWP(0x5a827999,$tmp1,$e)); # tmp1+=K_00_19+xi
-        if ($n==15) { &add($f,$tmp1); } # f+=tmp1
-        else        { &add($tmp1,$f); } # f becomes a in next round
        }
 sub BODY_16_19
        {
-        local($n,$a,$b,$c,$d,$e,$f)=@_;
+        local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
+        local($n0,$n1,$n2,$n3,$np)=&Na($n);
        &comment("16_19 $n");
-        &mov($f,&swtmp($n%16));         # f to hold Xupdate(xi,xa,xb,xc,xd)
+        &mov($f,&swtmp($n1));           # f to hold Xupdate(xi,xa,xb,xc,xd)
         &mov($tmp1,$c);                # tmp1 to hold F_00_19(b,c,d)
-        &xor($f,&swtmp(($n+2)%16));
+        &xor($f,&swtmp($n0));
         &xor($tmp1,$d);
-        &xor($f,&swtmp(($n+8)%16));
+        &xor($f,&swtmp($n2));
         &and($tmp1,$b);                # tmp1 holds F_00_19(b,c,d)
-        &rotr($b,2);                    # b=ROTATE(b,30)
+        &xor($f,&swtmp($n3));           # f holds xa^xb^xc^xd
-         &xor($f,&swtmp(($n+13)%16));   # f holds xa^xb^xc^xd
+         &rotr($b,2);                   # b=ROTATE(b,30)
-        &rotl($f,1);                    # f=ROTATE(f,1)
+        &xor($tmp1,$d);                 # tmp1=F_00_19(b,c,d)
-         &xor($tmp1,$d);                # tmp1=F_00_19(b,c,d)
+         &rotl($f,1);                   # f=ROATE(f,1)
-        &mov(&swtmp($n%16),$f);         # xi=f
+        &mov(&swtmp($n0),$f);           # xi=f
-        &lea($f,&DWP(0x5a827999,$f,$e));# f+=K_00_19+e
+        &lea($f,&DWP($K,$f,$e,1));      # f+=K_00_19+e
         &mov($e,$a);                   # e becomes volatile
-        &rotl($e,5);                    # e=ROTATE(a,5)
+        &add($f,$tmp1);                 # f+=F_00_19(b,c,d)
-         &add($f,$tmp1);                # f+=F_00_19(b,c,d)
+         &rotl($e,5);                   # e=ROTATE(a,5)
        &add($f,$e);                    # f+=ROTATE(a,5)
        }
 sub BODY_20_39
        {
-        local($n,$a,$b,$c,$d,$e,$f)=@_;
+        local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
-        local $K=($n<40)?0x6ed9eba1:0xca62c1d6;
        &comment("20_39 $n");
+        local($n0,$n1,$n2,$n3,$np)=&Na($n);
-        &mov($tmp1,$b);                 # tmp1 to hold F_20_39(b,c,d)
+        &mov($f,&swtmp($n0));           # f to hold Xupdate(xi,xa,xb,xc,xd)
-         &mov($f,&swtmp($n%16));        # f to hold Xupdate(xi,xa,xb,xc,xd)
+         &mov($tmp1,$b);                # tmp1 to hold F_20_39(b,c,d)
-        &rotr($b,2);                    # b=ROTATE(b,30)
+        &xor($f,&swtmp($n1));
-         &xor($f,&swtmp(($n+2)%16));
+         &rotr($b,2);                   # b=ROTATE(b,30)
-        &xor($tmp1,$c);
+        &xor($f,&swtmp($n2));
-         &xor($f,&swtmp(($n+8)%16));
+         &xor($tmp1,$c);
-        &xor($tmp1,$d);                 # tmp1 holds F_20_39(b,c,d)
+        &xor($f,&swtmp($n3));           # f holds xa^xb^xc^xd
-         &xor($f,&swtmp(($n+13)%16));   # f holds xa^xb^xc^xd
+         &xor($tmp1,$d);                # tmp1 holds F_20_39(b,c,d)
        &rotl($f,1);                    # f=ROTATE(f,1)
-         &add($tmp1,$e);
+        &mov(&swtmp($n0),$f);           # xi=f
-        &mov(&swtmp($n%16),$f);         # xi=f
+        &lea($f,&DWP($K,$f,$e,1));      # f+=K_20_39+e
         &mov($e,$a);                   # e becomes volatile
        &rotl($e,5);                    # e=ROTATE(a,5)
-         &lea($f,&DWP($K,$f,$tmp1));    # f+=K_20_39+e
+         &add($f,$tmp1);                # f+=F_20_39(b,c,d)
        &add($f,$e);                    # f+=ROTATE(a,5)
        }
 sub BODY_40_59
        {
-        local($n,$a,$b,$c,$d,$e,$f)=@_;
+        local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_;
        &comment("40_59 $n");
+        local($n0,$n1,$n2,$n3,$np)=&Na($n);
-        &mov($f,&swtmp($n%16));         # f to hold Xupdate(xi,xa,xb,xc,xd)
+        &mov($f,&swtmp($n0));           # f to hold Xupdate(xi,xa,xb,xc,xd)
-         &mov($tmp1,&swtmp(($n+2)%16));
-        &xor($f,$tmp1);
-         &mov($tmp1,&swtmp(($n+8)%16));
-        &xor($f,$tmp1);
-         &mov($tmp1,&swtmp(($n+13)%16));
-        &xor($f,$tmp1);                 # f holds xa^xb^xc^xd
         &mov($tmp1,$b);                # tmp1 to hold F_40_59(b,c,d)
-        &rotl($f,1);                    # f=ROTATE(f,1)
+        &xor($f,&swtmp($n1));
         &or($tmp1,$c);
-        &mov(&swtmp($n%16),$f);         # xi=f
+        &xor($f,&swtmp($n2));
         &and($tmp1,$d);
-        &lea($f,&DWP(0x8f1bbcdc,$f,$e));# f+=K_40_59+e
+        &xor($f,&swtmp($n3));           # f holds xa^xb^xc^xd
+        &rotl($f,1);                    # f=ROTATE(f,1)
+        &mov(&swtmp($n0),$f);           # xi=f
+        &lea($f,&DWP($K,$f,$e,1));      # f+=K_40_59+e
         &mov($e,$b);                   # e becomes volatile and is used
                                        # to calculate F_40_59(b,c,d)
        &rotr($b,2);                    # b=ROTATE(b,30)
@@ -145,75 +192,234 @@ sub BODY_40_59
        &or($tmp1,$e);                  # tmp1 holds F_40_59(b,c,d)             
         &mov($e,$a);
        &rotl($e,5);                    # e=ROTATE(a,5)
-         &add($f,$tmp1);                # f+=tmp1;
+        &add($tmp1,$e);                 # tmp1+=ROTATE(a,5)
-        &add($f,$e);                    # f+=ROTATE(a,5)
+        &add($f,$tmp1);                 # f+=tmp1;
        }
-&function_begin("sha1_block_data_order",16);
+sub BODY_60_79
-        &mov($tmp1,&wparam(0)); # SHA_CTX *c
+        {
-        &mov($T,&wparam(1));    # const void *input
+        &BODY_20_39(@_);
-        &mov($A,&wparam(2));    # size_t num
+        }
-        &stack_push(16);        # allocate X[16]
-        &shl($A,6);
+sub sha1_block_host
-        &add($A,$T);
+        {
-        &mov(&wparam(2),$A);    # pointer beyond the end of input
+        local($name, $sclabel)=@_;
-        &mov($E,&DWP(16,$tmp1));# pre-load E
-        &set_label("loop",16);
+        &function_begin_B($name,"");
-        # copy input chunk to X, but reversing byte order!
+        # parameter 1 is the MD5_CTX structure.
-        for ($i=0; $i<16; $i+=4)
+        # A     0
+        # B     4
+        # C     8
+        # D     12
+        # E     16
+        &mov("ecx",     &wparam(2));
+         &push("esi");
+        &shl("ecx",6);
+         &mov("esi",    &wparam(1));
+        &push("ebp");
+         &add("ecx","esi");     # offset to leave on
+        &push("ebx");
+         &mov("ebp",    &wparam(0));
+        &push("edi");
+         &mov($D,       &DWP(12,"ebp","",0));
+        &stack_push(18+9);
+         &mov($E,       &DWP(16,"ebp","",0));
+        &mov($C,        &DWP( 8,"ebp","",0));
+         &mov(&swtmp(17),"ecx");
+        &comment("First we need to setup the X array");
+        for ($i=0; $i<16; $i+=2)
                {
-                &mov($A,&DWP(4*($i+0),$T));
+                &mov($A,&DWP(($i+0)*4,"esi","",0));# unless $i == 0;
-                &mov($B,&DWP(4*($i+1),$T));
+                 &mov($B,&DWP(($i+1)*4,"esi","",0));
-                &mov($C,&DWP(4*($i+2),$T));
-                &mov($D,&DWP(4*($i+3),$T));
-                &bswap($A);
-                &bswap($B);
-                &bswap($C);
-                &bswap($D);
                &mov(&swtmp($i+0),$A);
-                &mov(&swtmp($i+1),$B);
+                 &mov(&swtmp($i+1),$B);
-                &mov(&swtmp($i+2),$C);
-                &mov(&swtmp($i+3),$D);
                }
-        &mov(&wparam(1),$T);    # redundant in 1st spin
+        &jmp($sclabel);
+        &function_end_B($name);
-        &mov($A,&DWP(0,$tmp1)); # load SHA_CTX
+        }
-        &mov($B,&DWP(4,$tmp1));
-        &mov($C,&DWP(8,$tmp1));
-        &mov($D,&DWP(12,$tmp1));
+sub sha1_block_data
-        # E is pre-loaded
+        {
+        local($name)=@_;
-        for($i=0;$i<16;$i++)    { &BODY_00_15($i,@V); unshift(@V,pop(@V)); }
-        for(;$i<20;$i++)        { &BODY_16_19($i,@V); unshift(@V,pop(@V)); }
+        &function_begin_B($name,"");
-        for(;$i<40;$i++)        { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
-        for(;$i<60;$i++)        { &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
+        # parameter 1 is the MD5_CTX structure.
-        for(;$i<80;$i++)        { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
+        # A     0
+        # B     4
-        (($V[5] eq $D) and ($V[0] eq $E)) or die;       # double-check
+        # C     8
+        # D     12
-        &mov($tmp1,&wparam(0)); # re-load SHA_CTX*
+        # E     16
-        &mov($D,&wparam(1));    # D is last "T" and is discarded
+        &mov("ecx",     &wparam(2));
-        &add($E,&DWP(0,$tmp1)); # E is last "A"...
+         &push("esi");
-        &add($T,&DWP(4,$tmp1));
+        &shl("ecx",6);
-        &add($A,&DWP(8,$tmp1));
+         &mov("esi",    &wparam(1));
-        &add($B,&DWP(12,$tmp1));
+        &push("ebp");
-        &add($C,&DWP(16,$tmp1));
+         &add("ecx","esi");     # offset to leave on
+        &push("ebx");
-        &mov(&DWP(0,$tmp1),$E); # update SHA_CTX
+         &mov("ebp",    &wparam(0));
-         &add($D,64);           # advance input pointer
+        &push("edi");
-        &mov(&DWP(4,$tmp1),$T);
+         &mov($D,       &DWP(12,"ebp","",0));
-         &cmp($D,&wparam(2));   # have we reached the end yet?
+        &stack_push(18+9);
-        &mov(&DWP(8,$tmp1),$A);
+         &mov($E,       &DWP(16,"ebp","",0));
-         &mov($E,$C);           # C is last "E" which needs to be "pre-loaded"
+        &mov($C,        &DWP( 8,"ebp","",0));
-        &mov(&DWP(12,$tmp1),$B);
+         &mov(&swtmp(17),"ecx");
-         &mov($T,$D);           # input pointer
-        &mov(&DWP(16,$tmp1),$C);
+        &comment("First we need to setup the X array");
-        &jb(&label("loop"));
+        &set_label("start") unless $normal;
-        &stack_pop(16);
-&function_end("sha1_block_data_order");
+        &X_expand("esi");
+         &mov(&wparam(1),"esi");
+        &set_label("shortcut", 0, 1);
+        &comment("");
+        &comment("Start processing");
+        # odd start
+        &mov($A,        &DWP( 0,"ebp","",0));
+         &mov($B,       &DWP( 4,"ebp","",0));
+        $X="esp";
+        &BODY_00_15(-2,$K[0],$X, 0,$A,$B,$C,$D,$E,$T);
+        &BODY_00_15( 0,$K[0],$X, 1,$T,$A,$B,$C,$D,$E);
+        &BODY_00_15( 0,$K[0],$X, 2,$E,$T,$A,$B,$C,$D);
+        &BODY_00_15( 0,$K[0],$X, 3,$D,$E,$T,$A,$B,$C);
+        &BODY_00_15( 0,$K[0],$X, 4,$C,$D,$E,$T,$A,$B);
+        &BODY_00_15( 0,$K[0],$X, 5,$B,$C,$D,$E,$T,$A);
+        &BODY_00_15( 0,$K[0],$X, 6,$A,$B,$C,$D,$E,$T);
+        &BODY_00_15( 0,$K[0],$X, 7,$T,$A,$B,$C,$D,$E);
+        &BODY_00_15( 0,$K[0],$X, 8,$E,$T,$A,$B,$C,$D);
+        &BODY_00_15( 0,$K[0],$X, 9,$D,$E,$T,$A,$B,$C);
+        &BODY_00_15( 0,$K[0],$X,10,$C,$D,$E,$T,$A,$B);
+        &BODY_00_15( 0,$K[0],$X,11,$B,$C,$D,$E,$T,$A);
+        &BODY_00_15( 0,$K[0],$X,12,$A,$B,$C,$D,$E,$T);
+        &BODY_00_15( 0,$K[0],$X,13,$T,$A,$B,$C,$D,$E);
+        &BODY_00_15( 0,$K[0],$X,14,$E,$T,$A,$B,$C,$D);
+        &BODY_00_15( 1,$K[0],$X,15,$D,$E,$T,$A,$B,$C);
+        &BODY_16_19(-1,$K[0],$X,16,$C,$D,$E,$T,$A,$B);
+        &BODY_16_19( 0,$K[0],$X,17,$B,$C,$D,$E,$T,$A);
+        &BODY_16_19( 0,$K[0],$X,18,$A,$B,$C,$D,$E,$T);
+        &BODY_16_19( 1,$K[0],$X,19,$T,$A,$B,$C,$D,$E);
+        &BODY_20_39(-1,$K[1],$X,20,$E,$T,$A,$B,$C,$D);
+        &BODY_20_39( 0,$K[1],$X,21,$D,$E,$T,$A,$B,$C);
+        &BODY_20_39( 0,$K[1],$X,22,$C,$D,$E,$T,$A,$B);
+        &BODY_20_39( 0,$K[1],$X,23,$B,$C,$D,$E,$T,$A);
+        &BODY_20_39( 0,$K[1],$X,24,$A,$B,$C,$D,$E,$T);
+        &BODY_20_39( 0,$K[1],$X,25,$T,$A,$B,$C,$D,$E);
+        &BODY_20_39( 0,$K[1],$X,26,$E,$T,$A,$B,$C,$D);
+        &BODY_20_39( 0,$K[1],$X,27,$D,$E,$T,$A,$B,$C);
+        &BODY_20_39( 0,$K[1],$X,28,$C,$D,$E,$T,$A,$B);
+        &BODY_20_39( 0,$K[1],$X,29,$B,$C,$D,$E,$T,$A);
+        &BODY_20_39( 0,$K[1],$X,30,$A,$B,$C,$D,$E,$T);
+        &BODY_20_39( 0,$K[1],$X,31,$T,$A,$B,$C,$D,$E);
+        &BODY_20_39( 0,$K[1],$X,32,$E,$T,$A,$B,$C,$D);
+        &BODY_20_39( 0,$K[1],$X,33,$D,$E,$T,$A,$B,$C);
+        &BODY_20_39( 0,$K[1],$X,34,$C,$D,$E,$T,$A,$B);
+        &BODY_20_39( 0,$K[1],$X,35,$B,$C,$D,$E,$T,$A);
+        &BODY_20_39( 0,$K[1],$X,36,$A,$B,$C,$D,$E,$T);
+        &BODY_20_39( 0,$K[1],$X,37,$T,$A,$B,$C,$D,$E);
+        &BODY_20_39( 0,$K[1],$X,38,$E,$T,$A,$B,$C,$D);
+        &BODY_20_39( 1,$K[1],$X,39,$D,$E,$T,$A,$B,$C);
+        &BODY_40_59(-1,$K[2],$X,40,$C,$D,$E,$T,$A,$B);
+        &BODY_40_59( 0,$K[2],$X,41,$B,$C,$D,$E,$T,$A);
+        &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T);
+        &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E);
+        &BODY_40_59( 0,$K[2],$X,44,$E,$T,$A,$B,$C,$D);
+        &BODY_40_59( 0,$K[2],$X,45,$D,$E,$T,$A,$B,$C);
+        &BODY_40_59( 0,$K[2],$X,46,$C,$D,$E,$T,$A,$B);
+        &BODY_40_59( 0,$K[2],$X,47,$B,$C,$D,$E,$T,$A);
+        &BODY_40_59( 0,$K[2],$X,48,$A,$B,$C,$D,$E,$T);
+        &BODY_40_59( 0,$K[2],$X,49,$T,$A,$B,$C,$D,$E);
+        &BODY_40_59( 0,$K[2],$X,50,$E,$T,$A,$B,$C,$D);
+        &BODY_40_59( 0,$K[2],$X,51,$D,$E,$T,$A,$B,$C);
+        &BODY_40_59( 0,$K[2],$X,52,$C,$D,$E,$T,$A,$B);
+        &BODY_40_59( 0,$K[2],$X,53,$B,$C,$D,$E,$T,$A);
+        &BODY_40_59( 0,$K[2],$X,54,$A,$B,$C,$D,$E,$T);
+        &BODY_40_59( 0,$K[2],$X,55,$T,$A,$B,$C,$D,$E);
+        &BODY_40_59( 0,$K[2],$X,56,$E,$T,$A,$B,$C,$D);
+        &BODY_40_59( 0,$K[2],$X,57,$D,$E,$T,$A,$B,$C);
+        &BODY_40_59( 0,$K[2],$X,58,$C,$D,$E,$T,$A,$B);
+        &BODY_40_59( 1,$K[2],$X,59,$B,$C,$D,$E,$T,$A);
+        &BODY_60_79(-1,$K[3],$X,60,$A,$B,$C,$D,$E,$T);
+        &BODY_60_79( 0,$K[3],$X,61,$T,$A,$B,$C,$D,$E);
+        &BODY_60_79( 0,$K[3],$X,62,$E,$T,$A,$B,$C,$D);
+        &BODY_60_79( 0,$K[3],$X,63,$D,$E,$T,$A,$B,$C);
+        &BODY_60_79( 0,$K[3],$X,64,$C,$D,$E,$T,$A,$B);
+        &BODY_60_79( 0,$K[3],$X,65,$B,$C,$D,$E,$T,$A);
+        &BODY_60_79( 0,$K[3],$X,66,$A,$B,$C,$D,$E,$T);
+        &BODY_60_79( 0,$K[3],$X,67,$T,$A,$B,$C,$D,$E);
+        &BODY_60_79( 0,$K[3],$X,68,$E,$T,$A,$B,$C,$D);
+        &BODY_60_79( 0,$K[3],$X,69,$D,$E,$T,$A,$B,$C);
+        &BODY_60_79( 0,$K[3],$X,70,$C,$D,$E,$T,$A,$B);
+        &BODY_60_79( 0,$K[3],$X,71,$B,$C,$D,$E,$T,$A);
+        &BODY_60_79( 0,$K[3],$X,72,$A,$B,$C,$D,$E,$T);
+        &BODY_60_79( 0,$K[3],$X,73,$T,$A,$B,$C,$D,$E);
+        &BODY_60_79( 0,$K[3],$X,74,$E,$T,$A,$B,$C,$D);
+        &BODY_60_79( 0,$K[3],$X,75,$D,$E,$T,$A,$B,$C);
+        &BODY_60_79( 0,$K[3],$X,76,$C,$D,$E,$T,$A,$B);
+        &BODY_60_79( 0,$K[3],$X,77,$B,$C,$D,$E,$T,$A);
+        &BODY_60_79( 0,$K[3],$X,78,$A,$B,$C,$D,$E,$T);
+        &BODY_60_79( 2,$K[3],$X,79,$T,$A,$B,$C,$D,$E);
+        &comment("End processing");
+        &comment("");
+        # D is the tmp value
+        # E -> A
+        # T -> B
+        # A -> C
+        # B -> D
+        # C -> E
+        # D -> T
+        &mov($tmp1,&wparam(0));
+         &mov($D,       &DWP(12,$tmp1,"",0));
+        &add($D,$B);
+         &mov($B,       &DWP( 4,$tmp1,"",0));
+        &add($B,$T);
+         &mov($T,       $A);
+        &mov($A,        &DWP( 0,$tmp1,"",0));
+         &mov(&DWP(12,$tmp1,"",0),$D);
+        &add($A,$E);
+         &mov($E,       &DWP(16,$tmp1,"",0));
+        &add($E,$C);
+         &mov($C,       &DWP( 8,$tmp1,"",0));
+        &add($C,$T);
+         &mov(&DWP( 0,$tmp1,"",0),$A);
+        &mov("esi",&wparam(1));
+         &mov(&DWP( 8,$tmp1,"",0),$C);
+        &add("esi",64);
+         &mov("eax",&swtmp(17));
+        &mov(&DWP(16,$tmp1,"",0),$E);
+         &cmp("esi","eax");
+        &mov(&DWP( 4,$tmp1,"",0),$B);
+         &jb(&label("start"));
+        &stack_pop(18+9);
+         &pop("edi");
+        &pop("ebx");
+         &pop("ebp");
+        &pop("esi");
+         &ret();
+        # keep a note of shortcut label so it can be used outside
+        # block.
+        my $sclabel = &label("shortcut");
+        &function_end_B($name);
+        # Putting this here avoids problems with MASM in debugging mode
+        &sha1_block_host("sha1_block_asm_host_order", $sclabel);
+        }
-&asm_finish();
diff --git a/src/lib/libcrypto/sha/asm/sha512-sse2.pl b/src/lib/libcrypto/sha/asm/sha512-sse2.pl
new file mode 100644
index 0000000000..10902bf673
--- /dev/null
+++ b/src/lib/libcrypto/sha/asm/sha512-sse2.pl
@@ -0,0 +1,404 @@
+#!/usr/bin/env perl
+#
+# ====================================================================
+# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# project. Rights for redistribution and usage in source and binary
+# forms are granted according to the OpenSSL license.
+# ====================================================================
+#
+# SHA512_Transform_SSE2.
+#
+# As the name suggests, this is an IA-32 SSE2 implementation of
+# SHA512_Transform. Motivating factor for the undertaken effort was that
+# SHA512 was observed to *consistently* perform *significantly* poorer
+# than SHA256 [2x and slower is common] on 32-bit platforms. On 64-bit
+# platforms on the other hand SHA512 tend to outperform SHA256 [~50%
+# seem to be common improvement factor]. All this is perfectly natural,
+# as SHA512 is a 64-bit algorithm. But isn't IA-32 SSE2 essentially
+# a 64-bit instruction set? Is it rich enough to implement SHA512?
+# If answer was "no," then you wouldn't have been reading this...
+#
+# Throughput performance in MBps (larger is better):
+#
+#               2.4GHz P4       1.4GHz AMD32    1.4GHz AMD64(*)
+# SHA256/gcc(*) 54              43              59
+# SHA512/gcc    17              23              92
+# SHA512/sse2   61(**)          57(**)
+# SHA512/icc    26              28
+# SHA256/icc(*) 65              54
+#
+# (*)   AMD64 and SHA256 numbers are presented mostly for amusement or
+#       reference purposes.
+# (**)  I.e. it gives ~2-3x speed-up if compared with compiler generated
+#       code. One can argue that hand-coded *non*-SSE2 implementation
+#       would perform better than compiler generated one as well, and
+#       that comparison is therefore not exactly fair. Well, as SHA512
+#       puts enormous pressure on IA-32 GP register bank, I reckon that
+#       hand-coded version wouldn't perform significantly better than
+#       one compiled with icc, ~20% perhaps... So that this code would
+#       still outperform it with distinguishing marginal. But feel free
+#       to prove me wrong:-)
+#                                               <appro@fy.chalmers.se>
+push(@INC,"perlasm","../../perlasm");
+require "x86asm.pl";
+&asm_init($ARGV[0],"sha512-sse2.pl",$ARGV[$#ARGV] eq "386");
+$K512="esi";    # K512[80] table, found at the end...
+#$W512="esp";   # $W512 is not just W512[16]: it comprises *two* copies
+                # of W512[16] and a copy of A-H variables...
+$W512_SZ=8*(16+16+8);   # see above...
+#$Kidx="ebx";   # index in K512 table, advances from 0 to 80...
+$Widx="edx";    # index in W512, wraps around at 16...
+$data="edi";    # 16 qwords of input data...
+$A="mm0";       # B-D and
+$E="mm1";       # F-H are allocated dynamically...
+$Aoff=256+0;    # A-H offsets relative to $W512...
+$Boff=256+8;
+$Coff=256+16;
+$Doff=256+24;
+$Eoff=256+32;
+$Foff=256+40;
+$Goff=256+48;
+$Hoff=256+56;
+sub SHA2_ROUND()
+{ local ($kidx,$widx)=@_;
+        # One can argue that one could reorder instructions for better
+        # performance. Well, I tried and it doesn't seem to make any
+        # noticeable difference. Modern out-of-order execution cores
+        # reorder instructions to their liking in either case and they
+        # apparently do decent job. So we can keep the code more
+        # readable/regular/comprehensible:-)
+        # I adhere to 64-bit %mmX registers in order to avoid/not care
+        # about #GP exceptions on misaligned 128-bit access, most
+        # notably in paddq with memory operand. Not to mention that
+        # SSE2 intructions operating on %mmX can be scheduled every
+        # cycle [and not every second one if operating on %xmmN].
+        &movq   ("mm4",&QWP($Foff,$W512));      # load f
+        &movq   ("mm5",&QWP($Goff,$W512));      # load g
+        &movq   ("mm6",&QWP($Hoff,$W512));      # load h
+        &movq   ("mm2",$E);                     # %mm2 is sliding right
+        &movq   ("mm3",$E);                     # %mm3 is sliding left
+        &psrlq  ("mm2",14);
+        &psllq  ("mm3",23);
+        &movq   ("mm7","mm2");                  # %mm7 is T1
+        &pxor   ("mm7","mm3");
+        &psrlq  ("mm2",4);
+        &psllq  ("mm3",23);
+        &pxor   ("mm7","mm2");
+        &pxor   ("mm7","mm3");
+        &psrlq  ("mm2",23);
+        &psllq  ("mm3",4);
+        &pxor   ("mm7","mm2");
+        &pxor   ("mm7","mm3");                  # T1=Sigma1_512(e)
+        &movq   (&QWP($Foff,$W512),$E);         # f = e
+        &movq   (&QWP($Goff,$W512),"mm4");      # g = f
+        &movq   (&QWP($Hoff,$W512),"mm5");      # h = g
+        &pxor   ("mm4","mm5");                  # f^=g
+        &pand   ("mm4",$E);                     # f&=e
+        &pxor   ("mm4","mm5");                  # f^=g
+        &paddq  ("mm7","mm4");                  # T1+=Ch(e,f,g)
+        &movq   ("mm2",&QWP($Boff,$W512));      # load b
+        &movq   ("mm3",&QWP($Coff,$W512));      # load c
+        &movq   ($E,&QWP($Doff,$W512));         # e = d
+        &paddq  ("mm7","mm6");                  # T1+=h
+        &paddq  ("mm7",&QWP(0,$K512,$kidx,8));  # T1+=K512[i]
+        &paddq  ("mm7",&QWP(0,$W512,$widx,8));  # T1+=W512[i]
+        &paddq  ($E,"mm7");                     # e += T1
+        &movq   ("mm4",$A);                     # %mm4 is sliding right
+        &movq   ("mm5",$A);                     # %mm5 is sliding left
+        &psrlq  ("mm4",28);
+        &psllq  ("mm5",25);
+        &movq   ("mm6","mm4");                  # %mm6 is T2
+        &pxor   ("mm6","mm5");
+        &psrlq  ("mm4",6);
+        &psllq  ("mm5",5);
+        &pxor   ("mm6","mm4");
+        &pxor   ("mm6","mm5");
+        &psrlq  ("mm4",5);
+        &psllq  ("mm5",6);
+        &pxor   ("mm6","mm4");
+        &pxor   ("mm6","mm5");                  # T2=Sigma0_512(a)
+        &movq   (&QWP($Boff,$W512),$A);         # b = a
+        &movq   (&QWP($Coff,$W512),"mm2");      # c = b
+        &movq   (&QWP($Doff,$W512),"mm3");      # d = c
+        &movq   ("mm4",$A);                     # %mm4=a
+        &por    ($A,"mm3");                     # a=a|c
+        &pand   ("mm4","mm3");                  # %mm4=a&c
+        &pand   ($A,"mm2");                     # a=(a|c)&b
+        &por    ("mm4",$A);                     # %mm4=(a&c)|((a|c)&b)
+        &paddq  ("mm6","mm4");                  # T2+=Maj(a,b,c)
+        &movq   ($A,"mm7");                     # a=T1
+        &paddq  ($A,"mm6");                     # a+=T2
+}
+$func="sha512_block_sse2";
+&function_begin_B($func);
+        if (0) {# Caller is expected to check if it's appropriate to
+                # call this routine. Below 3 lines are retained for
+                # debugging purposes...
+                &picmeup("eax","OPENSSL_ia32cap");
+                &bt     (&DWP(0,"eax"),26);
+                &jnc    ("SHA512_Transform");
+        }
+        &push   ("ebp");
+        &mov    ("ebp","esp");
+        &push   ("ebx");
+        &push   ("esi");
+        &push   ("edi");
+        &mov    ($Widx,&DWP(8,"ebp"));          # A-H state, 1st arg
+        &mov    ($data,&DWP(12,"ebp"));         # input data, 2nd arg
+        &call   (&label("pic_point"));          # make it PIC!
+&set_label("pic_point");
+        &blindpop($K512);
+        &lea    ($K512,&DWP(&label("K512")."-".&label("pic_point"),$K512));
+        $W512 = "esp";                  # start using %esp as W512
+        &sub    ($W512,$W512_SZ);
+        &and    ($W512,-16);            # ensure 128-bit alignment
+        # make private copy of A-H
+        #     v assume the worst and stick to unaligned load
+        &movdqu ("xmm0",&QWP(0,$Widx));
+        &movdqu ("xmm1",&QWP(16,$Widx));
+        &movdqu ("xmm2",&QWP(32,$Widx));
+        &movdqu ("xmm3",&QWP(48,$Widx));
+&align(8);
+&set_label("_chunk_loop");
+        &movdqa (&QWP($Aoff,$W512),"xmm0");     # a,b
+        &movdqa (&QWP($Coff,$W512),"xmm1");     # c,d
+        &movdqa (&QWP($Eoff,$W512),"xmm2");     # e,f
+        &movdqa (&QWP($Goff,$W512),"xmm3");     # g,h
+        &xor    ($Widx,$Widx);
+        &movdq2q($A,"xmm0");                    # load a
+        &movdq2q($E,"xmm2");                    # load e
+        # Why aren't loops unrolled? It makes sense to unroll if
+        # execution time for loop body is comparable with branch
+        # penalties and/or if whole data-set resides in register bank.
+        # Neither is case here... Well, it would be possible to
+        # eliminate few store operations, but it would hardly affect
+        # so to say stop-watch performance, as there is a lot of
+        # available memory slots to fill. It will only relieve some
+        # pressure off memory bus...
+        # flip input stream byte order...
+        &mov    ("eax",&DWP(0,$data,$Widx,8));
+        &mov    ("ebx",&DWP(4,$data,$Widx,8));
+        &bswap  ("eax");
+        &bswap  ("ebx");
+        &mov    (&DWP(0,$W512,$Widx,8),"ebx");          # W512[i]
+        &mov    (&DWP(4,$W512,$Widx,8),"eax");
+        &mov    (&DWP(128+0,$W512,$Widx,8),"ebx");      # copy of W512[i]
+        &mov    (&DWP(128+4,$W512,$Widx,8),"eax");
+&align(8);
+&set_label("_1st_loop");                # 0-15
+        # flip input stream byte order...
+        &mov    ("eax",&DWP(0+8,$data,$Widx,8));
+        &mov    ("ebx",&DWP(4+8,$data,$Widx,8));
+        &bswap  ("eax");
+        &bswap  ("ebx");
+        &mov    (&DWP(0+8,$W512,$Widx,8),"ebx");        # W512[i]
+        &mov    (&DWP(4+8,$W512,$Widx,8),"eax");
+        &mov    (&DWP(128+0+8,$W512,$Widx,8),"ebx");    # copy of W512[i]
+        &mov    (&DWP(128+4+8,$W512,$Widx,8),"eax");
+&set_label("_1st_looplet");
+        &SHA2_ROUND($Widx,$Widx); &inc($Widx);
+&cmp    ($Widx,15)
+&jl     (&label("_1st_loop"));
+&je     (&label("_1st_looplet"));       # playing similar trick on 2nd loop
+                                        # does not improve performance...
+        $Kidx = "ebx";                  # start using %ebx as Kidx
+        &mov    ($Kidx,$Widx);
+&align(8);
+&set_label("_2nd_loop");                # 16-79
+        &and($Widx,0xf);
+        # 128-bit fragment! I update W512[i] and W512[i+1] in
+        # parallel:-) Note that I refer to W512[(i&0xf)+N] and not to
+        # W512[(i+N)&0xf]! This is exactly what I maintain the second
+        # copy of W512[16] for...
+        &movdqu ("xmm0",&QWP(8*1,$W512,$Widx,8));       # s0=W512[i+1]
+        &movdqa ("xmm2","xmm0");                # %xmm2 is sliding right
+        &movdqa ("xmm3","xmm0");                # %xmm3 is sliding left
+        &psrlq  ("xmm2",1);
+        &psllq  ("xmm3",56);
+        &movdqa ("xmm0","xmm2");
+        &pxor   ("xmm0","xmm3");
+        &psrlq  ("xmm2",6);
+        &psllq  ("xmm3",7);
+        &pxor   ("xmm0","xmm2");
+        &pxor   ("xmm0","xmm3");
+        &psrlq  ("xmm2",1);
+        &pxor   ("xmm0","xmm2");                # s0 = sigma0_512(s0);
+        &movdqa ("xmm1",&QWP(8*14,$W512,$Widx,8));      # s1=W512[i+14]
+        &movdqa ("xmm4","xmm1");                # %xmm4 is sliding right
+        &movdqa ("xmm5","xmm1");                # %xmm5 is sliding left
+        &psrlq  ("xmm4",6);
+        &psllq  ("xmm5",3);
+        &movdqa ("xmm1","xmm4");
+        &pxor   ("xmm1","xmm5");
+        &psrlq  ("xmm4",13);
+        &psllq  ("xmm5",42);
+        &pxor   ("xmm1","xmm4");
+        &pxor   ("xmm1","xmm5");
+        &psrlq  ("xmm4",42);
+        &pxor   ("xmm1","xmm4");                # s1 = sigma1_512(s1);
+        #     + have to explictly load W512[i+9] as it's not 128-bit
+        #     v aligned and paddq would throw an exception...
+        &movdqu ("xmm6",&QWP(8*9,$W512,$Widx,8));
+        &paddq  ("xmm0","xmm1");                # s0 += s1
+        &paddq  ("xmm0","xmm6");                # s0 += W512[i+9]
+        &paddq  ("xmm0",&QWP(0,$W512,$Widx,8)); # s0 += W512[i]
+        &movdqa (&QWP(0,$W512,$Widx,8),"xmm0");         # W512[i] = s0
+        &movdqa (&QWP(16*8,$W512,$Widx,8),"xmm0");      # copy of W512[i]
+        # as the above fragment was 128-bit, we "owe" 2 rounds...
+        &SHA2_ROUND($Kidx,$Widx); &inc($Kidx); &inc($Widx);
+        &SHA2_ROUND($Kidx,$Widx); &inc($Kidx); &inc($Widx);
+&cmp    ($Kidx,80);
+&jl     (&label("_2nd_loop"));
+        # update A-H state
+        &mov    ($Widx,&DWP(8,"ebp"));          # A-H state, 1st arg
+        &movq   (&QWP($Aoff,$W512),$A);         # write out a
+        &movq   (&QWP($Eoff,$W512),$E);         # write out e
+        &movdqu ("xmm0",&QWP(0,$Widx));
+        &movdqu ("xmm1",&QWP(16,$Widx));
+        &movdqu ("xmm2",&QWP(32,$Widx));
+        &movdqu ("xmm3",&QWP(48,$Widx));
+        &paddq  ("xmm0",&QWP($Aoff,$W512));     # 128-bit additions...
+        &paddq  ("xmm1",&QWP($Coff,$W512));
+        &paddq  ("xmm2",&QWP($Eoff,$W512));
+        &paddq  ("xmm3",&QWP($Goff,$W512));
+        &movdqu (&QWP(0,$Widx),"xmm0");
+        &movdqu (&QWP(16,$Widx),"xmm1");
+        &movdqu (&QWP(32,$Widx),"xmm2");
+        &movdqu (&QWP(48,$Widx),"xmm3");
+&add    ($data,16*8);                           # advance input data pointer
+&dec    (&DWP(16,"ebp"));                       # decrement 3rd arg
+&jnz    (&label("_chunk_loop"));
+        # epilogue
+        &emms   ();     # required for at least ELF and Win32 ABIs
+        &mov    ("edi",&DWP(-12,"ebp"));
+        &mov    ("esi",&DWP(-8,"ebp"));
+        &mov    ("ebx",&DWP(-4,"ebp"));
+        &leave  ();
+&ret    ();
+&align(64);
+&set_label("K512");     # Yes! I keep it in the code segment!
+        &data_word(0xd728ae22,0x428a2f98);      # u64
+        &data_word(0x23ef65cd,0x71374491);      # u64
+        &data_word(0xec4d3b2f,0xb5c0fbcf);      # u64
+        &data_word(0x8189dbbc,0xe9b5dba5);      # u64
+        &data_word(0xf348b538,0x3956c25b);      # u64
+        &data_word(0xb605d019,0x59f111f1);      # u64
+        &data_word(0xaf194f9b,0x923f82a4);      # u64
+        &data_word(0xda6d8118,0xab1c5ed5);      # u64
+        &data_word(0xa3030242,0xd807aa98);      # u64
+        &data_word(0x45706fbe,0x12835b01);      # u64
+        &data_word(0x4ee4b28c,0x243185be);      # u64
+        &data_word(0xd5ffb4e2,0x550c7dc3);      # u64
+        &data_word(0xf27b896f,0x72be5d74);      # u64
+        &data_word(0x3b1696b1,0x80deb1fe);      # u64
+        &data_word(0x25c71235,0x9bdc06a7);      # u64
+        &data_word(0xcf692694,0xc19bf174);      # u64
+        &data_word(0x9ef14ad2,0xe49b69c1);      # u64
+        &data_word(0x384f25e3,0xefbe4786);      # u64
+        &data_word(0x8b8cd5b5,0x0fc19dc6);      # u64
+        &data_word(0x77ac9c65,0x240ca1cc);      # u64
+        &data_word(0x592b0275,0x2de92c6f);      # u64
+        &data_word(0x6ea6e483,0x4a7484aa);      # u64
+        &data_word(0xbd41fbd4,0x5cb0a9dc);      # u64
+        &data_word(0x831153b5,0x76f988da);      # u64
+        &data_word(0xee66dfab,0x983e5152);      # u64
+        &data_word(0x2db43210,0xa831c66d);      # u64
+        &data_word(0x98fb213f,0xb00327c8);      # u64
+        &data_word(0xbeef0ee4,0xbf597fc7);      # u64
+        &data_word(0x3da88fc2,0xc6e00bf3);      # u64
+        &data_word(0x930aa725,0xd5a79147);      # u64
+        &data_word(0xe003826f,0x06ca6351);      # u64
+        &data_word(0x0a0e6e70,0x14292967);      # u64
+        &data_word(0x46d22ffc,0x27b70a85);      # u64
+        &data_word(0x5c26c926,0x2e1b2138);      # u64
+        &data_word(0x5ac42aed,0x4d2c6dfc);      # u64
+        &data_word(0x9d95b3df,0x53380d13);      # u64
+        &data_word(0x8baf63de,0x650a7354);      # u64
+        &data_word(0x3c77b2a8,0x766a0abb);      # u64
+        &data_word(0x47edaee6,0x81c2c92e);      # u64
+        &data_word(0x1482353b,0x92722c85);      # u64
+        &data_word(0x4cf10364,0xa2bfe8a1);      # u64
+        &data_word(0xbc423001,0xa81a664b);      # u64
+        &data_word(0xd0f89791,0xc24b8b70);      # u64
+        &data_word(0x0654be30,0xc76c51a3);      # u64
+        &data_word(0xd6ef5218,0xd192e819);      # u64
+        &data_word(0x5565a910,0xd6990624);      # u64
+        &data_word(0x5771202a,0xf40e3585);      # u64
+        &data_word(0x32bbd1b8,0x106aa070);      # u64
+        &data_word(0xb8d2d0c8,0x19a4c116);      # u64
+        &data_word(0x5141ab53,0x1e376c08);      # u64
+        &data_word(0xdf8eeb99,0x2748774c);      # u64
+        &data_word(0xe19b48a8,0x34b0bcb5);      # u64
+        &data_word(0xc5c95a63,0x391c0cb3);      # u64
+        &data_word(0xe3418acb,0x4ed8aa4a);      # u64
+        &data_word(0x7763e373,0x5b9cca4f);      # u64
+        &data_word(0xd6b2b8a3,0x682e6ff3);      # u64
+        &data_word(0x5defb2fc,0x748f82ee);      # u64
+        &data_word(0x43172f60,0x78a5636f);      # u64
+        &data_word(0xa1f0ab72,0x84c87814);      # u64
+        &data_word(0x1a6439ec,0x8cc70208);      # u64
+        &data_word(0x23631e28,0x90befffa);      # u64
+        &data_word(0xde82bde9,0xa4506ceb);      # u64
+        &data_word(0xb2c67915,0xbef9a3f7);      # u64
+        &data_word(0xe372532b,0xc67178f2);      # u64
+        &data_word(0xea26619c,0xca273ece);      # u64
+        &data_word(0x21c0c207,0xd186b8c7);      # u64
+        &data_word(0xcde0eb1e,0xeada7dd6);      # u64
+        &data_word(0xee6ed178,0xf57d4f7f);      # u64
+        &data_word(0x72176fba,0x06f067aa);      # u64
+        &data_word(0xa2c898a6,0x0a637dc5);      # u64
+        &data_word(0xbef90dae,0x113f9804);      # u64
+        &data_word(0x131c471b,0x1b710b35);      # u64
+        &data_word(0x23047d84,0x28db77f5);      # u64
+        &data_word(0x40c72493,0x32caab7b);      # u64
+        &data_word(0x15c9bebc,0x3c9ebe0a);      # u64
+        &data_word(0x9c100d4c,0x431d67c4);      # u64
+        &data_word(0xcb3e42b6,0x4cc5d4be);      # u64
+        &data_word(0xfc657e2a,0x597f299c);      # u64
+        &data_word(0x3ad6faec,0x5fcb6fab);      # u64
+        &data_word(0x4a475817,0x6c44198c);      # u64
+&function_end_B($func);
+&asm_finish();
diff --git a/src/lib/libcrypto/sha/sha.c b/src/lib/libcrypto/sha/sha.c
new file mode 100644
index 0000000000..42126551d1
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha.c
@@ -0,0 +1,124 @@
+/* crypto/sha/sha.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/sha.h>
+#define BUFSIZE 1024*16
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+int read(int, void *, unsigned int);
+int main(int argc, char **argv)
+        {
+        int i,err=0;
+        FILE *IN;
+        if (argc == 1)
+                {
+                do_fp(stdin);
+                }
+        else
+                {
+                for (i=1; i<argc; i++)
+                        {
+                        IN=fopen(argv[i],"r");
+                        if (IN == NULL)
+                                {
+                                perror(argv[i]);
+                                err++;
+                                continue;
+                                }
+                        printf("SHA(%s)= ",argv[i]);
+                        do_fp(IN);
+                        fclose(IN);
+                        }
+                }
+        exit(err);
+        }
+void do_fp(FILE *f)
+        {
+        SHA_CTX c;
+        unsigned char md[SHA_DIGEST_LENGTH];
+        int fd;
+        int i;
+        unsigned char buf[BUFSIZE];
+        fd=fileno(f);
+        SHA_Init(&c);
+        for (;;)
+                {
+                i=read(fd,buf,BUFSIZE);
+                if (i <= 0) break;
+                SHA_Update(&c,buf,(unsigned long)i);
+                }
+        SHA_Final(&(md[0]),&c);
+        pt(md);
+        }
+void pt(unsigned char *md)
+        {
+        int i;
+        for (i=0; i<SHA_DIGEST_LENGTH; i++)
+                printf("%02x",md[i]);
+        printf("\n");
+        }
diff --git a/src/lib/libcrypto/sha/sha.h b/src/lib/libcrypto/sha/sha.h
index eed44d7f94..79c07b0fd1 100644
--- a/src/lib/libcrypto/sha/sha.h
+++ b/src/lib/libcrypto/sha/sha.h
@@ -60,7 +60,6 @@
 #define HEADER_SHA_H
 #include <openssl/e_os2.h>
-#include <stddef.h>
 #ifdef  __cplusplus
 extern "C" {
@@ -71,7 +70,7 @@ extern "C" {
 #endif
 #if defined(OPENSSL_FIPS)
-#define FIPS_SHA_SIZE_T size_t
+#define FIPS_SHA_SIZE_T unsigned long
 #endif
 /*
@@ -102,97 +101,26 @@ typedef struct SHAstate_st
        SHA_LONG h0,h1,h2,h3,h4;
        SHA_LONG Nl,Nh;
        SHA_LONG data[SHA_LBLOCK];
-        unsigned int num;
+        int num;
        } SHA_CTX;
 #ifndef OPENSSL_NO_SHA0
+#ifdef OPENSSL_FIPS
+int private_SHA_Init(SHA_CTX *c);
+#endif
 int SHA_Init(SHA_CTX *c);
-int SHA_Update(SHA_CTX *c, const void *data, size_t len);
+int SHA_Update(SHA_CTX *c, const void *data, unsigned long len);
 int SHA_Final(unsigned char *md, SHA_CTX *c);
-unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md);
+unsigned char *SHA(const unsigned char *d, unsigned long n,unsigned char *md);
 void SHA_Transform(SHA_CTX *c, const unsigned char *data);
 #endif
 #ifndef OPENSSL_NO_SHA1
 int SHA1_Init(SHA_CTX *c);
-int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
+int SHA1_Update(SHA_CTX *c, const void *data, unsigned long len);
 int SHA1_Final(unsigned char *md, SHA_CTX *c);
-unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md);
+unsigned char *SHA1(const unsigned char *d, unsigned long n,unsigned char *md);
 void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
 #endif
-#define SHA256_CBLOCK   (SHA_LBLOCK*4)  /* SHA-256 treats input data as a
-                                         * contiguous array of 32 bit
-                                         * wide big-endian values. */
-#define SHA224_DIGEST_LENGTH    28
-#define SHA256_DIGEST_LENGTH    32
-typedef struct SHA256state_st
-        {
-        SHA_LONG h[8];
-        SHA_LONG Nl,Nh;
-        SHA_LONG data[SHA_LBLOCK];
-        unsigned int num,md_len;
-        } SHA256_CTX;
-#ifndef OPENSSL_NO_SHA256
-int SHA224_Init(SHA256_CTX *c);
-int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
-int SHA224_Final(unsigned char *md, SHA256_CTX *c);
-unsigned char *SHA224(const unsigned char *d, size_t n,unsigned char *md);
-int SHA256_Init(SHA256_CTX *c);
-int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
-int SHA256_Final(unsigned char *md, SHA256_CTX *c);
-unsigned char *SHA256(const unsigned char *d, size_t n,unsigned char *md);
-void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
-#endif
-#define SHA384_DIGEST_LENGTH    48
-#define SHA512_DIGEST_LENGTH    64
-#ifndef OPENSSL_NO_SHA512
-/*
- * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64
- * being exactly 64-bit wide. See Implementation Notes in sha512.c
- * for further details.
- */
-#define SHA512_CBLOCK   (SHA_LBLOCK*8)  /* SHA-512 treats input data as a
-                                         * contiguous array of 64 bit
-                                         * wide big-endian values. */
-#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
-#define SHA_LONG64 unsigned __int64
-#define U64(C)     C##UI64
-#elif defined(__arch64__)
-#define SHA_LONG64 unsigned long
-#define U64(C)     C##UL
-#else
-#define SHA_LONG64 unsigned long long
-#define U64(C)     C##ULL
-#endif
-typedef struct SHA512state_st
-        {
-        SHA_LONG64 h[8];
-        SHA_LONG64 Nl,Nh;
-        union {
-                SHA_LONG64      d[SHA_LBLOCK];
-                unsigned char   p[SHA512_CBLOCK];
-        } u;
-        unsigned int num,md_len;
-        } SHA512_CTX;
-#endif
-#ifndef OPENSSL_NO_SHA512
-int SHA384_Init(SHA512_CTX *c);
-int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
-int SHA384_Final(unsigned char *md, SHA512_CTX *c);
-unsigned char *SHA384(const unsigned char *d, size_t n,unsigned char *md);
-int SHA512_Init(SHA512_CTX *c);
-int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
-int SHA512_Final(unsigned char *md, SHA512_CTX *c);
-unsigned char *SHA512(const unsigned char *d, size_t n,unsigned char *md);
-void SHA512_Transform(SHA512_CTX *c, const unsigned char *data);
-#endif
 #ifdef  __cplusplus
 }
 #endif
diff --git a/src/lib/libcrypto/sha/sha1.c b/src/lib/libcrypto/sha/sha1.c
new file mode 100644
index 0000000000..d350c88ee4
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha1.c
@@ -0,0 +1,127 @@
+/* crypto/sha/sha1.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/sha.h>
+#define BUFSIZE 1024*16
+void do_fp(FILE *f);
+void pt(unsigned char *md);
+#ifndef _OSD_POSIX
+int read(int, void *, unsigned int);
+#endif
+int main(int argc, char **argv)
+        {
+        int i,err=0;
+        FILE *IN;
+        if (argc == 1)
+                {
+                do_fp(stdin);
+                }
+        else
+                {
+                for (i=1; i<argc; i++)
+                        {
+                        IN=fopen(argv[i],"r");
+                        if (IN == NULL)
+                                {
+                                perror(argv[i]);
+                                err++;
+                                continue;
+                                }
+                        printf("SHA1(%s)= ",argv[i]);
+                        do_fp(IN);
+                        fclose(IN);
+                        }
+                }
+        exit(err);
+        }
+void do_fp(FILE *f)
+        {
+        SHA_CTX c;
+        unsigned char md[SHA_DIGEST_LENGTH];
+        int fd;
+        int i;
+        unsigned char buf[BUFSIZE];
+        fd=fileno(f);
+        SHA1_Init(&c);
+        for (;;)
+                {
+                i=read(fd,buf,BUFSIZE);
+                if (i <= 0) break;
+                SHA1_Update(&c,buf,(unsigned long)i);
+                }
+        SHA1_Final(&(md[0]),&c);
+        pt(md);
+        }
+void pt(unsigned char *md)
+        {
+        int i;
+        for (i=0; i<SHA_DIGEST_LENGTH; i++)
+                printf("%02x",md[i]);
+        printf("\n");
+        }
diff --git a/src/lib/libcrypto/sha/sha1_one.c b/src/lib/libcrypto/sha/sha1_one.c
index 7c65b60276..f4694b701b 100644
--- a/src/lib/libcrypto/sha/sha1_one.c
+++ b/src/lib/libcrypto/sha/sha1_one.c
@@ -61,8 +61,8 @@
 #include <openssl/sha.h>
 #include <openssl/crypto.h>
-#ifndef OPENSSL_NO_SHA1
+#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_FIPS)
-unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
+unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md)
        {
        SHA_CTX c;
        static unsigned char m[SHA_DIGEST_LENGTH];
diff --git a/src/lib/libcrypto/sha/sha1dgst.c b/src/lib/libcrypto/sha/sha1dgst.c
index 50d1925cde..1e2009b760 100644
--- a/src/lib/libcrypto/sha/sha1dgst.c
+++ b/src/lib/libcrypto/sha/sha1dgst.c
@@ -56,19 +56,26 @@
 * [including the GNU Public Licence.]
 */
-#include <openssl/opensslconf.h>
 #if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)
 #undef  SHA_0
 #define SHA_1
 #include <openssl/opensslv.h>
+#include <openssl/opensslconf.h>
-const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT;
+#ifndef OPENSSL_FIPS
+const char *SHA1_version="SHA1" OPENSSL_VERSION_PTEXT;
 /* The implementation is in ../md32_common.h */
 #include "sha_locl.h"
+#else /* ndef OPENSSL_FIPS */
+static void *dummy=&dummy;
+#endif /* ndef OPENSSL_FIPS */
 #endif
diff --git a/src/lib/libcrypto/sha/sha1s.cpp b/src/lib/libcrypto/sha/sha1s.cpp
new file mode 100644
index 0000000000..af23d1e0f2
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha1s.cpp
@@ -0,0 +1,82 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+               : "=eax" (tsc)
+               :
+               : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/sha.h>
+#define sha1_block_x86 sha1_block_asm_data_order
+extern "C" {
+void sha1_block_x86(SHA_CTX *ctx, unsigned char *buffer,int num);
+}
+void main(int argc,char *argv[])
+        {
+        unsigned char buffer[64*256];
+        SHA_CTX ctx;
+        unsigned long s1,s2,e1,e2;
+        unsigned char k[16];
+        unsigned long data[2];
+        unsigned char iv[8];
+        int i,num=0,numm;
+        int j=0;
+        if (argc >= 2)
+                num=atoi(argv[1]);
+        if (num == 0) num=16;
+        if (num > 250) num=16;
+        numm=num+2;
+#if 0
+        num*=64;
+        numm*=64;
+#endif
+        for (j=0; j<6; j++)
+                {
+                for (i=0; i<10; i++) /**/
+                        {
+                        sha1_block_x86(&ctx,buffer,numm);
+                        GetTSC(s1);
+                        sha1_block_x86(&ctx,buffer,numm);
+                        GetTSC(e1);
+                        GetTSC(s2);
+                        sha1_block_x86(&ctx,buffer,num);
+                        GetTSC(e2);
+                        sha1_block_x86(&ctx,buffer,num);
+                        }
+                printf("sha1 (%d bytes) %d %d (%.2f)\n",num*64,
+                        e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
+                }
+        }
diff --git a/src/lib/libcrypto/sha/sha1test.c b/src/lib/libcrypto/sha/sha1test.c
new file mode 100644
index 0000000000..4f2e4ada2d
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha1test.c
@@ -0,0 +1,174 @@
+/* crypto/sha/sha1test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "../e_os.h"
+#ifdef OPENSSL_NO_SHA
+int main(int argc, char *argv[])
+{
+    printf("No SHA support\n");
+    return(0);
+}
+#else
+#include <openssl/evp.h>
+#include <openssl/sha.h>
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+#undef SHA_0 /* FIPS 180 */
+#define  SHA_1 /* FIPS 180-1 */
+static char *test[]={
+        "abc",
+        "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+        NULL,
+        };
+#ifdef SHA_0
+static char *ret[]={
+        "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
+        "d2516ee1acfa5baf33dfc1c471e438449ef134c8",
+        };
+static char *bigret=
+        "3232affa48628a26653b5aaa44541fd90d690603";
+#endif
+#ifdef SHA_1
+static char *ret[]={
+        "a9993e364706816aba3e25717850c26c9cd0d89d",
+        "84983e441c3bd26ebaae4aa1f95129e5e54670f1",
+        };
+static char *bigret=
+        "34aa973cd4c4daa4f61eeb2bdbad27316534016f";
+#endif
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+        {
+        int i,err=0;
+        unsigned char **P,**R;
+        static unsigned char buf[1000];
+        char *p,*r;
+        EVP_MD_CTX c;
+        unsigned char md[SHA_DIGEST_LENGTH];
+#ifdef CHARSET_EBCDIC
+        ebcdic2ascii(test[0], test[0], strlen(test[0]));
+        ebcdic2ascii(test[1], test[1], strlen(test[1]));
+#endif
+        EVP_MD_CTX_init(&c);
+        P=(unsigned char **)test;
+        R=(unsigned char **)ret;
+        i=1;
+        while (*P != NULL)
+                {
+                EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha1(), NULL);
+                p=pt(md);
+                if (strcmp(p,(char *)*R) != 0)
+                        {
+                        printf("error calculating SHA1 on '%s'\n",*P);
+                        printf("got %s instead of %s\n",p,*R);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                i++;
+                R++;
+                P++;
+                }
+        memset(buf,'a',1000);
+#ifdef CHARSET_EBCDIC
+        ebcdic2ascii(buf, buf, 1000);
+#endif /*CHARSET_EBCDIC*/
+        EVP_DigestInit_ex(&c,EVP_sha1(), NULL);
+        for (i=0; i<1000; i++)
+                EVP_DigestUpdate(&c,buf,1000);
+        EVP_DigestFinal_ex(&c,md,NULL);
+        p=pt(md);
+        r=bigret;
+        if (strcmp(p,r) != 0)
+                {
+                printf("error calculating SHA1 on 'a' * 1000\n");
+                printf("got %s instead of %s\n",p,r);
+                err++;
+                }
+        else
+                printf("test 3 ok\n");
+        EXIT(err);
+        EVP_MD_CTX_cleanup(&c);
+        return(0);
+        }
+static char *pt(unsigned char *md)
+        {
+        int i;
+        static char buf[80];
+        for (i=0; i<SHA_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
+#endif
diff --git a/src/lib/libcrypto/sha/sha256t.c b/src/lib/libcrypto/sha/sha256t.c
new file mode 100644
index 0000000000..6b4a3bd001
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha256t.c
@@ -0,0 +1,147 @@
+/* crypto/sha/sha256t.c */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
+ * ====================================================================
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <openssl/sha.h>
+#include <openssl/evp.h>
+#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA256)
+int main(int argc, char *argv[])
+{
+    printf("No SHA256 support\n");
+    return(0);
+}
+#else
+unsigned char app_b1[SHA256_DIGEST_LENGTH] = {
+        0xba,0x78,0x16,0xbf,0x8f,0x01,0xcf,0xea,
+        0x41,0x41,0x40,0xde,0x5d,0xae,0x22,0x23,
+        0xb0,0x03,0x61,0xa3,0x96,0x17,0x7a,0x9c,
+        0xb4,0x10,0xff,0x61,0xf2,0x00,0x15,0xad };
+unsigned char app_b2[SHA256_DIGEST_LENGTH] = {
+        0x24,0x8d,0x6a,0x61,0xd2,0x06,0x38,0xb8,
+        0xe5,0xc0,0x26,0x93,0x0c,0x3e,0x60,0x39,
+        0xa3,0x3c,0xe4,0x59,0x64,0xff,0x21,0x67,
+        0xf6,0xec,0xed,0xd4,0x19,0xdb,0x06,0xc1 };
+unsigned char app_b3[SHA256_DIGEST_LENGTH] = {
+        0xcd,0xc7,0x6e,0x5c,0x99,0x14,0xfb,0x92,
+        0x81,0xa1,0xc7,0xe2,0x84,0xd7,0x3e,0x67,
+        0xf1,0x80,0x9a,0x48,0xa4,0x97,0x20,0x0e,
+        0x04,0x6d,0x39,0xcc,0xc7,0x11,0x2c,0xd0 };
+unsigned char addenum_1[SHA224_DIGEST_LENGTH] = {
+        0x23,0x09,0x7d,0x22,0x34,0x05,0xd8,0x22,
+        0x86,0x42,0xa4,0x77,0xbd,0xa2,0x55,0xb3,
+        0x2a,0xad,0xbc,0xe4,0xbd,0xa0,0xb3,0xf7,
+        0xe3,0x6c,0x9d,0xa7 };
+unsigned char addenum_2[SHA224_DIGEST_LENGTH] = {
+        0x75,0x38,0x8b,0x16,0x51,0x27,0x76,0xcc,
+        0x5d,0xba,0x5d,0xa1,0xfd,0x89,0x01,0x50,
+        0xb0,0xc6,0x45,0x5c,0xb4,0xf5,0x8b,0x19,
+        0x52,0x52,0x25,0x25 };
+unsigned char addenum_3[SHA224_DIGEST_LENGTH] = {
+        0x20,0x79,0x46,0x55,0x98,0x0c,0x91,0xd8,
+        0xbb,0xb4,0xc1,0xea,0x97,0x61,0x8a,0x4b,
+        0xf0,0x3f,0x42,0x58,0x19,0x48,0xb2,0xee,
+        0x4e,0xe7,0xad,0x67 };
+int main (int argc,char **argv)
+{ unsigned char md[SHA256_DIGEST_LENGTH];
+  int           i;
+  EVP_MD_CTX    evp;
+    fprintf(stdout,"Testing SHA-256 ");
+    EVP_Digest ("abc",3,md,NULL,EVP_sha256(),NULL);
+    if (memcmp(md,app_b1,sizeof(app_b1)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 1 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+    EVP_Digest ("abcdbcde""cdefdefg""efghfghi""ghijhijk"
+                "ijkljklm""klmnlmno""mnopnopq",56,md,NULL,EVP_sha256(),NULL);
+    if (memcmp(md,app_b2,sizeof(app_b2)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 2 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+    EVP_MD_CTX_init (&evp);
+    EVP_DigestInit_ex (&evp,EVP_sha256(),NULL);
+    for (i=0;i<1000000;i+=160)
+        EVP_DigestUpdate (&evp, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
+                                (1000000-i)<160?1000000-i:160);
+    EVP_DigestFinal_ex (&evp,md,NULL);
+    EVP_MD_CTX_cleanup (&evp);
+    if (memcmp(md,app_b3,sizeof(app_b3)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 3 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+    fprintf(stdout," passed.\n"); fflush(stdout);
+    fprintf(stdout,"Testing SHA-224 ");
+    EVP_Digest ("abc",3,md,NULL,EVP_sha224(),NULL);
+    if (memcmp(md,addenum_1,sizeof(addenum_1)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 1 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+    EVP_Digest ("abcdbcde""cdefdefg""efghfghi""ghijhijk"
+                "ijkljklm""klmnlmno""mnopnopq",56,md,NULL,EVP_sha224(),NULL);
+    if (memcmp(md,addenum_2,sizeof(addenum_2)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 2 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+    EVP_MD_CTX_init (&evp);
+    EVP_DigestInit_ex (&evp,EVP_sha224(),NULL);
+    for (i=0;i<1000000;i+=64)
+        EVP_DigestUpdate (&evp, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
+                                (1000000-i)<64?1000000-i:64);
+    EVP_DigestFinal_ex (&evp,md,NULL);
+    EVP_MD_CTX_cleanup (&evp);
+    if (memcmp(md,addenum_3,sizeof(addenum_3)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 3 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+    fprintf(stdout," passed.\n"); fflush(stdout);
+  return 0;
+}
+#endif
diff --git a/src/lib/libcrypto/sha/sha512t.c b/src/lib/libcrypto/sha/sha512t.c
new file mode 100644
index 0000000000..210041d435
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha512t.c
@@ -0,0 +1,184 @@
+/* crypto/sha/sha512t.c */
+/* ====================================================================
+ * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
+ * ====================================================================
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <openssl/sha.h>
+#include <openssl/evp.h>
+#include <openssl/crypto.h>
+#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA512)
+int main(int argc, char *argv[])
+{
+    printf("No SHA512 support\n");
+    return(0);
+}
+#else
+unsigned char app_c1[SHA512_DIGEST_LENGTH] = {
+        0xdd,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba,
+        0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31,
+        0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2,
+        0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a,
+        0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8,
+        0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd,
+        0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e,
+        0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f };
+unsigned char app_c2[SHA512_DIGEST_LENGTH] = {
+        0x8e,0x95,0x9b,0x75,0xda,0xe3,0x13,0xda,
+        0x8c,0xf4,0xf7,0x28,0x14,0xfc,0x14,0x3f,
+        0x8f,0x77,0x79,0xc6,0xeb,0x9f,0x7f,0xa1,
+        0x72,0x99,0xae,0xad,0xb6,0x88,0x90,0x18,
+        0x50,0x1d,0x28,0x9e,0x49,0x00,0xf7,0xe4,
+        0x33,0x1b,0x99,0xde,0xc4,0xb5,0x43,0x3a,
+        0xc7,0xd3,0x29,0xee,0xb6,0xdd,0x26,0x54,
+        0x5e,0x96,0xe5,0x5b,0x87,0x4b,0xe9,0x09 };
+unsigned char app_c3[SHA512_DIGEST_LENGTH] = {
+        0xe7,0x18,0x48,0x3d,0x0c,0xe7,0x69,0x64,
+        0x4e,0x2e,0x42,0xc7,0xbc,0x15,0xb4,0x63,
+        0x8e,0x1f,0x98,0xb1,0x3b,0x20,0x44,0x28,
+        0x56,0x32,0xa8,0x03,0xaf,0xa9,0x73,0xeb,
+        0xde,0x0f,0xf2,0x44,0x87,0x7e,0xa6,0x0a,
+        0x4c,0xb0,0x43,0x2c,0xe5,0x77,0xc3,0x1b,
+        0xeb,0x00,0x9c,0x5c,0x2c,0x49,0xaa,0x2e,
+        0x4e,0xad,0xb2,0x17,0xad,0x8c,0xc0,0x9b };
+unsigned char app_d1[SHA384_DIGEST_LENGTH] = {
+        0xcb,0x00,0x75,0x3f,0x45,0xa3,0x5e,0x8b,
+        0xb5,0xa0,0x3d,0x69,0x9a,0xc6,0x50,0x07,
+        0x27,0x2c,0x32,0xab,0x0e,0xde,0xd1,0x63,
+        0x1a,0x8b,0x60,0x5a,0x43,0xff,0x5b,0xed,
+        0x80,0x86,0x07,0x2b,0xa1,0xe7,0xcc,0x23,
+        0x58,0xba,0xec,0xa1,0x34,0xc8,0x25,0xa7 };
+unsigned char app_d2[SHA384_DIGEST_LENGTH] = {
+        0x09,0x33,0x0c,0x33,0xf7,0x11,0x47,0xe8,
+        0x3d,0x19,0x2f,0xc7,0x82,0xcd,0x1b,0x47,
+        0x53,0x11,0x1b,0x17,0x3b,0x3b,0x05,0xd2,
+        0x2f,0xa0,0x80,0x86,0xe3,0xb0,0xf7,0x12,
+        0xfc,0xc7,0xc7,0x1a,0x55,0x7e,0x2d,0xb9,
+        0x66,0xc3,0xe9,0xfa,0x91,0x74,0x60,0x39 };
+unsigned char app_d3[SHA384_DIGEST_LENGTH] = {
+        0x9d,0x0e,0x18,0x09,0x71,0x64,0x74,0xcb,
+        0x08,0x6e,0x83,0x4e,0x31,0x0a,0x4a,0x1c,
+        0xed,0x14,0x9e,0x9c,0x00,0xf2,0x48,0x52,
+        0x79,0x72,0xce,0xc5,0x70,0x4c,0x2a,0x5b,
+        0x07,0xb8,0xb3,0xdc,0x38,0xec,0xc4,0xeb,
+        0xae,0x97,0xdd,0xd8,0x7f,0x3d,0x89,0x85 };
+int main (int argc,char **argv)
+{ unsigned char md[SHA512_DIGEST_LENGTH];
+  int           i;
+  EVP_MD_CTX    evp;
+#ifdef OPENSSL_IA32_SSE2
+    /* Alternative to this is to call OpenSSL_add_all_algorithms...
+     * The below code is retained exclusively for debugging purposes. */
+    { char      *env;
+        if ((env=getenv("OPENSSL_ia32cap")))
+            OPENSSL_ia32cap = strtoul (env,NULL,0);
+    }
+#endif
+    fprintf(stdout,"Testing SHA-512 ");
+    EVP_Digest ("abc",3,md,NULL,EVP_sha512(),NULL);
+    if (memcmp(md,app_c1,sizeof(app_c1)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 1 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+    EVP_Digest ("abcdefgh""bcdefghi""cdefghij""defghijk"
+                "efghijkl""fghijklm""ghijklmn""hijklmno"
+                "ijklmnop""jklmnopq""klmnopqr""lmnopqrs"
+                "mnopqrst""nopqrstu",112,md,NULL,EVP_sha512(),NULL);
+    if (memcmp(md,app_c2,sizeof(app_c2)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 2 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+    EVP_MD_CTX_init (&evp);
+    EVP_DigestInit_ex (&evp,EVP_sha512(),NULL);
+    for (i=0;i<1000000;i+=288)
+        EVP_DigestUpdate (&evp, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
+                                (1000000-i)<288?1000000-i:288);
+    EVP_DigestFinal_ex (&evp,md,NULL);
+    EVP_MD_CTX_cleanup (&evp);
+    if (memcmp(md,app_c3,sizeof(app_c3)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 3 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+    fprintf(stdout," passed.\n"); fflush(stdout);
+    fprintf(stdout,"Testing SHA-384 ");
+    EVP_Digest ("abc",3,md,NULL,EVP_sha384(),NULL);
+    if (memcmp(md,app_d1,sizeof(app_d1)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 1 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+    EVP_Digest ("abcdefgh""bcdefghi""cdefghij""defghijk"
+                "efghijkl""fghijklm""ghijklmn""hijklmno"
+                "ijklmnop""jklmnopq""klmnopqr""lmnopqrs"
+                "mnopqrst""nopqrstu",112,md,NULL,EVP_sha384(),NULL);
+    if (memcmp(md,app_d2,sizeof(app_d2)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 2 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+    EVP_MD_CTX_init (&evp);
+    EVP_DigestInit_ex (&evp,EVP_sha384(),NULL);
+    for (i=0;i<1000000;i+=64)
+        EVP_DigestUpdate (&evp, "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa"
+                                "aaaaaaaa""aaaaaaaa""aaaaaaaa""aaaaaaaa",
+                                (1000000-i)<64?1000000-i:64);
+    EVP_DigestFinal_ex (&evp,md,NULL);
+    EVP_MD_CTX_cleanup (&evp);
+    if (memcmp(md,app_d3,sizeof(app_d3)))
+    {   fflush(stdout);
+        fprintf(stderr,"\nTEST 3 of 3 failed.\n");
+        return 1;
+    }
+    else
+        fprintf(stdout,"."); fflush(stdout);
+    fprintf(stdout," passed.\n"); fflush(stdout);
+  return 0;
+}
+#endif
diff --git a/src/lib/libcrypto/sha/sha_dgst.c b/src/lib/libcrypto/sha/sha_dgst.c
new file mode 100644
index 0000000000..5a4b3ab204
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha_dgst.c
@@ -0,0 +1,73 @@
+/* crypto/sha/sha1dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
+#undef  SHA_1
+#define SHA_0
+#include <openssl/opensslv.h>
+const char *SHA_version="SHA" OPENSSL_VERSION_PTEXT;
+/* The implementation is in ../md32_common.h */
+#include "sha_locl.h"
+#endif
diff --git a/src/lib/libcrypto/sha/sha_locl.h b/src/lib/libcrypto/sha/sha_locl.h
index e37e5726e3..a3623f72da 100644
--- a/src/lib/libcrypto/sha/sha_locl.h
+++ b/src/lib/libcrypto/sha/sha_locl.h
@@ -62,11 +62,17 @@
 #include <openssl/opensslconf.h>
 #include <openssl/sha.h>
+#ifndef SHA_LONG_LOG2
+#define SHA_LONG_LOG2   2       /* default to 32 bits */
+#endif
 #define DATA_ORDER_IS_BIG_ENDIAN
 #define HASH_LONG               SHA_LONG
+#define HASH_LONG_LOG2          SHA_LONG_LOG2
 #define HASH_CTX                SHA_CTX
 #define HASH_CBLOCK             SHA_CBLOCK
+#define HASH_LBLOCK             SHA_LBLOCK
 #define HASH_MAKE_STRING(c,s)   do {    \
        unsigned long ll;               \
        ll=(c)->h0; HOST_l2c(ll,(s));   \
@@ -82,10 +88,12 @@
 # define HASH_TRANSFORM                 SHA_Transform
 # define HASH_FINAL                     SHA_Final
 # define HASH_INIT                      SHA_Init
+# define HASH_BLOCK_HOST_ORDER          sha_block_host_order
 # define HASH_BLOCK_DATA_ORDER          sha_block_data_order
 # define Xupdate(a,ix,ia,ib,ic,id)      (ix=(a)=(ia^ib^ic^id))
-static void sha_block_data_order (SHA_CTX *c, const void *p,size_t num);
+  void sha_block_host_order (SHA_CTX *c, const void *p,int num);
+  void sha_block_data_order (SHA_CTX *c, const void *p,int num);
 #elif defined(SHA_1)
@@ -93,6 +101,7 @@ static void sha_block_data_order (SHA_CTX *c, const void *p,size_t num);
 # define HASH_TRANSFORM                 SHA1_Transform
 # define HASH_FINAL                     SHA1_Final
 # define HASH_INIT                      SHA1_Init
+# define HASH_BLOCK_HOST_ORDER          sha1_block_host_order
 # define HASH_BLOCK_DATA_ORDER          sha1_block_data_order
 # if defined(__MWERKS__) && defined(__MC68K__)
   /* Metrowerks for Motorola fails otherwise:-( <appro@fy.chalmers.se> */
@@ -105,10 +114,22 @@ static void sha_block_data_order (SHA_CTX *c, const void *p,size_t num);
                                        )
 # endif
-#ifndef SHA1_ASM
+# ifdef SHA1_ASM
-static
+#  if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
-#endif
+#   define sha1_block_host_order                sha1_block_asm_host_order
-void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num);
+#   define DONT_IMPLEMENT_BLOCK_HOST_ORDER
+#   define sha1_block_data_order                sha1_block_asm_data_order
+#   define DONT_IMPLEMENT_BLOCK_DATA_ORDER
+#   define HASH_BLOCK_DATA_ORDER_ALIGNED        sha1_block_asm_data_order
+#  elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
+#   define sha1_block_host_order                sha1_block_asm_host_order
+#   define DONT_IMPLEMENT_BLOCK_HOST_ORDER
+#   define sha1_block_data_order                sha1_block_asm_data_order
+#   define DONT_IMPLEMENT_BLOCK_DATA_ORDER
+#  endif
+# endif
+  void sha1_block_host_order (SHA_CTX *c, const void *p,int num);
+  void sha1_block_data_order (SHA_CTX *c, const void *p,int num);
 #else
 # error "Either SHA_0 or SHA_1 must be defined."
@@ -122,7 +143,11 @@ void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num);
 #define INIT_DATA_h3 0x10325476UL
 #define INIT_DATA_h4 0xc3d2e1f0UL
+#if defined(SHA_0) && defined(OPENSSL_FIPS)
+FIPS_NON_FIPS_MD_Init(SHA)
+#else
 int HASH_INIT (SHA_CTX *c)
+#endif
        {
        c->h0=INIT_DATA_h0;
        c->h1=INIT_DATA_h1;
@@ -152,8 +177,6 @@ int HASH_INIT (SHA_CTX *c)
 #define F_40_59(b,c,d)  (((b) & (c)) | (((b)|(c)) & (d))) 
 #define F_60_79(b,c,d)  F_20_39(b,c,d)
-#ifndef OPENSSL_SMALL_FOOTPRINT
 #define BODY_00_15(i,a,b,c,d,e,f,xi) \
        (f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
        (b)=ROTATE((b),30);
@@ -206,11 +229,11 @@ int HASH_INIT (SHA_CTX *c)
 # define X(i)   XX[i]
 #endif
-#if !defined(SHA_1) || !defined(SHA1_ASM)
+#ifndef DONT_IMPLEMENT_BLOCK_HOST_ORDER
-static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
+void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, int num)
        {
-        const unsigned char *data=p;
+        const SHA_LONG *W=d;
-        register unsigned MD32_REG_T A,B,C,D,E,T,l;
+        register unsigned MD32_REG_T A,B,C,D,E,T;
 #ifndef MD32_XARRAY
        unsigned MD32_REG_T     XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
                                XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
@@ -225,71 +248,41 @@ static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
        E=c->h4;
        for (;;)
-                        {
-        const union { long one; char little; } is_endian = {1};
-        if (!is_endian.little && sizeof(SHA_LONG)==4 && ((size_t)p%4)==0)
-                {
-                const SHA_LONG *W=(const SHA_LONG *)data;
-                X( 0) = W[0];                           X( 1) = W[ 1];
-                BODY_00_15( 0,A,B,C,D,E,T,X( 0));       X( 2) = W[ 2];
-                BODY_00_15( 1,T,A,B,C,D,E,X( 1));       X( 3) = W[ 3];
-                BODY_00_15( 2,E,T,A,B,C,D,X( 2));       X( 4) = W[ 4];
-                BODY_00_15( 3,D,E,T,A,B,C,X( 3));       X( 5) = W[ 5];
-                BODY_00_15( 4,C,D,E,T,A,B,X( 4));       X( 6) = W[ 6];
-                BODY_00_15( 5,B,C,D,E,T,A,X( 5));       X( 7) = W[ 7];
-                BODY_00_15( 6,A,B,C,D,E,T,X( 6));       X( 8) = W[ 8];
-                BODY_00_15( 7,T,A,B,C,D,E,X( 7));       X( 9) = W[ 9];
-                BODY_00_15( 8,E,T,A,B,C,D,X( 8));       X(10) = W[10];
-                BODY_00_15( 9,D,E,T,A,B,C,X( 9));       X(11) = W[11];
-                BODY_00_15(10,C,D,E,T,A,B,X(10));       X(12) = W[12];
-                BODY_00_15(11,B,C,D,E,T,A,X(11));       X(13) = W[13];
-                BODY_00_15(12,A,B,C,D,E,T,X(12));       X(14) = W[14];
-                BODY_00_15(13,T,A,B,C,D,E,X(13));       X(15) = W[15];
-                BODY_00_15(14,E,T,A,B,C,D,X(14));
-                BODY_00_15(15,D,E,T,A,B,C,X(15));
-                data += SHA_CBLOCK;
-                }
-        else
                {
-                HOST_c2l(data,l); X( 0)=l;              HOST_c2l(data,l); X( 1)=l;
+        BODY_00_15( 0,A,B,C,D,E,T,W[ 0]);
-                BODY_00_15( 0,A,B,C,D,E,T,X( 0));       HOST_c2l(data,l); X( 2)=l;
+        BODY_00_15( 1,T,A,B,C,D,E,W[ 1]);
-                BODY_00_15( 1,T,A,B,C,D,E,X( 1));       HOST_c2l(data,l); X( 3)=l;
+        BODY_00_15( 2,E,T,A,B,C,D,W[ 2]);
-                BODY_00_15( 2,E,T,A,B,C,D,X( 2));       HOST_c2l(data,l); X( 4)=l;
+        BODY_00_15( 3,D,E,T,A,B,C,W[ 3]);
-                BODY_00_15( 3,D,E,T,A,B,C,X( 3));       HOST_c2l(data,l); X( 5)=l;
+        BODY_00_15( 4,C,D,E,T,A,B,W[ 4]);
-                BODY_00_15( 4,C,D,E,T,A,B,X( 4));       HOST_c2l(data,l); X( 6)=l;
+        BODY_00_15( 5,B,C,D,E,T,A,W[ 5]);
-                BODY_00_15( 5,B,C,D,E,T,A,X( 5));       HOST_c2l(data,l); X( 7)=l;
+        BODY_00_15( 6,A,B,C,D,E,T,W[ 6]);
-                BODY_00_15( 6,A,B,C,D,E,T,X( 6));       HOST_c2l(data,l); X( 8)=l;
+        BODY_00_15( 7,T,A,B,C,D,E,W[ 7]);
-                BODY_00_15( 7,T,A,B,C,D,E,X( 7));       HOST_c2l(data,l); X( 9)=l;
+        BODY_00_15( 8,E,T,A,B,C,D,W[ 8]);
-                BODY_00_15( 8,E,T,A,B,C,D,X( 8));       HOST_c2l(data,l); X(10)=l;
+        BODY_00_15( 9,D,E,T,A,B,C,W[ 9]);
-                BODY_00_15( 9,D,E,T,A,B,C,X( 9));       HOST_c2l(data,l); X(11)=l;
+        BODY_00_15(10,C,D,E,T,A,B,W[10]);
-                BODY_00_15(10,C,D,E,T,A,B,X(10));       HOST_c2l(data,l); X(12)=l;
+        BODY_00_15(11,B,C,D,E,T,A,W[11]);
-                BODY_00_15(11,B,C,D,E,T,A,X(11));       HOST_c2l(data,l); X(13)=l;
+        BODY_00_15(12,A,B,C,D,E,T,W[12]);
-                BODY_00_15(12,A,B,C,D,E,T,X(12));       HOST_c2l(data,l); X(14)=l;
+        BODY_00_15(13,T,A,B,C,D,E,W[13]);
-                BODY_00_15(13,T,A,B,C,D,E,X(13));       HOST_c2l(data,l); X(15)=l;
+        BODY_00_15(14,E,T,A,B,C,D,W[14]);
-                BODY_00_15(14,E,T,A,B,C,D,X(14));
+        BODY_00_15(15,D,E,T,A,B,C,W[15]);
-                BODY_00_15(15,D,E,T,A,B,C,X(15));
-                }
+        BODY_16_19(16,C,D,E,T,A,B,X( 0),W[ 0],W[ 2],W[ 8],W[13]);
+        BODY_16_19(17,B,C,D,E,T,A,X( 1),W[ 1],W[ 3],W[ 9],W[14]);
-        BODY_16_19(16,C,D,E,T,A,B,X( 0),X( 0),X( 2),X( 8),X(13));
+        BODY_16_19(18,A,B,C,D,E,T,X( 2),W[ 2],W[ 4],W[10],W[15]);
-        BODY_16_19(17,B,C,D,E,T,A,X( 1),X( 1),X( 3),X( 9),X(14));
+        BODY_16_19(19,T,A,B,C,D,E,X( 3),W[ 3],W[ 5],W[11],X( 0));
-        BODY_16_19(18,A,B,C,D,E,T,X( 2),X( 2),X( 4),X(10),X(15));
-        BODY_16_19(19,T,A,B,C,D,E,X( 3),X( 3),X( 5),X(11),X( 0));
+        BODY_20_31(20,E,T,A,B,C,D,X( 4),W[ 4],W[ 6],W[12],X( 1));
+        BODY_20_31(21,D,E,T,A,B,C,X( 5),W[ 5],W[ 7],W[13],X( 2));
-        BODY_20_31(20,E,T,A,B,C,D,X( 4),X( 4),X( 6),X(12),X( 1));
+        BODY_20_31(22,C,D,E,T,A,B,X( 6),W[ 6],W[ 8],W[14],X( 3));
-        BODY_20_31(21,D,E,T,A,B,C,X( 5),X( 5),X( 7),X(13),X( 2));
+        BODY_20_31(23,B,C,D,E,T,A,X( 7),W[ 7],W[ 9],W[15],X( 4));
-        BODY_20_31(22,C,D,E,T,A,B,X( 6),X( 6),X( 8),X(14),X( 3));
+        BODY_20_31(24,A,B,C,D,E,T,X( 8),W[ 8],W[10],X( 0),X( 5));
-        BODY_20_31(23,B,C,D,E,T,A,X( 7),X( 7),X( 9),X(15),X( 4));
+        BODY_20_31(25,T,A,B,C,D,E,X( 9),W[ 9],W[11],X( 1),X( 6));
-        BODY_20_31(24,A,B,C,D,E,T,X( 8),X( 8),X(10),X( 0),X( 5));
+        BODY_20_31(26,E,T,A,B,C,D,X(10),W[10],W[12],X( 2),X( 7));
-        BODY_20_31(25,T,A,B,C,D,E,X( 9),X( 9),X(11),X( 1),X( 6));
+        BODY_20_31(27,D,E,T,A,B,C,X(11),W[11],W[13],X( 3),X( 8));
-        BODY_20_31(26,E,T,A,B,C,D,X(10),X(10),X(12),X( 2),X( 7));
+        BODY_20_31(28,C,D,E,T,A,B,X(12),W[12],W[14],X( 4),X( 9));
-        BODY_20_31(27,D,E,T,A,B,C,X(11),X(11),X(13),X( 3),X( 8));
+        BODY_20_31(29,B,C,D,E,T,A,X(13),W[13],W[15],X( 5),X(10));
-        BODY_20_31(28,C,D,E,T,A,B,X(12),X(12),X(14),X( 4),X( 9));
+        BODY_20_31(30,A,B,C,D,E,T,X(14),W[14],X( 0),X( 6),X(11));
-        BODY_20_31(29,B,C,D,E,T,A,X(13),X(13),X(15),X( 5),X(10));
+        BODY_20_31(31,T,A,B,C,D,E,X(15),W[15],X( 1),X( 7),X(12));
-        BODY_20_31(30,A,B,C,D,E,T,X(14),X(14),X( 0),X( 6),X(11));
-        BODY_20_31(31,T,A,B,C,D,E,X(15),X(15),X( 1),X( 7),X(12));
        BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13));
        BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14));
@@ -348,7 +341,7 @@ static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
        c->h3=(c->h3+B)&0xffffffffL;
        c->h4=(c->h4+C)&0xffffffffL;
-        if (--num == 0) break;
+        if (--num <= 0) break;
        A=c->h0;
        B=c->h1;
@@ -356,48 +349,22 @@ static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
        D=c->h3;
        E=c->h4;
-                        }
+        W+=SHA_LBLOCK;
+                }
        }
 #endif
-#else   /* OPENSSL_SMALL_FOOTPRINT */
+#ifndef DONT_IMPLEMENT_BLOCK_DATA_ORDER
+void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, int num)
-#define BODY_00_15(xi)           do {   \
-        T=E+K_00_19+F_00_19(B,C,D);     \
-        E=D, D=C, C=ROTATE(B,30), B=A;  \
-        A=ROTATE(A,5)+T+xi;         } while(0)
-#define BODY_16_19(xa,xb,xc,xd)  do {   \
-        Xupdate(T,xa,xa,xb,xc,xd);      \
-        T+=E+K_00_19+F_00_19(B,C,D);    \
-        E=D, D=C, C=ROTATE(B,30), B=A;  \
-        A=ROTATE(A,5)+T;            } while(0)
-#define BODY_20_39(xa,xb,xc,xd)  do {   \
-        Xupdate(T,xa,xa,xb,xc,xd);      \
-        T+=E+K_20_39+F_20_39(B,C,D);    \
-        E=D, D=C, C=ROTATE(B,30), B=A;  \
-        A=ROTATE(A,5)+T;            } while(0)
-#define BODY_40_59(xa,xb,xc,xd)  do {   \
-        Xupdate(T,xa,xa,xb,xc,xd);      \
-        T+=E+K_40_59+F_40_59(B,C,D);    \
-        E=D, D=C, C=ROTATE(B,30), B=A;  \
-        A=ROTATE(A,5)+T;            } while(0)
-#define BODY_60_79(xa,xb,xc,xd)  do {   \
-        Xupdate(T,xa,xa,xb,xc,xd);      \
-        T=E+K_60_79+F_60_79(B,C,D);     \
-        E=D, D=C, C=ROTATE(B,30), B=A;  \
-        A=ROTATE(A,5)+T+xa;         } while(0)
-#if !defined(SHA_1) || !defined(SHA1_ASM)
-static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
        {
        const unsigned char *data=p;
        register unsigned MD32_REG_T A,B,C,D,E,T,l;
-        int i;
+#ifndef MD32_XARRAY
-        SHA_LONG        X[16];
+        unsigned MD32_REG_T     XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+                                XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
+#else
+        SHA_LONG        XX[16];
+#endif
        A=c->h0;
        B=c->h1;
@@ -407,24 +374,101 @@ static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
        for (;;)
                {
-        for (i=0;i<16;i++)
-        { HOST_c2l(data,l); X[i]=l; BODY_00_15(X[i]); }
+        HOST_c2l(data,l); X( 0)=l;              HOST_c2l(data,l); X( 1)=l;
-        for (i=0;i<4;i++)
+        BODY_00_15( 0,A,B,C,D,E,T,X( 0));       HOST_c2l(data,l); X( 2)=l;
-        { BODY_16_19(X[i],       X[i+2],      X[i+8],     X[(i+13)&15]); }
+        BODY_00_15( 1,T,A,B,C,D,E,X( 1));       HOST_c2l(data,l); X( 3)=l;
-        for (;i<24;i++)
+        BODY_00_15( 2,E,T,A,B,C,D,X( 2));       HOST_c2l(data,l); X( 4)=l;
-        { BODY_20_39(X[i&15],    X[(i+2)&15], X[(i+8)&15],X[(i+13)&15]); }
+        BODY_00_15( 3,D,E,T,A,B,C,X( 3));       HOST_c2l(data,l); X( 5)=l;
-        for (i=0;i<20;i++)
+        BODY_00_15( 4,C,D,E,T,A,B,X( 4));       HOST_c2l(data,l); X( 6)=l;
-        { BODY_40_59(X[(i+8)&15],X[(i+10)&15],X[i&15],    X[(i+5)&15]);  }
+        BODY_00_15( 5,B,C,D,E,T,A,X( 5));       HOST_c2l(data,l); X( 7)=l;
-        for (i=4;i<24;i++)
+        BODY_00_15( 6,A,B,C,D,E,T,X( 6));       HOST_c2l(data,l); X( 8)=l;
-        { BODY_60_79(X[(i+8)&15],X[(i+10)&15],X[i&15],    X[(i+5)&15]);  }
+        BODY_00_15( 7,T,A,B,C,D,E,X( 7));       HOST_c2l(data,l); X( 9)=l;
+        BODY_00_15( 8,E,T,A,B,C,D,X( 8));       HOST_c2l(data,l); X(10)=l;
-        c->h0=(c->h0+A)&0xffffffffL; 
+        BODY_00_15( 9,D,E,T,A,B,C,X( 9));       HOST_c2l(data,l); X(11)=l;
-        c->h1=(c->h1+B)&0xffffffffL;
+        BODY_00_15(10,C,D,E,T,A,B,X(10));       HOST_c2l(data,l); X(12)=l;
-        c->h2=(c->h2+C)&0xffffffffL;
+        BODY_00_15(11,B,C,D,E,T,A,X(11));       HOST_c2l(data,l); X(13)=l;
-        c->h3=(c->h3+D)&0xffffffffL;
+        BODY_00_15(12,A,B,C,D,E,T,X(12));       HOST_c2l(data,l); X(14)=l;
-        c->h4=(c->h4+E)&0xffffffffL;
+        BODY_00_15(13,T,A,B,C,D,E,X(13));       HOST_c2l(data,l); X(15)=l;
+        BODY_00_15(14,E,T,A,B,C,D,X(14));
-        if (--num == 0) break;
+        BODY_00_15(15,D,E,T,A,B,C,X(15));
+        BODY_16_19(16,C,D,E,T,A,B,X( 0),X( 0),X( 2),X( 8),X(13));
+        BODY_16_19(17,B,C,D,E,T,A,X( 1),X( 1),X( 3),X( 9),X(14));
+        BODY_16_19(18,A,B,C,D,E,T,X( 2),X( 2),X( 4),X(10),X(15));
+        BODY_16_19(19,T,A,B,C,D,E,X( 3),X( 3),X( 5),X(11),X( 0));
+        BODY_20_31(20,E,T,A,B,C,D,X( 4),X( 4),X( 6),X(12),X( 1));
+        BODY_20_31(21,D,E,T,A,B,C,X( 5),X( 5),X( 7),X(13),X( 2));
+        BODY_20_31(22,C,D,E,T,A,B,X( 6),X( 6),X( 8),X(14),X( 3));
+        BODY_20_31(23,B,C,D,E,T,A,X( 7),X( 7),X( 9),X(15),X( 4));
+        BODY_20_31(24,A,B,C,D,E,T,X( 8),X( 8),X(10),X( 0),X( 5));
+        BODY_20_31(25,T,A,B,C,D,E,X( 9),X( 9),X(11),X( 1),X( 6));
+        BODY_20_31(26,E,T,A,B,C,D,X(10),X(10),X(12),X( 2),X( 7));
+        BODY_20_31(27,D,E,T,A,B,C,X(11),X(11),X(13),X( 3),X( 8));
+        BODY_20_31(28,C,D,E,T,A,B,X(12),X(12),X(14),X( 4),X( 9));
+        BODY_20_31(29,B,C,D,E,T,A,X(13),X(13),X(15),X( 5),X(10));
+        BODY_20_31(30,A,B,C,D,E,T,X(14),X(14),X( 0),X( 6),X(11));
+        BODY_20_31(31,T,A,B,C,D,E,X(15),X(15),X( 1),X( 7),X(12));
+        BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13));
+        BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14));
+        BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15));
+        BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0));
+        BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1));
+        BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2));
+        BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3));
+        BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4));
+        BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5));
+        BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6));
+        BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7));
+        BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8));
+        BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9));
+        BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10));
+        BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11));
+        BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12));
+        BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13));
+        BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14));
+        BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15));
+        BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0));
+        BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1));
+        BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2));
+        BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3));
+        BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4));
+        BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5));
+        BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6));
+        BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7));
+        BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8));
+        BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9));
+        BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10));
+        BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11));
+        BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12));
+        BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13));
+        BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14));
+        BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15));
+        BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0));
+        BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1));
+        BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2));
+        BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3));
+        BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4));
+        BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5));
+        BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6));
+        BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7));
+        BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8));
+        BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9));
+        BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10));
+        BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11));
+        BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12));
+        
+        c->h0=(c->h0+E)&0xffffffffL; 
+        c->h1=(c->h1+T)&0xffffffffL;
+        c->h2=(c->h2+A)&0xffffffffL;
+        c->h3=(c->h3+B)&0xffffffffL;
+        c->h4=(c->h4+C)&0xffffffffL;
+        if (--num <= 0) break;
        A=c->h0;
        B=c->h1;
@@ -435,5 +479,3 @@ static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
                }
        }
 #endif
-#endif
diff --git a/src/lib/libcrypto/sha/sha_one.c b/src/lib/libcrypto/sha/sha_one.c
new file mode 100644
index 0000000000..d4f4d344df
--- /dev/null
+++ b/src/lib/libcrypto/sha/sha_one.c
@@ -0,0 +1,78 @@
+/* crypto/sha/sha_one.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <openssl/sha.h>
+#include <openssl/crypto.h>
+#ifndef OPENSSL_NO_SHA0
+unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md)
+        {
+        SHA_CTX c;
+        static unsigned char m[SHA_DIGEST_LENGTH];
+        if (md == NULL) md=m;
+        if (!SHA_Init(&c))
+                return NULL;
+        SHA_Update(&c,d,n);
+        SHA_Final(md,&c);
+        OPENSSL_cleanse(&c,sizeof(c));
+        return(md);
+        }
+#endif
diff --git a/src/lib/libcrypto/sha/shatest.c b/src/lib/libcrypto/sha/shatest.c
new file mode 100644
index 0000000000..ff702aa53e
--- /dev/null
+++ b/src/lib/libcrypto/sha/shatest.c
@@ -0,0 +1,174 @@
+/* crypto/sha/shatest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "../e_os.h"
+#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0)
+int main(int argc, char *argv[])
+{
+    printf("No SHA0 support\n");
+    return(0);
+}
+#else
+#include <openssl/evp.h>
+#include <openssl/sha.h>
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+#define SHA_0 /* FIPS 180 */
+#undef  SHA_1 /* FIPS 180-1 */
+static char *test[]={
+        "abc",
+        "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+        NULL,
+        };
+#ifdef SHA_0
+static char *ret[]={
+        "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
+        "d2516ee1acfa5baf33dfc1c471e438449ef134c8",
+        };
+static char *bigret=
+        "3232affa48628a26653b5aaa44541fd90d690603";
+#endif
+#ifdef SHA_1
+static char *ret[]={
+        "a9993e364706816aba3e25717850c26c9cd0d89d",
+        "84983e441c3bd26ebaae4aa1f95129e5e54670f1",
+        };
+static char *bigret=
+        "34aa973cd4c4daa4f61eeb2bdbad27316534016f";
+#endif
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
+        {
+        int i,err=0;
+        unsigned char **P,**R;
+        static unsigned char buf[1000];
+        char *p,*r;
+        EVP_MD_CTX c;
+        unsigned char md[SHA_DIGEST_LENGTH];
+#ifdef CHARSET_EBCDIC
+        ebcdic2ascii(test[0], test[0], strlen(test[0]));
+        ebcdic2ascii(test[1], test[1], strlen(test[1]));
+#endif
+        EVP_MD_CTX_init(&c);
+        P=(unsigned char **)test;
+        R=(unsigned char **)ret;
+        i=1;
+        while (*P != NULL)
+                {
+                EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha(), NULL);
+                p=pt(md);
+                if (strcmp(p,(char *)*R) != 0)
+                        {
+                        printf("error calculating SHA on '%s'\n",*P);
+                        printf("got %s instead of %s\n",p,*R);
+                        err++;
+                        }
+                else
+                        printf("test %d ok\n",i);
+                i++;
+                R++;
+                P++;
+                }
+        memset(buf,'a',1000);
+#ifdef CHARSET_EBCDIC
+        ebcdic2ascii(buf, buf, 1000);
+#endif /*CHARSET_EBCDIC*/
+        EVP_DigestInit_ex(&c,EVP_sha(), NULL);
+        for (i=0; i<1000; i++)
+                EVP_DigestUpdate(&c,buf,1000);
+        EVP_DigestFinal_ex(&c,md,NULL);
+        p=pt(md);
+        r=bigret;
+        if (strcmp(p,r) != 0)
+                {
+                printf("error calculating SHA on '%s'\n",p);
+                printf("got %s instead of %s\n",p,r);
+                err++;
+                }
+        else
+                printf("test 3 ok\n");
+        EVP_MD_CTX_cleanup(&c);
+        EXIT(err);
+        return(0);
+        }
+static char *pt(unsigned char *md)
+        {
+        int i;
+        static char buf[80];
+        for (i=0; i<SHA_DIGEST_LENGTH; i++)
+                sprintf(&(buf[i*2]),"%02x",md[i]);
+        return(buf);
+        }
+#endif
diff --git a/src/lib/libcrypto/stack/Makefile b/src/lib/libcrypto/stack/Makefile
new file mode 100644
index 0000000000..5327692ac8
--- /dev/null
+++ b/src/lib/libcrypto/stack/Makefile
@@ -0,0 +1,84 @@
+#
+# OpenSSL/crypto/stack/Makefile
+#
+DIR=    stack
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=stack.c
+LIBOBJ=stack.o
+SRC= $(LIBSRC)
+EXHEADER= stack.h safestack.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+stack.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+stack.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+stack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+stack.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+stack.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+stack.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+stack.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+stack.o: ../../include/openssl/symhacks.h ../cryptlib.h stack.c
diff --git a/src/lib/libcrypto/stack/Makefile.ssl b/src/lib/libcrypto/stack/Makefile.ssl
new file mode 100644
index 0000000000..7120fb804a
--- /dev/null
+++ b/src/lib/libcrypto/stack/Makefile.ssl
@@ -0,0 +1,88 @@
+#
+# SSLeay/crypto/stack/Makefile
+#
+DIR=    stack
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=stack.c
+LIBOBJ=stack.o
+SRC= $(LIBSRC)
+EXHEADER= stack.h safestack.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+stack.o: ../../e_os.h ../../include/openssl/bio.h
+stack.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+stack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+stack.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+stack.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+stack.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+stack.o: ../cryptlib.h stack.c
diff --git a/src/lib/libcrypto/stack/safestack.h b/src/lib/libcrypto/stack/safestack.h
index 78cc485e6d..6010b7f122 100644
--- a/src/lib/libcrypto/stack/safestack.h
+++ b/src/lib/libcrypto/stack/safestack.h
@@ -55,22 +55,13 @@
 #ifndef HEADER_SAFESTACK_H
 #define HEADER_SAFESTACK_H
+typedef void (*openssl_fptr)(void);
+#define openssl_fcast(f) ((openssl_fptr)f)
 #include <openssl/stack.h>
 #ifdef DEBUG_SAFESTACK
-#ifndef CHECKED_PTR_OF
-#define CHECKED_PTR_OF(type, p) \
-    ((void*) (1 ? p : (type*)0))
-#endif
-#define CHECKED_SK_FREE_FUNC(type, p) \
-    ((void (*)(void *)) ((1 ? p : (void (*)(type *))0)))
-#define CHECKED_SK_CMP_FUNC(type, p) \
-    ((int (*)(const char * const *, const char * const *)) \
-        ((1 ? p : (int (*)(const type * const *, const type * const *))0)))
 #define STACK_OF(type) struct stack_st_##type
 #define PREDECLARE_STACK_OF(type) STACK_OF(type);
@@ -85,71 +76,75 @@ STACK_OF(type) \
 /* SKM_sk_... stack macros are internal to safestack.h:
 * never use them directly, use sk_<type>_... instead */
 #define SKM_sk_new(type, cmp) \
-        ((STACK_OF(type) *)sk_new(CHECKED_SK_CMP_FUNC(type, cmp)))
+        ((STACK_OF(type) * (*)(int (*)(const type * const *, const type * const *)))openssl_fcast(sk_new))(cmp)
 #define SKM_sk_new_null(type) \
-        ((STACK_OF(type) *)sk_new_null())
+        ((STACK_OF(type) * (*)(void))openssl_fcast(sk_new_null))()
 #define SKM_sk_free(type, st) \
-        sk_free(CHECKED_PTR_OF(STACK_OF(type), st))
+        ((void (*)(STACK_OF(type) *))openssl_fcast(sk_free))(st)
 #define SKM_sk_num(type, st) \
-        sk_num(CHECKED_PTR_OF(STACK_OF(type), st))
+        ((int (*)(const STACK_OF(type) *))openssl_fcast(sk_num))(st)
 #define SKM_sk_value(type, st,i) \
-        ((type *)sk_value(CHECKED_PTR_OF(STACK_OF(type), st), i))
+        ((type * (*)(const STACK_OF(type) *, int))openssl_fcast(sk_value))(st, i)
 #define SKM_sk_set(type, st,i,val) \
-        sk_set(CHECKED_PTR_OF(STACK_OF(type), st), i, CHECKED_PTR_OF(type, val))
+        ((type * (*)(STACK_OF(type) *, int, type *))openssl_fcast(sk_set))(st, i, val)
 #define SKM_sk_zero(type, st) \
-        sk_zero(CHECKED_PTR_OF(STACK_OF(type), st))
+        ((void (*)(STACK_OF(type) *))openssl_fcast(sk_zero))(st)
 #define SKM_sk_push(type, st,val) \
-        sk_push(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val))
+        ((int (*)(STACK_OF(type) *, type *))openssl_fcast(sk_push))(st, val)
 #define SKM_sk_unshift(type, st,val) \
-        sk_unshift(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val))
+        ((int (*)(STACK_OF(type) *, type *))openssl_fcast(sk_unshift))(st, val)
 #define SKM_sk_find(type, st,val) \
-        sk_find(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val))
+        ((int (*)(STACK_OF(type) *, type *))openssl_fcast(sk_find))(st, val)
 #define SKM_sk_delete(type, st,i) \
-        (type *)sk_delete(CHECKED_PTR_OF(STACK_OF(type), st), i)
+        ((type * (*)(STACK_OF(type) *, int))openssl_fcast(sk_delete))(st, i)
 #define SKM_sk_delete_ptr(type, st,ptr) \
-        (type *)sk_delete_ptr(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, ptr))
+        ((type * (*)(STACK_OF(type) *, type *))openssl_fcast(sk_delete_ptr))(st, ptr)
 #define SKM_sk_insert(type, st,val,i) \
-        sk_insert(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_PTR_OF(type, val), i)
+        ((int (*)(STACK_OF(type) *, type *, int))openssl_fcast(sk_insert))(st, val, i)
 #define SKM_sk_set_cmp_func(type, st,cmp) \
-        ((int (*)(const type * const *,const type * const *)) \
+        ((int (*(*)(STACK_OF(type) *, int (*)(const type * const *, const type * const *))) \
-        sk_set_cmp_func(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_CMP_FUNC(type, cmp)))
+          (const type * const *, const type * const *))openssl_fcast(sk_set_cmp_func))\
+        (st, cmp)
 #define SKM_sk_dup(type, st) \
-        (STACK_OF(type) *)sk_dup(CHECKED_PTR_OF(STACK_OF(type), st))
+        ((STACK_OF(type) *(*)(STACK_OF(type) *))openssl_fcast(sk_dup))(st)
 #define SKM_sk_pop_free(type, st,free_func) \
-        sk_pop_free(CHECKED_PTR_OF(STACK_OF(type), st), CHECKED_SK_FREE_FUNC(type, free_func))
+        ((void (*)(STACK_OF(type) *, void (*)(type *)))openssl_fcast(sk_pop_free))\
+        (st, free_func)
 #define SKM_sk_shift(type, st) \
-        (type *)sk_shift(CHECKED_PTR_OF(STACK_OF(type), st))
+        ((type * (*)(STACK_OF(type) *))openssl_fcast(sk_shift))(st)
 #define SKM_sk_pop(type, st) \
-        (type *)sk_pop(CHECKED_PTR_OF(STACK_OF(type), st))
+        ((type * (*)(STACK_OF(type) *))openssl_fcast(sk_pop))(st)
 #define SKM_sk_sort(type, st) \
-        sk_sort(CHECKED_PTR_OF(STACK_OF(type), st))
+        ((void (*)(STACK_OF(type) *))openssl_fcast(sk_sort))(st)
 #define SKM_sk_is_sorted(type, st) \
-        sk_is_sorted(CHECKED_PTR_OF(STACK_OF(type), st))
+        ((int (*)(const STACK_OF(type) *))openssl_fcast(sk_is_sorted))(st)
 #define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        (STACK_OF(type) *)d2i_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type), st), \
+        ((STACK_OF(type) * (*) (STACK_OF(type) **,unsigned char **, long , \
-                                pp, length, \
+                                       type *(*)(type **, unsigned char **,long), \
-                                CHECKED_D2I_OF(type, d2i_func), \
+                                       void (*)(type *), int ,int )) openssl_fcast(d2i_ASN1_SET)) \
-                                CHECKED_SK_FREE_FUNC(type, free_func), \
+                                                (st,pp,length, d2i_func, free_func, ex_tag,ex_class)
-                                ex_tag, ex_class)
 #define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        i2d_ASN1_SET(CHECKED_PTR_OF(STACK_OF(type), st), pp, \
+        ((int (*)(STACK_OF(type) *,unsigned char **, \
-                                CHECKED_I2D_OF(type, i2d_func), \
+                           int (*)(type *,unsigned char **), int , int , int)) openssl_fcast(i2d_ASN1_SET)) \
-                                ex_tag, ex_class, is_set)
+                                                (st,pp,i2d_func,ex_tag,ex_class,is_set)
 #define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \
-        ASN1_seq_pack(CHECKED_PTR_OF(STACK_OF(type), st), \
+        ((unsigned char *(*)(STACK_OF(type) *, \
-                        CHECKED_I2D_OF(type, i2d_func), buf, len)
+                                    int (*)(type *,unsigned char **), unsigned char **,int *)) openssl_fcast(ASN1_seq_pack)) \
+                                (st, i2d_func, buf, len)
 #define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \
-        (STACK_OF(type) *)ASN1_seq_unpack(buf, len, CHECKED_D2I_OF(type, d2i_func), CHECKED_SK_FREE_FUNC(type, free_func))
+        ((STACK_OF(type) * (*)(unsigned char *,int, \
+                                       type *(*)(type **,unsigned char **, long), \
+                                       void (*)(type *)))openssl_fcast(ASN1_seq_unpack)) \
+                                        (buf,len,d2i_func, free_func)
 #define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \
-        (STACK_OF(type) *)PKCS12_decrypt_d2i(algor, \
+        ((STACK_OF(type) * (*)(X509_ALGOR *, \
-                                CHECKED_D2I_OF(type, d2i_func), \
+                                type *(*)(type **, unsigned char **, long), void (*)(type *), \
-                                CHECKED_SK_FREE_FUNC(type, free_func), \
+                                const char *, int, \
-                                pass, passlen, oct, seq)
+                                ASN1_STRING *, int))openssl_fcast(PKCS12_decrypt_d2i)) \
+                                (algor,d2i_func,free_func,pass,passlen,oct,seq)
 #else
@@ -175,7 +170,7 @@ STACK_OF(type) \
 #define SKM_sk_push(type, st,val) \
        sk_push(st, (char *)val)
 #define SKM_sk_unshift(type, st,val) \
-        sk_unshift(st, (char *)val)
+        sk_unshift(st, val)
 #define SKM_sk_find(type, st,val) \
        sk_find(st, (char *)val)
 #define SKM_sk_delete(type, st,i) \
@@ -201,14 +196,14 @@ STACK_OF(type) \
        sk_is_sorted(st)
 #define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
-        d2i_ASN1_SET(st,pp,length, (void *(*)(void ** ,const unsigned char ** ,long))d2i_func, (void (*)(void *))free_func, ex_tag,ex_class)
+        d2i_ASN1_SET(st,pp,length, (char *(*)())d2i_func, (void (*)(void *))free_func, ex_tag,ex_class)
 #define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \
-        i2d_ASN1_SET(st,pp,(int (*)(void *, unsigned char **))i2d_func,ex_tag,ex_class,is_set)
+        i2d_ASN1_SET(st,pp,i2d_func,ex_tag,ex_class,is_set)
 #define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \
-        ASN1_seq_pack(st, (int (*)(void *, unsigned char **))i2d_func, buf, len)
+        ASN1_seq_pack(st, i2d_func, buf, len)
 #define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \
-        ASN1_seq_unpack(buf,len,(void *(*)(void **,const unsigned char **,long))d2i_func, (void(*)(void *))free_func)
+        ASN1_seq_unpack(buf,len,(char *(*)())d2i_func, (void(*)(void *))free_func)
 #define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \
        ((STACK *)PKCS12_decrypt_d2i(algor,(char *(*)())d2i_func, (void(*)(void *))free_func,pass,passlen,oct,seq))
@@ -226,7 +221,6 @@ STACK_OF(type) \
 #define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val))
 #define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val))
 #define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val))
-#define sk_ACCESS_DESCRIPTION_find_ex(st, val) SKM_sk_find_ex(ACCESS_DESCRIPTION, (st), (val))
 #define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i))
 #define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr))
 #define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i))
@@ -238,28 +232,6 @@ STACK_OF(type) \
 #define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st))
 #define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st))
-#define sk_ASIdOrRange_new(st) SKM_sk_new(ASIdOrRange, (st))
-#define sk_ASIdOrRange_new_null() SKM_sk_new_null(ASIdOrRange)
-#define sk_ASIdOrRange_free(st) SKM_sk_free(ASIdOrRange, (st))
-#define sk_ASIdOrRange_num(st) SKM_sk_num(ASIdOrRange, (st))
-#define sk_ASIdOrRange_value(st, i) SKM_sk_value(ASIdOrRange, (st), (i))
-#define sk_ASIdOrRange_set(st, i, val) SKM_sk_set(ASIdOrRange, (st), (i), (val))
-#define sk_ASIdOrRange_zero(st) SKM_sk_zero(ASIdOrRange, (st))
-#define sk_ASIdOrRange_push(st, val) SKM_sk_push(ASIdOrRange, (st), (val))
-#define sk_ASIdOrRange_unshift(st, val) SKM_sk_unshift(ASIdOrRange, (st), (val))
-#define sk_ASIdOrRange_find(st, val) SKM_sk_find(ASIdOrRange, (st), (val))
-#define sk_ASIdOrRange_find_ex(st, val) SKM_sk_find_ex(ASIdOrRange, (st), (val))
-#define sk_ASIdOrRange_delete(st, i) SKM_sk_delete(ASIdOrRange, (st), (i))
-#define sk_ASIdOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASIdOrRange, (st), (ptr))
-#define sk_ASIdOrRange_insert(st, val, i) SKM_sk_insert(ASIdOrRange, (st), (val), (i))
-#define sk_ASIdOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASIdOrRange, (st), (cmp))
-#define sk_ASIdOrRange_dup(st) SKM_sk_dup(ASIdOrRange, st)
-#define sk_ASIdOrRange_pop_free(st, free_func) SKM_sk_pop_free(ASIdOrRange, (st), (free_func))
-#define sk_ASIdOrRange_shift(st) SKM_sk_shift(ASIdOrRange, (st))
-#define sk_ASIdOrRange_pop(st) SKM_sk_pop(ASIdOrRange, (st))
-#define sk_ASIdOrRange_sort(st) SKM_sk_sort(ASIdOrRange, (st))
-#define sk_ASIdOrRange_is_sorted(st) SKM_sk_is_sorted(ASIdOrRange, (st))
 #define sk_ASN1_GENERALSTRING_new(st) SKM_sk_new(ASN1_GENERALSTRING, (st))
 #define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING)
 #define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st))
@@ -270,7 +242,6 @@ STACK_OF(type) \
 #define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val))
 #define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val))
 #define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val))
-#define sk_ASN1_GENERALSTRING_find_ex(st, val) SKM_sk_find_ex(ASN1_GENERALSTRING, (st), (val))
 #define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i))
 #define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr))
 #define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i))
@@ -292,7 +263,6 @@ STACK_OF(type) \
 #define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val))
 #define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val))
 #define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val))
-#define sk_ASN1_INTEGER_find_ex(st, val) SKM_sk_find_ex(ASN1_INTEGER, (st), (val))
 #define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i))
 #define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr))
 #define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i))
@@ -314,7 +284,6 @@ STACK_OF(type) \
 #define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val))
 #define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val))
 #define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val))
-#define sk_ASN1_OBJECT_find_ex(st, val) SKM_sk_find_ex(ASN1_OBJECT, (st), (val))
 #define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i))
 #define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr))
 #define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i))
@@ -336,7 +305,6 @@ STACK_OF(type) \
 #define sk_ASN1_STRING_TABLE_push(st, val) SKM_sk_push(ASN1_STRING_TABLE, (st), (val))
 #define sk_ASN1_STRING_TABLE_unshift(st, val) SKM_sk_unshift(ASN1_STRING_TABLE, (st), (val))
 #define sk_ASN1_STRING_TABLE_find(st, val) SKM_sk_find(ASN1_STRING_TABLE, (st), (val))
-#define sk_ASN1_STRING_TABLE_find_ex(st, val) SKM_sk_find_ex(ASN1_STRING_TABLE, (st), (val))
 #define sk_ASN1_STRING_TABLE_delete(st, i) SKM_sk_delete(ASN1_STRING_TABLE, (st), (i))
 #define sk_ASN1_STRING_TABLE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_STRING_TABLE, (st), (ptr))
 #define sk_ASN1_STRING_TABLE_insert(st, val, i) SKM_sk_insert(ASN1_STRING_TABLE, (st), (val), (i))
@@ -358,7 +326,6 @@ STACK_OF(type) \
 #define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val))
 #define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val))
 #define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val))
-#define sk_ASN1_TYPE_find_ex(st, val) SKM_sk_find_ex(ASN1_TYPE, (st), (val))
 #define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i))
 #define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr))
 #define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i))
@@ -380,7 +347,6 @@ STACK_OF(type) \
 #define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val))
 #define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val))
 #define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val))
-#define sk_ASN1_VALUE_find_ex(st, val) SKM_sk_find_ex(ASN1_VALUE, (st), (val))
 #define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i))
 #define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr))
 #define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i))
@@ -402,7 +368,6 @@ STACK_OF(type) \
 #define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val))
 #define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val))
 #define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val))
-#define sk_BIO_find_ex(st, val) SKM_sk_find_ex(BIO, (st), (val))
 #define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i))
 #define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr))
 #define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i))
@@ -414,94 +379,6 @@ STACK_OF(type) \
 #define sk_BIO_sort(st) SKM_sk_sort(BIO, (st))
 #define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st))
-#define sk_CMS_CertificateChoices_new(st) SKM_sk_new(CMS_CertificateChoices, (st))
-#define sk_CMS_CertificateChoices_new_null() SKM_sk_new_null(CMS_CertificateChoices)
-#define sk_CMS_CertificateChoices_free(st) SKM_sk_free(CMS_CertificateChoices, (st))
-#define sk_CMS_CertificateChoices_num(st) SKM_sk_num(CMS_CertificateChoices, (st))
-#define sk_CMS_CertificateChoices_value(st, i) SKM_sk_value(CMS_CertificateChoices, (st), (i))
-#define sk_CMS_CertificateChoices_set(st, i, val) SKM_sk_set(CMS_CertificateChoices, (st), (i), (val))
-#define sk_CMS_CertificateChoices_zero(st) SKM_sk_zero(CMS_CertificateChoices, (st))
-#define sk_CMS_CertificateChoices_push(st, val) SKM_sk_push(CMS_CertificateChoices, (st), (val))
-#define sk_CMS_CertificateChoices_unshift(st, val) SKM_sk_unshift(CMS_CertificateChoices, (st), (val))
-#define sk_CMS_CertificateChoices_find(st, val) SKM_sk_find(CMS_CertificateChoices, (st), (val))
-#define sk_CMS_CertificateChoices_find_ex(st, val) SKM_sk_find_ex(CMS_CertificateChoices, (st), (val))
-#define sk_CMS_CertificateChoices_delete(st, i) SKM_sk_delete(CMS_CertificateChoices, (st), (i))
-#define sk_CMS_CertificateChoices_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_CertificateChoices, (st), (ptr))
-#define sk_CMS_CertificateChoices_insert(st, val, i) SKM_sk_insert(CMS_CertificateChoices, (st), (val), (i))
-#define sk_CMS_CertificateChoices_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_CertificateChoices, (st), (cmp))
-#define sk_CMS_CertificateChoices_dup(st) SKM_sk_dup(CMS_CertificateChoices, st)
-#define sk_CMS_CertificateChoices_pop_free(st, free_func) SKM_sk_pop_free(CMS_CertificateChoices, (st), (free_func))
-#define sk_CMS_CertificateChoices_shift(st) SKM_sk_shift(CMS_CertificateChoices, (st))
-#define sk_CMS_CertificateChoices_pop(st) SKM_sk_pop(CMS_CertificateChoices, (st))
-#define sk_CMS_CertificateChoices_sort(st) SKM_sk_sort(CMS_CertificateChoices, (st))
-#define sk_CMS_CertificateChoices_is_sorted(st) SKM_sk_is_sorted(CMS_CertificateChoices, (st))
-#define sk_CMS_RecipientInfo_new(st) SKM_sk_new(CMS_RecipientInfo, (st))
-#define sk_CMS_RecipientInfo_new_null() SKM_sk_new_null(CMS_RecipientInfo)
-#define sk_CMS_RecipientInfo_free(st) SKM_sk_free(CMS_RecipientInfo, (st))
-#define sk_CMS_RecipientInfo_num(st) SKM_sk_num(CMS_RecipientInfo, (st))
-#define sk_CMS_RecipientInfo_value(st, i) SKM_sk_value(CMS_RecipientInfo, (st), (i))
-#define sk_CMS_RecipientInfo_set(st, i, val) SKM_sk_set(CMS_RecipientInfo, (st), (i), (val))
-#define sk_CMS_RecipientInfo_zero(st) SKM_sk_zero(CMS_RecipientInfo, (st))
-#define sk_CMS_RecipientInfo_push(st, val) SKM_sk_push(CMS_RecipientInfo, (st), (val))
-#define sk_CMS_RecipientInfo_unshift(st, val) SKM_sk_unshift(CMS_RecipientInfo, (st), (val))
-#define sk_CMS_RecipientInfo_find(st, val) SKM_sk_find(CMS_RecipientInfo, (st), (val))
-#define sk_CMS_RecipientInfo_find_ex(st, val) SKM_sk_find_ex(CMS_RecipientInfo, (st), (val))
-#define sk_CMS_RecipientInfo_delete(st, i) SKM_sk_delete(CMS_RecipientInfo, (st), (i))
-#define sk_CMS_RecipientInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientInfo, (st), (ptr))
-#define sk_CMS_RecipientInfo_insert(st, val, i) SKM_sk_insert(CMS_RecipientInfo, (st), (val), (i))
-#define sk_CMS_RecipientInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientInfo, (st), (cmp))
-#define sk_CMS_RecipientInfo_dup(st) SKM_sk_dup(CMS_RecipientInfo, st)
-#define sk_CMS_RecipientInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientInfo, (st), (free_func))
-#define sk_CMS_RecipientInfo_shift(st) SKM_sk_shift(CMS_RecipientInfo, (st))
-#define sk_CMS_RecipientInfo_pop(st) SKM_sk_pop(CMS_RecipientInfo, (st))
-#define sk_CMS_RecipientInfo_sort(st) SKM_sk_sort(CMS_RecipientInfo, (st))
-#define sk_CMS_RecipientInfo_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientInfo, (st))
-#define sk_CMS_RevocationInfoChoice_new(st) SKM_sk_new(CMS_RevocationInfoChoice, (st))
-#define sk_CMS_RevocationInfoChoice_new_null() SKM_sk_new_null(CMS_RevocationInfoChoice)
-#define sk_CMS_RevocationInfoChoice_free(st) SKM_sk_free(CMS_RevocationInfoChoice, (st))
-#define sk_CMS_RevocationInfoChoice_num(st) SKM_sk_num(CMS_RevocationInfoChoice, (st))
-#define sk_CMS_RevocationInfoChoice_value(st, i) SKM_sk_value(CMS_RevocationInfoChoice, (st), (i))
-#define sk_CMS_RevocationInfoChoice_set(st, i, val) SKM_sk_set(CMS_RevocationInfoChoice, (st), (i), (val))
-#define sk_CMS_RevocationInfoChoice_zero(st) SKM_sk_zero(CMS_RevocationInfoChoice, (st))
-#define sk_CMS_RevocationInfoChoice_push(st, val) SKM_sk_push(CMS_RevocationInfoChoice, (st), (val))
-#define sk_CMS_RevocationInfoChoice_unshift(st, val) SKM_sk_unshift(CMS_RevocationInfoChoice, (st), (val))
-#define sk_CMS_RevocationInfoChoice_find(st, val) SKM_sk_find(CMS_RevocationInfoChoice, (st), (val))
-#define sk_CMS_RevocationInfoChoice_find_ex(st, val) SKM_sk_find_ex(CMS_RevocationInfoChoice, (st), (val))
-#define sk_CMS_RevocationInfoChoice_delete(st, i) SKM_sk_delete(CMS_RevocationInfoChoice, (st), (i))
-#define sk_CMS_RevocationInfoChoice_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RevocationInfoChoice, (st), (ptr))
-#define sk_CMS_RevocationInfoChoice_insert(st, val, i) SKM_sk_insert(CMS_RevocationInfoChoice, (st), (val), (i))
-#define sk_CMS_RevocationInfoChoice_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RevocationInfoChoice, (st), (cmp))
-#define sk_CMS_RevocationInfoChoice_dup(st) SKM_sk_dup(CMS_RevocationInfoChoice, st)
-#define sk_CMS_RevocationInfoChoice_pop_free(st, free_func) SKM_sk_pop_free(CMS_RevocationInfoChoice, (st), (free_func))
-#define sk_CMS_RevocationInfoChoice_shift(st) SKM_sk_shift(CMS_RevocationInfoChoice, (st))
-#define sk_CMS_RevocationInfoChoice_pop(st) SKM_sk_pop(CMS_RevocationInfoChoice, (st))
-#define sk_CMS_RevocationInfoChoice_sort(st) SKM_sk_sort(CMS_RevocationInfoChoice, (st))
-#define sk_CMS_RevocationInfoChoice_is_sorted(st) SKM_sk_is_sorted(CMS_RevocationInfoChoice, (st))
-#define sk_CMS_SignerInfo_new(st) SKM_sk_new(CMS_SignerInfo, (st))
-#define sk_CMS_SignerInfo_new_null() SKM_sk_new_null(CMS_SignerInfo)
-#define sk_CMS_SignerInfo_free(st) SKM_sk_free(CMS_SignerInfo, (st))
-#define sk_CMS_SignerInfo_num(st) SKM_sk_num(CMS_SignerInfo, (st))
-#define sk_CMS_SignerInfo_value(st, i) SKM_sk_value(CMS_SignerInfo, (st), (i))
-#define sk_CMS_SignerInfo_set(st, i, val) SKM_sk_set(CMS_SignerInfo, (st), (i), (val))
-#define sk_CMS_SignerInfo_zero(st) SKM_sk_zero(CMS_SignerInfo, (st))
-#define sk_CMS_SignerInfo_push(st, val) SKM_sk_push(CMS_SignerInfo, (st), (val))
-#define sk_CMS_SignerInfo_unshift(st, val) SKM_sk_unshift(CMS_SignerInfo, (st), (val))
-#define sk_CMS_SignerInfo_find(st, val) SKM_sk_find(CMS_SignerInfo, (st), (val))
-#define sk_CMS_SignerInfo_find_ex(st, val) SKM_sk_find_ex(CMS_SignerInfo, (st), (val))
-#define sk_CMS_SignerInfo_delete(st, i) SKM_sk_delete(CMS_SignerInfo, (st), (i))
-#define sk_CMS_SignerInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_SignerInfo, (st), (ptr))
-#define sk_CMS_SignerInfo_insert(st, val, i) SKM_sk_insert(CMS_SignerInfo, (st), (val), (i))
-#define sk_CMS_SignerInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_SignerInfo, (st), (cmp))
-#define sk_CMS_SignerInfo_dup(st) SKM_sk_dup(CMS_SignerInfo, st)
-#define sk_CMS_SignerInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_SignerInfo, (st), (free_func))
-#define sk_CMS_SignerInfo_shift(st) SKM_sk_shift(CMS_SignerInfo, (st))
-#define sk_CMS_SignerInfo_pop(st) SKM_sk_pop(CMS_SignerInfo, (st))
-#define sk_CMS_SignerInfo_sort(st) SKM_sk_sort(CMS_SignerInfo, (st))
-#define sk_CMS_SignerInfo_is_sorted(st) SKM_sk_is_sorted(CMS_SignerInfo, (st))
 #define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st))
 #define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE)
 #define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st))
@@ -512,7 +389,6 @@ STACK_OF(type) \
 #define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val))
 #define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val))
 #define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val))
-#define sk_CONF_IMODULE_find_ex(st, val) SKM_sk_find_ex(CONF_IMODULE, (st), (val))
 #define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i))
 #define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr))
 #define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i))
@@ -534,7 +410,6 @@ STACK_OF(type) \
 #define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val))
 #define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val))
 #define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val))
-#define sk_CONF_MODULE_find_ex(st, val) SKM_sk_find_ex(CONF_MODULE, (st), (val))
 #define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i))
 #define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr))
 #define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i))
@@ -556,7 +431,6 @@ STACK_OF(type) \
 #define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val))
 #define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val))
 #define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val))
-#define sk_CONF_VALUE_find_ex(st, val) SKM_sk_find_ex(CONF_VALUE, (st), (val))
 #define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i))
 #define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr))
 #define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i))
@@ -578,7 +452,6 @@ STACK_OF(type) \
 #define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val))
 #define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val))
 #define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val))
-#define sk_CRYPTO_EX_DATA_FUNCS_find_ex(st, val) SKM_sk_find_ex(CRYPTO_EX_DATA_FUNCS, (st), (val))
 #define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i))
 #define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr))
 #define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i))
@@ -600,7 +473,6 @@ STACK_OF(type) \
 #define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val))
 #define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val))
 #define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val))
-#define sk_CRYPTO_dynlock_find_ex(st, val) SKM_sk_find_ex(CRYPTO_dynlock, (st), (val))
 #define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i))
 #define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr))
 #define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i))
@@ -622,7 +494,6 @@ STACK_OF(type) \
 #define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val))
 #define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val))
 #define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val))
-#define sk_DIST_POINT_find_ex(st, val) SKM_sk_find_ex(DIST_POINT, (st), (val))
 #define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i))
 #define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr))
 #define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i))
@@ -644,7 +515,6 @@ STACK_OF(type) \
 #define sk_ENGINE_push(st, val) SKM_sk_push(ENGINE, (st), (val))
 #define sk_ENGINE_unshift(st, val) SKM_sk_unshift(ENGINE, (st), (val))
 #define sk_ENGINE_find(st, val) SKM_sk_find(ENGINE, (st), (val))
-#define sk_ENGINE_find_ex(st, val) SKM_sk_find_ex(ENGINE, (st), (val))
 #define sk_ENGINE_delete(st, i) SKM_sk_delete(ENGINE, (st), (i))
 #define sk_ENGINE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE, (st), (ptr))
 #define sk_ENGINE_insert(st, val, i) SKM_sk_insert(ENGINE, (st), (val), (i))
@@ -666,7 +536,6 @@ STACK_OF(type) \
 #define sk_ENGINE_CLEANUP_ITEM_push(st, val) SKM_sk_push(ENGINE_CLEANUP_ITEM, (st), (val))
 #define sk_ENGINE_CLEANUP_ITEM_unshift(st, val) SKM_sk_unshift(ENGINE_CLEANUP_ITEM, (st), (val))
 #define sk_ENGINE_CLEANUP_ITEM_find(st, val) SKM_sk_find(ENGINE_CLEANUP_ITEM, (st), (val))
-#define sk_ENGINE_CLEANUP_ITEM_find_ex(st, val) SKM_sk_find_ex(ENGINE_CLEANUP_ITEM, (st), (val))
 #define sk_ENGINE_CLEANUP_ITEM_delete(st, i) SKM_sk_delete(ENGINE_CLEANUP_ITEM, (st), (i))
 #define sk_ENGINE_CLEANUP_ITEM_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE_CLEANUP_ITEM, (st), (ptr))
 #define sk_ENGINE_CLEANUP_ITEM_insert(st, val, i) SKM_sk_insert(ENGINE_CLEANUP_ITEM, (st), (val), (i))
@@ -688,7 +557,6 @@ STACK_OF(type) \
 #define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val))
 #define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val))
 #define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val))
-#define sk_GENERAL_NAME_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAME, (st), (val))
 #define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i))
 #define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr))
 #define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i))
@@ -700,94 +568,6 @@ STACK_OF(type) \
 #define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st))
 #define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st))
-#define sk_GENERAL_NAMES_new(st) SKM_sk_new(GENERAL_NAMES, (st))
-#define sk_GENERAL_NAMES_new_null() SKM_sk_new_null(GENERAL_NAMES)
-#define sk_GENERAL_NAMES_free(st) SKM_sk_free(GENERAL_NAMES, (st))
-#define sk_GENERAL_NAMES_num(st) SKM_sk_num(GENERAL_NAMES, (st))
-#define sk_GENERAL_NAMES_value(st, i) SKM_sk_value(GENERAL_NAMES, (st), (i))
-#define sk_GENERAL_NAMES_set(st, i, val) SKM_sk_set(GENERAL_NAMES, (st), (i), (val))
-#define sk_GENERAL_NAMES_zero(st) SKM_sk_zero(GENERAL_NAMES, (st))
-#define sk_GENERAL_NAMES_push(st, val) SKM_sk_push(GENERAL_NAMES, (st), (val))
-#define sk_GENERAL_NAMES_unshift(st, val) SKM_sk_unshift(GENERAL_NAMES, (st), (val))
-#define sk_GENERAL_NAMES_find(st, val) SKM_sk_find(GENERAL_NAMES, (st), (val))
-#define sk_GENERAL_NAMES_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAMES, (st), (val))
-#define sk_GENERAL_NAMES_delete(st, i) SKM_sk_delete(GENERAL_NAMES, (st), (i))
-#define sk_GENERAL_NAMES_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAMES, (st), (ptr))
-#define sk_GENERAL_NAMES_insert(st, val, i) SKM_sk_insert(GENERAL_NAMES, (st), (val), (i))
-#define sk_GENERAL_NAMES_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAMES, (st), (cmp))
-#define sk_GENERAL_NAMES_dup(st) SKM_sk_dup(GENERAL_NAMES, st)
-#define sk_GENERAL_NAMES_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAMES, (st), (free_func))
-#define sk_GENERAL_NAMES_shift(st) SKM_sk_shift(GENERAL_NAMES, (st))
-#define sk_GENERAL_NAMES_pop(st) SKM_sk_pop(GENERAL_NAMES, (st))
-#define sk_GENERAL_NAMES_sort(st) SKM_sk_sort(GENERAL_NAMES, (st))
-#define sk_GENERAL_NAMES_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAMES, (st))
-#define sk_GENERAL_SUBTREE_new(st) SKM_sk_new(GENERAL_SUBTREE, (st))
-#define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE)
-#define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st))
-#define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st))
-#define sk_GENERAL_SUBTREE_value(st, i) SKM_sk_value(GENERAL_SUBTREE, (st), (i))
-#define sk_GENERAL_SUBTREE_set(st, i, val) SKM_sk_set(GENERAL_SUBTREE, (st), (i), (val))
-#define sk_GENERAL_SUBTREE_zero(st) SKM_sk_zero(GENERAL_SUBTREE, (st))
-#define sk_GENERAL_SUBTREE_push(st, val) SKM_sk_push(GENERAL_SUBTREE, (st), (val))
-#define sk_GENERAL_SUBTREE_unshift(st, val) SKM_sk_unshift(GENERAL_SUBTREE, (st), (val))
-#define sk_GENERAL_SUBTREE_find(st, val) SKM_sk_find(GENERAL_SUBTREE, (st), (val))
-#define sk_GENERAL_SUBTREE_find_ex(st, val) SKM_sk_find_ex(GENERAL_SUBTREE, (st), (val))
-#define sk_GENERAL_SUBTREE_delete(st, i) SKM_sk_delete(GENERAL_SUBTREE, (st), (i))
-#define sk_GENERAL_SUBTREE_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_SUBTREE, (st), (ptr))
-#define sk_GENERAL_SUBTREE_insert(st, val, i) SKM_sk_insert(GENERAL_SUBTREE, (st), (val), (i))
-#define sk_GENERAL_SUBTREE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_SUBTREE, (st), (cmp))
-#define sk_GENERAL_SUBTREE_dup(st) SKM_sk_dup(GENERAL_SUBTREE, st)
-#define sk_GENERAL_SUBTREE_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_SUBTREE, (st), (free_func))
-#define sk_GENERAL_SUBTREE_shift(st) SKM_sk_shift(GENERAL_SUBTREE, (st))
-#define sk_GENERAL_SUBTREE_pop(st) SKM_sk_pop(GENERAL_SUBTREE, (st))
-#define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st))
-#define sk_GENERAL_SUBTREE_is_sorted(st) SKM_sk_is_sorted(GENERAL_SUBTREE, (st))
-#define sk_IPAddressFamily_new(st) SKM_sk_new(IPAddressFamily, (st))
-#define sk_IPAddressFamily_new_null() SKM_sk_new_null(IPAddressFamily)
-#define sk_IPAddressFamily_free(st) SKM_sk_free(IPAddressFamily, (st))
-#define sk_IPAddressFamily_num(st) SKM_sk_num(IPAddressFamily, (st))
-#define sk_IPAddressFamily_value(st, i) SKM_sk_value(IPAddressFamily, (st), (i))
-#define sk_IPAddressFamily_set(st, i, val) SKM_sk_set(IPAddressFamily, (st), (i), (val))
-#define sk_IPAddressFamily_zero(st) SKM_sk_zero(IPAddressFamily, (st))
-#define sk_IPAddressFamily_push(st, val) SKM_sk_push(IPAddressFamily, (st), (val))
-#define sk_IPAddressFamily_unshift(st, val) SKM_sk_unshift(IPAddressFamily, (st), (val))
-#define sk_IPAddressFamily_find(st, val) SKM_sk_find(IPAddressFamily, (st), (val))
-#define sk_IPAddressFamily_find_ex(st, val) SKM_sk_find_ex(IPAddressFamily, (st), (val))
-#define sk_IPAddressFamily_delete(st, i) SKM_sk_delete(IPAddressFamily, (st), (i))
-#define sk_IPAddressFamily_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressFamily, (st), (ptr))
-#define sk_IPAddressFamily_insert(st, val, i) SKM_sk_insert(IPAddressFamily, (st), (val), (i))
-#define sk_IPAddressFamily_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressFamily, (st), (cmp))
-#define sk_IPAddressFamily_dup(st) SKM_sk_dup(IPAddressFamily, st)
-#define sk_IPAddressFamily_pop_free(st, free_func) SKM_sk_pop_free(IPAddressFamily, (st), (free_func))
-#define sk_IPAddressFamily_shift(st) SKM_sk_shift(IPAddressFamily, (st))
-#define sk_IPAddressFamily_pop(st) SKM_sk_pop(IPAddressFamily, (st))
-#define sk_IPAddressFamily_sort(st) SKM_sk_sort(IPAddressFamily, (st))
-#define sk_IPAddressFamily_is_sorted(st) SKM_sk_is_sorted(IPAddressFamily, (st))
-#define sk_IPAddressOrRange_new(st) SKM_sk_new(IPAddressOrRange, (st))
-#define sk_IPAddressOrRange_new_null() SKM_sk_new_null(IPAddressOrRange)
-#define sk_IPAddressOrRange_free(st) SKM_sk_free(IPAddressOrRange, (st))
-#define sk_IPAddressOrRange_num(st) SKM_sk_num(IPAddressOrRange, (st))
-#define sk_IPAddressOrRange_value(st, i) SKM_sk_value(IPAddressOrRange, (st), (i))
-#define sk_IPAddressOrRange_set(st, i, val) SKM_sk_set(IPAddressOrRange, (st), (i), (val))
-#define sk_IPAddressOrRange_zero(st) SKM_sk_zero(IPAddressOrRange, (st))
-#define sk_IPAddressOrRange_push(st, val) SKM_sk_push(IPAddressOrRange, (st), (val))
-#define sk_IPAddressOrRange_unshift(st, val) SKM_sk_unshift(IPAddressOrRange, (st), (val))
-#define sk_IPAddressOrRange_find(st, val) SKM_sk_find(IPAddressOrRange, (st), (val))
-#define sk_IPAddressOrRange_find_ex(st, val) SKM_sk_find_ex(IPAddressOrRange, (st), (val))
-#define sk_IPAddressOrRange_delete(st, i) SKM_sk_delete(IPAddressOrRange, (st), (i))
-#define sk_IPAddressOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressOrRange, (st), (ptr))
-#define sk_IPAddressOrRange_insert(st, val, i) SKM_sk_insert(IPAddressOrRange, (st), (val), (i))
-#define sk_IPAddressOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressOrRange, (st), (cmp))
-#define sk_IPAddressOrRange_dup(st) SKM_sk_dup(IPAddressOrRange, st)
-#define sk_IPAddressOrRange_pop_free(st, free_func) SKM_sk_pop_free(IPAddressOrRange, (st), (free_func))
-#define sk_IPAddressOrRange_shift(st) SKM_sk_shift(IPAddressOrRange, (st))
-#define sk_IPAddressOrRange_pop(st) SKM_sk_pop(IPAddressOrRange, (st))
-#define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st))
-#define sk_IPAddressOrRange_is_sorted(st) SKM_sk_is_sorted(IPAddressOrRange, (st))
 #define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st))
 #define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY)
 #define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st))
@@ -798,7 +578,6 @@ STACK_OF(type) \
 #define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val))
 #define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val))
 #define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val))
-#define sk_KRB5_APREQBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_APREQBODY, (st), (val))
 #define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i))
 #define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr))
 #define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i))
@@ -820,7 +599,6 @@ STACK_OF(type) \
 #define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val))
 #define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val))
 #define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val))
-#define sk_KRB5_AUTHDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHDATA, (st), (val))
 #define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i))
 #define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr))
 #define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i))
@@ -842,7 +620,6 @@ STACK_OF(type) \
 #define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val))
 #define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val))
 #define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val))
-#define sk_KRB5_AUTHENTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHENTBODY, (st), (val))
 #define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i))
 #define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr))
 #define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i))
@@ -864,7 +641,6 @@ STACK_OF(type) \
 #define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val))
 #define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val))
 #define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val))
-#define sk_KRB5_CHECKSUM_find_ex(st, val) SKM_sk_find_ex(KRB5_CHECKSUM, (st), (val))
 #define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i))
 #define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr))
 #define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i))
@@ -886,7 +662,6 @@ STACK_OF(type) \
 #define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val))
 #define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val))
 #define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val))
-#define sk_KRB5_ENCDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCDATA, (st), (val))
 #define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i))
 #define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr))
 #define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i))
@@ -908,7 +683,6 @@ STACK_OF(type) \
 #define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val))
 #define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val))
 #define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val))
-#define sk_KRB5_ENCKEY_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCKEY, (st), (val))
 #define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i))
 #define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr))
 #define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i))
@@ -930,7 +704,6 @@ STACK_OF(type) \
 #define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val))
 #define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val))
 #define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val))
-#define sk_KRB5_PRINCNAME_find_ex(st, val) SKM_sk_find_ex(KRB5_PRINCNAME, (st), (val))
 #define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i))
 #define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr))
 #define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i))
@@ -952,7 +725,6 @@ STACK_OF(type) \
 #define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val))
 #define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val))
 #define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val))
-#define sk_KRB5_TKTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_TKTBODY, (st), (val))
 #define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i))
 #define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr))
 #define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i))
@@ -974,7 +746,6 @@ STACK_OF(type) \
 #define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val))
 #define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val))
 #define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val))
-#define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val))
 #define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i))
 #define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr))
 #define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i))
@@ -996,7 +767,6 @@ STACK_OF(type) \
 #define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val))
 #define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val))
 #define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val))
-#define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val))
 #define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i))
 #define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr))
 #define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i))
@@ -1018,7 +788,6 @@ STACK_OF(type) \
 #define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val))
 #define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val))
 #define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val))
-#define sk_NAME_FUNCS_find_ex(st, val) SKM_sk_find_ex(NAME_FUNCS, (st), (val))
 #define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i))
 #define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr))
 #define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i))
@@ -1040,7 +809,6 @@ STACK_OF(type) \
 #define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val))
 #define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val))
 #define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val))
-#define sk_OCSP_CERTID_find_ex(st, val) SKM_sk_find_ex(OCSP_CERTID, (st), (val))
 #define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i))
 #define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr))
 #define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i))
@@ -1062,7 +830,6 @@ STACK_OF(type) \
 #define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val))
 #define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val))
 #define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val))
-#define sk_OCSP_ONEREQ_find_ex(st, val) SKM_sk_find_ex(OCSP_ONEREQ, (st), (val))
 #define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i))
 #define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr))
 #define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i))
@@ -1074,28 +841,6 @@ STACK_OF(type) \
 #define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st))
 #define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st))
-#define sk_OCSP_RESPID_new(st) SKM_sk_new(OCSP_RESPID, (st))
-#define sk_OCSP_RESPID_new_null() SKM_sk_new_null(OCSP_RESPID)
-#define sk_OCSP_RESPID_free(st) SKM_sk_free(OCSP_RESPID, (st))
-#define sk_OCSP_RESPID_num(st) SKM_sk_num(OCSP_RESPID, (st))
-#define sk_OCSP_RESPID_value(st, i) SKM_sk_value(OCSP_RESPID, (st), (i))
-#define sk_OCSP_RESPID_set(st, i, val) SKM_sk_set(OCSP_RESPID, (st), (i), (val))
-#define sk_OCSP_RESPID_zero(st) SKM_sk_zero(OCSP_RESPID, (st))
-#define sk_OCSP_RESPID_push(st, val) SKM_sk_push(OCSP_RESPID, (st), (val))
-#define sk_OCSP_RESPID_unshift(st, val) SKM_sk_unshift(OCSP_RESPID, (st), (val))
-#define sk_OCSP_RESPID_find(st, val) SKM_sk_find(OCSP_RESPID, (st), (val))
-#define sk_OCSP_RESPID_find_ex(st, val) SKM_sk_find_ex(OCSP_RESPID, (st), (val))
-#define sk_OCSP_RESPID_delete(st, i) SKM_sk_delete(OCSP_RESPID, (st), (i))
-#define sk_OCSP_RESPID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_RESPID, (st), (ptr))
-#define sk_OCSP_RESPID_insert(st, val, i) SKM_sk_insert(OCSP_RESPID, (st), (val), (i))
-#define sk_OCSP_RESPID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_RESPID, (st), (cmp))
-#define sk_OCSP_RESPID_dup(st) SKM_sk_dup(OCSP_RESPID, st)
-#define sk_OCSP_RESPID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_RESPID, (st), (free_func))
-#define sk_OCSP_RESPID_shift(st) SKM_sk_shift(OCSP_RESPID, (st))
-#define sk_OCSP_RESPID_pop(st) SKM_sk_pop(OCSP_RESPID, (st))
-#define sk_OCSP_RESPID_sort(st) SKM_sk_sort(OCSP_RESPID, (st))
-#define sk_OCSP_RESPID_is_sorted(st) SKM_sk_is_sorted(OCSP_RESPID, (st))
 #define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st))
 #define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP)
 #define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st))
@@ -1106,7 +851,6 @@ STACK_OF(type) \
 #define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val))
 #define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val))
 #define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val))
-#define sk_OCSP_SINGLERESP_find_ex(st, val) SKM_sk_find_ex(OCSP_SINGLERESP, (st), (val))
 #define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i))
 #define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr))
 #define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i))
@@ -1128,7 +872,6 @@ STACK_OF(type) \
 #define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val))
 #define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val))
 #define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val))
-#define sk_PKCS12_SAFEBAG_find_ex(st, val) SKM_sk_find_ex(PKCS12_SAFEBAG, (st), (val))
 #define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i))
 #define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr))
 #define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i))
@@ -1150,7 +893,6 @@ STACK_OF(type) \
 #define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val))
 #define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val))
 #define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val))
-#define sk_PKCS7_find_ex(st, val) SKM_sk_find_ex(PKCS7, (st), (val))
 #define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i))
 #define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr))
 #define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i))
@@ -1172,7 +914,6 @@ STACK_OF(type) \
 #define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val))
 #define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val))
 #define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val))
-#define sk_PKCS7_RECIP_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_RECIP_INFO, (st), (val))
 #define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i))
 #define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr))
 #define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i))
@@ -1194,7 +935,6 @@ STACK_OF(type) \
 #define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val))
 #define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val))
 #define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val))
-#define sk_PKCS7_SIGNER_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_SIGNER_INFO, (st), (val))
 #define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i))
 #define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr))
 #define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i))
@@ -1216,7 +956,6 @@ STACK_OF(type) \
 #define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val))
 #define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val))
 #define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val))
-#define sk_POLICYINFO_find_ex(st, val) SKM_sk_find_ex(POLICYINFO, (st), (val))
 #define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i))
 #define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr))
 #define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i))
@@ -1238,7 +977,6 @@ STACK_OF(type) \
 #define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val))
 #define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val))
 #define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val))
-#define sk_POLICYQUALINFO_find_ex(st, val) SKM_sk_find_ex(POLICYQUALINFO, (st), (val))
 #define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i))
 #define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr))
 #define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i))
@@ -1250,28 +988,6 @@ STACK_OF(type) \
 #define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st))
 #define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st))
-#define sk_POLICY_MAPPING_new(st) SKM_sk_new(POLICY_MAPPING, (st))
-#define sk_POLICY_MAPPING_new_null() SKM_sk_new_null(POLICY_MAPPING)
-#define sk_POLICY_MAPPING_free(st) SKM_sk_free(POLICY_MAPPING, (st))
-#define sk_POLICY_MAPPING_num(st) SKM_sk_num(POLICY_MAPPING, (st))
-#define sk_POLICY_MAPPING_value(st, i) SKM_sk_value(POLICY_MAPPING, (st), (i))
-#define sk_POLICY_MAPPING_set(st, i, val) SKM_sk_set(POLICY_MAPPING, (st), (i), (val))
-#define sk_POLICY_MAPPING_zero(st) SKM_sk_zero(POLICY_MAPPING, (st))
-#define sk_POLICY_MAPPING_push(st, val) SKM_sk_push(POLICY_MAPPING, (st), (val))
-#define sk_POLICY_MAPPING_unshift(st, val) SKM_sk_unshift(POLICY_MAPPING, (st), (val))
-#define sk_POLICY_MAPPING_find(st, val) SKM_sk_find(POLICY_MAPPING, (st), (val))
-#define sk_POLICY_MAPPING_find_ex(st, val) SKM_sk_find_ex(POLICY_MAPPING, (st), (val))
-#define sk_POLICY_MAPPING_delete(st, i) SKM_sk_delete(POLICY_MAPPING, (st), (i))
-#define sk_POLICY_MAPPING_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICY_MAPPING, (st), (ptr))
-#define sk_POLICY_MAPPING_insert(st, val, i) SKM_sk_insert(POLICY_MAPPING, (st), (val), (i))
-#define sk_POLICY_MAPPING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICY_MAPPING, (st), (cmp))
-#define sk_POLICY_MAPPING_dup(st) SKM_sk_dup(POLICY_MAPPING, st)
-#define sk_POLICY_MAPPING_pop_free(st, free_func) SKM_sk_pop_free(POLICY_MAPPING, (st), (free_func))
-#define sk_POLICY_MAPPING_shift(st) SKM_sk_shift(POLICY_MAPPING, (st))
-#define sk_POLICY_MAPPING_pop(st) SKM_sk_pop(POLICY_MAPPING, (st))
-#define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st))
-#define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st))
 #define sk_SSL_CIPHER_new(st) SKM_sk_new(SSL_CIPHER, (st))
 #define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER)
 #define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st))
@@ -1282,7 +998,6 @@ STACK_OF(type) \
 #define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val))
 #define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val))
 #define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val))
-#define sk_SSL_CIPHER_find_ex(st, val) SKM_sk_find_ex(SSL_CIPHER, (st), (val))
 #define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i))
 #define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr))
 #define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i))
@@ -1304,7 +1019,6 @@ STACK_OF(type) \
 #define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val))
 #define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val))
 #define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val))
-#define sk_SSL_COMP_find_ex(st, val) SKM_sk_find_ex(SSL_COMP, (st), (val))
 #define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i))
 #define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr))
 #define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i))
@@ -1316,28 +1030,6 @@ STACK_OF(type) \
 #define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st))
 #define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st))
-#define sk_STORE_OBJECT_new(st) SKM_sk_new(STORE_OBJECT, (st))
-#define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT)
-#define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st))
-#define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st))
-#define sk_STORE_OBJECT_value(st, i) SKM_sk_value(STORE_OBJECT, (st), (i))
-#define sk_STORE_OBJECT_set(st, i, val) SKM_sk_set(STORE_OBJECT, (st), (i), (val))
-#define sk_STORE_OBJECT_zero(st) SKM_sk_zero(STORE_OBJECT, (st))
-#define sk_STORE_OBJECT_push(st, val) SKM_sk_push(STORE_OBJECT, (st), (val))
-#define sk_STORE_OBJECT_unshift(st, val) SKM_sk_unshift(STORE_OBJECT, (st), (val))
-#define sk_STORE_OBJECT_find(st, val) SKM_sk_find(STORE_OBJECT, (st), (val))
-#define sk_STORE_OBJECT_find_ex(st, val) SKM_sk_find_ex(STORE_OBJECT, (st), (val))
-#define sk_STORE_OBJECT_delete(st, i) SKM_sk_delete(STORE_OBJECT, (st), (i))
-#define sk_STORE_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_OBJECT, (st), (ptr))
-#define sk_STORE_OBJECT_insert(st, val, i) SKM_sk_insert(STORE_OBJECT, (st), (val), (i))
-#define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp))
-#define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st)
-#define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func))
-#define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st))
-#define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st))
-#define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st))
-#define sk_STORE_OBJECT_is_sorted(st) SKM_sk_is_sorted(STORE_OBJECT, (st))
 #define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st))
 #define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID)
 #define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st))
@@ -1348,7 +1040,6 @@ STACK_OF(type) \
 #define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val))
 #define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val))
 #define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val))
-#define sk_SXNETID_find_ex(st, val) SKM_sk_find_ex(SXNETID, (st), (val))
 #define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i))
 #define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr))
 #define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i))
@@ -1370,7 +1061,6 @@ STACK_OF(type) \
 #define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val))
 #define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val))
 #define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val))
-#define sk_UI_STRING_find_ex(st, val) SKM_sk_find_ex(UI_STRING, (st), (val))
 #define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i))
 #define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr))
 #define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i))
@@ -1392,7 +1082,6 @@ STACK_OF(type) \
 #define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val))
 #define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val))
 #define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val))
-#define sk_X509_find_ex(st, val) SKM_sk_find_ex(X509, (st), (val))
 #define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i))
 #define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr))
 #define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i))
@@ -1414,7 +1103,6 @@ STACK_OF(type) \
 #define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val))
 #define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val))
 #define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val))
-#define sk_X509V3_EXT_METHOD_find_ex(st, val) SKM_sk_find_ex(X509V3_EXT_METHOD, (st), (val))
 #define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i))
 #define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr))
 #define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i))
@@ -1436,7 +1124,6 @@ STACK_OF(type) \
 #define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val))
 #define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val))
 #define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val))
-#define sk_X509_ALGOR_find_ex(st, val) SKM_sk_find_ex(X509_ALGOR, (st), (val))
 #define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i))
 #define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr))
 #define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i))
@@ -1458,7 +1145,6 @@ STACK_OF(type) \
 #define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val))
 #define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val))
 #define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val))
-#define sk_X509_ATTRIBUTE_find_ex(st, val) SKM_sk_find_ex(X509_ATTRIBUTE, (st), (val))
 #define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i))
 #define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr))
 #define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i))
@@ -1480,7 +1166,6 @@ STACK_OF(type) \
 #define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val))
 #define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val))
 #define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val))
-#define sk_X509_CRL_find_ex(st, val) SKM_sk_find_ex(X509_CRL, (st), (val))
 #define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i))
 #define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr))
 #define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i))
@@ -1502,7 +1187,6 @@ STACK_OF(type) \
 #define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val))
 #define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val))
 #define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val))
-#define sk_X509_EXTENSION_find_ex(st, val) SKM_sk_find_ex(X509_EXTENSION, (st), (val))
 #define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i))
 #define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr))
 #define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i))
@@ -1524,7 +1208,6 @@ STACK_OF(type) \
 #define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val))
 #define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val))
 #define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val))
-#define sk_X509_INFO_find_ex(st, val) SKM_sk_find_ex(X509_INFO, (st), (val))
 #define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i))
 #define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr))
 #define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i))
@@ -1546,7 +1229,6 @@ STACK_OF(type) \
 #define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val))
 #define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val))
 #define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val))
-#define sk_X509_LOOKUP_find_ex(st, val) SKM_sk_find_ex(X509_LOOKUP, (st), (val))
 #define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i))
 #define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr))
 #define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i))
@@ -1568,7 +1250,6 @@ STACK_OF(type) \
 #define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val))
 #define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val))
 #define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val))
-#define sk_X509_NAME_find_ex(st, val) SKM_sk_find_ex(X509_NAME, (st), (val))
 #define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i))
 #define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr))
 #define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i))
@@ -1590,7 +1271,6 @@ STACK_OF(type) \
 #define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val))
 #define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val))
 #define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val))
-#define sk_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(X509_NAME_ENTRY, (st), (val))
 #define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i))
 #define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr))
 #define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i))
@@ -1612,7 +1292,6 @@ STACK_OF(type) \
 #define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val))
 #define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val))
 #define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val))
-#define sk_X509_OBJECT_find_ex(st, val) SKM_sk_find_ex(X509_OBJECT, (st), (val))
 #define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i))
 #define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr))
 #define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i))
@@ -1624,72 +1303,6 @@ STACK_OF(type) \
 #define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st))
 #define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st))
-#define sk_X509_POLICY_DATA_new(st) SKM_sk_new(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_new_null() SKM_sk_new_null(X509_POLICY_DATA)
-#define sk_X509_POLICY_DATA_free(st) SKM_sk_free(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_num(st) SKM_sk_num(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_value(st, i) SKM_sk_value(X509_POLICY_DATA, (st), (i))
-#define sk_X509_POLICY_DATA_set(st, i, val) SKM_sk_set(X509_POLICY_DATA, (st), (i), (val))
-#define sk_X509_POLICY_DATA_zero(st) SKM_sk_zero(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_push(st, val) SKM_sk_push(X509_POLICY_DATA, (st), (val))
-#define sk_X509_POLICY_DATA_unshift(st, val) SKM_sk_unshift(X509_POLICY_DATA, (st), (val))
-#define sk_X509_POLICY_DATA_find(st, val) SKM_sk_find(X509_POLICY_DATA, (st), (val))
-#define sk_X509_POLICY_DATA_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_DATA, (st), (val))
-#define sk_X509_POLICY_DATA_delete(st, i) SKM_sk_delete(X509_POLICY_DATA, (st), (i))
-#define sk_X509_POLICY_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_DATA, (st), (ptr))
-#define sk_X509_POLICY_DATA_insert(st, val, i) SKM_sk_insert(X509_POLICY_DATA, (st), (val), (i))
-#define sk_X509_POLICY_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_DATA, (st), (cmp))
-#define sk_X509_POLICY_DATA_dup(st) SKM_sk_dup(X509_POLICY_DATA, st)
-#define sk_X509_POLICY_DATA_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_DATA, (st), (free_func))
-#define sk_X509_POLICY_DATA_shift(st) SKM_sk_shift(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_pop(st) SKM_sk_pop(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_sort(st) SKM_sk_sort(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_DATA_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_DATA, (st))
-#define sk_X509_POLICY_NODE_new(st) SKM_sk_new(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_new_null() SKM_sk_new_null(X509_POLICY_NODE)
-#define sk_X509_POLICY_NODE_free(st) SKM_sk_free(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_num(st) SKM_sk_num(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_value(st, i) SKM_sk_value(X509_POLICY_NODE, (st), (i))
-#define sk_X509_POLICY_NODE_set(st, i, val) SKM_sk_set(X509_POLICY_NODE, (st), (i), (val))
-#define sk_X509_POLICY_NODE_zero(st) SKM_sk_zero(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_push(st, val) SKM_sk_push(X509_POLICY_NODE, (st), (val))
-#define sk_X509_POLICY_NODE_unshift(st, val) SKM_sk_unshift(X509_POLICY_NODE, (st), (val))
-#define sk_X509_POLICY_NODE_find(st, val) SKM_sk_find(X509_POLICY_NODE, (st), (val))
-#define sk_X509_POLICY_NODE_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_NODE, (st), (val))
-#define sk_X509_POLICY_NODE_delete(st, i) SKM_sk_delete(X509_POLICY_NODE, (st), (i))
-#define sk_X509_POLICY_NODE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_NODE, (st), (ptr))
-#define sk_X509_POLICY_NODE_insert(st, val, i) SKM_sk_insert(X509_POLICY_NODE, (st), (val), (i))
-#define sk_X509_POLICY_NODE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_NODE, (st), (cmp))
-#define sk_X509_POLICY_NODE_dup(st) SKM_sk_dup(X509_POLICY_NODE, st)
-#define sk_X509_POLICY_NODE_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_NODE, (st), (free_func))
-#define sk_X509_POLICY_NODE_shift(st) SKM_sk_shift(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_pop(st) SKM_sk_pop(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st))
-#define sk_X509_POLICY_REF_new(st) SKM_sk_new(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_new_null() SKM_sk_new_null(X509_POLICY_REF)
-#define sk_X509_POLICY_REF_free(st) SKM_sk_free(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_num(st) SKM_sk_num(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_value(st, i) SKM_sk_value(X509_POLICY_REF, (st), (i))
-#define sk_X509_POLICY_REF_set(st, i, val) SKM_sk_set(X509_POLICY_REF, (st), (i), (val))
-#define sk_X509_POLICY_REF_zero(st) SKM_sk_zero(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_push(st, val) SKM_sk_push(X509_POLICY_REF, (st), (val))
-#define sk_X509_POLICY_REF_unshift(st, val) SKM_sk_unshift(X509_POLICY_REF, (st), (val))
-#define sk_X509_POLICY_REF_find(st, val) SKM_sk_find(X509_POLICY_REF, (st), (val))
-#define sk_X509_POLICY_REF_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_REF, (st), (val))
-#define sk_X509_POLICY_REF_delete(st, i) SKM_sk_delete(X509_POLICY_REF, (st), (i))
-#define sk_X509_POLICY_REF_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_REF, (st), (ptr))
-#define sk_X509_POLICY_REF_insert(st, val, i) SKM_sk_insert(X509_POLICY_REF, (st), (val), (i))
-#define sk_X509_POLICY_REF_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_REF, (st), (cmp))
-#define sk_X509_POLICY_REF_dup(st) SKM_sk_dup(X509_POLICY_REF, st)
-#define sk_X509_POLICY_REF_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_REF, (st), (free_func))
-#define sk_X509_POLICY_REF_shift(st) SKM_sk_shift(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_pop(st) SKM_sk_pop(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_sort(st) SKM_sk_sort(X509_POLICY_REF, (st))
-#define sk_X509_POLICY_REF_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_REF, (st))
 #define sk_X509_PURPOSE_new(st) SKM_sk_new(X509_PURPOSE, (st))
 #define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE)
 #define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st))
@@ -1700,7 +1313,6 @@ STACK_OF(type) \
 #define sk_X509_PURPOSE_push(st, val) SKM_sk_push(X509_PURPOSE, (st), (val))
 #define sk_X509_PURPOSE_unshift(st, val) SKM_sk_unshift(X509_PURPOSE, (st), (val))
 #define sk_X509_PURPOSE_find(st, val) SKM_sk_find(X509_PURPOSE, (st), (val))
-#define sk_X509_PURPOSE_find_ex(st, val) SKM_sk_find_ex(X509_PURPOSE, (st), (val))
 #define sk_X509_PURPOSE_delete(st, i) SKM_sk_delete(X509_PURPOSE, (st), (i))
 #define sk_X509_PURPOSE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_PURPOSE, (st), (ptr))
 #define sk_X509_PURPOSE_insert(st, val, i) SKM_sk_insert(X509_PURPOSE, (st), (val), (i))
@@ -1722,7 +1334,6 @@ STACK_OF(type) \
 #define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val))
 #define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val))
 #define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val))
-#define sk_X509_REVOKED_find_ex(st, val) SKM_sk_find_ex(X509_REVOKED, (st), (val))
 #define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i))
 #define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr))
 #define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i))
@@ -1744,7 +1355,6 @@ STACK_OF(type) \
 #define sk_X509_TRUST_push(st, val) SKM_sk_push(X509_TRUST, (st), (val))
 #define sk_X509_TRUST_unshift(st, val) SKM_sk_unshift(X509_TRUST, (st), (val))
 #define sk_X509_TRUST_find(st, val) SKM_sk_find(X509_TRUST, (st), (val))
-#define sk_X509_TRUST_find_ex(st, val) SKM_sk_find_ex(X509_TRUST, (st), (val))
 #define sk_X509_TRUST_delete(st, i) SKM_sk_delete(X509_TRUST, (st), (i))
 #define sk_X509_TRUST_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_TRUST, (st), (ptr))
 #define sk_X509_TRUST_insert(st, val, i) SKM_sk_insert(X509_TRUST, (st), (val), (i))
@@ -1756,28 +1366,6 @@ STACK_OF(type) \
 #define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st))
 #define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st))
-#define sk_X509_VERIFY_PARAM_new(st) SKM_sk_new(X509_VERIFY_PARAM, (st))
-#define sk_X509_VERIFY_PARAM_new_null() SKM_sk_new_null(X509_VERIFY_PARAM)
-#define sk_X509_VERIFY_PARAM_free(st) SKM_sk_free(X509_VERIFY_PARAM, (st))
-#define sk_X509_VERIFY_PARAM_num(st) SKM_sk_num(X509_VERIFY_PARAM, (st))
-#define sk_X509_VERIFY_PARAM_value(st, i) SKM_sk_value(X509_VERIFY_PARAM, (st), (i))
-#define sk_X509_VERIFY_PARAM_set(st, i, val) SKM_sk_set(X509_VERIFY_PARAM, (st), (i), (val))
-#define sk_X509_VERIFY_PARAM_zero(st) SKM_sk_zero(X509_VERIFY_PARAM, (st))
-#define sk_X509_VERIFY_PARAM_push(st, val) SKM_sk_push(X509_VERIFY_PARAM, (st), (val))
-#define sk_X509_VERIFY_PARAM_unshift(st, val) SKM_sk_unshift(X509_VERIFY_PARAM, (st), (val))
-#define sk_X509_VERIFY_PARAM_find(st, val) SKM_sk_find(X509_VERIFY_PARAM, (st), (val))
-#define sk_X509_VERIFY_PARAM_find_ex(st, val) SKM_sk_find_ex(X509_VERIFY_PARAM, (st), (val))
-#define sk_X509_VERIFY_PARAM_delete(st, i) SKM_sk_delete(X509_VERIFY_PARAM, (st), (i))
-#define sk_X509_VERIFY_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_VERIFY_PARAM, (st), (ptr))
-#define sk_X509_VERIFY_PARAM_insert(st, val, i) SKM_sk_insert(X509_VERIFY_PARAM, (st), (val), (i))
-#define sk_X509_VERIFY_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_VERIFY_PARAM, (st), (cmp))
-#define sk_X509_VERIFY_PARAM_dup(st) SKM_sk_dup(X509_VERIFY_PARAM, st)
-#define sk_X509_VERIFY_PARAM_pop_free(st, free_func) SKM_sk_pop_free(X509_VERIFY_PARAM, (st), (free_func))
-#define sk_X509_VERIFY_PARAM_shift(st) SKM_sk_shift(X509_VERIFY_PARAM, (st))
-#define sk_X509_VERIFY_PARAM_pop(st) SKM_sk_pop(X509_VERIFY_PARAM, (st))
-#define sk_X509_VERIFY_PARAM_sort(st) SKM_sk_sort(X509_VERIFY_PARAM, (st))
-#define sk_X509_VERIFY_PARAM_is_sorted(st) SKM_sk_is_sorted(X509_VERIFY_PARAM, (st))
 #define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
        SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
 #define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \
diff --git a/src/lib/libcrypto/stack/stack.c b/src/lib/libcrypto/stack/stack.c
index 378bd7c796..c7173eb6ab 100644
--- a/src/lib/libcrypto/stack/stack.c
+++ b/src/lib/libcrypto/stack/stack.c
@@ -68,12 +68,11 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/stack.h>
-#include <openssl/objects.h>
 #undef MIN_NODES
 #define MIN_NODES       4
-const char STACK_version[]="Stack" OPENSSL_VERSION_PTEXT;
+const char *STACK_version="Stack" OPENSSL_VERSION_PTEXT;
 #include <errno.h>
@@ -210,7 +209,7 @@ char *sk_delete(STACK *st, int loc)
        return(ret);
        }
-static int internal_find(STACK *st, char *data, int ret_val_options)
+int sk_find(STACK *st, char *data)
        {
        char **r;
        int i;
@@ -233,19 +232,19 @@ static int internal_find(STACK *st, char *data, int ret_val_options)
         * not (type *) pointers, but the *pointers* to (type *) pointers,
         * so we get our extra level of pointer dereferencing that way. */
        comp_func=(int (*)(const void *,const void *))(st->comp);
-        r=(char **)OBJ_bsearch_ex((char *)&data,(char *)st->data,
+        r=(char **)bsearch(&data,(char *)st->data,
-                st->num,sizeof(char *),comp_func,ret_val_options);
+                st->num,sizeof(char *), comp_func);
        if (r == NULL) return(-1);
-        return((int)(r-st->data));
+        i=(int)(r-st->data);
-        }
+        for ( ; i>0; i--)
+                /* This needs a cast because the type being pointed to from
-int sk_find(STACK *st, char *data)
+                 * the "&" expressions are (char *) rather than (const char *).
-        {
+                 * For an explanation, read:
-        return internal_find(st, data, OBJ_BSEARCH_FIRST_VALUE_ON_MATCH);
+                 * http://www.eskimo.com/~scs/C-faq/q11.10.html :-) */
-        }
+                if ((*st->comp)((const char * const *)&(st->data[i-1]),
-int sk_find_ex(STACK *st, char *data)
+                                (const char * const *)&data) < 0)
-        {
+                        break;
-        return internal_find(st, data, OBJ_BSEARCH_VALUE_ON_NOMATCH);
+        return(i);
        }
 int sk_push(STACK *st, char *data)
diff --git a/src/lib/libcrypto/stack/stack.h b/src/lib/libcrypto/stack/stack.h
index 5cbb116a8b..7570b85fe8 100644
--- a/src/lib/libcrypto/stack/stack.h
+++ b/src/lib/libcrypto/stack/stack.h
@@ -89,7 +89,6 @@ int sk_insert(STACK *sk,char *data,int where);
 char *sk_delete(STACK *st,int loc);
 char *sk_delete_ptr(STACK *st, char *p);
 int sk_find(STACK *st,char *data);
-int sk_find_ex(STACK *st,char *data);
 int sk_push(STACK *st,char *data);
 int sk_unshift(STACK *st,char *data);
 char *sk_shift(STACK *st);
diff --git a/src/lib/libcrypto/store/Makefile b/src/lib/libcrypto/store/Makefile
new file mode 100644
index 0000000000..0dcfd7857a
--- /dev/null
+++ b/src/lib/libcrypto/store/Makefile
@@ -0,0 +1,112 @@
+#
+# OpenSSL/crypto/store/Makefile
+#
+DIR=    store
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+#TEST= storetest.c
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= str_err.c str_lib.c str_meth.c str_mem.c
+LIBOBJ= str_err.o str_lib.o str_meth.o str_mem.o
+SRC= $(LIBSRC)
+#EXHEADER= store.h str_compat.h
+EXHEADER= store.h
+HEADER= $(EXHEADER) str_locl.h
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+str_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+str_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+str_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+str_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+str_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+str_err.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h
+str_err.o: str_err.c
+str_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+str_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+str_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+str_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+str_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+str_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+str_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+str_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+str_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+str_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+str_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+str_lib.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h
+str_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+str_lib.o: str_lib.c str_locl.h
+str_mem.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+str_mem.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+str_mem.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+str_mem.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+str_mem.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+str_mem.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h
+str_mem.o: str_locl.h str_mem.c
+str_meth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+str_meth.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+str_meth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+str_meth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+str_meth.o: ../../include/openssl/store.h ../../include/openssl/symhacks.h
+str_meth.o: str_locl.h str_meth.c
diff --git a/src/lib/libcrypto/store/README b/src/lib/libcrypto/store/README
new file mode 100644
index 0000000000..966168f6a5
--- /dev/null
+++ b/src/lib/libcrypto/store/README
@@ -0,0 +1,95 @@
+The STORE type
+==============
+A STORE, as defined in this code section, is really a rather simple
+thing which stores objects and per-object associations to a number
+of attributes.  What attributes are supported entirely depends on
+the particular implementation of a STORE.  It has some support for
+generation of certain objects (for example, keys and CRLs).
+Supported object types
+----------------------
+For now, the objects that are supported are the following:
+X.509 certificate
+X.509 CRL
+private key
+public key
+number
+arbitrary (application) data
+The intention is that a STORE should be able to store everything
+needed by an application that wants a cert/key store, as well as
+the data a CA might need to store (this includes the serial number
+counter, which explains the support for numbers).
+Supported attribute types
+-------------------------
+For now, the following attributes are supported:
+Friendly Name           - the value is a normal C string
+Key ID                  - the value is a 160 bit SHA1 hash
+Issuer Key ID           - the value is a 160 bit SHA1 hash
+Subject Key ID          - the value is a 160 bit SHA1 hash
+Issuer/Serial Hash      - the value is a 160 bit SHA1 hash
+Issuer                  - the value is a X509_NAME
+Serial                  - the value is a BIGNUM
+Subject                 - the value is a X509_NAME
+Certificate Hash        - the value is a 160 bit SHA1 hash
+Email                   - the value is a normal C string
+Filename                - the value is a normal C string
+It is expected that these attributes should be enough to support
+the need from most, if not all, current applications.  Applications
+that need to do certificate verification would typically use Subject
+Key ID, Issuer/Serial Hash or Subject to look up issuer certificates.
+S/MIME applications would typically use Email to look up recipient
+and signer certificates.
+There's added support for combined sets of attributes to search for,
+with the special OR attribute.
+Supported basic functionality
+-----------------------------
+The functions that are supported through the STORE type are these:
+generate_object         - for example to generate keys and CRLs
+get_object              - to look up one object
+                          NOTE: this function is really rather
+                          redundant and probably of lesser usage
+                          than the list functions
+store_object            - store an object and the attributes
+                          associated with it
+modify_object           - modify the attributes associated with
+                          a specific object
+revoke_object           - revoke an object
+                          NOTE: this only marks an object as
+                          invalid, it doesn't remove the object
+                          from the database
+delete_object           - remove an object from the database
+list_object             - list objects associated with a given
+                          set of attributes
+                          NOTE: this is really four functions:
+                          list_start, list_next, list_end and
+                          list_endp
+update_store            - update the internal data of the store
+lock_store              - lock the store
+unlock_store            - unlock the store
+The list functions need some extra explanation: list_start is
+used to set up a lookup.  That's where the attributes to use in
+the search are set up.  It returns a search context.  list_next
+returns the next object searched for.  list_end closes the search.
+list_endp is used to check if we have reached the end.
+A few words on the store functions as well: update_store is
+typically used by a CA application to update the internal
+structure of a database.  This may for example involve automatic
+removal of expired certificates.  lock_store and unlock_store
+are used for locking a store to allow exclusive writes.
diff --git a/src/lib/libcrypto/store/store.h b/src/lib/libcrypto/store/store.h
new file mode 100644
index 0000000000..64583377a9
--- /dev/null
+++ b/src/lib/libcrypto/store/store.h
@@ -0,0 +1,554 @@
+/* crypto/store/store.h -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_STORE_H
+#define HEADER_STORE_H
+#include <openssl/ossl_typ.h>
+#ifndef OPENSSL_NO_DEPRECATED
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/x509.h>
+#endif
+#ifdef  __cplusplus
+extern "C" {
+#endif
+/* Already defined in ossl_typ.h */
+/* typedef struct store_st STORE; */
+/* typedef struct store_method_st STORE_METHOD; */
+/* All the following functions return 0, a negative number or NULL on error.
+   When everything is fine, they return a positive value or a non-NULL
+   pointer, all depending on their purpose. */
+/* Creators and destructor.   */
+STORE *STORE_new_method(const STORE_METHOD *method);
+STORE *STORE_new_engine(ENGINE *engine);
+void STORE_free(STORE *ui);
+/* Give a user interface parametrised control commands.  This can be used to
+   send down an integer, a data pointer or a function pointer, as well as
+   be used to get information from a STORE. */
+int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f)(void));
+/* A control to set the directory with keys and certificates.  Used by the
+   built-in directory level method. */
+#define STORE_CTRL_SET_DIRECTORY        0x0001
+/* A control to set a file to load.  Used by the built-in file level method. */
+#define STORE_CTRL_SET_FILE             0x0002
+/* A control to set a configuration file to load.  Can be used by any method
+   that wishes to load a configuration file. */
+#define STORE_CTRL_SET_CONF_FILE        0x0003
+/* A control to set a the section of the loaded configuration file.  Can be
+   used by any method that wishes to load a configuration file. */
+#define STORE_CTRL_SET_CONF_SECTION     0x0004
+/* Some methods may use extra data */
+#define STORE_set_app_data(s,arg)       STORE_set_ex_data(s,0,arg)
+#define STORE_get_app_data(s)           STORE_get_ex_data(s,0)
+int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int STORE_set_ex_data(STORE *r,int idx,void *arg);
+void *STORE_get_ex_data(STORE *r, int idx);
+/* Use specific methods instead of the built-in one */
+const STORE_METHOD *STORE_get_method(STORE *store);
+const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth);
+/* The standard OpenSSL methods. */
+/* This is the in-memory method.  It does everything except revoking and updating,
+   and is of course volatile.  It's used by other methods that have an in-memory
+   cache. */
+const STORE_METHOD *STORE_Memory(void);
+#if 0 /* Not yet implemented */
+/* This is the directory store.  It does everything except revoking and updating,
+   and uses STORE_Memory() to cache things in memory. */
+const STORE_METHOD *STORE_Directory(void);
+/* This is the file store.  It does everything except revoking and updating,
+   and uses STORE_Memory() to cache things in memory.  Certificates are added
+   to it with the store operation, and it will only get cached certificates. */
+const STORE_METHOD *STORE_File(void);
+#endif
+/* Store functions take a type code for the type of data they should store
+   or fetch */
+typedef enum STORE_object_types
+        {
+        STORE_OBJECT_TYPE_X509_CERTIFICATE=     0x01, /* X509 * */
+        STORE_OBJECT_TYPE_X509_CRL=             0x02, /* X509_CRL * */
+        STORE_OBJECT_TYPE_PRIVATE_KEY=          0x03, /* EVP_PKEY * */
+        STORE_OBJECT_TYPE_PUBLIC_KEY=           0x04, /* EVP_PKEY * */
+        STORE_OBJECT_TYPE_NUMBER=               0x05, /* BIGNUM * */
+        STORE_OBJECT_TYPE_ARBITRARY=            0x06, /* BUF_MEM * */
+        STORE_OBJECT_TYPE_NUM=                  0x06  /* The amount of known
+                                                         object types */
+        } STORE_OBJECT_TYPES;
+/* List of text strings corresponding to the object types. */
+extern const char * const STORE_object_type_string[STORE_OBJECT_TYPE_NUM+1];
+/* Some store functions take a parameter list.  Those parameters come with
+   one of the following codes. The comments following the codes below indicate
+   what type the value should be a pointer to. */
+typedef enum STORE_params
+        {
+        STORE_PARAM_EVP_TYPE=                   0x01, /* int */
+        STORE_PARAM_BITS=                       0x02, /* size_t */
+        STORE_PARAM_KEY_PARAMETERS=             0x03, /* ??? */
+        STORE_PARAM_KEY_NO_PARAMETERS=          0x04, /* N/A */
+        STORE_PARAM_AUTH_PASSPHRASE=            0x05, /* char * */
+        STORE_PARAM_AUTH_KRB5_TICKET=           0x06, /* void * */
+        STORE_PARAM_TYPE_NUM=                   0x06  /* The amount of known
+                                                         parameter types */
+        } STORE_PARAM_TYPES;
+/* Parameter value sizes.  -1 means unknown, anything else is the required size. */
+extern const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1];
+/* Store functions take attribute lists.  Those attributes come with codes.
+   The comments following the codes below indicate what type the value should
+   be a pointer to. */
+typedef enum STORE_attribs
+        {
+        STORE_ATTR_END=                         0x00,
+        STORE_ATTR_FRIENDLYNAME=                0x01, /* C string */
+        STORE_ATTR_KEYID=                       0x02, /* 160 bit string (SHA1) */
+        STORE_ATTR_ISSUERKEYID=                 0x03, /* 160 bit string (SHA1) */
+        STORE_ATTR_SUBJECTKEYID=                0x04, /* 160 bit string (SHA1) */
+        STORE_ATTR_ISSUERSERIALHASH=            0x05, /* 160 bit string (SHA1) */
+        STORE_ATTR_ISSUER=                      0x06, /* X509_NAME * */
+        STORE_ATTR_SERIAL=                      0x07, /* BIGNUM * */
+        STORE_ATTR_SUBJECT=                     0x08, /* X509_NAME * */
+        STORE_ATTR_CERTHASH=                    0x09, /* 160 bit string (SHA1) */
+        STORE_ATTR_EMAIL=                       0x0a, /* C string */
+        STORE_ATTR_FILENAME=                    0x0b, /* C string */
+        STORE_ATTR_TYPE_NUM=                    0x0b, /* The amount of known
+                                                         attribute types */
+        STORE_ATTR_OR=                          0xff  /* This is a special
+                                                         separator, which
+                                                         expresses the OR
+                                                         operation.  */
+        } STORE_ATTR_TYPES;
+/* Attribute value sizes.  -1 means unknown, anything else is the required size. */
+extern const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM+1];
+typedef enum STORE_certificate_status
+        {
+        STORE_X509_VALID=                       0x00,
+        STORE_X509_EXPIRED=                     0x01,
+        STORE_X509_SUSPENDED=                   0x02,
+        STORE_X509_REVOKED=                     0x03
+        } STORE_CERTIFICATE_STATUS;
+/* Engine store functions will return a structure that contains all the necessary
+ * information, including revokation status for certificates.  This is really not
+ * needed for application authors, as the ENGINE framework functions will extract
+ * the OpenSSL-specific information when at all possible.  However, for engine
+ * authors, it's crucial to know this structure.  */
+typedef struct STORE_OBJECT_st
+        {
+        STORE_OBJECT_TYPES type;
+        union
+                {
+                struct
+                        {
+                        STORE_CERTIFICATE_STATUS status;
+                        X509 *certificate;
+                        } x509;
+                X509_CRL *crl;
+                EVP_PKEY *key;
+                BIGNUM *number;
+                BUF_MEM *arbitrary;
+                } data;
+        } STORE_OBJECT;
+DECLARE_STACK_OF(STORE_OBJECT)
+STORE_OBJECT *STORE_OBJECT_new(void);
+void STORE_OBJECT_free(STORE_OBJECT *data);
+/* The following functions handle the storage. They return 0, a negative number
+   or NULL on error, anything else on success. */
+X509 *STORE_get_certificate(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_store_certificate(STORE *e, X509 *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_modify_certificate(STORE *e, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
+int STORE_revoke_certificate(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_delete_certificate(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+void *STORE_list_certificate_start(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+X509 *STORE_list_certificate_next(STORE *e, void *handle);
+int STORE_list_certificate_end(STORE *e, void *handle);
+int STORE_list_certificate_endp(STORE *e, void *handle);
+EVP_PKEY *STORE_generate_key(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+EVP_PKEY *STORE_get_private_key(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_store_private_key(STORE *e, EVP_PKEY *data,
+        OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+int STORE_modify_private_key(STORE *e, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
+int STORE_revoke_private_key(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_delete_private_key(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+void *STORE_list_private_key_start(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+EVP_PKEY *STORE_list_private_key_next(STORE *e, void *handle);
+int STORE_list_private_key_end(STORE *e, void *handle);
+int STORE_list_private_key_endp(STORE *e, void *handle);
+EVP_PKEY *STORE_get_public_key(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_store_public_key(STORE *e, EVP_PKEY *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_modify_public_key(STORE *e, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
+int STORE_revoke_public_key(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_delete_public_key(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+void *STORE_list_public_key_start(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+EVP_PKEY *STORE_list_public_key_next(STORE *e, void *handle);
+int STORE_list_public_key_end(STORE *e, void *handle);
+int STORE_list_public_key_endp(STORE *e, void *handle);
+X509_CRL *STORE_generate_crl(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+X509_CRL *STORE_get_crl(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_store_crl(STORE *e, X509_CRL *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_modify_crl(STORE *e, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
+int STORE_delete_crl(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+void *STORE_list_crl_start(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+X509_CRL *STORE_list_crl_next(STORE *e, void *handle);
+int STORE_list_crl_end(STORE *e, void *handle);
+int STORE_list_crl_endp(STORE *e, void *handle);
+int STORE_store_number(STORE *e, BIGNUM *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_modify_number(STORE *e, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
+BIGNUM *STORE_get_number(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_delete_number(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_store_arbitrary(STORE *e, BUF_MEM *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_modify_arbitrary(STORE *e, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_sttributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
+BUF_MEM *STORE_get_arbitrary(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+int STORE_delete_arbitrary(STORE *e, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+/* Create and manipulate methods */
+STORE_METHOD *STORE_create_method(char *name);
+void STORE_destroy_method(STORE_METHOD *store_method);
+/* These callback types are use for store handlers */
+typedef int (*STORE_INITIALISE_FUNC_PTR)(STORE *);
+typedef void (*STORE_CLEANUP_FUNC_PTR)(STORE *);
+typedef STORE_OBJECT *(*STORE_GENERATE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+typedef STORE_OBJECT *(*STORE_GET_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+typedef void *(*STORE_START_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+typedef STORE_OBJECT *(*STORE_NEXT_OBJECT_FUNC_PTR)(STORE *, void *handle);
+typedef int (*STORE_END_OBJECT_FUNC_PTR)(STORE *, void *handle);
+typedef int (*STORE_HANDLE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+typedef int (*STORE_STORE_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, STORE_OBJECT *data, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+typedef int (*STORE_MODIFY_OBJECT_FUNC_PTR)(STORE *, STORE_OBJECT_TYPES type, OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[]);
+typedef int (*STORE_GENERIC_FUNC_PTR)(STORE *, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+typedef int (*STORE_CTRL_FUNC_PTR)(STORE *, int cmd, long l, void *p, void (*f)(void));
+int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR init_f);
+int STORE_method_set_cleanup_function(STORE_METHOD *sm, STORE_CLEANUP_FUNC_PTR clean_f);
+int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR generate_f);
+int STORE_method_set_get_function(STORE_METHOD *sm, STORE_GET_OBJECT_FUNC_PTR get_f);
+int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PTR store_f);
+int STORE_method_set_modify_function(STORE_METHOD *sm, STORE_MODIFY_OBJECT_FUNC_PTR store_f);
+int STORE_method_set_revoke_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR revoke_f);
+int STORE_method_set_delete_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR delete_f);
+int STORE_method_set_list_start_function(STORE_METHOD *sm, STORE_START_OBJECT_FUNC_PTR list_start_f);
+int STORE_method_set_list_next_function(STORE_METHOD *sm, STORE_NEXT_OBJECT_FUNC_PTR list_next_f);
+int STORE_method_set_list_end_function(STORE_METHOD *sm, STORE_END_OBJECT_FUNC_PTR list_end_f);
+int STORE_method_set_update_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR);
+int STORE_method_set_lock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR);
+int STORE_method_set_unlock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR);
+int STORE_method_set_ctrl_function(STORE_METHOD *sm, STORE_CTRL_FUNC_PTR ctrl_f);
+STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD *sm);
+STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm);
+STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD *sm);
+STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm);
+STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm);
+STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD *sm);
+STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD *sm);
+STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD *sm);
+STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD *sm);
+STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD *sm);
+STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm);
+STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD *sm);
+STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm);
+STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD *sm);
+STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm);
+/* Method helper structures and functions. */
+/* This structure is the result of parsing through the information in a list
+   of OPENSSL_ITEMs.  It stores all the necessary information in a structured
+   way.*/
+typedef struct STORE_attr_info_st STORE_ATTR_INFO;
+/* Parse a list of OPENSSL_ITEMs and return a pointer to a STORE_ATTR_INFO.
+   Note that we do this in the list form, since the list of OPENSSL_ITEMs can
+   come in blocks separated with STORE_ATTR_OR.  Note that the value returned
+   by STORE_parse_attrs_next() must be freed with STORE_ATTR_INFO_free(). */
+void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes);
+STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle);
+int STORE_parse_attrs_end(void *handle);
+int STORE_parse_attrs_endp(void *handle);
+/* Creator and destructor */
+STORE_ATTR_INFO *STORE_ATTR_INFO_new(void);
+int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs);
+/* Manipulators */
+char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code);
+unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs,
+        STORE_ATTR_TYPES code);
+X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code);
+BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code);
+int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        char *cstr, size_t cstr_size);
+int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        unsigned char *sha1str, size_t sha1str_size);
+int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        X509_NAME *dn);
+int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        BIGNUM *number);
+int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        char *cstr, size_t cstr_size);
+int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        unsigned char *sha1str, size_t sha1str_size);
+int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        X509_NAME *dn);
+int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        BIGNUM *number);
+/* Compare on basis of a bit pattern formed by the STORE_ATTR_TYPES values
+   in each contained attribute. */
+int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
+/* Check if the set of attributes in a is within the range of attributes
+   set in b. */
+int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
+/* Check if the set of attributes in a are also set in b. */
+int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
+/* Same as STORE_ATTR_INFO_in(), but also checks the attribute values. */
+int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b);
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_STORE_strings(void);
+/* Error codes for the STORE functions. */
+/* Function codes. */
+#define STORE_F_MEM_DELETE                               134
+#define STORE_F_MEM_GENERATE                             135
+#define STORE_F_MEM_LIST_END                             168
+#define STORE_F_MEM_LIST_NEXT                            136
+#define STORE_F_MEM_LIST_START                           137
+#define STORE_F_MEM_MODIFY                               169
+#define STORE_F_MEM_STORE                                138
+#define STORE_F_STORE_ATTR_INFO_GET0_CSTR                139
+#define STORE_F_STORE_ATTR_INFO_GET0_DN                  140
+#define STORE_F_STORE_ATTR_INFO_GET0_NUMBER              141
+#define STORE_F_STORE_ATTR_INFO_GET0_SHA1STR             142
+#define STORE_F_STORE_ATTR_INFO_MODIFY_CSTR              143
+#define STORE_F_STORE_ATTR_INFO_MODIFY_DN                144
+#define STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER            145
+#define STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR           146
+#define STORE_F_STORE_ATTR_INFO_SET_CSTR                 147
+#define STORE_F_STORE_ATTR_INFO_SET_DN                   148
+#define STORE_F_STORE_ATTR_INFO_SET_NUMBER               149
+#define STORE_F_STORE_ATTR_INFO_SET_SHA1STR              150
+#define STORE_F_STORE_CERTIFICATE                        170
+#define STORE_F_STORE_CTRL                               161
+#define STORE_F_STORE_DELETE_ARBITRARY                   158
+#define STORE_F_STORE_DELETE_CERTIFICATE                 102
+#define STORE_F_STORE_DELETE_CRL                         103
+#define STORE_F_STORE_DELETE_NUMBER                      104
+#define STORE_F_STORE_DELETE_PRIVATE_KEY                 105
+#define STORE_F_STORE_DELETE_PUBLIC_KEY                  106
+#define STORE_F_STORE_GENERATE_CRL                       107
+#define STORE_F_STORE_GENERATE_KEY                       108
+#define STORE_F_STORE_GET_ARBITRARY                      159
+#define STORE_F_STORE_GET_CERTIFICATE                    109
+#define STORE_F_STORE_GET_CRL                            110
+#define STORE_F_STORE_GET_NUMBER                         111
+#define STORE_F_STORE_GET_PRIVATE_KEY                    112
+#define STORE_F_STORE_GET_PUBLIC_KEY                     113
+#define STORE_F_STORE_LIST_CERTIFICATE_END               114
+#define STORE_F_STORE_LIST_CERTIFICATE_ENDP              153
+#define STORE_F_STORE_LIST_CERTIFICATE_NEXT              115
+#define STORE_F_STORE_LIST_CERTIFICATE_START             116
+#define STORE_F_STORE_LIST_CRL_END                       117
+#define STORE_F_STORE_LIST_CRL_ENDP                      154
+#define STORE_F_STORE_LIST_CRL_NEXT                      118
+#define STORE_F_STORE_LIST_CRL_START                     119
+#define STORE_F_STORE_LIST_PRIVATE_KEY_END               120
+#define STORE_F_STORE_LIST_PRIVATE_KEY_ENDP              155
+#define STORE_F_STORE_LIST_PRIVATE_KEY_NEXT              121
+#define STORE_F_STORE_LIST_PRIVATE_KEY_START             122
+#define STORE_F_STORE_LIST_PUBLIC_KEY_END                123
+#define STORE_F_STORE_LIST_PUBLIC_KEY_ENDP               156
+#define STORE_F_STORE_LIST_PUBLIC_KEY_NEXT               124
+#define STORE_F_STORE_LIST_PUBLIC_KEY_START              125
+#define STORE_F_STORE_MODIFY_ARBITRARY                   162
+#define STORE_F_STORE_MODIFY_CERTIFICATE                 163
+#define STORE_F_STORE_MODIFY_CRL                         164
+#define STORE_F_STORE_MODIFY_NUMBER                      165
+#define STORE_F_STORE_MODIFY_PRIVATE_KEY                 166
+#define STORE_F_STORE_MODIFY_PUBLIC_KEY                  167
+#define STORE_F_STORE_NEW_ENGINE                         133
+#define STORE_F_STORE_NEW_METHOD                         132
+#define STORE_F_STORE_PARSE_ATTRS_END                    151
+#define STORE_F_STORE_PARSE_ATTRS_ENDP                   172
+#define STORE_F_STORE_PARSE_ATTRS_NEXT                   152
+#define STORE_F_STORE_PARSE_ATTRS_START                  171
+#define STORE_F_STORE_REVOKE_CERTIFICATE                 129
+#define STORE_F_STORE_REVOKE_PRIVATE_KEY                 130
+#define STORE_F_STORE_REVOKE_PUBLIC_KEY                  131
+#define STORE_F_STORE_STORE_ARBITRARY                    157
+#define STORE_F_STORE_STORE_CERTIFICATE                  100
+#define STORE_F_STORE_STORE_CRL                          101
+#define STORE_F_STORE_STORE_NUMBER                       126
+#define STORE_F_STORE_STORE_PRIVATE_KEY                  127
+#define STORE_F_STORE_STORE_PUBLIC_KEY                   128
+/* Reason codes. */
+#define STORE_R_ALREADY_HAS_A_VALUE                      127
+#define STORE_R_FAILED_DELETING_ARBITRARY                132
+#define STORE_R_FAILED_DELETING_CERTIFICATE              100
+#define STORE_R_FAILED_DELETING_KEY                      101
+#define STORE_R_FAILED_DELETING_NUMBER                   102
+#define STORE_R_FAILED_GENERATING_CRL                    103
+#define STORE_R_FAILED_GENERATING_KEY                    104
+#define STORE_R_FAILED_GETTING_ARBITRARY                 133
+#define STORE_R_FAILED_GETTING_CERTIFICATE               105
+#define STORE_R_FAILED_GETTING_KEY                       106
+#define STORE_R_FAILED_GETTING_NUMBER                    107
+#define STORE_R_FAILED_LISTING_CERTIFICATES              108
+#define STORE_R_FAILED_LISTING_KEYS                      109
+#define STORE_R_FAILED_MODIFYING_ARBITRARY               138
+#define STORE_R_FAILED_MODIFYING_CERTIFICATE             139
+#define STORE_R_FAILED_MODIFYING_CRL                     140
+#define STORE_R_FAILED_MODIFYING_NUMBER                  141
+#define STORE_R_FAILED_MODIFYING_PRIVATE_KEY             142
+#define STORE_R_FAILED_MODIFYING_PUBLIC_KEY              143
+#define STORE_R_FAILED_REVOKING_CERTIFICATE              110
+#define STORE_R_FAILED_REVOKING_KEY                      111
+#define STORE_R_FAILED_STORING_ARBITRARY                 134
+#define STORE_R_FAILED_STORING_CERTIFICATE               112
+#define STORE_R_FAILED_STORING_KEY                       113
+#define STORE_R_FAILED_STORING_NUMBER                    114
+#define STORE_R_NOT_IMPLEMENTED                          128
+#define STORE_R_NO_CONTROL_FUNCTION                      144
+#define STORE_R_NO_DELETE_ARBITRARY_FUNCTION             135
+#define STORE_R_NO_DELETE_NUMBER_FUNCTION                115
+#define STORE_R_NO_DELETE_OBJECT_FUNCTION                116
+#define STORE_R_NO_GENERATE_CRL_FUNCTION                 117
+#define STORE_R_NO_GENERATE_OBJECT_FUNCTION              118
+#define STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION         136
+#define STORE_R_NO_GET_OBJECT_FUNCTION                   119
+#define STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION            120
+#define STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION             131
+#define STORE_R_NO_LIST_OBJECT_END_FUNCTION              121
+#define STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION             122
+#define STORE_R_NO_LIST_OBJECT_START_FUNCTION            123
+#define STORE_R_NO_MODIFY_OBJECT_FUNCTION                145
+#define STORE_R_NO_REVOKE_OBJECT_FUNCTION                124
+#define STORE_R_NO_STORE                                 129
+#define STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION       137
+#define STORE_R_NO_STORE_OBJECT_FUNCTION                 125
+#define STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION          126
+#define STORE_R_NO_VALUE                                 130
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/store/str_err.c b/src/lib/libcrypto/store/str_err.c
new file mode 100644
index 0000000000..6fee649822
--- /dev/null
+++ b/src/lib/libcrypto/store/str_err.c
@@ -0,0 +1,211 @@
+/* crypto/store/str_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/store.h>
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+#define ERR_FUNC(func) ERR_PACK(ERR_LIB_STORE,func,0)
+#define ERR_REASON(reason) ERR_PACK(ERR_LIB_STORE,0,reason)
+static ERR_STRING_DATA STORE_str_functs[]=
+        {
+{ERR_FUNC(STORE_F_MEM_DELETE),  "MEM_DELETE"},
+{ERR_FUNC(STORE_F_MEM_GENERATE),        "MEM_GENERATE"},
+{ERR_FUNC(STORE_F_MEM_LIST_END),        "MEM_LIST_END"},
+{ERR_FUNC(STORE_F_MEM_LIST_NEXT),       "MEM_LIST_NEXT"},
+{ERR_FUNC(STORE_F_MEM_LIST_START),      "MEM_LIST_START"},
+{ERR_FUNC(STORE_F_MEM_MODIFY),  "MEM_MODIFY"},
+{ERR_FUNC(STORE_F_MEM_STORE),   "MEM_STORE"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_CSTR),   "STORE_ATTR_INFO_get0_cstr"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_DN),     "STORE_ATTR_INFO_get0_dn"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_NUMBER), "STORE_ATTR_INFO_get0_number"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR),        "STORE_ATTR_INFO_get0_sha1str"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR), "STORE_ATTR_INFO_modify_cstr"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_DN),   "STORE_ATTR_INFO_modify_dn"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER),       "STORE_ATTR_INFO_modify_number"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR),      "STORE_ATTR_INFO_modify_sha1str"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_CSTR),    "STORE_ATTR_INFO_set_cstr"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_DN),      "STORE_ATTR_INFO_set_dn"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_NUMBER),  "STORE_ATTR_INFO_set_number"},
+{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_SHA1STR), "STORE_ATTR_INFO_set_sha1str"},
+{ERR_FUNC(STORE_F_STORE_CERTIFICATE),   "STORE_CERTIFICATE"},
+{ERR_FUNC(STORE_F_STORE_CTRL),  "STORE_ctrl"},
+{ERR_FUNC(STORE_F_STORE_DELETE_ARBITRARY),      "STORE_delete_arbitrary"},
+{ERR_FUNC(STORE_F_STORE_DELETE_CERTIFICATE),    "STORE_delete_certificate"},
+{ERR_FUNC(STORE_F_STORE_DELETE_CRL),    "STORE_delete_crl"},
+{ERR_FUNC(STORE_F_STORE_DELETE_NUMBER), "STORE_delete_number"},
+{ERR_FUNC(STORE_F_STORE_DELETE_PRIVATE_KEY),    "STORE_delete_private_key"},
+{ERR_FUNC(STORE_F_STORE_DELETE_PUBLIC_KEY),     "STORE_delete_public_key"},
+{ERR_FUNC(STORE_F_STORE_GENERATE_CRL),  "STORE_generate_crl"},
+{ERR_FUNC(STORE_F_STORE_GENERATE_KEY),  "STORE_generate_key"},
+{ERR_FUNC(STORE_F_STORE_GET_ARBITRARY), "STORE_get_arbitrary"},
+{ERR_FUNC(STORE_F_STORE_GET_CERTIFICATE),       "STORE_get_certificate"},
+{ERR_FUNC(STORE_F_STORE_GET_CRL),       "STORE_get_crl"},
+{ERR_FUNC(STORE_F_STORE_GET_NUMBER),    "STORE_get_number"},
+{ERR_FUNC(STORE_F_STORE_GET_PRIVATE_KEY),       "STORE_get_private_key"},
+{ERR_FUNC(STORE_F_STORE_GET_PUBLIC_KEY),        "STORE_get_public_key"},
+{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_END),  "STORE_list_certificate_end"},
+{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_ENDP), "STORE_list_certificate_endp"},
+{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_NEXT), "STORE_list_certificate_next"},
+{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_START),        "STORE_list_certificate_start"},
+{ERR_FUNC(STORE_F_STORE_LIST_CRL_END),  "STORE_list_crl_end"},
+{ERR_FUNC(STORE_F_STORE_LIST_CRL_ENDP), "STORE_list_crl_endp"},
+{ERR_FUNC(STORE_F_STORE_LIST_CRL_NEXT), "STORE_list_crl_next"},
+{ERR_FUNC(STORE_F_STORE_LIST_CRL_START),        "STORE_list_crl_start"},
+{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_END),  "STORE_list_private_key_end"},
+{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP), "STORE_list_private_key_endp"},
+{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT), "STORE_list_private_key_next"},
+{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_START),        "STORE_list_private_key_start"},
+{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_END),   "STORE_list_public_key_end"},
+{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP),  "STORE_list_public_key_endp"},
+{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT),  "STORE_list_public_key_next"},
+{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_START), "STORE_list_public_key_start"},
+{ERR_FUNC(STORE_F_STORE_MODIFY_ARBITRARY),      "STORE_modify_arbitrary"},
+{ERR_FUNC(STORE_F_STORE_MODIFY_CERTIFICATE),    "STORE_modify_certificate"},
+{ERR_FUNC(STORE_F_STORE_MODIFY_CRL),    "STORE_modify_crl"},
+{ERR_FUNC(STORE_F_STORE_MODIFY_NUMBER), "STORE_modify_number"},
+{ERR_FUNC(STORE_F_STORE_MODIFY_PRIVATE_KEY),    "STORE_modify_private_key"},
+{ERR_FUNC(STORE_F_STORE_MODIFY_PUBLIC_KEY),     "STORE_modify_public_key"},
+{ERR_FUNC(STORE_F_STORE_NEW_ENGINE),    "STORE_new_engine"},
+{ERR_FUNC(STORE_F_STORE_NEW_METHOD),    "STORE_new_method"},
+{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_END),       "STORE_parse_attrs_end"},
+{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_ENDP),      "STORE_parse_attrs_endp"},
+{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_NEXT),      "STORE_parse_attrs_next"},
+{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_START),     "STORE_parse_attrs_start"},
+{ERR_FUNC(STORE_F_STORE_REVOKE_CERTIFICATE),    "STORE_revoke_certificate"},
+{ERR_FUNC(STORE_F_STORE_REVOKE_PRIVATE_KEY),    "STORE_revoke_private_key"},
+{ERR_FUNC(STORE_F_STORE_REVOKE_PUBLIC_KEY),     "STORE_revoke_public_key"},
+{ERR_FUNC(STORE_F_STORE_STORE_ARBITRARY),       "STORE_store_arbitrary"},
+{ERR_FUNC(STORE_F_STORE_STORE_CERTIFICATE),     "STORE_store_certificate"},
+{ERR_FUNC(STORE_F_STORE_STORE_CRL),     "STORE_store_crl"},
+{ERR_FUNC(STORE_F_STORE_STORE_NUMBER),  "STORE_store_number"},
+{ERR_FUNC(STORE_F_STORE_STORE_PRIVATE_KEY),     "STORE_store_private_key"},
+{ERR_FUNC(STORE_F_STORE_STORE_PUBLIC_KEY),      "STORE_store_public_key"},
+{0,NULL}
+        };
+static ERR_STRING_DATA STORE_str_reasons[]=
+        {
+{ERR_REASON(STORE_R_ALREADY_HAS_A_VALUE) ,"already has a value"},
+{ERR_REASON(STORE_R_FAILED_DELETING_ARBITRARY),"failed deleting arbitrary"},
+{ERR_REASON(STORE_R_FAILED_DELETING_CERTIFICATE),"failed deleting certificate"},
+{ERR_REASON(STORE_R_FAILED_DELETING_KEY) ,"failed deleting key"},
+{ERR_REASON(STORE_R_FAILED_DELETING_NUMBER),"failed deleting number"},
+{ERR_REASON(STORE_R_FAILED_GENERATING_CRL),"failed generating crl"},
+{ERR_REASON(STORE_R_FAILED_GENERATING_KEY),"failed generating key"},
+{ERR_REASON(STORE_R_FAILED_GETTING_ARBITRARY),"failed getting arbitrary"},
+{ERR_REASON(STORE_R_FAILED_GETTING_CERTIFICATE),"failed getting certificate"},
+{ERR_REASON(STORE_R_FAILED_GETTING_KEY)  ,"failed getting key"},
+{ERR_REASON(STORE_R_FAILED_GETTING_NUMBER),"failed getting number"},
+{ERR_REASON(STORE_R_FAILED_LISTING_CERTIFICATES),"failed listing certificates"},
+{ERR_REASON(STORE_R_FAILED_LISTING_KEYS) ,"failed listing keys"},
+{ERR_REASON(STORE_R_FAILED_MODIFYING_ARBITRARY),"failed modifying arbitrary"},
+{ERR_REASON(STORE_R_FAILED_MODIFYING_CERTIFICATE),"failed modifying certificate"},
+{ERR_REASON(STORE_R_FAILED_MODIFYING_CRL),"failed modifying crl"},
+{ERR_REASON(STORE_R_FAILED_MODIFYING_NUMBER),"failed modifying number"},
+{ERR_REASON(STORE_R_FAILED_MODIFYING_PRIVATE_KEY),"failed modifying private key"},
+{ERR_REASON(STORE_R_FAILED_MODIFYING_PUBLIC_KEY),"failed modifying public key"},
+{ERR_REASON(STORE_R_FAILED_REVOKING_CERTIFICATE),"failed revoking certificate"},
+{ERR_REASON(STORE_R_FAILED_REVOKING_KEY) ,"failed revoking key"},
+{ERR_REASON(STORE_R_FAILED_STORING_ARBITRARY),"failed storing arbitrary"},
+{ERR_REASON(STORE_R_FAILED_STORING_CERTIFICATE),"failed storing certificate"},
+{ERR_REASON(STORE_R_FAILED_STORING_KEY)  ,"failed storing key"},
+{ERR_REASON(STORE_R_FAILED_STORING_NUMBER),"failed storing number"},
+{ERR_REASON(STORE_R_NOT_IMPLEMENTED)     ,"not implemented"},
+{ERR_REASON(STORE_R_NO_CONTROL_FUNCTION) ,"no control function"},
+{ERR_REASON(STORE_R_NO_DELETE_ARBITRARY_FUNCTION),"no delete arbitrary function"},
+{ERR_REASON(STORE_R_NO_DELETE_NUMBER_FUNCTION),"no delete number function"},
+{ERR_REASON(STORE_R_NO_DELETE_OBJECT_FUNCTION),"no delete object function"},
+{ERR_REASON(STORE_R_NO_GENERATE_CRL_FUNCTION),"no generate crl function"},
+{ERR_REASON(STORE_R_NO_GENERATE_OBJECT_FUNCTION),"no generate object function"},
+{ERR_REASON(STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION),"no get object arbitrary function"},
+{ERR_REASON(STORE_R_NO_GET_OBJECT_FUNCTION),"no get object function"},
+{ERR_REASON(STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION),"no get object number function"},
+{ERR_REASON(STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION),"no list object endp function"},
+{ERR_REASON(STORE_R_NO_LIST_OBJECT_END_FUNCTION),"no list object end function"},
+{ERR_REASON(STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION),"no list object next function"},
+{ERR_REASON(STORE_R_NO_LIST_OBJECT_START_FUNCTION),"no list object start function"},
+{ERR_REASON(STORE_R_NO_MODIFY_OBJECT_FUNCTION),"no modify object function"},
+{ERR_REASON(STORE_R_NO_REVOKE_OBJECT_FUNCTION),"no revoke object function"},
+{ERR_REASON(STORE_R_NO_STORE)            ,"no store"},
+{ERR_REASON(STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION),"no store object arbitrary function"},
+{ERR_REASON(STORE_R_NO_STORE_OBJECT_FUNCTION),"no store object function"},
+{ERR_REASON(STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION),"no store object number function"},
+{ERR_REASON(STORE_R_NO_VALUE)            ,"no value"},
+{0,NULL}
+        };
+#endif
+void ERR_load_STORE_strings(void)
+        {
+#ifndef OPENSSL_NO_ERR
+        if (ERR_func_error_string(STORE_str_functs[0].error) == NULL)
+                {
+                ERR_load_strings(0,STORE_str_functs);
+                ERR_load_strings(0,STORE_str_reasons);
+                }
+#endif
+        }
diff --git a/src/lib/libcrypto/store/str_lib.c b/src/lib/libcrypto/store/str_lib.c
new file mode 100644
index 0000000000..32ae5bd395
--- /dev/null
+++ b/src/lib/libcrypto/store/str_lib.c
@@ -0,0 +1,1824 @@
+/* crypto/store/str_lib.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <string.h>
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+#include <openssl/sha.h>
+#include <openssl/x509.h>
+#include "str_locl.h"
+const char * const STORE_object_type_string[STORE_OBJECT_TYPE_NUM+1] =
+        {
+        0,
+        "X.509 Certificate",
+        "X.509 CRL",
+        "Private Key",
+        "Public Key",
+        "Number",
+        "Arbitrary Data"
+        };
+const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1] =
+        {
+        0,
+        sizeof(int),            /* EVP_TYPE */
+        sizeof(size_t),         /* BITS */
+        -1,                     /* KEY_PARAMETERS */
+        0                       /* KEY_NO_PARAMETERS */
+        };      
+const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM+1] =
+        {
+        0,
+        -1,                     /* FRIENDLYNAME:        C string */
+        SHA_DIGEST_LENGTH,      /* KEYID:               SHA1 digest, 160 bits */
+        SHA_DIGEST_LENGTH,      /* ISSUERKEYID:         SHA1 digest, 160 bits */
+        SHA_DIGEST_LENGTH,      /* SUBJECTKEYID:        SHA1 digest, 160 bits */
+        SHA_DIGEST_LENGTH,      /* ISSUERSERIALHASH:    SHA1 digest, 160 bits */
+        sizeof(X509_NAME *),    /* ISSUER:              X509_NAME * */
+        sizeof(BIGNUM *),       /* SERIAL:              BIGNUM * */
+        sizeof(X509_NAME *),    /* SUBJECT:             X509_NAME * */
+        SHA_DIGEST_LENGTH,      /* CERTHASH:            SHA1 digest, 160 bits */
+        -1,                     /* EMAIL:               C string */
+        -1,                     /* FILENAME:            C string */
+        };      
+STORE *STORE_new_method(const STORE_METHOD *method)
+        {
+        STORE *ret;
+        if (method == NULL)
+                {
+                STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        ret=(STORE *)OPENSSL_malloc(sizeof(STORE));
+        if (ret == NULL)
+                {
+                STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_MALLOC_FAILURE);
+                return NULL;
+                }
+        ret->meth=method;
+        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_STORE, ret, &ret->ex_data);
+        if (ret->meth->init && !ret->meth->init(ret))
+                {
+                STORE_free(ret);
+                ret = NULL;
+                }
+        return ret;
+        }
+STORE *STORE_new_engine(ENGINE *engine)
+        {
+        STORE *ret = NULL;
+        ENGINE *e = engine;
+        const STORE_METHOD *meth = 0;
+#ifdef OPENSSL_NO_ENGINE
+        e = NULL;
+#else
+        if (engine)
+                {
+                if (!ENGINE_init(engine))
+                        {
+                        STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB);
+                        return NULL;
+                        }
+                e = engine;
+                }
+        else
+                {
+                STOREerr(STORE_F_STORE_NEW_ENGINE,ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        if(e)
+                {
+                meth = ENGINE_get_STORE(e);
+                if(!meth)
+                        {
+                        STOREerr(STORE_F_STORE_NEW_ENGINE,
+                                ERR_R_ENGINE_LIB);
+                        ENGINE_finish(e);
+                        return NULL;
+                        }
+                }
+#endif
+        ret = STORE_new_method(meth);
+        if (ret == NULL)
+                {
+                STOREerr(STORE_F_STORE_NEW_ENGINE,ERR_R_STORE_LIB);
+                return NULL;
+                }
+        ret->engine = e;
+        return(ret);
+        }
+void STORE_free(STORE *store)
+        {
+        if (store == NULL)
+                return;
+        if (store->meth->clean)
+                store->meth->clean(store);
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_STORE, store, &store->ex_data);
+        OPENSSL_free(store);
+        }
+int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f)(void))
+        {
+        if (store == NULL)
+                {
+                STOREerr(STORE_F_STORE_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if (store->meth->ctrl)
+                return store->meth->ctrl(store, cmd, i, p, f);
+        STOREerr(STORE_F_STORE_CTRL,STORE_R_NO_CONTROL_FUNCTION);
+        return 0;
+        }
+int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+        {
+        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_STORE, argl, argp,
+                                new_func, dup_func, free_func);
+        }
+int STORE_set_ex_data(STORE *r, int idx, void *arg)
+        {
+        return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
+        }
+void *STORE_get_ex_data(STORE *r, int idx)
+        {
+        return(CRYPTO_get_ex_data(&r->ex_data,idx));
+        }
+const STORE_METHOD *STORE_get_method(STORE *store)
+        {
+        return store->meth;
+        }
+const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth)
+        {
+        store->meth=meth;
+        return store->meth;
+        }
+/* API helpers */
+#define check_store(s,fncode,fnname,fnerrcode) \
+        do \
+                { \
+                if ((s) == NULL || (s)->meth == NULL) \
+                        { \
+                        STOREerr((fncode), ERR_R_PASSED_NULL_PARAMETER); \
+                        return 0; \
+                        } \
+                if ((s)->meth->fnname == NULL) \
+                        { \
+                        STOREerr((fncode), (fnerrcode)); \
+                        return 0; \
+                        } \
+                } \
+        while(0)
+/* API functions */
+X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        X509 *x;
+        check_store(s,STORE_F_STORE_GET_CERTIFICATE,
+                get_object,STORE_R_NO_GET_OBJECT_FUNCTION);
+        object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
+                attributes, parameters);
+        if (!object || !object->data.x509.certificate)
+                {
+                STOREerr(STORE_F_STORE_GET_CERTIFICATE,
+                        STORE_R_FAILED_GETTING_CERTIFICATE);
+                return 0;
+                }
+        CRYPTO_add(&object->data.x509.certificate->references,1,CRYPTO_LOCK_X509);
+#ifdef REF_PRINT
+        REF_PRINT("X509",data);
+#endif
+        x = object->data.x509.certificate;
+        STORE_OBJECT_free(object);
+        return x;
+        }
+int STORE_store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        int i;
+        check_store(s,STORE_F_STORE_CERTIFICATE,
+                store_object,STORE_R_NO_STORE_OBJECT_FUNCTION);
+        object = STORE_OBJECT_new();
+        if (!object)
+                {
+                STOREerr(STORE_F_STORE_STORE_CERTIFICATE,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        
+        CRYPTO_add(&data->references,1,CRYPTO_LOCK_X509);
+#ifdef REF_PRINT
+        REF_PRINT("X509",data);
+#endif
+        object->data.x509.certificate = data;
+        i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
+                object, attributes, parameters);
+        STORE_OBJECT_free(object);
+        if (!i)
+                {
+                STOREerr(STORE_F_STORE_STORE_CERTIFICATE,
+                        STORE_R_FAILED_STORING_CERTIFICATE);
+                return 0;
+                }
+        return 1;
+        }
+int STORE_modify_certificate(STORE *s, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_MODIFY_CERTIFICATE,
+                modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+        if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
+                    search_attributes, add_attributes, modify_attributes,
+                    delete_attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_MODIFY_CERTIFICATE,
+                        STORE_R_FAILED_MODIFYING_CERTIFICATE);
+                return 0;
+                }
+        return 1;
+        }
+int STORE_revoke_certificate(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_REVOKE_CERTIFICATE,
+                revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION);
+        if (!s->meth->revoke_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
+                    attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_REVOKE_CERTIFICATE,
+                        STORE_R_FAILED_REVOKING_CERTIFICATE);
+                return 0;
+                }
+        return 1;
+        }
+int STORE_delete_certificate(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_DELETE_CERTIFICATE,
+                delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION);
+        if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
+                    attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_DELETE_CERTIFICATE,
+                        STORE_R_FAILED_DELETING_CERTIFICATE);
+                return 0;
+                }
+        return 1;
+        }
+void *STORE_list_certificate_start(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        void *handle;
+        check_store(s,STORE_F_STORE_LIST_CERTIFICATE_START,
+                list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION);
+        handle = s->meth->list_object_start(s,
+                STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes, parameters);
+        if (!handle)
+                {
+                STOREerr(STORE_F_STORE_LIST_CERTIFICATE_START,
+                        STORE_R_FAILED_LISTING_CERTIFICATES);
+                return 0;
+                }
+        return handle;
+        }
+X509 *STORE_list_certificate_next(STORE *s, void *handle)
+        {
+        STORE_OBJECT *object;
+        X509 *x;
+        check_store(s,STORE_F_STORE_LIST_CERTIFICATE_NEXT,
+                list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
+        object = s->meth->list_object_next(s, handle);
+        if (!object || !object->data.x509.certificate)
+                {
+                STOREerr(STORE_F_STORE_LIST_CERTIFICATE_NEXT,
+                        STORE_R_FAILED_LISTING_CERTIFICATES);
+                return 0;
+                }
+        CRYPTO_add(&object->data.x509.certificate->references,1,CRYPTO_LOCK_X509);
+#ifdef REF_PRINT
+        REF_PRINT("X509",data);
+#endif
+        x = object->data.x509.certificate;
+        STORE_OBJECT_free(object);
+        return x;
+        }
+int STORE_list_certificate_end(STORE *s, void *handle)
+        {
+        check_store(s,STORE_F_STORE_LIST_CERTIFICATE_END,
+                list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION);
+        if (!s->meth->list_object_end(s, handle))
+                {
+                STOREerr(STORE_F_STORE_LIST_CERTIFICATE_END,
+                        STORE_R_FAILED_LISTING_CERTIFICATES);
+                return 0;
+                }
+        return 1;
+        }
+int STORE_list_certificate_endp(STORE *s, void *handle)
+        {
+        check_store(s,STORE_F_STORE_LIST_CERTIFICATE_ENDP,
+                list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
+        if (!s->meth->list_object_endp(s, handle))
+                {
+                STOREerr(STORE_F_STORE_LIST_CERTIFICATE_ENDP,
+                        STORE_R_FAILED_LISTING_CERTIFICATES);
+                return 0;
+                }
+        return 1;
+        }
+EVP_PKEY *STORE_generate_key(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        EVP_PKEY *pkey;
+        check_store(s,STORE_F_STORE_GENERATE_KEY,
+                generate_object,STORE_R_NO_GENERATE_OBJECT_FUNCTION);
+        object = s->meth->generate_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+                attributes, parameters);
+        if (!object || !object->data.key)
+                {
+                STOREerr(STORE_F_STORE_GENERATE_KEY,
+                        STORE_R_FAILED_GENERATING_KEY);
+                return 0;
+                }
+        CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+        REF_PRINT("EVP_PKEY",data);
+#endif
+        pkey = object->data.key;
+        STORE_OBJECT_free(object);
+        return pkey;
+        }
+EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        EVP_PKEY *pkey;
+        check_store(s,STORE_F_STORE_GET_PRIVATE_KEY,
+                get_object,STORE_R_NO_GET_OBJECT_FUNCTION);
+        object = s->meth->get_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+                attributes, parameters);
+        if (!object || !object->data.key || !object->data.key)
+                {
+                STOREerr(STORE_F_STORE_GET_PRIVATE_KEY,
+                        STORE_R_FAILED_GETTING_KEY);
+                return 0;
+                }
+        CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+        REF_PRINT("EVP_PKEY",data);
+#endif
+        pkey = object->data.key;
+        STORE_OBJECT_free(object);
+        return pkey;
+        }
+int STORE_store_private_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        int i;
+        check_store(s,STORE_F_STORE_STORE_PRIVATE_KEY,
+                store_object,STORE_R_NO_STORE_OBJECT_FUNCTION);
+        object = STORE_OBJECT_new();
+        if (!object)
+                {
+                STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        object->data.key = EVP_PKEY_new();
+        if (!object->data.key)
+                {
+                STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        
+        CRYPTO_add(&data->references,1,CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+        REF_PRINT("EVP_PKEY",data);
+#endif
+        object->data.key = data;
+        i = s->meth->store_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, object,
+                attributes, parameters);
+        STORE_OBJECT_free(object);
+        if (!i)
+                {
+                STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY,
+                        STORE_R_FAILED_STORING_KEY);
+                return 0;
+                }
+        return i;
+        }
+int STORE_modify_private_key(STORE *s, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_MODIFY_PRIVATE_KEY,
+                modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+        if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+                    search_attributes, add_attributes, modify_attributes,
+                    delete_attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_MODIFY_PRIVATE_KEY,
+                        STORE_R_FAILED_MODIFYING_PRIVATE_KEY);
+                return 0;
+                }
+        return 1;
+        }
+int STORE_revoke_private_key(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        int i;
+        check_store(s,STORE_F_STORE_REVOKE_PRIVATE_KEY,
+                revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION);
+        i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+                attributes, parameters);
+        if (!i)
+                {
+                STOREerr(STORE_F_STORE_REVOKE_PRIVATE_KEY,
+                        STORE_R_FAILED_REVOKING_KEY);
+                return 0;
+                }
+        return i;
+        }
+int STORE_delete_private_key(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_DELETE_PRIVATE_KEY,
+                delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION);
+        
+        if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+                    attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_DELETE_PRIVATE_KEY,
+                        STORE_R_FAILED_DELETING_KEY);
+                return 0;
+                }
+        return 1;
+        }
+void *STORE_list_private_key_start(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        void *handle;
+        check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_START,
+                list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION);
+        handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+                attributes, parameters);
+        if (!handle)
+                {
+                STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_START,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        return handle;
+        }
+EVP_PKEY *STORE_list_private_key_next(STORE *s, void *handle)
+        {
+        STORE_OBJECT *object;
+        EVP_PKEY *pkey;
+        check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,
+                list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
+        object = s->meth->list_object_next(s, handle);
+        if (!object || !object->data.key || !object->data.key)
+                {
+                STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+        REF_PRINT("EVP_PKEY",data);
+#endif
+        pkey = object->data.key;
+        STORE_OBJECT_free(object);
+        return pkey;
+        }
+int STORE_list_private_key_end(STORE *s, void *handle)
+        {
+        check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_END,
+                list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION);
+        if (!s->meth->list_object_end(s, handle))
+                {
+                STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_END,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        return 1;
+        }
+int STORE_list_private_key_endp(STORE *s, void *handle)
+        {
+        check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_ENDP,
+                list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
+        if (!s->meth->list_object_endp(s, handle))
+                {
+                STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        return 1;
+        }
+EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        EVP_PKEY *pkey;
+        check_store(s,STORE_F_STORE_GET_PUBLIC_KEY,
+                get_object,STORE_R_NO_GET_OBJECT_FUNCTION);
+        object = s->meth->get_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
+                attributes, parameters);
+        if (!object || !object->data.key || !object->data.key)
+                {
+                STOREerr(STORE_F_STORE_GET_PUBLIC_KEY,
+                        STORE_R_FAILED_GETTING_KEY);
+                return 0;
+                }
+        CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+        REF_PRINT("EVP_PKEY",data);
+#endif
+        pkey = object->data.key;
+        STORE_OBJECT_free(object);
+        return pkey;
+        }
+int STORE_store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        int i;
+        check_store(s,STORE_F_STORE_STORE_PUBLIC_KEY,
+                store_object,STORE_R_NO_STORE_OBJECT_FUNCTION);
+        object = STORE_OBJECT_new();
+        if (!object)
+                {
+                STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        object->data.key = EVP_PKEY_new();
+        if (!object->data.key)
+                {
+                STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        
+        CRYPTO_add(&data->references,1,CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+        REF_PRINT("EVP_PKEY",data);
+#endif
+        object->data.key = data;
+        i = s->meth->store_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, object,
+                attributes, parameters);
+        STORE_OBJECT_free(object);
+        if (!i)
+                {
+                STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY,
+                        STORE_R_FAILED_STORING_KEY);
+                return 0;
+                }
+        return i;
+        }
+int STORE_modify_public_key(STORE *s, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_MODIFY_PUBLIC_KEY,
+                modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+        if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
+                    search_attributes, add_attributes, modify_attributes,
+                    delete_attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_MODIFY_PUBLIC_KEY,
+                        STORE_R_FAILED_MODIFYING_PUBLIC_KEY);
+                return 0;
+                }
+        return 1;
+        }
+int STORE_revoke_public_key(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        int i;
+        check_store(s,STORE_F_STORE_REVOKE_PUBLIC_KEY,
+                revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION);
+        i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
+                attributes, parameters);
+        if (!i)
+                {
+                STOREerr(STORE_F_STORE_REVOKE_PUBLIC_KEY,
+                        STORE_R_FAILED_REVOKING_KEY);
+                return 0;
+                }
+        return i;
+        }
+int STORE_delete_public_key(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_DELETE_PUBLIC_KEY,
+                delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION);
+        
+        if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
+                    attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_DELETE_PUBLIC_KEY,
+                        STORE_R_FAILED_DELETING_KEY);
+                return 0;
+                }
+        return 1;
+        }
+void *STORE_list_public_key_start(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        void *handle;
+        check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_START,
+                list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION);
+        handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
+                attributes, parameters);
+        if (!handle)
+                {
+                STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_START,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        return handle;
+        }
+EVP_PKEY *STORE_list_public_key_next(STORE *s, void *handle)
+        {
+        STORE_OBJECT *object;
+        EVP_PKEY *pkey;
+        check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,
+                list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
+        object = s->meth->list_object_next(s, handle);
+        if (!object || !object->data.key || !object->data.key)
+                {
+                STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);
+#ifdef REF_PRINT
+        REF_PRINT("EVP_PKEY",data);
+#endif
+        pkey = object->data.key;
+        STORE_OBJECT_free(object);
+        return pkey;
+        }
+int STORE_list_public_key_end(STORE *s, void *handle)
+        {
+        check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_END,
+                list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION);
+        if (!s->meth->list_object_end(s, handle))
+                {
+                STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_END,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        return 1;
+        }
+int STORE_list_public_key_endp(STORE *s, void *handle)
+        {
+        check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,
+                list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
+        if (!s->meth->list_object_endp(s, handle))
+                {
+                STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        return 1;
+        }
+X509_CRL *STORE_generate_crl(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        X509_CRL *crl;
+        check_store(s,STORE_F_STORE_GENERATE_CRL,
+                generate_object,STORE_R_NO_GENERATE_CRL_FUNCTION);
+        object = s->meth->generate_object(s, STORE_OBJECT_TYPE_X509_CRL,
+                attributes, parameters);
+        if (!object || !object->data.crl)
+                {
+                STOREerr(STORE_F_STORE_GENERATE_CRL,
+                        STORE_R_FAILED_GENERATING_CRL);
+                return 0;
+                }
+        CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
+#ifdef REF_PRINT
+        REF_PRINT("X509_CRL",data);
+#endif
+        crl = object->data.crl;
+        STORE_OBJECT_free(object);
+        return crl;
+        }
+X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        X509_CRL *crl;
+        check_store(s,STORE_F_STORE_GET_CRL,
+                get_object,STORE_R_NO_GET_OBJECT_FUNCTION);
+        object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CRL,
+                attributes, parameters);
+        if (!object || !object->data.crl)
+                {
+                STOREerr(STORE_F_STORE_GET_CRL,
+                        STORE_R_FAILED_GETTING_KEY);
+                return 0;
+                }
+        CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
+#ifdef REF_PRINT
+        REF_PRINT("X509_CRL",data);
+#endif
+        crl = object->data.crl;
+        STORE_OBJECT_free(object);
+        return crl;
+        }
+int STORE_store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        int i;
+        check_store(s,STORE_F_STORE_STORE_CRL,
+                store_object,STORE_R_NO_STORE_OBJECT_FUNCTION);
+        object = STORE_OBJECT_new();
+        if (!object)
+                {
+                STOREerr(STORE_F_STORE_STORE_CRL,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        
+        CRYPTO_add(&data->references,1,CRYPTO_LOCK_X509_CRL);
+#ifdef REF_PRINT
+        REF_PRINT("X509_CRL",data);
+#endif
+        object->data.crl = data;
+        i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CRL, object,
+                attributes, parameters);
+        STORE_OBJECT_free(object);
+        if (!i)
+                {
+                STOREerr(STORE_F_STORE_STORE_CRL,
+                        STORE_R_FAILED_STORING_KEY);
+                return 0;
+                }
+        return i;
+        }
+int STORE_modify_crl(STORE *s, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_MODIFY_CRL,
+                modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+        if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CRL,
+                    search_attributes, add_attributes, modify_attributes,
+                    delete_attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_MODIFY_CRL,
+                        STORE_R_FAILED_MODIFYING_CRL);
+                return 0;
+                }
+        return 1;
+        }
+int STORE_delete_crl(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_DELETE_CRL,
+                delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION);
+        
+        if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CRL,
+                    attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_DELETE_CRL,
+                        STORE_R_FAILED_DELETING_KEY);
+                return 0;
+                }
+        return 1;
+        }
+void *STORE_list_crl_start(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        void *handle;
+        check_store(s,STORE_F_STORE_LIST_CRL_START,
+                list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION);
+        handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CRL,
+                attributes, parameters);
+        if (!handle)
+                {
+                STOREerr(STORE_F_STORE_LIST_CRL_START,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        return handle;
+        }
+X509_CRL *STORE_list_crl_next(STORE *s, void *handle)
+        {
+        STORE_OBJECT *object;
+        X509_CRL *crl;
+        check_store(s,STORE_F_STORE_LIST_CRL_NEXT,
+                list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
+        object = s->meth->list_object_next(s, handle);
+        if (!object || !object->data.crl)
+                {
+                STOREerr(STORE_F_STORE_LIST_CRL_NEXT,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
+#ifdef REF_PRINT
+        REF_PRINT("X509_CRL",data);
+#endif
+        crl = object->data.crl;
+        STORE_OBJECT_free(object);
+        return crl;
+        }
+int STORE_list_crl_end(STORE *s, void *handle)
+        {
+        check_store(s,STORE_F_STORE_LIST_CRL_END,
+                list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION);
+        if (!s->meth->list_object_end(s, handle))
+                {
+                STOREerr(STORE_F_STORE_LIST_CRL_END,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        return 1;
+        }
+int STORE_list_crl_endp(STORE *s, void *handle)
+        {
+        check_store(s,STORE_F_STORE_LIST_CRL_ENDP,
+                list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
+        if (!s->meth->list_object_endp(s, handle))
+                {
+                STOREerr(STORE_F_STORE_LIST_CRL_ENDP,
+                        STORE_R_FAILED_LISTING_KEYS);
+                return 0;
+                }
+        return 1;
+        }
+int STORE_store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        int i;
+        check_store(s,STORE_F_STORE_STORE_NUMBER,
+                store_object,STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION);
+        object = STORE_OBJECT_new();
+        if (!object)
+                {
+                STOREerr(STORE_F_STORE_STORE_NUMBER,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        
+        object->data.number = data;
+        i = s->meth->store_object(s, STORE_OBJECT_TYPE_NUMBER, object,
+                attributes, parameters);
+        STORE_OBJECT_free(object);
+        if (!i)
+                {
+                STOREerr(STORE_F_STORE_STORE_NUMBER,
+                        STORE_R_FAILED_STORING_NUMBER);
+                return 0;
+                }
+        return 1;
+        }
+int STORE_modify_number(STORE *s, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_MODIFY_NUMBER,
+                modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+        if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_NUMBER,
+                    search_attributes, add_attributes, modify_attributes,
+                    delete_attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_MODIFY_NUMBER,
+                        STORE_R_FAILED_MODIFYING_NUMBER);
+                return 0;
+                }
+        return 1;
+        }
+BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        BIGNUM *n;
+        check_store(s,STORE_F_STORE_GET_NUMBER,
+                get_object,STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION);
+        object = s->meth->get_object(s, STORE_OBJECT_TYPE_NUMBER, attributes,
+                parameters);
+        if (!object || !object->data.number)
+                {
+                STOREerr(STORE_F_STORE_GET_NUMBER,
+                        STORE_R_FAILED_GETTING_NUMBER);
+                return 0;
+                }
+        n = object->data.number;
+        object->data.number = NULL;
+        STORE_OBJECT_free(object);
+        return n;
+        }
+int STORE_delete_number(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_DELETE_NUMBER,
+                delete_object,STORE_R_NO_DELETE_NUMBER_FUNCTION);
+        if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_NUMBER, attributes,
+                    parameters))
+                {
+                STOREerr(STORE_F_STORE_DELETE_NUMBER,
+                        STORE_R_FAILED_DELETING_NUMBER);
+                return 0;
+                }
+        return 1;
+        }
+int STORE_store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        int i;
+        check_store(s,STORE_F_STORE_STORE_ARBITRARY,
+                store_object,STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION);
+        object = STORE_OBJECT_new();
+        if (!object)
+                {
+                STOREerr(STORE_F_STORE_STORE_ARBITRARY,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        
+        object->data.arbitrary = data;
+        i = s->meth->store_object(s, STORE_OBJECT_TYPE_ARBITRARY, object,
+                attributes, parameters);
+        STORE_OBJECT_free(object);
+        if (!i)
+                {
+                STOREerr(STORE_F_STORE_STORE_ARBITRARY,
+                        STORE_R_FAILED_STORING_ARBITRARY);
+                return 0;
+                }
+        return 1;
+        }
+int STORE_modify_arbitrary(STORE *s, OPENSSL_ITEM search_attributes[],
+        OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
+        OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_MODIFY_ARBITRARY,
+                modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+        if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_ARBITRARY,
+                    search_attributes, add_attributes, modify_attributes,
+                    delete_attributes, parameters))
+                {
+                STOREerr(STORE_F_STORE_MODIFY_ARBITRARY,
+                        STORE_R_FAILED_MODIFYING_ARBITRARY);
+                return 0;
+                }
+        return 1;
+        }
+BUF_MEM *STORE_get_arbitrary(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STORE_OBJECT *object;
+        BUF_MEM *b;
+        check_store(s,STORE_F_STORE_GET_ARBITRARY,
+                get_object,STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION);
+        object = s->meth->get_object(s, STORE_OBJECT_TYPE_ARBITRARY,
+                attributes, parameters);
+        if (!object || !object->data.arbitrary)
+                {
+                STOREerr(STORE_F_STORE_GET_ARBITRARY,
+                        STORE_R_FAILED_GETTING_ARBITRARY);
+                return 0;
+                }
+        b = object->data.arbitrary;
+        object->data.arbitrary = NULL;
+        STORE_OBJECT_free(object);
+        return b;
+        }
+int STORE_delete_arbitrary(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        check_store(s,STORE_F_STORE_DELETE_ARBITRARY,
+                delete_object,STORE_R_NO_DELETE_ARBITRARY_FUNCTION);
+        if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_ARBITRARY, attributes,
+                    parameters))
+                {
+                STOREerr(STORE_F_STORE_DELETE_ARBITRARY,
+                        STORE_R_FAILED_DELETING_ARBITRARY);
+                return 0;
+                }
+        return 1;
+        }
+STORE_OBJECT *STORE_OBJECT_new(void)
+        {
+        STORE_OBJECT *object = OPENSSL_malloc(sizeof(STORE_OBJECT));
+        if (object) memset(object, 0, sizeof(STORE_OBJECT));
+        return object;
+        }
+void STORE_OBJECT_free(STORE_OBJECT *data)
+        {
+        if (!data) return;
+        switch (data->type)
+                {
+        case STORE_OBJECT_TYPE_X509_CERTIFICATE:
+                X509_free(data->data.x509.certificate);
+                break;
+        case STORE_OBJECT_TYPE_X509_CRL:
+                X509_CRL_free(data->data.crl);
+                break;
+        case STORE_OBJECT_TYPE_PRIVATE_KEY:
+        case STORE_OBJECT_TYPE_PUBLIC_KEY:
+                EVP_PKEY_free(data->data.key);
+                break;
+        case STORE_OBJECT_TYPE_NUMBER:
+                BN_free(data->data.number);
+                break;
+        case STORE_OBJECT_TYPE_ARBITRARY:
+                BUF_MEM_free(data->data.arbitrary);
+                break;
+                }
+        OPENSSL_free(data);
+        }
+IMPLEMENT_STACK_OF(STORE_OBJECT*)
+struct STORE_attr_info_st
+        {
+        unsigned char set[(STORE_ATTR_TYPE_NUM + 8) / 8];
+        union
+                {
+                char *cstring;
+                unsigned char *sha1string;
+                X509_NAME *dn;
+                BIGNUM *number;
+                void *any;
+                } values[STORE_ATTR_TYPE_NUM+1];
+        size_t value_sizes[STORE_ATTR_TYPE_NUM+1];
+        };
+#define ATTR_IS_SET(a,i)        ((i) > 0 && (i) < STORE_ATTR_TYPE_NUM \
+                                && ((a)->set[(i) / 8] & (1 << ((i) % 8))))
+#define SET_ATTRBIT(a,i)        ((a)->set[(i) / 8] |= (1 << ((i) % 8)))
+#define CLEAR_ATTRBIT(a,i)      ((a)->set[(i) / 8] &= ~(1 << ((i) % 8)))
+STORE_ATTR_INFO *STORE_ATTR_INFO_new(void)
+        {
+        return (STORE_ATTR_INFO *)OPENSSL_malloc(sizeof(STORE_ATTR_INFO));
+        }
+static void STORE_ATTR_INFO_attr_free(STORE_ATTR_INFO *attrs,
+        STORE_ATTR_TYPES code)
+        {
+        if (ATTR_IS_SET(attrs,code))
+                {
+                switch(code)
+                        {
+                case STORE_ATTR_FRIENDLYNAME:
+                case STORE_ATTR_EMAIL:
+                case STORE_ATTR_FILENAME:
+                        STORE_ATTR_INFO_modify_cstr(attrs, code, NULL, 0);
+                        break;
+                case STORE_ATTR_KEYID:
+                case STORE_ATTR_ISSUERKEYID:
+                case STORE_ATTR_SUBJECTKEYID:
+                case STORE_ATTR_ISSUERSERIALHASH:
+                case STORE_ATTR_CERTHASH:
+                        STORE_ATTR_INFO_modify_sha1str(attrs, code, NULL, 0);
+                        break;
+                case STORE_ATTR_ISSUER:
+                case STORE_ATTR_SUBJECT:
+                        STORE_ATTR_INFO_modify_dn(attrs, code, NULL);
+                        break;
+                case STORE_ATTR_SERIAL:
+                        STORE_ATTR_INFO_modify_number(attrs, code, NULL);
+                        break;
+                default:
+                        break;
+                        }
+                }
+        }
+int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs)
+        {
+        if (attrs)
+                {
+                STORE_ATTR_TYPES i;
+                for(i = 0; i++ < STORE_ATTR_TYPE_NUM;)
+                        STORE_ATTR_INFO_attr_free(attrs, i);
+                OPENSSL_free(attrs);
+                }
+        return 1;
+        }
+char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        if (ATTR_IS_SET(attrs,code))
+                return attrs->values[code].cstring;
+        STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR,
+                STORE_R_NO_VALUE);
+        return NULL;
+        }
+unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs,
+        STORE_ATTR_TYPES code)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        if (ATTR_IS_SET(attrs,code))
+                return attrs->values[code].sha1string;
+        STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR,
+                STORE_R_NO_VALUE);
+        return NULL;
+        }
+X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        if (ATTR_IS_SET(attrs,code))
+                return attrs->values[code].dn;
+        STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN,
+                STORE_R_NO_VALUE);
+        return NULL;
+        }
+BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        if (ATTR_IS_SET(attrs,code))
+                return attrs->values[code].number;
+        STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER,
+                STORE_R_NO_VALUE);
+        return NULL;
+        }
+int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        char *cstr, size_t cstr_size)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if (!ATTR_IS_SET(attrs,code))
+                {
+                if ((attrs->values[code].cstring = BUF_strndup(cstr, cstr_size)))
+                        return 1;
+                STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, STORE_R_ALREADY_HAS_A_VALUE);
+        return 0;
+        }
+int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        unsigned char *sha1str, size_t sha1str_size)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if (!ATTR_IS_SET(attrs,code))
+                {
+                if ((attrs->values[code].sha1string =
+                            (unsigned char *)BUF_memdup(sha1str,
+                                    sha1str_size)))
+                        return 1;
+                STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, STORE_R_ALREADY_HAS_A_VALUE);
+        return 0;
+        }
+int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        X509_NAME *dn)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if (!ATTR_IS_SET(attrs,code))
+                {
+                if ((attrs->values[code].dn = X509_NAME_dup(dn)))
+                        return 1;
+                STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, STORE_R_ALREADY_HAS_A_VALUE);
+        return 0;
+        }
+int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        BIGNUM *number)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if (!ATTR_IS_SET(attrs,code))
+                {
+                if ((attrs->values[code].number = BN_dup(number)))
+                        return 1;
+                STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER,
+                        ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, STORE_R_ALREADY_HAS_A_VALUE);
+        return 0;
+        }
+int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        char *cstr, size_t cstr_size)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if (ATTR_IS_SET(attrs,code))
+                {
+                OPENSSL_free(attrs->values[code].cstring);
+                attrs->values[code].cstring = NULL;
+                CLEAR_ATTRBIT(attrs, code);
+                }
+        return STORE_ATTR_INFO_set_cstr(attrs, code, cstr, cstr_size);
+        }
+int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        unsigned char *sha1str, size_t sha1str_size)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if (ATTR_IS_SET(attrs,code))
+                {
+                OPENSSL_free(attrs->values[code].sha1string);
+                attrs->values[code].sha1string = NULL;
+                CLEAR_ATTRBIT(attrs, code);
+                }
+        return STORE_ATTR_INFO_set_sha1str(attrs, code, sha1str, sha1str_size);
+        }
+int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        X509_NAME *dn)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_DN,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if (ATTR_IS_SET(attrs,code))
+                {
+                OPENSSL_free(attrs->values[code].dn);
+                attrs->values[code].dn = NULL;
+                CLEAR_ATTRBIT(attrs, code);
+                }
+        return STORE_ATTR_INFO_set_dn(attrs, code, dn);
+        }
+int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
+        BIGNUM *number)
+        {
+        if (!attrs)
+                {
+                STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER,
+                        ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if (ATTR_IS_SET(attrs,code))
+                {
+                OPENSSL_free(attrs->values[code].number);
+                attrs->values[code].number = NULL;
+                CLEAR_ATTRBIT(attrs, code);
+                }
+        return STORE_ATTR_INFO_set_number(attrs, code, number);
+        }
+struct attr_list_ctx_st
+        {
+        OPENSSL_ITEM *attributes;
+        };
+void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes)
+        {
+        if (attributes)
+                {
+                struct attr_list_ctx_st *context =
+                        (struct attr_list_ctx_st *)OPENSSL_malloc(sizeof(struct attr_list_ctx_st));
+                if (context)
+                        context->attributes = attributes;
+                else
+                        STOREerr(STORE_F_STORE_PARSE_ATTRS_START,
+                                ERR_R_MALLOC_FAILURE);
+                return context;
+                }
+        STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+        }
+STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle)
+        {
+        struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
+        if (context && context->attributes)
+                {
+                STORE_ATTR_INFO *attrs = NULL;
+                while(context->attributes
+                        && context->attributes->code != STORE_ATTR_OR
+                        && context->attributes->code != STORE_ATTR_END)
+                        {
+                        switch(context->attributes->code)
+                                {
+                        case STORE_ATTR_FRIENDLYNAME:
+                        case STORE_ATTR_EMAIL:
+                        case STORE_ATTR_FILENAME:
+                                if (!attrs) attrs = STORE_ATTR_INFO_new();
+                                if (attrs == NULL)
+                                        {
+                                        STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
+                                                ERR_R_MALLOC_FAILURE);
+                                        goto err;
+                                        }
+                                STORE_ATTR_INFO_set_cstr(attrs,
+                                        context->attributes->code,
+                                        context->attributes->value,
+                                        context->attributes->value_size);
+                                break;
+                        case STORE_ATTR_KEYID:
+                        case STORE_ATTR_ISSUERKEYID:
+                        case STORE_ATTR_SUBJECTKEYID:
+                        case STORE_ATTR_ISSUERSERIALHASH:
+                        case STORE_ATTR_CERTHASH:
+                                if (!attrs) attrs = STORE_ATTR_INFO_new();
+                                if (attrs == NULL)
+                                        {
+                                        STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
+                                                ERR_R_MALLOC_FAILURE);
+                                        goto err;
+                                        }
+                                STORE_ATTR_INFO_set_sha1str(attrs,
+                                        context->attributes->code,
+                                        context->attributes->value,
+                                        context->attributes->value_size);
+                                break;
+                        case STORE_ATTR_ISSUER:
+                        case STORE_ATTR_SUBJECT:
+                                if (!attrs) attrs = STORE_ATTR_INFO_new();
+                                if (attrs == NULL)
+                                        {
+                                        STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
+                                                ERR_R_MALLOC_FAILURE);
+                                        goto err;
+                                        }
+                                STORE_ATTR_INFO_modify_dn(attrs,
+                                        context->attributes->code,
+                                        context->attributes->value);
+                                break;
+                        case STORE_ATTR_SERIAL:
+                                if (!attrs) attrs = STORE_ATTR_INFO_new();
+                                if (attrs == NULL)
+                                        {
+                                        STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
+                                                ERR_R_MALLOC_FAILURE);
+                                        goto err;
+                                        }
+                                STORE_ATTR_INFO_modify_number(attrs,
+                                        context->attributes->code,
+                                        context->attributes->value);
+                                break;
+                                }
+                        context->attributes++;
+                        }
+                if (context->attributes->code == STORE_ATTR_OR)
+                        context->attributes++;
+                return attrs;
+        err:
+                while(context->attributes
+                        && context->attributes->code != STORE_ATTR_OR
+                        && context->attributes->code != STORE_ATTR_END)
+                        context->attributes++;
+                if (context->attributes->code == STORE_ATTR_OR)
+                        context->attributes++;
+                return NULL;
+                }
+        STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+        }
+int STORE_parse_attrs_end(void *handle)
+        {
+        struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
+        if (context && context->attributes)
+                {
+#if 0
+                OPENSSL_ITEM *attributes = context->attributes;
+#endif
+                OPENSSL_free(context);
+                return 1;
+                }
+        STOREerr(STORE_F_STORE_PARSE_ATTRS_END, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+        }
+int STORE_parse_attrs_endp(void *handle)
+        {
+        struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
+        if (context && context->attributes)
+                {
+                return context->attributes->code == STORE_ATTR_END;
+                }
+        STOREerr(STORE_F_STORE_PARSE_ATTRS_ENDP, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+        }
+static int attr_info_compare_compute_range(
+        unsigned char *abits, unsigned char *bbits,
+        unsigned int *alowp, unsigned int *ahighp,
+        unsigned int *blowp, unsigned int *bhighp)
+        {
+        unsigned int alow = (unsigned int)-1, ahigh = 0;
+        unsigned int blow = (unsigned int)-1, bhigh = 0;
+        int i, res = 0;
+        for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++)
+                {
+                if (res == 0)
+                        {
+                        if (*abits < *bbits) res = -1;
+                        if (*abits > *bbits) res = 1;
+                        }
+                if (*abits)
+                        {
+                        if (alow == (unsigned int)-1)
+                                {
+                                alow = i * 8;
+                                if (!(*abits & 0x01)) alow++;
+                                if (!(*abits & 0x02)) alow++;
+                                if (!(*abits & 0x04)) alow++;
+                                if (!(*abits & 0x08)) alow++;
+                                if (!(*abits & 0x10)) alow++;
+                                if (!(*abits & 0x20)) alow++;
+                                if (!(*abits & 0x40)) alow++;
+                                }
+                        ahigh = i * 8 + 7;
+                        if (!(*abits & 0x80)) ahigh++;
+                        if (!(*abits & 0x40)) ahigh++;
+                        if (!(*abits & 0x20)) ahigh++;
+                        if (!(*abits & 0x10)) ahigh++;
+                        if (!(*abits & 0x08)) ahigh++;
+                        if (!(*abits & 0x04)) ahigh++;
+                        if (!(*abits & 0x02)) ahigh++;
+                        }
+                if (*bbits)
+                        {
+                        if (blow == (unsigned int)-1)
+                                {
+                                blow = i * 8;
+                                if (!(*bbits & 0x01)) blow++;
+                                if (!(*bbits & 0x02)) blow++;
+                                if (!(*bbits & 0x04)) blow++;
+                                if (!(*bbits & 0x08)) blow++;
+                                if (!(*bbits & 0x10)) blow++;
+                                if (!(*bbits & 0x20)) blow++;
+                                if (!(*bbits & 0x40)) blow++;
+                                }
+                        bhigh = i * 8 + 7;
+                        if (!(*bbits & 0x80)) bhigh++;
+                        if (!(*bbits & 0x40)) bhigh++;
+                        if (!(*bbits & 0x20)) bhigh++;
+                        if (!(*bbits & 0x10)) bhigh++;
+                        if (!(*bbits & 0x08)) bhigh++;
+                        if (!(*bbits & 0x04)) bhigh++;
+                        if (!(*bbits & 0x02)) bhigh++;
+                        }
+                }
+        if (ahigh + alow < bhigh + blow) res = -1;
+        if (ahigh + alow > bhigh + blow) res = 1;
+        if (alowp) *alowp = alow;
+        if (ahighp) *ahighp = ahigh;
+        if (blowp) *blowp = blow;
+        if (bhighp) *bhighp = bhigh;
+        return res;
+        }
+int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
+        {
+        if (a == b) return 0;
+        if (!a) return -1;
+        if (!b) return 1;
+        return attr_info_compare_compute_range(a->set, b->set, 0, 0, 0, 0);
+        }
+int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
+        {
+        unsigned int alow, ahigh, blow, bhigh;
+        if (a == b) return 1;
+        if (!a) return 0;
+        if (!b) return 0;
+        attr_info_compare_compute_range(a->set, b->set,
+                &alow, &ahigh, &blow, &bhigh);
+        if (alow >= blow && ahigh <= bhigh)
+                return 1;
+        return 0;
+        }
+int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
+        {
+        unsigned char *abits, *bbits;
+        int i;
+        if (a == b) return 1;
+        if (!a) return 0;
+        if (!b) return 0;
+        abits = a->set;
+        bbits = b->set;
+        for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++)
+                {
+                if (*abits && (*bbits & *abits) != *abits)
+                        return 0;
+                }
+        return 1;
+        }
+int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
+        {
+        STORE_ATTR_TYPES i;
+        if (a == b) return 1;
+        if (!STORE_ATTR_INFO_in(a, b)) return 0;
+        for (i = 1; i < STORE_ATTR_TYPE_NUM; i++)
+                if (ATTR_IS_SET(a, i))
+                        {
+                        switch(i)
+                                {
+                        case STORE_ATTR_FRIENDLYNAME:
+                        case STORE_ATTR_EMAIL:
+                        case STORE_ATTR_FILENAME:
+                                if (strcmp(a->values[i].cstring,
+                                            b->values[i].cstring))
+                                        return 0;
+                                break;
+                        case STORE_ATTR_KEYID:
+                        case STORE_ATTR_ISSUERKEYID:
+                        case STORE_ATTR_SUBJECTKEYID:
+                        case STORE_ATTR_ISSUERSERIALHASH:
+                        case STORE_ATTR_CERTHASH:
+                                if (memcmp(a->values[i].sha1string,
+                                            b->values[i].sha1string,
+                                            a->value_sizes[i]))
+                                        return 0;
+                                break;
+                        case STORE_ATTR_ISSUER:
+                        case STORE_ATTR_SUBJECT:
+                                if (X509_NAME_cmp(a->values[i].dn,
+                                            b->values[i].dn))
+                                        return 0;
+                                break;
+                        case STORE_ATTR_SERIAL:
+                                if (BN_cmp(a->values[i].number,
+                                            b->values[i].number))
+                                        return 0;
+                                break;
+                        default:
+                                break;
+                                }
+                        }
+        return 1;
+        }
diff --git a/src/lib/libcrypto/store/str_locl.h b/src/lib/libcrypto/store/str_locl.h
new file mode 100644
index 0000000000..3f8cb75619
--- /dev/null
+++ b/src/lib/libcrypto/store/str_locl.h
@@ -0,0 +1,124 @@
+/* crypto/store/str_locl.h -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_STORE_LOCL_H
+#define HEADER_STORE_LOCL_H
+#include <openssl/crypto.h>
+#include <openssl/store.h>
+#ifdef  __cplusplus
+extern "C" {
+#endif
+struct store_method_st
+        {
+        char *name;
+        /* All the functions return a positive integer or non-NULL for success
+           and 0, a negative integer or NULL for failure */
+        /* Initialise the STORE with private data */
+        STORE_INITIALISE_FUNC_PTR init;
+        /* Initialise the STORE with private data */
+        STORE_CLEANUP_FUNC_PTR clean;
+        /* Generate an object of a given type */
+        STORE_GENERATE_OBJECT_FUNC_PTR generate_object;
+        /* Get an object of a given type.  This function isn't really very
+           useful since the listing functions (below) can be used for the
+           same purpose and are much more general. */
+        STORE_GET_OBJECT_FUNC_PTR get_object;
+        /* Store an object of a given type. */
+        STORE_STORE_OBJECT_FUNC_PTR store_object;
+        /* Modify the attributes bound to an object of a given type. */
+        STORE_MODIFY_OBJECT_FUNC_PTR modify_object;
+        /* Revoke an object of a given type. */
+        STORE_HANDLE_OBJECT_FUNC_PTR revoke_object;
+        /* Delete an object of a given type. */
+        STORE_HANDLE_OBJECT_FUNC_PTR delete_object;
+        /* List a bunch of objects of a given type and with the associated
+           attributes. */
+        STORE_START_OBJECT_FUNC_PTR list_object_start;
+        STORE_NEXT_OBJECT_FUNC_PTR list_object_next;
+        STORE_END_OBJECT_FUNC_PTR list_object_end;
+        STORE_END_OBJECT_FUNC_PTR list_object_endp;
+        /* Store-level function to make any necessary update operations. */
+        STORE_GENERIC_FUNC_PTR update_store;
+        /* Store-level function to get exclusive access to the store. */
+        STORE_GENERIC_FUNC_PTR lock_store;
+        /* Store-level function to release exclusive access to the store. */
+        STORE_GENERIC_FUNC_PTR unlock_store;
+        /* Generic control function */
+        STORE_CTRL_FUNC_PTR ctrl;
+        };
+struct store_st
+        {
+        const STORE_METHOD *meth;
+        /* functional reference if 'meth' is ENGINE-provided */
+        ENGINE *engine;
+        CRYPTO_EX_DATA ex_data;
+        int references;
+        };
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/store/str_mem.c b/src/lib/libcrypto/store/str_mem.c
new file mode 100644
index 0000000000..527757ae09
--- /dev/null
+++ b/src/lib/libcrypto/store/str_mem.c
@@ -0,0 +1,357 @@
+/* crypto/store/str_mem.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <string.h>
+#include <openssl/err.h>
+#include "str_locl.h"
+/* The memory store is currently highly experimental.  It's meant to become
+   a base store used by other stores for internal caching (for full caching
+   support, aging needs to be added).
+   The database use is meant to support as much attribute association as
+   possible, while providing for as small search ranges as possible.
+   This is currently provided for by sorting the entries by numbers that
+   are composed of bits set at the positions indicated by attribute type
+   codes.  This provides for ranges determined by the highest attribute
+   type code value.  A better idea might be to sort by values computed
+   from the range of attributes associated with the object (basically,
+   the difference between the highest and lowest attribute type code)
+   and it's distance from a base (basically, the lowest associated
+   attribute type code).
+*/
+struct mem_object_data_st
+        {
+        STORE_OBJECT *object;
+        STORE_ATTR_INFO *attr_info;
+        int references;
+        };
+struct mem_data_st
+        {
+        STACK *data;            /* A stack of mem_object_data_st,
+                                   sorted with STORE_ATTR_INFO_compare(). */
+        unsigned int compute_components : 1; /* Currently unused, but can
+                                                be used to add attributes
+                                                from parts of the data. */
+        };
+struct mem_ctx_st
+        {
+        int type;               /* The type we're searching for */
+        STACK *search_attributes; /* Sets of attributes to search for.
+                                     Each element is a STORE_ATTR_INFO. */
+        int search_index;       /* which of the search attributes we found a match
+                                   for, -1 when we still haven't found any */
+        int index;              /* -1 as long as we're searching for the first */
+        };
+static int mem_init(STORE *s);
+static void mem_clean(STORE *s);
+static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type,
+        OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type,
+        OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+static int mem_store(STORE *s, STORE_OBJECT_TYPES type,
+        STORE_OBJECT *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+static int mem_modify(STORE *s, STORE_OBJECT_TYPES type,
+        OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[],
+        OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[],
+        OPENSSL_ITEM parameters[]);
+static int mem_delete(STORE *s, STORE_OBJECT_TYPES type,
+        OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type,
+        OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+static STORE_OBJECT *mem_list_next(STORE *s, void *handle);
+static int mem_list_end(STORE *s, void *handle);
+static int mem_list_endp(STORE *s, void *handle);
+static int mem_lock(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[]);
+static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)(void));
+static STORE_METHOD store_memory =
+        {
+        "OpenSSL memory store interface",
+        mem_init,
+        mem_clean,
+        mem_generate,
+        mem_get,
+        mem_store,
+        mem_modify,
+        NULL, /* revoke */
+        mem_delete,
+        mem_list_start,
+        mem_list_next,
+        mem_list_end,
+        mem_list_endp,
+        NULL, /* update */
+        mem_lock,
+        mem_unlock,
+        mem_ctrl
+        };
+const STORE_METHOD *STORE_Memory(void)
+        {
+        return &store_memory;
+        }
+static int mem_init(STORE *s)
+        {
+        return 1;
+        }
+static void mem_clean(STORE *s)
+        {
+        return;
+        }
+static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type,
+        OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])
+        {
+        STOREerr(STORE_F_MEM_GENERATE, STORE_R_NOT_IMPLEMENTED);
+        return 0;
+        }
+static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type,
+        OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])
+        {
+        void *context = mem_list_start(s, type, attributes, parameters);
+        
+        if (context)
+                {
+                STORE_OBJECT *object = mem_list_next(s, context);
+                if (mem_list_end(s, context))
+                        return object;
+                }
+        return NULL;
+        }
+static int mem_store(STORE *s, STORE_OBJECT_TYPES type,
+        STORE_OBJECT *data, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STOREerr(STORE_F_MEM_STORE, STORE_R_NOT_IMPLEMENTED);
+        return 0;
+        }
+static int mem_modify(STORE *s, STORE_OBJECT_TYPES type,
+        OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[],
+        OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        STOREerr(STORE_F_MEM_MODIFY, STORE_R_NOT_IMPLEMENTED);
+        return 0;
+        }
+static int mem_delete(STORE *s, STORE_OBJECT_TYPES type,
+        OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])
+        {
+        STOREerr(STORE_F_MEM_DELETE, STORE_R_NOT_IMPLEMENTED);
+        return 0;
+        }
+/* The list functions may be the hardest to understand.  Basically,
+   mem_list_start compiles a stack of attribute info elements, and
+   puts that stack into the context to be returned.  mem_list_next
+   will then find the first matching element in the store, and then
+   walk all the way to the end of the store (since any combination
+   of attribute bits above the starting point may match the searched
+   for bit pattern...). */
+static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type,
+        OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])
+        {
+        struct mem_ctx_st *context =
+                (struct mem_ctx_st *)OPENSSL_malloc(sizeof(struct mem_ctx_st));
+        void *attribute_context = NULL;
+        STORE_ATTR_INFO *attrs = NULL;
+        if (!context)
+                {
+                STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE);
+                return 0;
+                }
+        memset(context, 0, sizeof(struct mem_ctx_st));
+        attribute_context = STORE_parse_attrs_start(attributes);
+        if (!attribute_context)
+                {
+                STOREerr(STORE_F_MEM_LIST_START, ERR_R_STORE_LIB);
+                goto err;
+                }
+        while((attrs = STORE_parse_attrs_next(attribute_context)))
+                {
+                if (context->search_attributes == NULL)
+                        {
+                        context->search_attributes =
+                                sk_new((int (*)(const char * const *, const char * const *))STORE_ATTR_INFO_compare);
+                        if (!context->search_attributes)
+                                {
+                                STOREerr(STORE_F_MEM_LIST_START,
+                                        ERR_R_MALLOC_FAILURE);
+                                goto err;
+                                }
+                        }
+                sk_push(context->search_attributes,(char *)attrs);
+                }
+        if (!STORE_parse_attrs_endp(attribute_context))
+                goto err;
+        STORE_parse_attrs_end(attribute_context);
+        context->search_index = -1;
+        context->index = -1;
+        return context;
+ err:
+        if (attribute_context) STORE_parse_attrs_end(attribute_context);
+        mem_list_end(s, context);
+        return NULL;
+        }
+static STORE_OBJECT *mem_list_next(STORE *s, void *handle)
+        {
+        int i;
+        struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
+        struct mem_object_data_st key = { 0, 0, 1 };
+        struct mem_data_st *store =
+                (struct mem_data_st *)STORE_get_ex_data(s, 1);
+        int srch;
+        int cres = 0;
+        if (!context)
+                {
+                STOREerr(STORE_F_MEM_LIST_NEXT, ERR_R_PASSED_NULL_PARAMETER);
+                return NULL;
+                }
+        if (!store)
+                {
+                STOREerr(STORE_F_MEM_LIST_NEXT, STORE_R_NO_STORE);
+                return NULL;
+                }
+        if (context->search_index == -1)
+                {
+                for (i = 0; i < sk_num(context->search_attributes); i++)
+                        {
+                        key.attr_info =
+                                (STORE_ATTR_INFO *)sk_value(context->search_attributes, i);
+                        srch = sk_find_ex(store->data, (char *)&key);
+                        if (srch >= 0)
+                                {
+                                context->search_index = srch;
+                                break;
+                                }
+                        }
+                }
+        if (context->search_index < 0)
+                return NULL;
+        
+        key.attr_info =
+                (STORE_ATTR_INFO *)sk_value(context->search_attributes,
+                        context->search_index);
+        for(srch = context->search_index;
+            srch < sk_num(store->data)
+                    && STORE_ATTR_INFO_in_range(key.attr_info,
+                            (STORE_ATTR_INFO *)sk_value(store->data, srch))
+                    && !(cres = STORE_ATTR_INFO_in_ex(key.attr_info,
+                                 (STORE_ATTR_INFO *)sk_value(store->data, srch)));
+            srch++)
+                ;
+        context->search_index = srch;
+        if (cres)
+                return ((struct mem_object_data_st *)sk_value(store->data,
+                                srch))->object;
+        return NULL;
+        }
+static int mem_list_end(STORE *s, void *handle)
+        {
+        struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
+        if (!context)
+                {
+                STOREerr(STORE_F_MEM_LIST_END, ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+                }
+        if (context && context->search_attributes)
+                sk_free(context->search_attributes);
+        if (context) OPENSSL_free(context);
+        return 1;
+        }
+static int mem_list_endp(STORE *s, void *handle)
+        {
+        struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
+        if (!context
+                || context->search_index == sk_num(context->search_attributes))
+                return 1;
+        return 0;
+        }
+static int mem_lock(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        return 1;
+        }
+static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[],
+        OPENSSL_ITEM parameters[])
+        {
+        return 1;
+        }
+static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)(void))
+        {
+        return 1;
+        }
diff --git a/src/lib/libcrypto/store/str_meth.c b/src/lib/libcrypto/store/str_meth.c
new file mode 100644
index 0000000000..a46de03a26
--- /dev/null
+++ b/src/lib/libcrypto/store/str_meth.c
@@ -0,0 +1,250 @@
+/* crypto/store/str_meth.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2003.
+ */
+/* ====================================================================
+ * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <string.h>
+#include <openssl/buffer.h>
+#include "str_locl.h"
+STORE_METHOD *STORE_create_method(char *name)
+        {
+        STORE_METHOD *store_method = (STORE_METHOD *)OPENSSL_malloc(sizeof(STORE_METHOD));
+        if (store_method)
+                {
+                memset(store_method, 0, sizeof(*store_method));
+                store_method->name = BUF_strdup(name);
+                }
+        return store_method;
+        }
+/* BIG FSCKING WARNING!!!!  If you use this on a statically allocated method
+   (that is, it hasn't been allocated using STORE_create_method(), you deserve
+   anything Murphy can throw at you and more!  You have been warned. */
+void STORE_destroy_method(STORE_METHOD *store_method)
+        {
+        if (!store_method) return;
+        OPENSSL_free(store_method->name);
+        store_method->name = NULL;
+        OPENSSL_free(store_method);
+        }
+int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR init_f)
+        {
+        sm->init = init_f;
+        return 1;
+        }
+int STORE_method_set_cleanup_function(STORE_METHOD *sm, STORE_CLEANUP_FUNC_PTR clean_f)
+        {
+        sm->clean = clean_f;
+        return 1;
+        }
+int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR generate_f)
+        {
+        sm->generate_object = generate_f;
+        return 1;
+        }
+int STORE_method_set_get_function(STORE_METHOD *sm, STORE_GET_OBJECT_FUNC_PTR get_f)
+        {
+        sm->get_object = get_f;
+        return 1;
+        }
+int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PTR store_f)
+        {
+        sm->store_object = store_f;
+        return 1;
+        }
+int STORE_method_set_modify_function(STORE_METHOD *sm, STORE_MODIFY_OBJECT_FUNC_PTR modify_f)
+        {
+        sm->modify_object = modify_f;
+        return 1;
+        }
+int STORE_method_set_revoke_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR revoke_f)
+        {
+        sm->revoke_object = revoke_f;
+        return 1;
+        }
+int STORE_method_set_delete_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR delete_f)
+        {
+        sm->delete_object = delete_f;
+        return 1;
+        }
+int STORE_method_set_list_start_function(STORE_METHOD *sm, STORE_START_OBJECT_FUNC_PTR list_start_f)
+        {
+        sm->list_object_start = list_start_f;
+        return 1;
+        }
+int STORE_method_set_list_next_function(STORE_METHOD *sm, STORE_NEXT_OBJECT_FUNC_PTR list_next_f)
+        {
+        sm->list_object_next = list_next_f;
+        return 1;
+        }
+int STORE_method_set_list_end_function(STORE_METHOD *sm, STORE_END_OBJECT_FUNC_PTR list_end_f)
+        {
+        sm->list_object_end = list_end_f;
+        return 1;
+        }
+int STORE_method_set_update_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR update_f)
+        {
+        sm->update_store = update_f;
+        return 1;
+        }
+int STORE_method_set_lock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR lock_f)
+        {
+        sm->lock_store = lock_f;
+        return 1;
+        }
+int STORE_method_set_unlock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR unlock_f)
+        {
+        sm->unlock_store = unlock_f;
+        return 1;
+        }
+int STORE_method_set_ctrl_function(STORE_METHOD *sm, STORE_CTRL_FUNC_PTR ctrl_f)
+        {
+        sm->ctrl = ctrl_f;
+        return 1;
+        }
+STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD *sm)
+        {
+        return sm->init;
+        }
+STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm)
+        {
+        return sm->clean;
+        }
+STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD *sm)
+        {
+        return sm->generate_object;
+        }
+STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm)
+        {
+        return sm->get_object;
+        }
+STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm)
+        {
+        return sm->store_object;
+        }
+STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD *sm)
+        {
+        return sm->modify_object;
+        }
+STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD *sm)
+        {
+        return sm->revoke_object;
+        }
+STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD *sm)
+        {
+        return sm->delete_object;
+        }
+STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD *sm)
+        {
+        return sm->list_object_start;
+        }
+STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD *sm)
+        {
+        return sm->list_object_next;
+        }
+STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm)
+        {
+        return sm->list_object_end;
+        }
+STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD *sm)
+        {
+        return sm->update_store;
+        }
+STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm)
+        {
+        return sm->lock_store;
+        }
+STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD *sm)
+        {
+        return sm->unlock_store;
+        }
+STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm)
+        {
+        return sm->ctrl;
+        }
diff --git a/src/lib/libcrypto/symhacks.h b/src/lib/libcrypto/symhacks.h
new file mode 100644
index 0000000000..774162fec9
--- /dev/null
+++ b/src/lib/libcrypto/symhacks.h
@@ -0,0 +1,275 @@
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_SYMHACKS_H
+#define HEADER_SYMHACKS_H
+#include <openssl/e_os2.h>
+/* Hacks to solve the problem with linkers incapable of handling very long
+   symbol names.  In the case of VMS, the limit is 31 characters on VMS for
+   VAX. */
+#ifdef OPENSSL_SYS_VMS
+/* Hack a long name in crypto/ex_data.c */
+#undef CRYPTO_get_ex_data_implementation
+#define CRYPTO_get_ex_data_implementation       CRYPTO_get_ex_data_impl
+#undef CRYPTO_set_ex_data_implementation
+#define CRYPTO_set_ex_data_implementation       CRYPTO_set_ex_data_impl
+/* Hack a long name in crypto/asn1/a_mbstr.c */
+#undef ASN1_STRING_set_default_mask_asc
+#define ASN1_STRING_set_default_mask_asc        ASN1_STRING_set_def_mask_asc
+#if 0 /* No longer needed, since safestack macro magic does the job */
+/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) */
+#undef i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO
+#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO       i2d_ASN1_SET_OF_PKCS7_SIGINF
+#undef d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO
+#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO       d2i_ASN1_SET_OF_PKCS7_SIGINF
+#endif
+#if 0 /* No longer needed, since safestack macro magic does the job */
+/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) */
+#undef i2d_ASN1_SET_OF_PKCS7_RECIP_INFO
+#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO        i2d_ASN1_SET_OF_PKCS7_RECINF
+#undef d2i_ASN1_SET_OF_PKCS7_RECIP_INFO
+#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO        d2i_ASN1_SET_OF_PKCS7_RECINF
+#endif
+#if 0 /* No longer needed, since safestack macro magic does the job */
+/* Hack the names created with DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) */
+#undef i2d_ASN1_SET_OF_ACCESS_DESCRIPTION
+#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION      i2d_ASN1_SET_OF_ACC_DESC
+#undef d2i_ASN1_SET_OF_ACCESS_DESCRIPTION
+#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION      d2i_ASN1_SET_OF_ACC_DESC
+#endif
+/* Hack the names created with DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE) */
+#undef PEM_read_NETSCAPE_CERT_SEQUENCE
+#define PEM_read_NETSCAPE_CERT_SEQUENCE         PEM_read_NS_CERT_SEQ
+#undef PEM_write_NETSCAPE_CERT_SEQUENCE
+#define PEM_write_NETSCAPE_CERT_SEQUENCE        PEM_write_NS_CERT_SEQ
+#undef PEM_read_bio_NETSCAPE_CERT_SEQUENCE
+#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE     PEM_read_bio_NS_CERT_SEQ
+#undef PEM_write_bio_NETSCAPE_CERT_SEQUENCE
+#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE    PEM_write_bio_NS_CERT_SEQ
+#undef PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE
+#define PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE PEM_write_cb_bio_NS_CERT_SEQ
+/* Hack the names created with DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO) */
+#undef PEM_read_PKCS8_PRIV_KEY_INFO
+#define PEM_read_PKCS8_PRIV_KEY_INFO            PEM_read_P8_PRIV_KEY_INFO
+#undef PEM_write_PKCS8_PRIV_KEY_INFO
+#define PEM_write_PKCS8_PRIV_KEY_INFO           PEM_write_P8_PRIV_KEY_INFO
+#undef PEM_read_bio_PKCS8_PRIV_KEY_INFO
+#define PEM_read_bio_PKCS8_PRIV_KEY_INFO        PEM_read_bio_P8_PRIV_KEY_INFO
+#undef PEM_write_bio_PKCS8_PRIV_KEY_INFO
+#define PEM_write_bio_PKCS8_PRIV_KEY_INFO       PEM_write_bio_P8_PRIV_KEY_INFO
+#undef PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO
+#define PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO    PEM_wrt_cb_bio_P8_PRIV_KEY_INFO
+/* Hack other PEM names */
+#undef PEM_write_bio_PKCS8PrivateKey_nid
+#define PEM_write_bio_PKCS8PrivateKey_nid       PEM_write_bio_PKCS8PrivKey_nid
+/* Hack some long X509 names */
+#undef X509_REVOKED_get_ext_by_critical
+#define X509_REVOKED_get_ext_by_critical        X509_REVOKED_get_ext_by_critic
+/* Hack some long CRYPTO names */
+#undef CRYPTO_set_dynlock_destroy_callback
+#define CRYPTO_set_dynlock_destroy_callback     CRYPTO_set_dynlock_destroy_cb
+#undef CRYPTO_set_dynlock_create_callback
+#define CRYPTO_set_dynlock_create_callback      CRYPTO_set_dynlock_create_cb
+#undef CRYPTO_set_dynlock_lock_callback
+#define CRYPTO_set_dynlock_lock_callback        CRYPTO_set_dynlock_lock_cb
+#undef CRYPTO_get_dynlock_lock_callback
+#define CRYPTO_get_dynlock_lock_callback        CRYPTO_get_dynlock_lock_cb
+#undef CRYPTO_get_dynlock_destroy_callback
+#define CRYPTO_get_dynlock_destroy_callback     CRYPTO_get_dynlock_destroy_cb
+#undef CRYPTO_get_dynlock_create_callback
+#define CRYPTO_get_dynlock_create_callback      CRYPTO_get_dynlock_create_cb
+#undef CRYPTO_set_locked_mem_ex_functions
+#define CRYPTO_set_locked_mem_ex_functions      CRYPTO_set_locked_mem_ex_funcs
+#undef CRYPTO_get_locked_mem_ex_functions
+#define CRYPTO_get_locked_mem_ex_functions      CRYPTO_get_locked_mem_ex_funcs
+/* Hack some long SSL names */
+#undef SSL_CTX_set_default_verify_paths
+#define SSL_CTX_set_default_verify_paths        SSL_CTX_set_def_verify_paths
+#undef SSL_get_ex_data_X509_STORE_CTX_idx
+#define SSL_get_ex_data_X509_STORE_CTX_idx      SSL_get_ex_d_X509_STORE_CTX_idx
+#undef SSL_add_file_cert_subjects_to_stack
+#define SSL_add_file_cert_subjects_to_stack     SSL_add_file_cert_subjs_to_stk
+#if 0 /* This function is not defined i VMS. */
+#undef SSL_add_dir_cert_subjects_to_stack
+#define SSL_add_dir_cert_subjects_to_stack      SSL_add_dir_cert_subjs_to_stk
+#endif
+#undef SSL_CTX_use_certificate_chain_file
+#define SSL_CTX_use_certificate_chain_file      SSL_CTX_use_cert_chain_file
+#undef SSL_CTX_set_cert_verify_callback
+#define SSL_CTX_set_cert_verify_callback        SSL_CTX_set_cert_verify_cb
+#undef SSL_CTX_set_default_passwd_cb_userdata
+#define SSL_CTX_set_default_passwd_cb_userdata  SSL_CTX_set_def_passwd_cb_ud
+/* Hack some long ENGINE names */
+#undef ENGINE_get_default_BN_mod_exp_crt
+#define ENGINE_get_default_BN_mod_exp_crt       ENGINE_get_def_BN_mod_exp_crt
+#undef ENGINE_set_default_BN_mod_exp_crt
+#define ENGINE_set_default_BN_mod_exp_crt       ENGINE_set_def_BN_mod_exp_crt
+#undef ENGINE_set_load_privkey_function
+#define ENGINE_set_load_privkey_function        ENGINE_set_load_privkey_fn
+#undef ENGINE_get_load_privkey_function
+#define ENGINE_get_load_privkey_function        ENGINE_get_load_privkey_fn
+/* Hack some long OCSP names */
+#undef OCSP_REQUEST_get_ext_by_critical
+#define OCSP_REQUEST_get_ext_by_critical        OCSP_REQUEST_get_ext_by_crit
+#undef OCSP_BASICRESP_get_ext_by_critical
+#define OCSP_BASICRESP_get_ext_by_critical      OCSP_BASICRESP_get_ext_by_crit
+#undef OCSP_SINGLERESP_get_ext_by_critical
+#define OCSP_SINGLERESP_get_ext_by_critical     OCSP_SINGLERESP_get_ext_by_crit
+/* Hack some long DES names */
+#undef _ossl_old_des_ede3_cfb64_encrypt
+#define _ossl_old_des_ede3_cfb64_encrypt        _ossl_odes_ede3_cfb64_encrypt
+#undef _ossl_old_des_ede3_ofb64_encrypt
+#define _ossl_old_des_ede3_ofb64_encrypt        _ossl_odes_ede3_ofb64_encrypt
+/* Hack some long EVP names */
+#undef OPENSSL_add_all_algorithms_noconf
+#define OPENSSL_add_all_algorithms_noconf       OPENSSL_add_all_algo_noconf
+#undef OPENSSL_add_all_algorithms_conf
+#define OPENSSL_add_all_algorithms_conf         OPENSSL_add_all_algo_conf
+/* Hack some long EC names */
+#undef EC_POINT_set_Jprojective_coordinates_GFp
+#define EC_POINT_set_Jprojective_coordinates_GFp \
+                                                EC_POINT_set_Jproj_coords_GFp
+#undef EC_POINT_get_Jprojective_coordinates_GFp
+#define EC_POINT_get_Jprojective_coordinates_GFp \
+                                                EC_POINT_get_Jproj_coords_GFp
+#undef EC_POINT_set_affine_coordinates_GFp
+#define EC_POINT_set_affine_coordinates_GFp     EC_POINT_set_affine_coords_GFp
+#undef EC_POINT_get_affine_coordinates_GFp
+#define EC_POINT_get_affine_coordinates_GFp     EC_POINT_get_affine_coords_GFp
+#undef EC_POINT_set_compressed_coordinates_GFp
+#define EC_POINT_set_compressed_coordinates_GFp EC_POINT_set_compr_coords_GFp
+#undef ec_GFp_simple_group_set_curve_GFp
+#define ec_GFp_simple_group_set_curve_GFp       ec_GFp_simple_grp_set_curve_GFp
+#undef ec_GFp_simple_group_get_curve_GFp
+#define ec_GFp_simple_group_get_curve_GFp       ec_GFp_simple_grp_get_curve_GFp
+#undef ec_GFp_simple_group_clear_finish
+#define ec_GFp_simple_group_clear_finish        ec_GFp_simple_grp_clear_finish
+#undef ec_GFp_simple_group_set_generator
+#define ec_GFp_simple_group_set_generator       ec_GFp_simple_grp_set_generator
+#undef ec_GFp_simple_group_get0_generator
+#define ec_GFp_simple_group_get0_generator      ec_GFp_simple_grp_gt0_generator
+#undef ec_GFp_simple_group_get_cofactor
+#define ec_GFp_simple_group_get_cofactor        ec_GFp_simple_grp_get_cofactor
+#undef ec_GFp_simple_point_clear_finish
+#define ec_GFp_simple_point_clear_finish        ec_GFp_simple_pt_clear_finish
+#undef ec_GFp_simple_point_set_to_infinity
+#define ec_GFp_simple_point_set_to_infinity     ec_GFp_simple_pt_set_to_inf
+#undef ec_GFp_simple_points_make_affine
+#define ec_GFp_simple_points_make_affine        ec_GFp_simple_pts_make_affine
+#undef ec_GFp_simple_group_get_curve_GFp
+#define ec_GFp_simple_group_get_curve_GFp       ec_GFp_simple_grp_get_curve_GFp
+#undef ec_GFp_simple_set_Jprojective_coordinates_GFp
+#define ec_GFp_simple_set_Jprojective_coordinates_GFp \
+                                                ec_GFp_smp_set_Jproj_coords_GFp
+#undef ec_GFp_simple_get_Jprojective_coordinates_GFp
+#define ec_GFp_simple_get_Jprojective_coordinates_GFp \
+                                                ec_GFp_smp_get_Jproj_coords_GFp
+#undef ec_GFp_simple_point_set_affine_coordinates_GFp
+#define ec_GFp_simple_point_set_affine_coordinates_GFp \
+                                                ec_GFp_smp_pt_set_af_coords_GFp
+#undef ec_GFp_simple_point_get_affine_coordinates_GFp
+#define ec_GFp_simple_point_get_affine_coordinates_GFp \
+                                                ec_GFp_smp_pt_get_af_coords_GFp
+#undef ec_GFp_simple_set_compressed_coordinates_GFp
+#define ec_GFp_simple_set_compressed_coordinates_GFp \
+                                                ec_GFp_smp_set_compr_coords_GFp
+#endif /* defined OPENSSL_SYS_VMS */
+/* Case insensiteve linking causes problems.... */
+#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2)
+#undef ERR_load_CRYPTO_strings
+#define ERR_load_CRYPTO_strings                 ERR_load_CRYPTOlib_strings
+#undef OCSP_crlID_new
+#define OCSP_crlID_new                          OCSP_crlID2_new
+/* These functions do not seem to exist!  However, I'm paranoid...
+   Original command in x509v3.h:
+   These functions are being redefined in another directory,
+   and clash when the linker is case-insensitive, so let's
+   hide them a little, by giving them an extra 'o' at the
+   beginning of the name... */
+#undef X509v3_cleanup_extensions
+#define X509v3_cleanup_extensions               oX509v3_cleanup_extensions
+#undef X509v3_add_extension
+#define X509v3_add_extension                    oX509v3_add_extension
+#undef X509v3_add_netscape_extensions
+#define X509v3_add_netscape_extensions          oX509v3_add_netscape_extensions
+#undef X509v3_add_standard_extensions
+#define X509v3_add_standard_extensions          oX509v3_add_standard_extensions
+#endif
+#endif /* ! defined HEADER_VMS_IDHACKS_H */
diff --git a/src/lib/libcrypto/threads/README b/src/lib/libcrypto/threads/README
new file mode 100644
index 0000000000..df6b26e146
--- /dev/null
+++ b/src/lib/libcrypto/threads/README
@@ -0,0 +1,14 @@
+Mutithreading testing area.
+Since this stuff is very very platorm specific, this is not part of the
+normal build.  Have a read of doc/threads.doc.
+mttest will do some testing and will currently build under Windows NT/95,
+Solaris and Linux.  The IRIX stuff is not finished.
+I have tested this program on a 12 CPU ultra sparc box (solaris 2.5.1)
+and things seem to work ok.
+The Linux pthreads package can be retrieved from 
+http://www.mit.edu:8001/people/proven/pthreads.html
diff --git a/src/lib/libcrypto/threads/mttest.c b/src/lib/libcrypto/threads/mttest.c
new file mode 100644
index 0000000000..7588966cb2
--- /dev/null
+++ b/src/lib/libcrypto/threads/mttest.c
@@ -0,0 +1,1096 @@
+/* crypto/threads/mttest.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#ifdef LINUX
+#include <typedefs.h>
+#endif
+#ifdef OPENSSL_SYS_WIN32
+#include <windows.h>
+#endif
+#ifdef SOLARIS
+#include <synch.h>
+#include <thread.h>
+#endif
+#ifdef IRIX
+#include <ulocks.h>
+#include <sys/prctl.h>
+#endif
+#ifdef PTHREADS
+#include <pthread.h>
+#endif
+#include <openssl/lhash.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include "../../e_os.h"
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#define TEST_SERVER_CERT "../../apps/server.pem"
+#define TEST_CLIENT_CERT "../../apps/client.pem"
+#define MAX_THREAD_NUMBER       100
+int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *xs);
+void thread_setup(void);
+void thread_cleanup(void);
+void do_threads(SSL_CTX *s_ctx,SSL_CTX *c_ctx);
+void irix_locking_callback(int mode,int type,char *file,int line);
+void solaris_locking_callback(int mode,int type,char *file,int line);
+void win32_locking_callback(int mode,int type,char *file,int line);
+void pthreads_locking_callback(int mode,int type,char *file,int line);
+unsigned long irix_thread_id(void );
+unsigned long solaris_thread_id(void );
+unsigned long pthreads_thread_id(void );
+BIO *bio_err=NULL;
+BIO *bio_stdout=NULL;
+static char *cipher=NULL;
+int verbose=0;
+#ifdef FIONBIO
+static int s_nbio=0;
+#endif
+int thread_number=10;
+int number_of_loops=10;
+int reconnect=0;
+int cache_stats=0;
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+int doit(char *ctx[4]);
+static void print_stats(FILE *fp, SSL_CTX *ctx)
+{
+        fprintf(fp,"%4ld items in the session cache\n",
+                SSL_CTX_sess_number(ctx));
+        fprintf(fp,"%4d client connects (SSL_connect())\n",
+                SSL_CTX_sess_connect(ctx));
+        fprintf(fp,"%4d client connects that finished\n",
+                SSL_CTX_sess_connect_good(ctx));
+        fprintf(fp,"%4d server connects (SSL_accept())\n",
+                SSL_CTX_sess_accept(ctx));
+        fprintf(fp,"%4d server connects that finished\n",
+                SSL_CTX_sess_accept_good(ctx));
+        fprintf(fp,"%4d session cache hits\n",SSL_CTX_sess_hits(ctx));
+        fprintf(fp,"%4d session cache misses\n",SSL_CTX_sess_misses(ctx));
+        fprintf(fp,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ctx));
+        }
+static void sv_usage(void)
+        {
+        fprintf(stderr,"usage: ssltest [args ...]\n");
+        fprintf(stderr,"\n");
+        fprintf(stderr," -server_auth  - check server certificate\n");
+        fprintf(stderr," -client_auth  - do client authentication\n");
+        fprintf(stderr," -v            - more output\n");
+        fprintf(stderr," -CApath arg   - PEM format directory of CA's\n");
+        fprintf(stderr," -CAfile arg   - PEM format file of CA's\n");
+        fprintf(stderr," -threads arg  - number of threads\n");
+        fprintf(stderr," -loops arg    - number of 'connections', per thread\n");
+        fprintf(stderr," -reconnect    - reuse session-id's\n");
+        fprintf(stderr," -stats        - server session-id cache stats\n");
+        fprintf(stderr," -cert arg     - server certificate/key\n");
+        fprintf(stderr," -ccert arg    - client certificate/key\n");
+        fprintf(stderr," -ssl3         - just SSLv3n\n");
+        }
+int main(int argc, char *argv[])
+        {
+        char *CApath=NULL,*CAfile=NULL;
+        int badop=0;
+        int ret=1;
+        int client_auth=0;
+        int server_auth=0;
+        SSL_CTX *s_ctx=NULL;
+        SSL_CTX *c_ctx=NULL;
+        char *scert=TEST_SERVER_CERT;
+        char *ccert=TEST_CLIENT_CERT;
+        SSL_METHOD *ssl_method=SSLv23_method();
+        RAND_seed(rnd_seed, sizeof rnd_seed);
+        if (bio_err == NULL)
+                bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+        if (bio_stdout == NULL)
+                bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
+        argc--;
+        argv++;
+        while (argc >= 1)
+                {
+                if      (strcmp(*argv,"-server_auth") == 0)
+                        server_auth=1;
+                else if (strcmp(*argv,"-client_auth") == 0)
+                        client_auth=1;
+                else if (strcmp(*argv,"-reconnect") == 0)
+                        reconnect=1;
+                else if (strcmp(*argv,"-stats") == 0)
+                        cache_stats=1;
+                else if (strcmp(*argv,"-ssl3") == 0)
+                        ssl_method=SSLv3_method();
+                else if (strcmp(*argv,"-ssl2") == 0)
+                        ssl_method=SSLv2_method();
+                else if (strcmp(*argv,"-CApath") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        CApath= *(++argv);
+                        }
+                else if (strcmp(*argv,"-CAfile") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        CAfile= *(++argv);
+                        }
+                else if (strcmp(*argv,"-cert") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        scert= *(++argv);
+                        }
+                else if (strcmp(*argv,"-ccert") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        ccert= *(++argv);
+                        }
+                else if (strcmp(*argv,"-threads") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        thread_number= atoi(*(++argv));
+                        if (thread_number == 0) thread_number=1;
+                        if (thread_number > MAX_THREAD_NUMBER)
+                                thread_number=MAX_THREAD_NUMBER;
+                        }
+                else if (strcmp(*argv,"-loops") == 0)
+                        {
+                        if (--argc < 1) goto bad;
+                        number_of_loops= atoi(*(++argv));
+                        if (number_of_loops == 0) number_of_loops=1;
+                        }
+                else
+                        {
+                        fprintf(stderr,"unknown option %s\n",*argv);
+                        badop=1;
+                        break;
+                        }
+                argc--;
+                argv++;
+                }
+        if (badop)
+                {
+bad:
+                sv_usage();
+                goto end;
+                }
+        if (cipher == NULL && OPENSSL_issetugid() == 0)
+                cipher=getenv("SSL_CIPHER");
+        SSL_load_error_strings();
+        OpenSSL_add_ssl_algorithms();
+        c_ctx=SSL_CTX_new(ssl_method);
+        s_ctx=SSL_CTX_new(ssl_method);
+        if ((c_ctx == NULL) || (s_ctx == NULL))
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        SSL_CTX_set_session_cache_mode(s_ctx,
+                SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER);
+        SSL_CTX_set_session_cache_mode(c_ctx,
+                SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER);
+        if (!SSL_CTX_use_certificate_file(s_ctx,scert,SSL_FILETYPE_PEM))
+                {
+                ERR_print_errors(bio_err);
+                }
+        else if (!SSL_CTX_use_RSAPrivateKey_file(s_ctx,scert,SSL_FILETYPE_PEM))
+                {
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        if (client_auth)
+                {
+                SSL_CTX_use_certificate_file(c_ctx,ccert,
+                        SSL_FILETYPE_PEM);
+                SSL_CTX_use_RSAPrivateKey_file(c_ctx,ccert,
+                        SSL_FILETYPE_PEM);
+                }
+        if (    (!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) ||
+                (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
+                (!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) ||
+                (!SSL_CTX_set_default_verify_paths(c_ctx)))
+                {
+                fprintf(stderr,"SSL_load_verify_locations\n");
+                ERR_print_errors(bio_err);
+                goto end;
+                }
+        if (client_auth)
+                {
+                fprintf(stderr,"client authentication\n");
+                SSL_CTX_set_verify(s_ctx,
+                        SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+                        verify_callback);
+                }
+        if (server_auth)
+                {
+                fprintf(stderr,"server authentication\n");
+                SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
+                        verify_callback);
+                }
+        thread_setup();
+        do_threads(s_ctx,c_ctx);
+        thread_cleanup();
+end:
+        
+        if (c_ctx != NULL) 
+                {
+                fprintf(stderr,"Client SSL_CTX stats then free it\n");
+                print_stats(stderr,c_ctx);
+                SSL_CTX_free(c_ctx);
+                }
+        if (s_ctx != NULL)
+                {
+                fprintf(stderr,"Server SSL_CTX stats then free it\n");
+                print_stats(stderr,s_ctx);
+                if (cache_stats)
+                        {
+                        fprintf(stderr,"-----\n");
+                        lh_stats(SSL_CTX_sessions(s_ctx),stderr);
+                        fprintf(stderr,"-----\n");
+                /*      lh_node_stats(SSL_CTX_sessions(s_ctx),stderr);
+                        fprintf(stderr,"-----\n"); */
+                        lh_node_usage_stats(SSL_CTX_sessions(s_ctx),stderr);
+                        fprintf(stderr,"-----\n");
+                        }
+                SSL_CTX_free(s_ctx);
+                fprintf(stderr,"done free\n");
+                }
+        exit(ret);
+        return(0);
+        }
+#define W_READ  1
+#define W_WRITE 2
+#define C_DONE  1
+#define S_DONE  2
+int ndoit(SSL_CTX *ssl_ctx[2])
+        {
+        int i;
+        int ret;
+        char *ctx[4];
+        ctx[0]=(char *)ssl_ctx[0];
+        ctx[1]=(char *)ssl_ctx[1];
+        if (reconnect)
+                {
+                ctx[2]=(char *)SSL_new(ssl_ctx[0]);
+                ctx[3]=(char *)SSL_new(ssl_ctx[1]);
+                }
+        else
+                {
+                ctx[2]=NULL;
+                ctx[3]=NULL;
+                }
+        fprintf(stdout,"started thread %lu\n",CRYPTO_thread_id());
+        for (i=0; i<number_of_loops; i++)
+                {
+/*              fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n",
+                        CRYPTO_thread_id(),i,
+                        ssl_ctx[0]->references,
+                        ssl_ctx[1]->references); */
+        /*      pthread_delay_np(&tm);*/
+                ret=doit(ctx);
+                if (ret != 0)
+                        {
+                        fprintf(stdout,"error[%d] %lu - %d\n",
+                                i,CRYPTO_thread_id(),ret);
+                        return(ret);
+                        }
+                }
+        fprintf(stdout,"DONE %lu\n",CRYPTO_thread_id());
+        if (reconnect)
+                {
+                SSL_free((SSL *)ctx[2]);
+                SSL_free((SSL *)ctx[3]);
+                }
+        return(0);
+        }
+int doit(char *ctx[4])
+        {
+        SSL_CTX *s_ctx,*c_ctx;
+        static char cbuf[200],sbuf[200];
+        SSL *c_ssl=NULL;
+        SSL *s_ssl=NULL;
+        BIO *c_to_s=NULL;
+        BIO *s_to_c=NULL;
+        BIO *c_bio=NULL;
+        BIO *s_bio=NULL;
+        int c_r,c_w,s_r,s_w;
+        int c_want,s_want;
+        int i;
+        int done=0;
+        int c_write,s_write;
+        int do_server=0,do_client=0;
+        s_ctx=(SSL_CTX *)ctx[0];
+        c_ctx=(SSL_CTX *)ctx[1];
+        if (ctx[2] != NULL)
+                s_ssl=(SSL *)ctx[2];
+        else
+                s_ssl=SSL_new(s_ctx);
+        if (ctx[3] != NULL)
+                c_ssl=(SSL *)ctx[3];
+        else
+                c_ssl=SSL_new(c_ctx);
+        if ((s_ssl == NULL) || (c_ssl == NULL)) goto err;
+        c_to_s=BIO_new(BIO_s_mem());
+        s_to_c=BIO_new(BIO_s_mem());
+        if ((s_to_c == NULL) || (c_to_s == NULL)) goto err;
+        c_bio=BIO_new(BIO_f_ssl());
+        s_bio=BIO_new(BIO_f_ssl());
+        if ((c_bio == NULL) || (s_bio == NULL)) goto err;
+        SSL_set_connect_state(c_ssl);
+        SSL_set_bio(c_ssl,s_to_c,c_to_s);
+        BIO_set_ssl(c_bio,c_ssl,(ctx[2] == NULL)?BIO_CLOSE:BIO_NOCLOSE);
+        SSL_set_accept_state(s_ssl);
+        SSL_set_bio(s_ssl,c_to_s,s_to_c);
+        BIO_set_ssl(s_bio,s_ssl,(ctx[3] == NULL)?BIO_CLOSE:BIO_NOCLOSE);
+        c_r=0; s_r=1;
+        c_w=1; s_w=0;
+        c_want=W_WRITE;
+        s_want=0;
+        c_write=1,s_write=0;
+        /* We can always do writes */
+        for (;;)
+                {
+                do_server=0;
+                do_client=0;
+                i=(int)BIO_pending(s_bio);
+                if ((i && s_r) || s_w) do_server=1;
+                i=(int)BIO_pending(c_bio);
+                if ((i && c_r) || c_w) do_client=1;
+                if (do_server && verbose)
+                        {
+                        if (SSL_in_init(s_ssl))
+                                printf("server waiting in SSL_accept - %s\n",
+                                        SSL_state_string_long(s_ssl));
+                        else if (s_write)
+                                printf("server:SSL_write()\n");
+                        else 
+                                printf("server:SSL_read()\n");
+                        }
+                if (do_client && verbose)
+                        {
+                        if (SSL_in_init(c_ssl))
+                                printf("client waiting in SSL_connect - %s\n",
+                                        SSL_state_string_long(c_ssl));
+                        else if (c_write)
+                                printf("client:SSL_write()\n");
+                        else
+                                printf("client:SSL_read()\n");
+                        }
+                if (!do_client && !do_server)
+                        {
+                        fprintf(stdout,"ERROR IN STARTUP\n");
+                        break;
+                        }
+                if (do_client && !(done & C_DONE))
+                        {
+                        if (c_write)
+                                {
+                                i=BIO_write(c_bio,"hello from client\n",18);
+                                if (i < 0)
+                                        {
+                                        c_r=0;
+                                        c_w=0;
+                                        if (BIO_should_retry(c_bio))
+                                                {
+                                                if (BIO_should_read(c_bio))
+                                                        c_r=1;
+                                                if (BIO_should_write(c_bio))
+                                                        c_w=1;
+                                                }
+                                        else
+                                                {
+                                                fprintf(stderr,"ERROR in CLIENT\n");
+                                                ERR_print_errors_fp(stderr);
+                                                return(1);
+                                                }
+                                        }
+                                else if (i == 0)
+                                        {
+                                        fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
+                                        return(1);
+                                        }
+                                else
+                                        {
+                                        /* ok */
+                                        c_write=0;
+                                        }
+                                }
+                        else
+                                {
+                                i=BIO_read(c_bio,cbuf,100);
+                                if (i < 0)
+                                        {
+                                        c_r=0;
+                                        c_w=0;
+                                        if (BIO_should_retry(c_bio))
+                                                {
+                                                if (BIO_should_read(c_bio))
+                                                        c_r=1;
+                                                if (BIO_should_write(c_bio))
+                                                        c_w=1;
+                                                }
+                                        else
+                                                {
+                                                fprintf(stderr,"ERROR in CLIENT\n");
+                                                ERR_print_errors_fp(stderr);
+                                                return(1);
+                                                }
+                                        }
+                                else if (i == 0)
+                                        {
+                                        fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
+                                        return(1);
+                                        }
+                                else
+                                        {
+                                        done|=C_DONE;
+#ifdef undef
+                                        fprintf(stdout,"CLIENT:from server:");
+                                        fwrite(cbuf,1,i,stdout);
+                                        fflush(stdout);
+#endif
+                                        }
+                                }
+                        }
+                if (do_server && !(done & S_DONE))
+                        {
+                        if (!s_write)
+                                {
+                                i=BIO_read(s_bio,sbuf,100);
+                                if (i < 0)
+                                        {
+                                        s_r=0;
+                                        s_w=0;
+                                        if (BIO_should_retry(s_bio))
+                                                {
+                                                if (BIO_should_read(s_bio))
+                                                        s_r=1;
+                                                if (BIO_should_write(s_bio))
+                                                        s_w=1;
+                                                }
+                                        else
+                                                {
+                                                fprintf(stderr,"ERROR in SERVER\n");
+                                                ERR_print_errors_fp(stderr);
+                                                return(1);
+                                                }
+                                        }
+                                else if (i == 0)
+                                        {
+                                        fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
+                                        return(1);
+                                        }
+                                else
+                                        {
+                                        s_write=1;
+                                        s_w=1;
+#ifdef undef
+                                        fprintf(stdout,"SERVER:from client:");
+                                        fwrite(sbuf,1,i,stdout);
+                                        fflush(stdout);
+#endif
+                                        }
+                                }
+                        else
+                                {
+                                i=BIO_write(s_bio,"hello from server\n",18);
+                                if (i < 0)
+                                        {
+                                        s_r=0;
+                                        s_w=0;
+                                        if (BIO_should_retry(s_bio))
+                                                {
+                                                if (BIO_should_read(s_bio))
+                                                        s_r=1;
+                                                if (BIO_should_write(s_bio))
+                                                        s_w=1;
+                                                }
+                                        else
+                                                {
+                                                fprintf(stderr,"ERROR in SERVER\n");
+                                                ERR_print_errors_fp(stderr);
+                                                return(1);
+                                                }
+                                        }
+                                else if (i == 0)
+                                        {
+                                        fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
+                                        return(1);
+                                        }
+                                else
+                                        {
+                                        s_write=0;
+                                        s_r=1;
+                                        done|=S_DONE;
+                                        }
+                                }
+                        }
+                if ((done & S_DONE) && (done & C_DONE)) break;
+                }
+        SSL_set_shutdown(c_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+        SSL_set_shutdown(s_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+#ifdef undef
+        fprintf(stdout,"DONE\n");
+#endif
+err:
+        /* We have to set the BIO's to NULL otherwise they will be
+         * free()ed twice.  Once when th s_ssl is SSL_free()ed and
+         * again when c_ssl is SSL_free()ed.
+         * This is a hack required because s_ssl and c_ssl are sharing the same
+         * BIO structure and SSL_set_bio() and SSL_free() automatically
+         * BIO_free non NULL entries.
+         * You should not normally do this or be required to do this */
+        if (s_ssl != NULL)
+                {
+                s_ssl->rbio=NULL;
+                s_ssl->wbio=NULL;
+                }
+        if (c_ssl != NULL)
+                {
+                c_ssl->rbio=NULL;
+                c_ssl->wbio=NULL;
+                }
+        /* The SSL's are optionally freed in the following calls */
+        if (c_to_s != NULL) BIO_free(c_to_s);
+        if (s_to_c != NULL) BIO_free(s_to_c);
+        if (c_bio != NULL) BIO_free(c_bio);
+        if (s_bio != NULL) BIO_free(s_bio);
+        return(0);
+        }
+int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
+        {
+        char *s, buf[256];
+        if (verbose)
+                {
+                s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),
+                                    buf,256);
+                if (s != NULL)
+                        {
+                        if (ok)
+                                fprintf(stderr,"depth=%d %s\n",
+                                        ctx->error_depth,buf);
+                        else
+                                fprintf(stderr,"depth=%d error=%d %s\n",
+                                        ctx->error_depth,ctx->error,buf);
+                        }
+                }
+        return(ok);
+        }
+#define THREAD_STACK_SIZE (16*1024)
+#ifdef OPENSSL_SYS_WIN32
+static HANDLE *lock_cs;
+void thread_setup(void)
+        {
+        int i;
+        lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(HANDLE));
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                lock_cs[i]=CreateMutex(NULL,FALSE,NULL);
+                }
+        CRYPTO_set_locking_callback((void (*)(int,int,char *,int))win32_locking_callback);
+        /* id callback defined */
+        }
+void thread_cleanup(void)
+        {
+        int i;
+        CRYPTO_set_locking_callback(NULL);
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                CloseHandle(lock_cs[i]);
+        OPENSSL_free(lock_cs);
+        }
+void win32_locking_callback(int mode, int type, char *file, int line)
+        {
+        if (mode & CRYPTO_LOCK)
+                {
+                WaitForSingleObject(lock_cs[type],INFINITE);
+                }
+        else
+                {
+                ReleaseMutex(lock_cs[type]);
+                }
+        }
+void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
+        {
+        double ret;
+        SSL_CTX *ssl_ctx[2];
+        DWORD thread_id[MAX_THREAD_NUMBER];
+        HANDLE thread_handle[MAX_THREAD_NUMBER];
+        int i;
+        SYSTEMTIME start,end;
+        ssl_ctx[0]=s_ctx;
+        ssl_ctx[1]=c_ctx;
+        GetSystemTime(&start);
+        for (i=0; i<thread_number; i++)
+                {
+                thread_handle[i]=CreateThread(NULL,
+                        THREAD_STACK_SIZE,
+                        (LPTHREAD_START_ROUTINE)ndoit,
+                        (void *)ssl_ctx,
+                        0L,
+                        &(thread_id[i]));
+                }
+        printf("reaping\n");
+        for (i=0; i<thread_number; i+=50)
+                {
+                int j;
+                j=(thread_number < (i+50))?(thread_number-i):50;
+                if (WaitForMultipleObjects(j,
+                        (CONST HANDLE *)&(thread_handle[i]),TRUE,INFINITE)
+                        == WAIT_FAILED)
+                        {
+                        fprintf(stderr,"WaitForMultipleObjects failed:%d\n",GetLastError());
+                        exit(1);
+                        }
+                }
+        GetSystemTime(&end);
+        if (start.wDayOfWeek > end.wDayOfWeek) end.wDayOfWeek+=7;
+        ret=(end.wDayOfWeek-start.wDayOfWeek)*24;
+        ret=(ret+end.wHour-start.wHour)*60;
+        ret=(ret+end.wMinute-start.wMinute)*60;
+        ret=(ret+end.wSecond-start.wSecond);
+        ret+=(end.wMilliseconds-start.wMilliseconds)/1000.0;
+        printf("win32 threads done - %.3f seconds\n",ret);
+        }
+#endif /* OPENSSL_SYS_WIN32 */
+#ifdef SOLARIS
+static mutex_t *lock_cs;
+/*static rwlock_t *lock_cs; */
+static long *lock_count;
+void thread_setup(void)
+        {
+        int i;
+        lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(mutex_t));
+        lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                lock_count[i]=0;
+                /* rwlock_init(&(lock_cs[i]),USYNC_THREAD,NULL); */
+                mutex_init(&(lock_cs[i]),USYNC_THREAD,NULL);
+                }
+        CRYPTO_set_id_callback((unsigned long (*)())solaris_thread_id);
+        CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);
+        }
+void thread_cleanup(void)
+        {
+        int i;
+        CRYPTO_set_locking_callback(NULL);
+        fprintf(stderr,"cleanup\n");
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                /* rwlock_destroy(&(lock_cs[i])); */
+                mutex_destroy(&(lock_cs[i]));
+                fprintf(stderr,"%8ld:%s\n",lock_count[i],CRYPTO_get_lock_name(i));
+                }
+        OPENSSL_free(lock_cs);
+        OPENSSL_free(lock_count);
+        fprintf(stderr,"done cleanup\n");
+        }
+void solaris_locking_callback(int mode, int type, char *file, int line)
+        {
+#ifdef undef
+        fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
+                CRYPTO_thread_id(),
+                (mode&CRYPTO_LOCK)?"l":"u",
+                (type&CRYPTO_READ)?"r":"w",file,line);
+#endif
+        /*
+        if (CRYPTO_LOCK_SSL_CERT == type)
+        fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
+                CRYPTO_thread_id(),
+                mode,file,line);
+        */
+        if (mode & CRYPTO_LOCK)
+                {
+        /*      if (mode & CRYPTO_READ)
+                        rw_rdlock(&(lock_cs[type]));
+                else
+                        rw_wrlock(&(lock_cs[type])); */
+                mutex_lock(&(lock_cs[type]));
+                lock_count[type]++;
+                }
+        else
+                {
+/*              rw_unlock(&(lock_cs[type]));  */
+                mutex_unlock(&(lock_cs[type]));
+                }
+        }
+void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
+        {
+        SSL_CTX *ssl_ctx[2];
+        thread_t thread_ctx[MAX_THREAD_NUMBER];
+        int i;
+        ssl_ctx[0]=s_ctx;
+        ssl_ctx[1]=c_ctx;
+        thr_setconcurrency(thread_number);
+        for (i=0; i<thread_number; i++)
+                {
+                thr_create(NULL, THREAD_STACK_SIZE,
+                        (void *(*)())ndoit,
+                        (void *)ssl_ctx,
+                        0L,
+                        &(thread_ctx[i]));
+                }
+        printf("reaping\n");
+        for (i=0; i<thread_number; i++)
+                {
+                thr_join(thread_ctx[i],NULL,NULL);
+                }
+        printf("solaris threads done (%d,%d)\n",
+                s_ctx->references,c_ctx->references);
+        }
+unsigned long solaris_thread_id(void)
+        {
+        unsigned long ret;
+        ret=(unsigned long)thr_self();
+        return(ret);
+        }
+#endif /* SOLARIS */
+#ifdef IRIX
+static usptr_t *arena;
+static usema_t **lock_cs;
+void thread_setup(void)
+        {
+        int i;
+        char filename[20];
+        strcpy(filename,"/tmp/mttest.XXXXXX");
+        mktemp(filename);
+        usconfig(CONF_STHREADIOOFF);
+        usconfig(CONF_STHREADMALLOCOFF);
+        usconfig(CONF_INITUSERS,100);
+        usconfig(CONF_LOCKTYPE,US_DEBUGPLUS);
+        arena=usinit(filename);
+        unlink(filename);
+        lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(usema_t *));
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                lock_cs[i]=usnewsema(arena,1);
+                }
+        CRYPTO_set_id_callback((unsigned long (*)())irix_thread_id);
+        CRYPTO_set_locking_callback((void (*)())irix_locking_callback);
+        }
+void thread_cleanup(void)
+        {
+        int i;
+        CRYPTO_set_locking_callback(NULL);
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                char buf[10];
+                sprintf(buf,"%2d:",i);
+                usdumpsema(lock_cs[i],stdout,buf);
+                usfreesema(lock_cs[i],arena);
+                }
+        OPENSSL_free(lock_cs);
+        }
+void irix_locking_callback(int mode, int type, char *file, int line)
+        {
+        if (mode & CRYPTO_LOCK)
+                {
+                printf("lock %d\n",type);
+                uspsema(lock_cs[type]);
+                }
+        else
+                {
+                printf("unlock %d\n",type);
+                usvsema(lock_cs[type]);
+                }
+        }
+void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
+        {
+        SSL_CTX *ssl_ctx[2];
+        int thread_ctx[MAX_THREAD_NUMBER];
+        int i;
+        ssl_ctx[0]=s_ctx;
+        ssl_ctx[1]=c_ctx;
+        for (i=0; i<thread_number; i++)
+                {
+                thread_ctx[i]=sproc((void (*)())ndoit,
+                        PR_SADDR|PR_SFDS,(void *)ssl_ctx);
+                }
+        printf("reaping\n");
+        for (i=0; i<thread_number; i++)
+                {
+                wait(NULL);
+                }
+        printf("irix threads done (%d,%d)\n",
+                s_ctx->references,c_ctx->references);
+        }
+unsigned long irix_thread_id(void)
+        {
+        unsigned long ret;
+        ret=(unsigned long)getpid();
+        return(ret);
+        }
+#endif /* IRIX */
+#ifdef PTHREADS
+static pthread_mutex_t *lock_cs;
+static long *lock_count;
+void thread_setup(void)
+        {
+        int i;
+        lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
+        lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                lock_count[i]=0;
+                pthread_mutex_init(&(lock_cs[i]),NULL);
+                }
+        CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
+        CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);
+        }
+void thread_cleanup(void)
+        {
+        int i;
+        CRYPTO_set_locking_callback(NULL);
+        fprintf(stderr,"cleanup\n");
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                pthread_mutex_destroy(&(lock_cs[i]));
+                fprintf(stderr,"%8ld:%s\n",lock_count[i],
+                        CRYPTO_get_lock_name(i));
+                }
+        OPENSSL_free(lock_cs);
+        OPENSSL_free(lock_count);
+        fprintf(stderr,"done cleanup\n");
+        }
+void pthreads_locking_callback(int mode, int type, char *file,
+             int line)
+      {
+#ifdef undef
+        fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
+                CRYPTO_thread_id(),
+                (mode&CRYPTO_LOCK)?"l":"u",
+                (type&CRYPTO_READ)?"r":"w",file,line);
+#endif
+/*
+        if (CRYPTO_LOCK_SSL_CERT == type)
+                fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
+                CRYPTO_thread_id(),
+                mode,file,line);
+*/
+        if (mode & CRYPTO_LOCK)
+                {
+                pthread_mutex_lock(&(lock_cs[type]));
+                lock_count[type]++;
+                }
+        else
+                {
+                pthread_mutex_unlock(&(lock_cs[type]));
+                }
+        }
+void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
+        {
+        SSL_CTX *ssl_ctx[2];
+        pthread_t thread_ctx[MAX_THREAD_NUMBER];
+        int i;
+        ssl_ctx[0]=s_ctx;
+        ssl_ctx[1]=c_ctx;
+        /*
+        thr_setconcurrency(thread_number);
+        */
+        for (i=0; i<thread_number; i++)
+                {
+                pthread_create(&(thread_ctx[i]), NULL,
+                        (void *(*)())ndoit, (void *)ssl_ctx);
+                }
+        printf("reaping\n");
+        for (i=0; i<thread_number; i++)
+                {
+                pthread_join(thread_ctx[i],NULL);
+                }
+        printf("pthreads threads done (%d,%d)\n",
+                s_ctx->references,c_ctx->references);
+        }
+unsigned long pthreads_thread_id(void)
+        {
+        unsigned long ret;
+        ret=(unsigned long)pthread_self();
+        return(ret);
+        }
+#endif /* PTHREADS */
diff --git a/src/lib/libcrypto/threads/netware.bat b/src/lib/libcrypto/threads/netware.bat
new file mode 100644
index 0000000000..0b3eca3caf
--- /dev/null
+++ b/src/lib/libcrypto/threads/netware.bat
@@ -0,0 +1,79 @@
+@echo off
+rem batch file to build multi-thread test ( mttest.nlm )
+rem command line arguments:
+rem      debug => build using debug settings
+rem
+rem After building, copy mttest.nlm to the server and run it, you'll probably
+rem want to redirect stdout and stderr.  An example command line would be
+rem "mttest.nlm -thread 20 -loops 10 -CAfile \openssl\apps\server.pem >mttest.out 2>mttest.err"
+rem 
+del mttest.nlm
+set BLD_DEBUG=
+set CFLAGS=
+set LFLAGS=
+set LIBS=
+if "%1" == "DEBUG" set BLD_DEBUG=YES
+if "%1" == "debug" set BLD_DEBUG=YES
+if "%MWCIncludes%" == "" goto inc_error
+if "%PRELUDE%" == "" goto prelude_error
+if "%IMPORTS%" == "" goto imports_error
+set CFLAGS=-c -I..\..\outinc_nw -nosyspath -DOPENSSL_SYS_NETWARE -opt off -g -sym internal -maxerrors 20
+if "%BLD_DEBUG%" == "YES" set LIBS=..\..\out_nw.dbg\ssl.lib ..\..\out_nw.dbg\crypto.lib
+if "%BLD_DEBUG%" == ""  set LIBS=..\..\out_nw\ssl.lib ..\..\out_nw\crypto.lib
+set LFLAGS=-msgstyle gcc -zerobss -stacksize 32768 -nostdlib -sym internal 
+  
+rem generate command file for metrowerks
+echo.
+echo Generating Metrowerks command file: mttest.def
+echo # dynamically generated command file for metrowerks build > mttest.def
+echo IMPORT @%IMPORTS%\clib.imp              >> mttest.def 
+echo IMPORT @%IMPORTS%\threads.imp           >> mttest.def 
+echo IMPORT @%IMPORTS%\ws2nlm.imp            >> mttest.def 
+echo IMPORT GetProcessSwitchCount            >> mttest.def
+echo MODULE clib                             >> mttest.def 
+rem compile
+echo.
+echo Compiling mttest.c
+mwccnlm.exe mttest.c %CFLAGS% 
+if errorlevel 1 goto end
+rem link               
+echo.
+echo Linking mttest.nlm
+mwldnlm.exe %LFLAGS% -screenname mttest -commandfile mttest.def mttest.o "%PRELUDE%" %LIBS% -o mttest.nlm
+if errorlevel 1 goto end
+goto end
+:inc_error
+echo.
+echo Environment variable MWCIncludes is not set - see install.nw
+goto end
+:prelude_error
+echo.
+echo Environment variable PRELUDE is not set - see install.nw
+goto end
+:imports_error
+echo.
+echo Environment variable IMPORTS is not set - see install.nw
+goto end
+    
+    
+:end
+set BLD_DEBUG=
+set CFLAGS=
+set LFLAGS=
+set LIBS=
diff --git a/src/lib/libcrypto/threads/profile.sh b/src/lib/libcrypto/threads/profile.sh
new file mode 100644
index 0000000000..6e3e342fc0
--- /dev/null
+++ b/src/lib/libcrypto/threads/profile.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+/bin/rm -f mttest
+cc -p -DSOLARIS -I../../include -g mttest.c -o mttest -L/usr/lib/libc -ldl -L../.. -lthread  -lssl -lcrypto -lnsl -lsocket
diff --git a/src/lib/libcrypto/threads/ptest.bat b/src/lib/libcrypto/threads/ptest.bat
new file mode 100644
index 0000000000..4071b5ffea
--- /dev/null
+++ b/src/lib/libcrypto/threads/ptest.bat
@@ -0,0 +1,4 @@
+del mttest.exe
+purify cl /O2 -DWIN32 /MD -I..\..\out mttest.c /Femttest ..\..\out\ssl32.lib ..\..\out\crypt32.lib
diff --git a/src/lib/libcrypto/threads/pthread.sh b/src/lib/libcrypto/threads/pthread.sh
new file mode 100644
index 0000000000..f1c49821d2
--- /dev/null
+++ b/src/lib/libcrypto/threads/pthread.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+#
+# build using pthreads
+#
+# http://www.mit.edu:8001/people/proven/pthreads.html
+#
+/bin/rm -f mttest
+pgcc -DPTHREADS -I../../include -g mttest.c -o mttest -L../.. -lssl -lcrypto 
diff --git a/src/lib/libcrypto/threads/pthread2.sh b/src/lib/libcrypto/threads/pthread2.sh
new file mode 100644
index 0000000000..41264c6a50
--- /dev/null
+++ b/src/lib/libcrypto/threads/pthread2.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+#
+# build using pthreads where it's already built into the system
+#
+/bin/rm -f mttest
+gcc -DPTHREADS -I../../include -g mttest.c -o mttest -L../.. -lssl -lcrypto -lpthread
diff --git a/src/lib/libcrypto/threads/pthreads-vms.com b/src/lib/libcrypto/threads/pthreads-vms.com
new file mode 100644
index 0000000000..63f5b8cc2e
--- /dev/null
+++ b/src/lib/libcrypto/threads/pthreads-vms.com
@@ -0,0 +1,9 @@
+$! To compile mttest on VMS.
+$!
+$! WARNING: only tested with DEC C so far.
+$
+$ arch := vax
+$ if f$getsyi("CPU") .ge. 128 then arch := axp
+$ define/user openssl [--.include.openssl]
+$ cc/def=PTHREADS mttest.c
+$ link mttest,[--.'arch'.exe.ssl]libssl/lib,[--.'arch'.exe.crypto]libcrypto/lib
diff --git a/src/lib/libcrypto/threads/purify.sh b/src/lib/libcrypto/threads/purify.sh
new file mode 100644
index 0000000000..6d44fe26b7
--- /dev/null
+++ b/src/lib/libcrypto/threads/purify.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+/bin/rm -f mttest
+purify cc -DSOLARIS -I../../include -g mttest.c -o mttest -L../.. -lthread  -lssl -lcrypto -lnsl -lsocket
diff --git a/src/lib/libcrypto/threads/solaris.sh b/src/lib/libcrypto/threads/solaris.sh
new file mode 100644
index 0000000000..bc93094a27
--- /dev/null
+++ b/src/lib/libcrypto/threads/solaris.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+/bin/rm -f mttest
+cc -DSOLARIS -I../../include -g mttest.c -o mttest -L../.. -lthread  -lssl -lcrypto -lnsl -lsocket
diff --git a/src/lib/libcrypto/threads/th-lock.c b/src/lib/libcrypto/threads/th-lock.c
new file mode 100644
index 0000000000..a6a79b9f45
--- /dev/null
+++ b/src/lib/libcrypto/threads/th-lock.c
@@ -0,0 +1,387 @@
+/* crypto/threads/th-lock.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#ifdef LINUX
+#include <typedefs.h>
+#endif
+#ifdef OPENSSL_SYS_WIN32
+#include <windows.h>
+#endif
+#ifdef SOLARIS
+#include <synch.h>
+#include <thread.h>
+#endif
+#ifdef IRIX
+#include <ulocks.h>
+#include <sys/prctl.h>
+#endif
+#ifdef PTHREADS
+#include <pthread.h>
+#endif
+#include <openssl/lhash.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/e_os.h>
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+void CRYPTO_thread_setup(void);
+void CRYPTO_thread_cleanup(void);
+static void irix_locking_callback(int mode,int type,char *file,int line);
+static void solaris_locking_callback(int mode,int type,char *file,int line);
+static void win32_locking_callback(int mode,int type,char *file,int line);
+static void pthreads_locking_callback(int mode,int type,char *file,int line);
+static unsigned long irix_thread_id(void );
+static unsigned long solaris_thread_id(void );
+static unsigned long pthreads_thread_id(void );
+/* usage:
+ * CRYPTO_thread_setup();
+ * application code
+ * CRYPTO_thread_cleanup();
+ */
+#define THREAD_STACK_SIZE (16*1024)
+#ifdef OPENSSL_SYS_WIN32
+static HANDLE *lock_cs;
+void CRYPTO_thread_setup(void)
+        {
+        int i;
+        lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(HANDLE));
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                lock_cs[i]=CreateMutex(NULL,FALSE,NULL);
+                }
+        CRYPTO_set_locking_callback((void (*)(int,int,char *,int))win32_locking_callback);
+        /* id callback defined */
+        return(1);
+        }
+static void CRYPTO_thread_cleanup(void)
+        {
+        int i;
+        CRYPTO_set_locking_callback(NULL);
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                CloseHandle(lock_cs[i]);
+        OPENSSL_free(lock_cs);
+        }
+void win32_locking_callback(int mode, int type, char *file, int line)
+        {
+        if (mode & CRYPTO_LOCK)
+                {
+                WaitForSingleObject(lock_cs[type],INFINITE);
+                }
+        else
+                {
+                ReleaseMutex(lock_cs[type]);
+                }
+        }
+#endif /* OPENSSL_SYS_WIN32 */
+#ifdef SOLARIS
+#define USE_MUTEX
+#ifdef USE_MUTEX
+static mutex_t *lock_cs;
+#else
+static rwlock_t *lock_cs;
+#endif
+static long *lock_count;
+void CRYPTO_thread_setup(void)
+        {
+        int i;
+#ifdef USE_MUTEX
+        lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(mutex_t));
+#else
+        lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(rwlock_t));
+#endif
+        lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                lock_count[i]=0;
+#ifdef USE_MUTEX
+                mutex_init(&(lock_cs[i]),USYNC_THREAD,NULL);
+#else
+                rwlock_init(&(lock_cs[i]),USYNC_THREAD,NULL);
+#endif
+                }
+        CRYPTO_set_id_callback((unsigned long (*)())solaris_thread_id);
+        CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);
+        }
+void CRYPTO_thread_cleanup(void)
+        {
+        int i;
+        CRYPTO_set_locking_callback(NULL);
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+#ifdef USE_MUTEX
+                mutex_destroy(&(lock_cs[i]));
+#else
+                rwlock_destroy(&(lock_cs[i]));
+#endif
+                }
+        OPENSSL_free(lock_cs);
+        OPENSSL_free(lock_count);
+        }
+void solaris_locking_callback(int mode, int type, char *file, int line)
+        {
+#if 0
+        fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
+                CRYPTO_thread_id(),
+                (mode&CRYPTO_LOCK)?"l":"u",
+                (type&CRYPTO_READ)?"r":"w",file,line);
+#endif
+#if 0
+        if (CRYPTO_LOCK_SSL_CERT == type)
+                fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
+                        CRYPTO_thread_id(),
+                        mode,file,line);
+#endif
+        if (mode & CRYPTO_LOCK)
+                {
+#ifdef USE_MUTEX
+                mutex_lock(&(lock_cs[type]));
+#else
+                if (mode & CRYPTO_READ)
+                        rw_rdlock(&(lock_cs[type]));
+                else
+                        rw_wrlock(&(lock_cs[type]));
+#endif
+                lock_count[type]++;
+                }
+        else
+                {
+#ifdef USE_MUTEX
+                mutex_unlock(&(lock_cs[type]));
+#else
+                rw_unlock(&(lock_cs[type]));
+#endif
+                }
+        }
+unsigned long solaris_thread_id(void)
+        {
+        unsigned long ret;
+        ret=(unsigned long)thr_self();
+        return(ret);
+        }
+#endif /* SOLARIS */
+#ifdef IRIX
+/* I don't think this works..... */
+static usptr_t *arena;
+static usema_t **lock_cs;
+void CRYPTO_thread_setup(void)
+        {
+        int i;
+        char filename[20];
+        strcpy(filename,"/tmp/mttest.XXXXXX");
+        mktemp(filename);
+        usconfig(CONF_STHREADIOOFF);
+        usconfig(CONF_STHREADMALLOCOFF);
+        usconfig(CONF_INITUSERS,100);
+        usconfig(CONF_LOCKTYPE,US_DEBUGPLUS);
+        arena=usinit(filename);
+        unlink(filename);
+        lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(usema_t *));
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                lock_cs[i]=usnewsema(arena,1);
+                }
+        CRYPTO_set_id_callback((unsigned long (*)())irix_thread_id);
+        CRYPTO_set_locking_callback((void (*)())irix_locking_callback);
+        }
+void CRYPTO_thread_cleanup(void)
+        {
+        int i;
+        CRYPTO_set_locking_callback(NULL);
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                char buf[10];
+                sprintf(buf,"%2d:",i);
+                usdumpsema(lock_cs[i],stdout,buf);
+                usfreesema(lock_cs[i],arena);
+                }
+        OPENSSL_free(lock_cs);
+        }
+void irix_locking_callback(int mode, int type, char *file, int line)
+        {
+        if (mode & CRYPTO_LOCK)
+                {
+                uspsema(lock_cs[type]);
+                }
+        else
+                {
+                usvsema(lock_cs[type]);
+                }
+        }
+unsigned long irix_thread_id(void)
+        {
+        unsigned long ret;
+        ret=(unsigned long)getpid();
+        return(ret);
+        }
+#endif /* IRIX */
+/* Linux and a few others */
+#ifdef PTHREADS
+static pthread_mutex_t *lock_cs;
+static long *lock_count;
+void CRYPTO_thread_setup(void)
+        {
+        int i;
+        lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
+        lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                lock_count[i]=0;
+                pthread_mutex_init(&(lock_cs[i]),NULL);
+                }
+        CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
+        CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);
+        }
+void thread_cleanup(void)
+        {
+        int i;
+        CRYPTO_set_locking_callback(NULL);
+        for (i=0; i<CRYPTO_num_locks(); i++)
+                {
+                pthread_mutex_destroy(&(lock_cs[i]));
+                }
+        OPENSSL_free(lock_cs);
+        OPENSSL_free(lock_count);
+        }
+void pthreads_locking_callback(int mode, int type, char *file,
+             int line)
+      {
+#if 0
+        fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
+                CRYPTO_thread_id(),
+                (mode&CRYPTO_LOCK)?"l":"u",
+                (type&CRYPTO_READ)?"r":"w",file,line);
+#endif
+#if 0
+        if (CRYPTO_LOCK_SSL_CERT == type)
+                fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
+                CRYPTO_thread_id(),
+                mode,file,line);
+#endif
+        if (mode & CRYPTO_LOCK)
+                {
+                pthread_mutex_lock(&(lock_cs[type]));
+                lock_count[type]++;
+                }
+        else
+                {
+                pthread_mutex_unlock(&(lock_cs[type]));
+                }
+        }
+unsigned long pthreads_thread_id(void)
+        {
+        unsigned long ret;
+        ret=(unsigned long)pthread_self();
+        return(ret);
+        }
+#endif /* PTHREADS */
diff --git a/src/lib/libcrypto/threads/win32.bat b/src/lib/libcrypto/threads/win32.bat
new file mode 100644
index 0000000000..ee6da80a07
--- /dev/null
+++ b/src/lib/libcrypto/threads/win32.bat
@@ -0,0 +1,4 @@
+del mttest.exe
+cl /O2 -DWIN32 /MD -I..\..\out mttest.c /Femttest ..\..\out\ssleay32.lib ..\..\out\libeay32.lib
diff --git a/src/lib/libcrypto/tmdiff.c b/src/lib/libcrypto/tmdiff.c
new file mode 100644
index 0000000000..307523ebba
--- /dev/null
+++ b/src/lib/libcrypto/tmdiff.c
@@ -0,0 +1,249 @@
+/* crypto/tmdiff.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include "cryptlib.h"
+#include <openssl/tmdiff.h>
+#if !defined(OPENSSL_SYS_MSDOS)
+#include OPENSSL_UNISTD
+#endif
+#ifdef TIMEB
+#undef OPENSSL_SYS_WIN32
+#undef TIMES
+#endif
+#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) && !(defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX_RHAPSODY) && !defined(OPENSSL_SYS_VXWORKS)
+# define TIMES
+#endif
+#ifndef _IRIX
+#  include <time.h>
+#endif
+#ifdef TIMES
+#  include <sys/types.h>
+#  include <sys/times.h>
+#endif
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.                           -- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+#if defined(sun) || defined(__ultrix)
+#define _POSIX_SOURCE
+#include <limits.h>
+#include <sys/param.h>
+#endif
+#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS)
+#include <sys/timeb.h>
+#endif
+#ifdef OPENSSL_SYS_WIN32
+#include <windows.h>
+#endif
+/* The following if from times(3) man page.  It may need to be changed */
+#ifndef HZ
+# if defined(_SC_CLK_TCK) \
+     && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000)
+#  define HZ ((double)sysconf(_SC_CLK_TCK))
+# else
+#  ifndef CLK_TCK
+#   ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+#    define HZ  100.0
+#   else /* _BSD_CLK_TCK_ */
+#    define HZ ((double)_BSD_CLK_TCK_)
+#   endif
+#  else /* CLK_TCK */
+#   define HZ ((double)CLK_TCK)
+#  endif
+# endif
+#endif
+typedef struct ms_tm
+        {
+#ifdef TIMES
+        struct tms ms_tms;
+#else
+#  ifdef OPENSSL_SYS_WIN32
+        HANDLE thread_id;
+        FILETIME ms_win32;
+#  else
+#    ifdef OPENSSL_SYS_VXWORKS
+          unsigned long ticks;
+#    else
+        struct timeb ms_timeb;
+#    endif
+#  endif
+#endif
+        } MS_TM;
+char *ms_time_new(void)
+        {
+        MS_TM *ret;
+        ret=(MS_TM *)OPENSSL_malloc(sizeof(MS_TM));
+        if (ret == NULL)
+                return(NULL);
+        memset(ret,0,sizeof(MS_TM));
+#ifdef OPENSSL_SYS_WIN32
+        ret->thread_id=GetCurrentThread();
+#endif
+        return((char *)ret);
+        }
+void ms_time_free(char *a)
+        {
+        if (a != NULL)
+                OPENSSL_free(a);
+        }
+void ms_time_get(char *a)
+        {
+        MS_TM *tm=(MS_TM *)a;
+#ifdef OPENSSL_SYS_WIN32
+        FILETIME tmpa,tmpb,tmpc;
+#endif
+#ifdef TIMES
+        times(&tm->ms_tms);
+#else
+#  ifdef OPENSSL_SYS_WIN32
+        GetThreadTimes(tm->thread_id,&tmpa,&tmpb,&tmpc,&(tm->ms_win32));
+#  else
+#    ifdef OPENSSL_SYS_VXWORKS
+        tm->ticks = tickGet();
+#    else
+        ftime(&tm->ms_timeb);
+#    endif
+#  endif
+#endif
+        }
+double ms_time_diff(char *ap, char *bp)
+        {
+        MS_TM *a=(MS_TM *)ap;
+        MS_TM *b=(MS_TM *)bp;
+        double ret;
+#ifdef TIMES
+        ret=(b->ms_tms.tms_utime-a->ms_tms.tms_utime)/HZ;
+#else
+# ifdef OPENSSL_SYS_WIN32
+        {
+#ifdef __GNUC__
+        signed long long la,lb;
+#else
+        signed _int64 la,lb;
+#endif
+        la=a->ms_win32.dwHighDateTime;
+        lb=b->ms_win32.dwHighDateTime;
+        la<<=32;
+        lb<<=32;
+        la+=a->ms_win32.dwLowDateTime;
+        lb+=b->ms_win32.dwLowDateTime;
+        ret=((double)(lb-la))/1e7;
+        }
+# else
+#  ifdef OPENSSL_SYS_VXWORKS
+        ret = (double)(b->ticks - a->ticks) / (double)sysClkRateGet();
+#  else
+        ret=     (double)(b->ms_timeb.time-a->ms_timeb.time)+
+                (((double)b->ms_timeb.millitm)-
+                ((double)a->ms_timeb.millitm))/1000.0;
+#  endif
+# endif
+#endif
+        return((ret < 0.0000001)?0.0000001:ret);
+        }
+int ms_time_cmp(char *ap, char *bp)
+        {
+        MS_TM *a=(MS_TM *)ap,*b=(MS_TM *)bp;
+        double d;
+        int ret;
+#ifdef TIMES
+        d=(b->ms_tms.tms_utime-a->ms_tms.tms_utime)/HZ;
+#else
+# ifdef OPENSSL_SYS_WIN32
+        d =(b->ms_win32.dwHighDateTime&0x000fffff)*10+b->ms_win32.dwLowDateTime/1e7;
+        d-=(a->ms_win32.dwHighDateTime&0x000fffff)*10+a->ms_win32.dwLowDateTime/1e7;
+# else
+#  ifdef OPENSSL_SYS_VXWORKS
+        d = (b->ticks - a->ticks);
+#  else
+        d=       (double)(b->ms_timeb.time-a->ms_timeb.time)+
+                (((double)b->ms_timeb.millitm)-(double)a->ms_timeb.millitm)/1000.0;
+#  endif
+# endif
+#endif
+        if (d == 0.0)
+                ret=0;
+        else if (d < 0)
+                ret= -1;
+        else
+                ret=1;
+        return(ret);
+        }
diff --git a/src/lib/libcrypto/tmdiff.h b/src/lib/libcrypto/tmdiff.h
new file mode 100644
index 0000000000..41a8a1e0e0
--- /dev/null
+++ b/src/lib/libcrypto/tmdiff.h
@@ -0,0 +1,81 @@
+/* crypto/tmdiff.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* Header for dynamic hash table routines
+ * Author - Eric Young
+ */
+#ifndef HEADER_TMDIFF_H
+#define HEADER_TMDIFF_H
+#ifdef  __cplusplus
+extern "C" {
+#endif
+char *ms_time_new(void );
+void ms_time_free(char *a);
+void ms_time_get(char *a);
+double ms_time_diff(char *start,char *end);
+int ms_time_cmp(char *ap,char *bp);
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/src/lib/libcrypto/txt_db/Makefile b/src/lib/libcrypto/txt_db/Makefile
new file mode 100644
index 0000000000..e6f30331d8
--- /dev/null
+++ b/src/lib/libcrypto/txt_db/Makefile
@@ -0,0 +1,84 @@
+#
+# OpenSSL/crypto/txt_db/Makefile
+#
+DIR=    txt_db
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=txt_db.c
+LIBOBJ=txt_db.o
+SRC= $(LIBSRC)
+EXHEADER= txt_db.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+txt_db.o: ../../e_os.h ../../include/openssl/bio.h
+txt_db.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+txt_db.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+txt_db.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+txt_db.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+txt_db.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+txt_db.o: ../../include/openssl/symhacks.h ../../include/openssl/txt_db.h
+txt_db.o: ../cryptlib.h txt_db.c
diff --git a/src/lib/libcrypto/txt_db/Makefile.ssl b/src/lib/libcrypto/txt_db/Makefile.ssl
new file mode 100644
index 0000000000..6221dfae4d
--- /dev/null
+++ b/src/lib/libcrypto/txt_db/Makefile.ssl
@@ -0,0 +1,88 @@
+#
+# SSLeay/crypto/txt_db/Makefile
+#
+DIR=    txt_db
+TOP=    ../..
+CC=     cc
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC=txt_db.c
+LIBOBJ=txt_db.o
+SRC= $(LIBSRC)
+EXHEADER= txt_db.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+txt_db.o: ../../e_os.h ../../include/openssl/bio.h
+txt_db.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+txt_db.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+txt_db.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+txt_db.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+txt_db.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+txt_db.o: ../../include/openssl/txt_db.h ../cryptlib.h txt_db.c
diff --git a/src/lib/libcrypto/txt_db/txt_db.c b/src/lib/libcrypto/txt_db/txt_db.c
index 3ed5f72ee9..58b300b00b 100644
--- a/src/lib/libcrypto/txt_db/txt_db.c
+++ b/src/lib/libcrypto/txt_db/txt_db.c
@@ -66,7 +66,7 @@
 #undef BUFSIZE
 #define BUFSIZE 512
-const char TXT_DB_version[]="TXT_DB" OPENSSL_VERSION_PTEXT;
+const char *TXT_DB_version="TXT_DB" OPENSSL_VERSION_PTEXT;
 TXT_DB *TXT_DB_read(BIO *in, int num)
        {
@@ -92,7 +92,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num)
                goto err;
        if ((ret->index=(LHASH **)OPENSSL_malloc(sizeof(LHASH *)*num)) == NULL)
                goto err;
-        if ((ret->qual=(int (**)(char **))OPENSSL_malloc(sizeof(int (**)(char **))*num)) == NULL)
+        if ((ret->qual=(int (**)())OPENSSL_malloc(sizeof(int (**)())*num)) == NULL)
                goto err;
        for (i=0; i<num; i++)
                {
@@ -179,13 +179,10 @@ err:
 #if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
                if (er == 1) fprintf(stderr,"OPENSSL_malloc failure\n");
 #endif
-                if (ret != NULL)
+                if (ret->data != NULL) sk_free(ret->data);
-                        {
+                if (ret->index != NULL) OPENSSL_free(ret->index);
-                        if (ret->data != NULL) sk_free(ret->data);
+                if (ret->qual != NULL) OPENSSL_free(ret->qual);
-                        if (ret->index != NULL) OPENSSL_free(ret->index);
+                if (ret != NULL) OPENSSL_free(ret);
-                        if (ret->qual != NULL) OPENSSL_free(ret->qual);
-                        if (ret != NULL) OPENSSL_free(ret);
-                        }
                return(NULL);
                }
        else
@@ -213,11 +210,11 @@ char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value)
        return(ret);
        }
-int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(char **),
+int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(),
                LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp)
        {
        LHASH *idx;
-        char **r;
+        char *r;
        int i,n;
        if (field >= db->num_fields)
@@ -233,12 +230,12 @@ int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(char **),
        n=sk_num(db->data);
        for (i=0; i<n; i++)
                {
-                r=(char **)sk_value(db->data,i);
+                r=(char *)sk_value(db->data,i);
                if ((qual != NULL) && (qual(r) == 0)) continue;
                if ((r=lh_insert(idx,r)) != NULL)
                        {
                        db->error=DB_ERROR_INDEX_CLASH;
-                        db->arg1=sk_find(db->data,(char *)r);
+                        db->arg1=sk_find(db->data,r);
                        db->arg2=i;
                        lh_free(idx);
                        return(0);
diff --git a/src/lib/libcrypto/txt_db/txt_db.h b/src/lib/libcrypto/txt_db/txt_db.h
index 307e1ba23f..563392aeff 100644
--- a/src/lib/libcrypto/txt_db/txt_db.h
+++ b/src/lib/libcrypto/txt_db/txt_db.h
@@ -59,7 +59,6 @@
 #ifndef HEADER_TXT_DB_H
 #define HEADER_TXT_DB_H
-#include <openssl/opensslconf.h>
 #ifndef OPENSSL_NO_BIO
 #include <openssl/bio.h>
 #endif
@@ -82,7 +81,7 @@ typedef struct txt_db_st
        int num_fields;
        STACK /* char ** */ *data;
        LHASH **index;
-        int (**qual)(char **);
+        int (**qual)();
        long error;
        long arg1;
        long arg2;
@@ -96,7 +95,7 @@ long TXT_DB_write(BIO *out, TXT_DB *db);
 TXT_DB *TXT_DB_read(char *in, int num);
 long TXT_DB_write(char *out, TXT_DB *db);
 #endif
-int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(char **),
+int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(),
                LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp);
 void TXT_DB_free(TXT_DB *db);
 char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value);
diff --git a/src/lib/libcrypto/ui/Makefile b/src/lib/libcrypto/ui/Makefile
new file mode 100644
index 0000000000..a685659fb4
--- /dev/null
+++ b/src/lib/libcrypto/ui/Makefile
@@ -0,0 +1,111 @@
+#
+# OpenSSL/crypto/ui/Makefile
+#
+DIR=    ui
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+#TEST= uitest.c
+TEST=
+APPS=
+COMPATSRC= ui_compat.c
+COMPATOBJ= ui_compat.o
+LIB=$(TOP)/libcrypto.a
+LIBSRC= ui_err.c ui_lib.c ui_openssl.c ui_util.c $(COMPATSRC)
+LIBOBJ= ui_err.o ui_lib.o ui_openssl.o ui_util.o $(COMPATOBJ)
+SRC= $(LIBSRC)
+EXHEADER= ui.h ui_compat.h
+HEADER= $(EXHEADER) ui_locl.h
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+ui_compat.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+ui_compat.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ui_compat.o: ../../include/openssl/stack.h ../../include/openssl/ui.h
+ui_compat.o: ../../include/openssl/ui_compat.h ui_compat.c
+ui_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+ui_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ui_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ui_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ui_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ui_err.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ui_err.c
+ui_lib.o: ../../e_os.h ../../include/openssl/bio.h
+ui_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ui_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ui_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ui_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ui_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ui_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ui_lib.o: ../cryptlib.h ui_lib.c ui_locl.h
+ui_openssl.o: ../../e_os.h ../../include/openssl/bio.h
+ui_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ui_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ui_openssl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ui_openssl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ui_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ui_openssl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ui_openssl.o: ../cryptlib.h ui_locl.h ui_openssl.c
+ui_util.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ui_util.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ui_util.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ui_util.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ui_util.o: ../../include/openssl/ui.h ui_locl.h ui_util.c
diff --git a/src/lib/libcrypto/ui/Makefile.ssl b/src/lib/libcrypto/ui/Makefile.ssl
new file mode 100644
index 0000000000..ba46951d1c
--- /dev/null
+++ b/src/lib/libcrypto/ui/Makefile.ssl
@@ -0,0 +1,117 @@
+#
+# OpenSSL/crypto/ui/Makefile
+#
+DIR=    ui
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile
+#TEST= uitest.c
+TEST=
+APPS=
+COMPATSRC= ui_compat.c
+COMPATOBJ= ui_compat.o
+LIB=$(TOP)/libcrypto.a
+LIBSRC= ui_err.c ui_lib.c ui_openssl.c ui_util.c $(COMPATSRC)
+LIBOBJ= ui_err.o ui_lib.o ui_openssl.o ui_util.o $(COMPATOBJ)
+SRC= $(LIBSRC)
+EXHEADER= ui.h ui_compat.h
+HEADER= $(EXHEADER) ui_locl.h
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+ui_compat.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ui_compat.o: ../../include/openssl/opensslconf.h
+ui_compat.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ui_compat.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ui_compat.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ui_compat.o: ui_compat.c
+ui_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+ui_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ui_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ui_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ui_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ui_err.o: ../../include/openssl/ui.h ui_err.c
+ui_lib.o: ../../e_os.h ../../include/openssl/bio.h
+ui_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ui_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ui_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ui_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ui_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ui_lib.o: ../../include/openssl/ui.h ../cryptlib.h ui_lib.c ui_locl.h
+ui_openssl.o: ../../e_os.h ../../include/openssl/bio.h
+ui_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ui_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ui_openssl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ui_openssl.o: ../../include/openssl/opensslv.h
+ui_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ui_openssl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ui_openssl.o: ../cryptlib.h ui_locl.h ui_openssl.c
+ui_util.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ui_util.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ui_util.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ui_util.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ui_util.o: ui_util.c
diff --git a/src/lib/libcrypto/ui/ui.h b/src/lib/libcrypto/ui/ui.h
index 018296412b..735a2d988e 100644
--- a/src/lib/libcrypto/ui/ui.h
+++ b/src/lib/libcrypto/ui/ui.h
@@ -59,19 +59,25 @@
 #ifndef HEADER_UI_H
 #define HEADER_UI_H
-#ifndef OPENSSL_NO_DEPRECATED
 #include <openssl/crypto.h>
-#endif
 #include <openssl/safestack.h>
-#include <openssl/ossl_typ.h>
 #ifdef  __cplusplus
 extern "C" {
 #endif
-/* Declared already in ossl_typ.h */
+/* The UI type is a holder for a specific user interface session.  It can
-/* typedef struct ui_st UI; */
+   contain an illimited number of informational or error strings as well
-/* typedef struct ui_method_st UI_METHOD; */
+   as things to prompt for, both passwords (noecho mode) and others (echo
+   mode), and verification of the same.  All of these are called strings,
+   and are further described below. */
+typedef struct ui_st UI;
+/* All instances of UI have a reference to a method structure, which is a
+   ordered vector of functions that implement the lower level things to do.
+   There is an instruction on the implementation further down, in the section
+   for method implementors. */
+typedef struct ui_method_st UI_METHOD;
 /* All the following functions return -1 or NULL on error and in some cases
@@ -211,7 +217,7 @@ int UI_process(UI *ui);
 /* Give a user interface parametrised control commands.  This can be used to
   send down an integer, a data pointer or a function pointer, as well as
   be used to get information from a UI. */
-int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)(void));
+int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)());
 /* The commands */
 /* Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the
diff --git a/src/lib/libcrypto/ui/ui_compat.c b/src/lib/libcrypto/ui/ui_compat.c
new file mode 100644
index 0000000000..13e0f70d90
--- /dev/null
+++ b/src/lib/libcrypto/ui/ui_compat.c
@@ -0,0 +1,67 @@
+/* crypto/ui/ui_compat.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <string.h>
+#include <openssl/ui_compat.h>
+int _ossl_old_des_read_pw_string(char *buf,int length,const char *prompt,int verify)
+        {
+        return UI_UTIL_read_pw_string(buf, length, prompt, verify);
+        }
+int _ossl_old_des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify)
+        {
+        return UI_UTIL_read_pw(buf, buff, size, prompt, verify);
+        }
diff --git a/src/lib/libcrypto/ui/ui_err.c b/src/lib/libcrypto/ui/ui_err.c
index 786bd0dbc3..d983cdd66f 100644
--- a/src/lib/libcrypto/ui/ui_err.c
+++ b/src/lib/libcrypto/ui/ui_err.c
@@ -101,12 +101,15 @@ static ERR_STRING_DATA UI_str_reasons[]=
 void ERR_load_UI_strings(void)
        {
-#ifndef OPENSSL_NO_ERR
+        static int init=1;
-        if (ERR_func_error_string(UI_str_functs[0].error) == NULL)
+        if (init)
                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
                ERR_load_strings(0,UI_str_functs);
                ERR_load_strings(0,UI_str_reasons);
-                }
 #endif
+                }
        }
diff --git a/src/lib/libcrypto/ui/ui_lib.c b/src/lib/libcrypto/ui/ui_lib.c
index 7ab249c3be..dbc9711a2d 100644
--- a/src/lib/libcrypto/ui/ui_lib.c
+++ b/src/lib/libcrypto/ui/ui_lib.c
@@ -57,12 +57,12 @@
 */
 #include <string.h>
-#include "cryptlib.h"
 #include <openssl/e_os2.h>
 #include <openssl/buffer.h>
 #include <openssl/ui.h>
 #include <openssl/err.h>
 #include "ui_locl.h"
+#include "cryptlib.h"
 IMPLEMENT_STACK_OF(UI_STRING_ST)
@@ -545,7 +545,7 @@ int UI_process(UI *ui)
        return ok;
        }
-int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)(void))
+int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)())
        {
        if (ui == NULL)
                {
@@ -620,10 +620,8 @@ UI_METHOD *UI_create_method(char *name)
        UI_METHOD *ui_method = (UI_METHOD *)OPENSSL_malloc(sizeof(UI_METHOD));
        if (ui_method)
-                {
                memset(ui_method, 0, sizeof(*ui_method));
-                ui_method->name = BUF_strdup(name);
+        ui_method->name = BUF_strdup(name);
-                }
        return ui_method;
        }
diff --git a/src/lib/libcrypto/ui/ui_locl.h b/src/lib/libcrypto/ui/ui_locl.h
index aa4a55637d..7d3a75a619 100644
--- a/src/lib/libcrypto/ui/ui_locl.h
+++ b/src/lib/libcrypto/ui/ui_locl.h
@@ -60,11 +60,6 @@
 #define HEADER_UI_LOCL_H
 #include <openssl/ui.h>
-#include <openssl/crypto.h>
-#ifdef _
-#undef _
-#endif
 struct ui_method_st
        {
diff --git a/src/lib/libcrypto/ui/ui_openssl.c b/src/lib/libcrypto/ui/ui_openssl.c
index 1f23a45a33..d03aeba91a 100644
--- a/src/lib/libcrypto/ui/ui_openssl.c
+++ b/src/lib/libcrypto/ui/ui_openssl.c
@@ -117,17 +117,6 @@
 #include <openssl/e_os2.h>
-/* need for #define _POSIX_C_SOURCE arises whenever you pass -ansi to gcc
- * [maybe others?], because it masks interfaces not discussed in standard,
- * sigaction and fileno included. -pedantic would be more appropriate for
- * the intended purposes, but we can't prevent users from adding -ansi.
- */
-#define _POSIX_C_SOURCE 1
-#include <signal.h>
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
 #if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS)
 # ifdef OPENSSL_UNISTD
 #  include OPENSSL_UNISTD
@@ -156,6 +145,10 @@
 /* 06-Apr-92 Luke Brennan    Support for VMS */
 #include "ui_locl.h"
 #include "cryptlib.h"
+#include <signal.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
 #ifdef OPENSSL_SYS_VMS          /* prototypes for sys$whatever */
 # include <starlet.h>
@@ -206,12 +199,6 @@
 #undef SGTTY
 #endif
-#if defined(OPENSSL_SYS_NETWARE)
-#undef TERMIOS
-#undef TERMIO
-#undef SGTTY
-#endif
 #ifdef TERMIOS
 # include <termios.h>
 # define TTY_STRUCT             struct termios
@@ -260,7 +247,7 @@ struct IOSB {
        typedef int sig_atomic_t;
 #endif
-#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(MAC_OS_GUSI_SOURCE) || defined(OPENSSL_SYS_NETWARE)
+#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(MAC_OS_GUSI_SOURCE)
 /*
 * This one needs work. As a matter of fact the code is unoperational
 * and this is only a trick to get it compiled.
@@ -396,7 +383,8 @@ static void read_till_nl(FILE *in)
        char buf[SIZE+1];
        do      {
-                fgets(buf,SIZE,in);
+                if (fgets(buf,sizeof(buf),in) == NULL)
+                        break;
                } while (strchr(buf,'\n') == NULL);
        }
@@ -473,7 +461,7 @@ static int open_console(UI *ui)
        CRYPTO_w_lock(CRYPTO_LOCK_UI);
        is_a_tty = 1;
-#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)
+#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS)
        tty_in=stdin;
        tty_out=stderr;
 #else
@@ -489,7 +477,7 @@ static int open_console(UI *ui)
 #endif
 #if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)
-        if (TTY_get(fileno(tty_in),&tty_orig) == -1)
+        if (TTY_get(fileno(tty_in),&tty_orig) == -1)
                {
 #ifdef ENOTTY
                if (errno == ENOTTY)
@@ -578,9 +566,7 @@ static int close_console(UI *ui)
 /* Internal functions to handle signals and act on them */
 static void pushsig(void)
        {
-#ifndef OPENSSL_SYS_WIN32
        int i;
-#endif
 #ifdef SIGACTION
        struct sigaction sa;
@@ -588,14 +574,6 @@ static void pushsig(void)
        sa.sa_handler=recsig;
 #endif
-#ifdef OPENSSL_SYS_WIN32
-        savsig[SIGABRT]=signal(SIGABRT,recsig);
-        savsig[SIGFPE]=signal(SIGFPE,recsig);
-        savsig[SIGILL]=signal(SIGILL,recsig);
-        savsig[SIGINT]=signal(SIGINT,recsig);
-        savsig[SIGSEGV]=signal(SIGSEGV,recsig);
-        savsig[SIGTERM]=signal(SIGTERM,recsig);
-#else
        for (i=1; i<NX509_SIG; i++)
                {
 #ifdef SIGUSR1
@@ -616,7 +594,6 @@ static void pushsig(void)
                savsig[i]=signal(i,recsig);
 #endif
                }
-#endif
 #ifdef SIGWINCH
        signal(SIGWINCH,SIG_DFL);
@@ -625,15 +602,8 @@ static void pushsig(void)
 static void popsig(void)
        {
-#ifdef OPENSSL_SYS_WIN32
-        signal(SIGABRT,savsig[SIGABRT]);
-        signal(SIGFPE,savsig[SIGFPE]);
-        signal(SIGILL,savsig[SIGILL]);
-        signal(SIGINT,savsig[SIGINT]);
-        signal(SIGSEGV,savsig[SIGSEGV]);
-        signal(SIGTERM,savsig[SIGTERM]);
-#else
        int i;
        for (i=1; i<NX509_SIG; i++)
                {
 #ifdef SIGUSR1
@@ -650,7 +620,6 @@ static void popsig(void)
                signal(i,savsig[i]);
 #endif
                }
-#endif
        }
 static void recsig(int i)
diff --git a/src/lib/libcrypto/ui/ui_util.c b/src/lib/libcrypto/ui/ui_util.c
index 5d9760bb7b..46bc8c1a9a 100644
--- a/src/lib/libcrypto/ui/ui_util.c
+++ b/src/lib/libcrypto/ui/ui_util.c
@@ -54,7 +54,7 @@
 */
 #include <string.h>
-#include "ui_locl.h"
+#include <openssl/ui.h>
 int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify)
        {
diff --git a/src/lib/libcrypto/uid.c b/src/lib/libcrypto/uid.c
new file mode 100644
index 0000000000..73205a4baa
--- /dev/null
+++ b/src/lib/libcrypto/uid.c
@@ -0,0 +1,89 @@
+/* crypto/uid.c */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <openssl/crypto.h>
+#include <openssl/opensslconf.h>
+#if defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2)
+#include OPENSSL_UNISTD
+int OPENSSL_issetugid(void)
+        {
+        return issetugid();
+        }
+#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS)
+int OPENSSL_issetugid(void)
+        {
+        return 0;
+        }
+#else
+#include OPENSSL_UNISTD
+#include <sys/types.h>
+int OPENSSL_issetugid(void)
+        {
+        if (getuid() != geteuid()) return 1;
+        if (getgid() != getegid()) return 1;
+        return 0;
+        }
+#endif
diff --git a/src/lib/libcrypto/util/FreeBSD.sh b/src/lib/libcrypto/util/FreeBSD.sh
new file mode 100644
index 0000000000..db8edfc6aa
--- /dev/null
+++ b/src/lib/libcrypto/util/FreeBSD.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+perl util/perlpath.pl /usr/bin
+perl util/ssldir.pl /usr/local  
+perl util/mk1mf.pl FreeBSD >Makefile.FreeBSD
+perl Configure FreeBSD
diff --git a/src/lib/libcrypto/util/add_cr.pl b/src/lib/libcrypto/util/add_cr.pl
new file mode 100644
index 0000000000..c7b62c11ec
--- /dev/null
+++ b/src/lib/libcrypto/util/add_cr.pl
@@ -0,0 +1,123 @@
+#!/usr/local/bin/perl
+#
+# This adds a copyright message to a souce code file.
+# It also gets the file name correct.
+#
+# perl util/add_cr.pl *.[ch] */*.[ch] */*/*.[ch]
+#
+foreach (@ARGV)
+        {
+        &dofile($_);
+        }
+sub dofile
+        {
+        local($file)=@_;
+        open(IN,"<$file") || die "unable to open $file:$!\n";
+        print STDERR "doing $file\n";
+        @in=<IN>;
+        return(1) if ($in[0] =~ / NOCW /);
+        @out=();
+        open(OUT,">$file.out") || die "unable to open $file.$$:$!\n";
+        push(@out,"/* $file */\n");
+        if (($in[1] !~ /^\/\* Copyright \(C\) [0-9-]+ Eric Young \(eay\@cryptsoft.com\)/))
+                {
+                push(@out,&Copyright);
+                $i=2;
+                @a=grep(/ Copyright \(C\) /,@in);
+                if ($#a >= 0)
+                        {
+                        while (($i <= $#in) && ($in[$i] ne " */\n"))
+                                { $i++; }
+                        $i++ if ($in[$i] eq " */\n");
+                        while (($i <= $#in) && ($in[$i] =~ /^\s*$/))
+                                { $i++; }
+                        push(@out,"\n");
+                        for ( ; $i <= $#in; $i++)
+                                { push(@out,$in[$i]); }
+                        }
+                else
+                        { push(@out,@in); }
+                }
+        else
+                {
+                shift(@in);
+                push(@out,@in);
+                }
+        print OUT @out;
+        close(IN);
+        close(OUT);
+        rename("$file","$file.orig") || die "unable to rename $file:$!\n";
+        rename("$file.out",$file) || die "unable to rename $file.out:$!\n";
+        }
+sub Copyright
+        {
+        return <<'EOF';
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+EOF
+        }
diff --git a/src/lib/libcrypto/util/bat.sh b/src/lib/libcrypto/util/bat.sh
new file mode 100644
index 0000000000..4d9a8287d0
--- /dev/null
+++ b/src/lib/libcrypto/util/bat.sh
@@ -0,0 +1,134 @@
+#!/usr/local/bin/perl
+$infile="/home/eay/ssl/SSLeay/MINFO";
+open(IN,"<$infile") || die "unable to open $infile:$!\n";
+$_=<IN>;
+for (;;)
+        {
+        chop;
+        ($key,$val)=/^([^=]+)=(.*)/;
+        if ($key eq "RELATIVE_DIRECTORY")
+                {
+                if ($lib ne "")
+                        {
+                        $uc=$lib;
+                        $uc =~ s/^lib(.*)\.a/$1/;
+                        $uc =~ tr/a-z/A-Z/;
+                        $lib_nam{$uc}=$uc;
+                        $lib_obj{$uc}.=$libobj." ";
+                        }
+                last if ($val eq "FINISHED");
+                $lib="";
+                $libobj="";
+                $dir=$val;
+                }
+        if ($key eq "TEST")
+                { $test.=&var_add($dir,$val); }
+        if (($key eq "PROGS") || ($key eq "E_OBJ"))
+                { $e_exe.=&var_add($dir,$val); }
+        if ($key eq "LIB")
+                {
+                $lib=$val;
+                $lib =~ s/^.*\/([^\/]+)$/$1/;
+                }
+        if ($key eq "EXHEADER")
+                { $exheader.=&var_add($dir,$val); }
+        if ($key eq "HEADER")
+                { $header.=&var_add($dir,$val); }
+        if ($key eq "LIBSRC")
+                { $libsrc.=&var_add($dir,$val); }
+        if (!($_=<IN>))
+                { $_="RELATIVE_DIRECTORY=FINISHED\n"; }
+        }
+close(IN);
+@a=split(/\s+/,$libsrc);
+foreach (@a)
+        {
+        print "${_}.c\n";
+        }
+sub var_add
+        {
+        local($dir,$val)=@_;
+        local(@a,$_,$ret);
+        return("") if $no_engine && $dir =~ /\/engine/;
+        return("") if $no_idea && $dir =~ /\/idea/;
+        return("") if $no_rc2  && $dir =~ /\/rc2/;
+        return("") if $no_rc4  && $dir =~ /\/rc4/;
+        return("") if $no_rsa  && $dir =~ /\/rsa/;
+        return("") if $no_rsa  && $dir =~ /^rsaref/;
+        return("") if $no_dsa  && $dir =~ /\/dsa/;
+        return("") if $no_dh   && $dir =~ /\/dh/;
+        if ($no_des && $dir =~ /\/des/)
+                {
+                if ($val =~ /read_pwd/)
+                        { return("$dir/read_pwd "); }
+                else
+                        { return(""); }
+                }
+        return("") if $no_mdc2 && $dir =~ /\/mdc2/;
+        return("") if $no_sock && $dir =~ /\/proxy/;
+        return("") if $no_bf   && $dir =~ /\/bf/;
+        return("") if $no_cast && $dir =~ /\/cast/;
+        $val =~ s/^\s*(.*)\s*$/$1/;
+        @a=split(/\s+/,$val);
+        grep(s/\.[och]$//,@a);
+        @a=grep(!/^e_.*_3d$/,@a) if $no_des;
+        @a=grep(!/^e_.*_d$/,@a) if $no_des;
+        @a=grep(!/^e_.*_i$/,@a) if $no_idea;
+        @a=grep(!/^e_.*_r2$/,@a) if $no_rc2;
+        @a=grep(!/^e_.*_bf$/,@a) if $no_bf;
+        @a=grep(!/^e_.*_c$/,@a) if $no_cast;
+        @a=grep(!/^e_rc4$/,@a) if $no_rc4;
+        @a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2;
+        @a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3;
+        @a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/,@a) if $no_sock;
+        @a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
+        @a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
+        @a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa;
+        @a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa;
+        @a=grep(!/(^pem_seal$)/,@a) if $no_rsa;
+        @a=grep(!/(m_dss$)|(m_dss1$)/,@a) if $no_dsa;
+        @a=grep(!/(^d2i_s_)|(^i2d_s_)|(_dsap$)/,@a) if $no_dsa;
+        @a=grep(!/^n_pkey$/,@a) if $no_rsa || $no_rc4;
+        @a=grep(!/_dhp$/,@a) if $no_dh;
+        @a=grep(!/(^sha[^1])|(_sha$)|(m_dss$)/,@a) if $no_sha;
+        @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
+        @a=grep(!/_mdc2$/,@a) if $no_mdc2;
+        @a=grep(!/^engine$/,@a) if $no_engine;
+        @a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa;
+        @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa;
+        @a=grep(!/^gendsa$/,@a) if $no_sha1;
+        @a=grep(!/(^dh$)|(^gendh$)/,@a) if $no_dh;
+        @a=grep(!/(^dh)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
+        grep($_="$dir/$_",@a);
+        @a=grep(!/(^|\/)s_/,@a) if $no_sock;
+        @a=grep(!/(^|\/)bio_sock/,@a) if $no_sock;
+        $ret=join(' ',@a)." ";
+        return($ret);
+        }
diff --git a/src/lib/libcrypto/util/checkhash.pl b/src/lib/libcrypto/util/checkhash.pl
new file mode 100644
index 0000000000..c61fa72178
--- /dev/null
+++ b/src/lib/libcrypto/util/checkhash.pl
@@ -0,0 +1,222 @@
+#!/usr/bin/env perl -w
+my $package = caller;
+if (!(defined $package))
+        {
+        my $retval = check_hashes(@ARGV);
+        exit $retval;
+        }
+1;
+sub check_hashes
+        {
+        my @args = @_;
+        my $change_dir = "";
+        my $check_program = "sha/fips_standalone_sha1";
+        my $verbose = 0;
+        my $badfiles = 0;
+        my $rebuild = 0;
+        my $force_rewrite = 0;
+        my $hash_file = "fipshashes.c";
+        my $recurse = 0;
+        my @fingerprint_files;
+        while (@args)
+                {
+                my $arg = $args[0];
+                if ($arg eq "-chdir")
+                        {
+                        shift @args;
+                        $change_dir = shift @args;
+                        }
+                elsif ($arg eq "-rebuild")
+                        {
+                        shift @args;
+                        $rebuild = 1;
+                        }
+                elsif ($arg eq "-verbose")
+                        {
+                        shift @args;
+                        $verbose = 1;
+                        }
+                elsif ($arg eq "-force-rewrite")
+                        {
+                        shift @args;
+                        $force_rewrite = 1;
+                        }
+                elsif ($arg eq "-hash_file")
+                        {
+                        shift @args;
+                        $hash_file = shift @args;
+                        }
+                elsif ($arg eq "-recurse")
+                        {
+                        shift @args;
+                        $recurse = 1;
+                        }
+                elsif ($arg eq "-program_path")
+                        {
+                        shift @args;
+                        $check_program = shift @args;
+                        }
+                else
+                        {
+                        print STDERR "Unknown Option $arg";
+                        return 1;
+                        }
+                }
+        chdir $change_dir if $change_dir ne "";
+        if ($recurse)
+                {
+                @fingerprint_files = ("fingerprint.sha1",
+                                        <*/fingerprint.sha1>);
+                }
+        else
+                {
+                push @fingerprint_files, $hash_file;
+                }
+        foreach $fp (@fingerprint_files)
+                {
+                if (!open(IN, "$fp"))
+                        {
+                        print STDERR "Can't open file $fp";
+                        return 1;
+                        }
+                print STDERR "Opening Fingerprint file $fp\n" if $verbose;
+                my $dir = $fp;
+                $dir =~ s/[^\/]*$//;
+                while (<IN>)
+                        {
+                        chomp;
+                        if (!(($file, $hash) = /^\"HMAC-SHA1\((.*)\)\s*=\s*(\w*)\",$/))
+                                {
+                                /^\"/ || next;
+                                print STDERR "FATAL: Invalid syntax in file $fp\n";
+                                print STDERR "Line:\n$_\n";
+                                fatal_error();
+                                return 1;
+                                }
+                        if (!$rebuild && length($hash) != 40)
+                                {
+                                print STDERR "FATAL: Invalid hash length in $fp for file $file\n";
+                                fatal_error();
+                                return 1;
+                                }
+                        push @hashed_files, "$dir$file";
+                        if (exists $hashes{"$dir$file"})
+                                {
+                                print STDERR "FATAL: Duplicate Hash file $dir$file\n";
+                                fatal_error();
+                                return 1;
+                                }
+                        if (! -r "$dir$file")
+                                {
+                                print STDERR "FATAL: Can't access $dir$file\n";
+                                fatal_error();
+                                return 1;
+                                }
+                        $hashes{"$dir$file"} = $hash;
+                        }
+                close IN;
+                }
+        @checked_hashes = `$check_program @hashed_files`;
+        if ($? != 0)
+                {
+                print STDERR "Error running hash program $check_program\n";
+                fatal_error();
+                return 1;
+                }
+        if (@checked_hashes != @hashed_files)
+                {
+                print STDERR "FATAL: hash count incorrect\n";
+                fatal_error();
+                return 1;
+                }
+        foreach (@checked_hashes)
+                {
+                chomp;
+                if (!(($file, $hash) = /^HMAC-SHA1\((.*)\)\s*=\s*(\w*)$/))
+                        {
+                        print STDERR "FATAL: Invalid syntax in file $fp\n";
+                        print STDERR "Line:\n$_\n";
+                        fatal_error();
+                        return 1;
+                        }
+                if (length($hash) != 40)
+                        {
+                        print STDERR "FATAL: Invalid hash length for file $file\n";
+                        fatal_error();
+                        return 1;
+                        }
+                if ($hash ne $hashes{$file})
+                        {
+                        if ($rebuild)
+                                {
+                                print STDERR "Updating hash on file $file\n";
+                                $hashes{$file} = $hash;
+                                }
+                        else
+                                {
+                                print STDERR "Hash check failed for file $file\n";
+                                }
+                        $badfiles++;
+                        }
+                elsif ($verbose)
+                        { print "Hash Check OK for $file\n";}
+                }
+                
+        if ($badfiles && !$rebuild)
+                {
+                print STDERR "FATAL: hash mismatch on $badfiles files\n";
+                fatal_error();
+                return 1;
+                }
+        if ($badfiles || $force_rewrite)
+                {
+                print "Updating Hash file $hash_file\n";
+                if (!open(OUT, ">$hash_file"))
+                        {
+                        print STDERR "Error rewriting $hash_file";
+                        return 1;
+                        }
+                print OUT "const char * const FIPS_source_hashes[] = {\n";
+                foreach (@hashed_files)
+                        {
+                        print OUT "\"HMAC-SHA1($_)= $hashes{$_}\",\n";
+                        }
+                print OUT "};\n";
+                close OUT;
+                }
+        if (!$badfiles)
+                {
+                print "FIPS hash check successful\n";
+                }
+        return 0;
+        }
+sub fatal_error
+        {
+        print STDERR "*** Your source code does not match the FIPS validated source ***\n";
+        }
diff --git a/src/lib/libcrypto/util/ck_errf.pl b/src/lib/libcrypto/util/ck_errf.pl
new file mode 100644
index 0000000000..7a24d6c5a2
--- /dev/null
+++ b/src/lib/libcrypto/util/ck_errf.pl
@@ -0,0 +1,45 @@
+#!/usr/local/bin/perl
+#
+# This is just a quick script to scan for cases where the 'error'
+# function name in a XXXerr() macro is wrong.
+# 
+# Run in the top level by going
+# perl util/ck_errf.pl */*.c */*/*.c
+#
+foreach $file (@ARGV)
+        {
+        open(IN,"<$file") || die "unable to open $file\n";
+        $func="";
+        while (<IN>)
+                {
+                if (/^[a-zA-Z].+[\s*]([A-Za-z_0-9]+)\(.*\)/)
+                        {
+                        $func=$1;
+                        $func =~ tr/A-Z/a-z/;
+                        }
+                if (/([A-Z0-9]+)err\(([^,]+)/)
+                        {
+                        next if ($func eq "");
+                        $errlib=$1;
+                        $n=$2;
+                        if ($n !~ /([^_]+)_F_(.+)$/)
+                                {
+                #               print "check -$file:$.:$func:$n\n";
+                                next;
+                                }
+                        $lib=$1;
+                        $n=$2;
+                        if ($lib ne $errlib)
+                                { print "$file:$.:$func:$n\n"; next; }
+                        $n =~ tr/A-Z/a-z/;
+                        if (($n ne $func) && ($errlib ne "SYS"))
+                                { print "$file:$.:$func:$n\n"; next; }
+        #               print "$func:$1\n";
+                        }
+                }
+        close(IN);
+        }
diff --git a/src/lib/libcrypto/util/clean-depend.pl b/src/lib/libcrypto/util/clean-depend.pl
new file mode 100644
index 0000000000..6c485d1e2f
--- /dev/null
+++ b/src/lib/libcrypto/util/clean-depend.pl
@@ -0,0 +1,54 @@
+#!/usr/local/bin/perl -w
+# Clean the dependency list in a makefile of standard includes...
+# Written by Ben Laurie <ben@algroup.co.uk> 19 Jan 1999
+use strict;
+while(<STDIN>) {
+    print;
+    last if /^# DO NOT DELETE THIS LINE/;
+}
+my %files;
+my $thisfile="";
+while(<STDIN>) {
+    my ($dummy, $file,$deps)=/^((.*):)? (.*)$/;
+    my $origfile="";
+    $thisfile=$file if defined $file;
+    next if !defined $deps;
+    $origfile=$thisfile;
+    $origfile=~s/\.o$/.c/;
+    my @deps=split ' ',$deps;
+    @deps=grep(!/^\//,@deps);
+    @deps=grep(!/^\\$/,@deps);
+    @deps=grep(!/^$origfile$/,@deps);
+# pull out the kludged kerberos header (if present).
+    @deps=grep(!/^[.\/]+\/krb5.h/,@deps);
+    push @{$files{$thisfile}},@deps;
+}
+my $file;
+foreach $file (sort keys %files) {
+    my $len=0;
+    my $dep;
+    my $origfile=$file;
+    $origfile=~s/\.o$/.c/;
+    $file=~s/^\.\///;
+    push @{$files{$file}},$origfile;
+    my $prevdep="";
+    foreach $dep (sort @{$files{$file}}) {
+        $dep=~s/^\.\///;
+        next if $prevdep eq $dep; # to exterminate duplicates...
+        $prevdep = $dep;
+        $len=0 if $len+length($dep)+1 >= 80;
+        if($len == 0) {
+            print "\n$file:";
+            $len=length($file)+1;
+        }
+        print " $dep";
+        $len+=length($dep)+1;
+    }
+}
+print "\n";
diff --git a/src/lib/libcrypto/util/copy.pl b/src/lib/libcrypto/util/copy.pl
new file mode 100644
index 0000000000..e20b45530a
--- /dev/null
+++ b/src/lib/libcrypto/util/copy.pl
@@ -0,0 +1,59 @@
+#!/usr/local/bin/perl
+use Fcntl;
+# copy.pl
+# Perl script 'copy' comment. On Windows the built in "copy" command also
+# copies timestamps: this messes up Makefile dependencies.
+my $arg;
+foreach $arg (@ARGV) {
+        $arg =~ s|\\|/|g;       # compensate for bug/feature in cygwin glob...
+        foreach (glob $arg)
+                {
+                push @filelist, $_;
+                }
+}
+$fnum = @filelist;
+if ($fnum <= 1)
+        {
+        die "Need at least two filenames";
+        }
+$dest = pop @filelist;
+        
+if ($fnum > 2 && ! -d $dest)
+        {
+        die "Destination must be a directory";
+        }
+foreach (@filelist)
+        {
+        if (-d $dest)
+                {
+                $dfile = $_;
+                $dfile =~ s|^.*[/\\]([^/\\]*)$|$1|;
+                $dfile = "$dest/$dfile";
+                }
+        else
+                {
+                $dfile = $dest;
+                }
+        sysopen(IN, $_, O_RDONLY|O_BINARY) || die "Can't Open $_";
+        sysopen(OUT, $dfile, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY)
+                                        || die "Can't Open $dfile";
+        while (sysread IN, $buf, 10240)
+                {
+                syswrite(OUT, $buf, length($buf));
+                }
+        close(IN);
+        close(OUT);
+        print "Copying: $_ to $dfile\n";
+        }
+                
diff --git a/src/lib/libcrypto/util/cygwin.sh b/src/lib/libcrypto/util/cygwin.sh
new file mode 100644
index 0000000000..7f791d47f4
--- /dev/null
+++ b/src/lib/libcrypto/util/cygwin.sh
@@ -0,0 +1,127 @@
+#!/bin/bash
+#
+# This script configures, builds and packs the binary package for
+# the Cygwin net distribution version of OpenSSL
+#
+# Uncomment when debugging
+#set -x
+CONFIG_OPTIONS="--prefix=/usr shared no-idea no-rc5 no-mdc2"
+INSTALL_PREFIX=/tmp/install
+VERSION=
+SUBVERSION=$1
+function cleanup()
+{
+  rm -rf ${INSTALL_PREFIX}/etc
+  rm -rf ${INSTALL_PREFIX}/usr
+}
+function get_openssl_version()
+{
+  eval `grep '^VERSION=' Makefile`
+  if [ -z "${VERSION}" ]
+  then
+    echo "Error: Couldn't retrieve OpenSSL version from Makefile."
+    echo "       Check value of variable VERSION in Makefile."
+    exit 1
+  fi
+}
+function base_install()
+{
+  mkdir -p ${INSTALL_PREFIX}
+  cleanup
+  make install INSTALL_PREFIX="${INSTALL_PREFIX}"
+}
+function doc_install()
+{
+  DOC_DIR=${INSTALL_PREFIX}/usr/share/doc/openssl
+  mkdir -p ${DOC_DIR}
+  cp CHANGES CHANGES.SSLeay INSTALL LICENSE NEWS README ${DOC_DIR}
+  create_cygwin_readme
+}
+function create_cygwin_readme()
+{
+  README_DIR=${INSTALL_PREFIX}/usr/share/doc/Cygwin
+  README_FILE=${README_DIR}/openssl-${VERSION}.README
+  mkdir -p ${README_DIR}
+  cat > ${README_FILE} <<- EOF
+        The Cygwin version has been built using the following configure:
+          ./config ${CONFIG_OPTIONS}
+        The IDEA, RC5 and MDC2 algorithms are disabled due to patent and/or
+        licensing issues.
+        EOF
+}
+function create_profile_files()
+{
+  PROFILE_DIR=${INSTALL_PREFIX}/etc/profile.d
+  mkdir -p $PROFILE_DIR
+  cat > ${PROFILE_DIR}/openssl.sh <<- "EOF"
+        export MANPATH="${MANPATH}:/usr/ssl/man"
+        EOF
+  cat > ${PROFILE_DIR}/openssl.csh <<- "EOF"
+        if ( $?MANPATH ) then
+          setenv MANPATH "${MANPATH}:/usr/ssl/man"
+        else
+          setenv MANPATH ":/usr/ssl/man"
+        endif
+        EOF
+}
+if [ -z "${SUBVERSION}" ]
+then
+  echo "Usage: $0 subversion"
+  exit 1
+fi
+if [ ! -f config ]
+then
+  echo "You must start this script in the OpenSSL toplevel source dir."
+  exit 1
+fi
+./config ${CONFIG_OPTIONS}
+get_openssl_version
+make depend || exit 1
+make || exit 1
+base_install
+doc_install
+create_cygwin_readme
+create_profile_files
+cd ${INSTALL_PREFIX}
+strip usr/bin/*.exe usr/bin/*.dll
+# Runtime package
+find etc usr/bin usr/share/doc usr/ssl/certs usr/ssl/man/man[157] \
+     usr/ssl/misc usr/ssl/openssl.cnf usr/ssl/private -empty -o \! -type d |
+tar cjfT openssl-${VERSION}-${SUBVERSION}.tar.bz2 -
+# Development package
+find usr/include usr/lib usr/ssl/man/man3 -empty -o \! -type d |
+tar cjfT openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2 -
+ls -l openssl-${VERSION}-${SUBVERSION}.tar.bz2
+ls -l openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2
+cleanup
+exit 0
diff --git a/src/lib/libcrypto/util/deleof.pl b/src/lib/libcrypto/util/deleof.pl
new file mode 100644
index 0000000000..155acd88ff
--- /dev/null
+++ b/src/lib/libcrypto/util/deleof.pl
@@ -0,0 +1,7 @@
+#!/usr/local/bin/perl
+while (<>)
+        {
+        print
+        last if (/^# DO NOT DELETE THIS LINE/);
+        }
diff --git a/src/lib/libcrypto/util/dirname.pl b/src/lib/libcrypto/util/dirname.pl
new file mode 100644
index 0000000000..d7a66d96ac
--- /dev/null
+++ b/src/lib/libcrypto/util/dirname.pl
@@ -0,0 +1,18 @@
+#!/usr/local/bin/perl
+if ($#ARGV < 0) {
+    die "dirname.pl: too few arguments\n";
+} elsif ($#ARGV > 0) {
+    die "dirname.pl: too many arguments\n";
+}
+my $d = $ARGV[0];
+if ($d =~ m|.*/.*|) {
+    $d =~ s|/[^/]*$||;
+} else {
+    $d = ".";
+}
+print $d,"\n";
+exit(0);
diff --git a/src/lib/libcrypto/util/do_ms.sh b/src/lib/libcrypto/util/do_ms.sh
new file mode 100644
index 0000000000..515b074cff
--- /dev/null
+++ b/src/lib/libcrypto/util/do_ms.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+#
+# generate the Microsoft makefiles and .def files
+#
+PATH=util:../util:$PATH
+# perl util/mk1mf.pl no-sock VC-MSDOS >ms/msdos.mak
+# perl util/mk1mf.pl VC-W31-32 >ms/w31.mak
+perl util/mk1mf.pl dll VC-WIN16 >ms/w31dll.mak
+# perl util/mk1mf.pl VC-WIN32 >ms/nt.mak
+perl util/mk1mf.pl dll VC-WIN32 >ms/ntdll.mak
+perl util/mk1mf.pl Mingw32 >ms/mingw32.mak
+perl util/mk1mf.pl Mingw32-files >ms/mingw32f.mak
+perl util/mkdef.pl 16 libeay > ms/libeay16.def
+perl util/mkdef.pl 32 libeay > ms/libeay32.def
+perl util/mkdef.pl 16 ssleay > ms/ssleay16.def
+perl util/mkdef.pl 32 ssleay > ms/ssleay32.def
diff --git a/src/lib/libcrypto/util/domd b/src/lib/libcrypto/util/domd
new file mode 100644
index 0000000000..5610521f0b
--- /dev/null
+++ b/src/lib/libcrypto/util/domd
@@ -0,0 +1,34 @@
+#!/bin/sh
+# Do a makedepend, only leave out the standard headers
+# Written by Ben Laurie <ben@algroup.co.uk> 19 Jan 1999
+TOP=$1
+shift
+if [ "$1" = "-MD" ]; then
+    shift
+    MAKEDEPEND=$1
+    shift
+fi
+if [ "$MAKEDEPEND" = "" ]; then MAKEDEPEND=makedepend; fi
+cp Makefile Makefile.save
+# fake the presence of Kerberos
+touch $TOP/krb5.h
+if [ "$MAKEDEPEND" = "gcc" ]; then
+    args=""
+    while [ $# -gt 0 ]; do
+        if [ "$1" != "--" ]; then args="$args $1"; fi
+        shift
+    done
+    sed -e '/^# DO NOT DELETE.*/,$d' < Makefile > Makefile.tmp
+    echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
+    gcc -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp
+    ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new
+    rm -f Makefile.tmp
+else
+    ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND -f Makefile $@
+    ${PERL} $TOP/util/clean-depend.pl < Makefile > Makefile.new
+fi
+mv Makefile.new Makefile
+# unfake the presence of Kerberos
+rm $TOP/krb5.h
diff --git a/src/lib/libcrypto/util/err-ins.pl b/src/lib/libcrypto/util/err-ins.pl
new file mode 100644
index 0000000000..31b70df8d0
--- /dev/null
+++ b/src/lib/libcrypto/util/err-ins.pl
@@ -0,0 +1,33 @@
+#!/usr/local/bin/perl
+#
+# tack error codes onto the end of a file
+#
+open(ERR,$ARGV[0]) || die "unable to open error file '$ARGV[0]':$!\n";
+@err=<ERR>;
+close(ERR);
+open(IN,$ARGV[1]) || die "unable to open header file '$ARGV[1]':$!\n";
+@out="";
+while (<IN>)
+        {
+        push(@out,$_);
+        last if /BEGIN ERROR CODES/;
+        }
+close(IN);
+open(OUT,">$ARGV[1]") || die "unable to open header file '$ARGV[1]':$1\n";
+print OUT @out;
+print OUT @err;
+print OUT <<"EOF";
+ 
+#ifdef  __cplusplus
+}
+#endif
+#endif
+EOF
+close(OUT);
diff --git a/src/lib/libcrypto/util/extract-names.pl b/src/lib/libcrypto/util/extract-names.pl
new file mode 100644
index 0000000000..35bd6ed843
--- /dev/null
+++ b/src/lib/libcrypto/util/extract-names.pl
@@ -0,0 +1,26 @@
+#!/usr/bin/perl
+$/ = "";                        # Eat a paragraph at once.
+while(<STDIN>) {
+    chop;
+    s/\n/ /gm;
+    if (/^=head1 /) {
+        $name = 0;
+    } elsif ($name) {
+        if (/ - /) {
+            s/ - .*//;
+            s/,\s+/,/g;
+            s/\s+,/,/g;
+            s/^\s+//g;
+            s/\s+$//g;
+            s/\s/_/g;
+            push @words, split ',';
+        }
+    }
+    if (/^=head1 *NAME *$/) {
+        $name = 1;
+    }
+}
+print join("\n", @words),"\n";
diff --git a/src/lib/libcrypto/util/extract-section.pl b/src/lib/libcrypto/util/extract-section.pl
new file mode 100644
index 0000000000..7a0ba4f69a
--- /dev/null
+++ b/src/lib/libcrypto/util/extract-section.pl
@@ -0,0 +1,12 @@
+#!/usr/bin/perl
+while(<STDIN>) {
+        if (/=for\s+comment\s+openssl_manual_section:(\S+)/)
+                {
+                print "$1\n";
+                exit 0;
+                }
+}
+print "$ARGV[0]\n";
diff --git a/src/lib/libcrypto/util/files.pl b/src/lib/libcrypto/util/files.pl
new file mode 100644
index 0000000000..41f033e3b9
--- /dev/null
+++ b/src/lib/libcrypto/util/files.pl
@@ -0,0 +1,61 @@
+#!/usr/local/bin/perl
+#
+# used to generate the file MINFO for use by util/mk1mf.pl
+# It is basically a list of all variables from the passed makefile
+#
+$s="";
+while (<>)
+        {
+        chop;
+        s/#.*//;
+        if (/^(\S+)\s*=\s*(.*)$/)
+                {
+                $o="";
+                ($s,$b)=($1,$2);
+                for (;;)
+                        {
+                        if ($b =~ /\\$/)
+                                {
+                                chop($b);
+                                $o.=$b." ";
+                                $b=<>;
+                                chop($b);
+                                }
+                        else
+                                {
+                                $o.=$b." ";
+                                last;
+                                }
+                        }
+                $o =~ s/^\s+//;
+                $o =~ s/\s+$//;
+                $o =~ s/\s+/ /g;
+                $o =~ s/\$[({]([^)}]+)[)}]/$sym{$1}/g;
+                $sym{$s}=$o;
+                }
+        }
+$pwd=`pwd`; chop($pwd);
+if ($sym{'TOP'} eq ".")
+        {
+        $n=0;
+        $dir=".";
+        }
+else    {
+        $n=split(/\//,$sym{'TOP'});
+        @_=split(/\//,$pwd);
+        $z=$#_-$n+1;
+        foreach $i ($z .. $#_) { $dir.=$_[$i]."/"; }
+        chop($dir);
+        }
+print "RELATIVE_DIRECTORY=$dir\n";
+foreach (sort keys %sym)
+        {
+        print "$_=$sym{$_}\n";
+        }
+print "RELATIVE_DIRECTORY=\n";
diff --git a/src/lib/libcrypto/util/fipslink.pl b/src/lib/libcrypto/util/fipslink.pl
new file mode 100644
index 0000000000..a893833c5c
--- /dev/null
+++ b/src/lib/libcrypto/util/fipslink.pl
@@ -0,0 +1,78 @@
+#!/usr/bin/perl
+sub check_env
+        {
+        my @ret;
+        foreach (@_)
+                {
+                die "Environment variable $_ not defined!\n" unless exists $ENV{$_};
+                push @ret, $ENV{$_};
+                }
+        return @ret;
+        }
+my ($fips_cc,$fips_cc_args, $fips_link,$fips_target, $fips_libdir, $sha1_exe)
+         = check_env("FIPS_CC", "FIPS_CC_ARGS", "FIPS_LINK", "FIPS_TARGET",
+                "FIPSLIB_D", "FIPS_SHA1_EXE");
+if (exists $ENV{"PREMAIN_DSO_EXE"})
+        {
+        $fips_premain_dso = $ENV{"PREMAIN_DSO_EXE"};
+        }
+        else
+        {
+        $fips_premain_dso = "";
+        }
+check_hash($sha1_exe, "fips_premain.c");
+check_hash($sha1_exe, "fipscanister.o");
+print "Integrity check OK\n";
+print "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c\n";
+system "$fips_cc $fips_cc_args $fips_libdir/fips_premain.c";
+die "First stage Compile failure" if $? != 0;
+print "$fips_link @ARGV\n";
+system "$fips_link @ARGV";
+die "First stage Link failure" if $? != 0;
+print "$fips_premain_dso $fips_target\n";
+$fips_hash=`$fips_premain_dso $fips_target`;
+chomp $fips_hash;
+die "Get hash failure" if $? != 0;
+print "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c\n";
+system "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args $fips_libdir/fips_premain.c";
+die "Second stage Compile failure" if $? != 0;
+print "$fips_link @ARGV\n";
+system "$fips_link @ARGV";
+die "Second stage Link failure" if $? != 0;
+sub check_hash
+        {
+        my ($sha1_exe, $filename) = @_;
+        my ($hashfile, $hashval);
+        open(IN, "${fips_libdir}/${filename}.sha1") || die "Cannot open file hash file ${fips_libdir}/${filename}.sha1";
+        $hashfile = <IN>;
+        close IN;
+        $hashval = `$sha1_exe ${fips_libdir}/$filename`;
+        chomp $hashfile;
+        chomp $hashval;
+        $hashfile =~ s/^.*=\s+//;
+        $hashval =~ s/^.*=\s+//;
+        die "Invalid hash syntax in file" if (length($hashfile) != 40);
+        die "Invalid hash received for file" if (length($hashval) != 40);
+        die "***HASH VALUE MISMATCH FOR FILE $filename ***" if ($hashval ne $hashfile); 
+        }
diff --git a/src/lib/libcrypto/util/fixNT.sh b/src/lib/libcrypto/util/fixNT.sh
new file mode 100644
index 0000000000..ab9e766b86
--- /dev/null
+++ b/src/lib/libcrypto/util/fixNT.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+#
+# clean up the mess that NT makes of my source tree
+#
+if [ -f makefile -a ! -f Makefile ]; then
+        /bin/mv makefile Makefile
+fi
+chmod +x Configure util/*
+echo cleaning
+/bin/rm -f `find . -name '*.$$$' -print` 2>/dev/null >/dev/null
+echo 'removing those damn ^M'
+perl -pi -e 's/\015//' `find . -type 'f' -print |grep -v '.obj$' |grep -v '.der$' |grep -v '.gz'`
+make -f Makefile links
diff --git a/src/lib/libcrypto/util/install.sh b/src/lib/libcrypto/util/install.sh
new file mode 100644
index 0000000000..e1d0c982df
--- /dev/null
+++ b/src/lib/libcrypto/util/install.sh
@@ -0,0 +1,108 @@
+#!/bin/sh
+#
+# install - install a program, script, or datafile
+# This comes from X11R5; it is not part of GNU.
+#
+# $XConsortium: install.sh,v 1.2 89/12/18 14:47:22 jim Exp $
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+#
+# set DOITPROG to echo to test this script
+doit="${DOITPROG:-}"
+# put in absolute paths if you don't have them in your path; or use env. vars.
+mvprog="${MVPROG:-mv}"
+cpprog="${CPPROG:-cp}"
+chmodprog="${CHMODPROG:-chmod}"
+chownprog="${CHOWNPROG:-chown}"
+chgrpprog="${CHGRPPROG:-chgrp}"
+stripprog="${STRIPPROG:-strip}"
+rmprog="${RMPROG:-rm}"
+instcmd="$mvprog"
+chmodcmd=""
+chowncmd=""
+chgrpcmd=""
+stripcmd=""
+rmcmd="$rmprog -f"
+src=""
+dst=""
+while [ x"$1" != x ]; do
+    case $1 in
+        -c) instcmd="$cpprog"
+            shift
+            continue;;
+        -m) chmodcmd="$chmodprog $2"
+            shift
+            shift
+            continue;;
+        -o) chowncmd="$chownprog $2"
+            shift
+            shift
+            continue;;
+        -g) chgrpcmd="$chgrpprog $2"
+            shift
+            shift
+            continue;;
+        -s) stripcmd="$stripprog"
+            shift
+            continue;;
+        *)  if [ x"$src" = x ]
+            then
+                src=$1
+            else
+                dst=$1
+            fi
+            shift
+            continue;;
+    esac
+done
+if [ x"$src" = x ]
+then
+        echo "install:  no input file specified"
+        exit 1
+fi
+if [ x"$dst" = x ]
+then
+        echo "install:  no destination specified"
+        exit 1
+fi
+# if destination is a directory, append the input filename; if your system
+# does not like double slashes in filenames, you may need to add some logic
+if [ -d $dst ]
+then
+        dst="$dst"/`basename $src`
+fi
+# get rid of the old one and mode the new one in
+$doit $rmcmd $dst
+$doit $instcmd $src $dst
+# and set any options; do chmod last to preserve setuid bits
+if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; fi
+if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; fi
+if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; fi
+if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; fi
+exit 0
diff --git a/src/lib/libcrypto/util/libeay.num b/src/lib/libcrypto/util/libeay.num
new file mode 100644
index 0000000000..4222bef6d6
--- /dev/null
+++ b/src/lib/libcrypto/util/libeay.num
@@ -0,0 +1,2907 @@
+SSLeay                                  1       EXIST::FUNCTION:
+SSLeay_version                          2       EXIST::FUNCTION:
+ASN1_BIT_STRING_asn1_meth               3       EXIST::FUNCTION:
+ASN1_HEADER_free                        4       EXIST::FUNCTION:
+ASN1_HEADER_new                         5       EXIST::FUNCTION:
+ASN1_IA5STRING_asn1_meth                6       EXIST::FUNCTION:
+ASN1_INTEGER_get                        7       EXIST::FUNCTION:
+ASN1_INTEGER_set                        8       EXIST::FUNCTION:
+ASN1_INTEGER_to_BN                      9       EXIST::FUNCTION:
+ASN1_OBJECT_create                      10      EXIST::FUNCTION:
+ASN1_OBJECT_free                        11      EXIST::FUNCTION:
+ASN1_OBJECT_new                         12      EXIST::FUNCTION:
+ASN1_PRINTABLE_type                     13      EXIST::FUNCTION:
+ASN1_STRING_cmp                         14      EXIST::FUNCTION:
+ASN1_STRING_dup                         15      EXIST::FUNCTION:
+ASN1_STRING_free                        16      EXIST::FUNCTION:
+ASN1_STRING_new                         17      EXIST::FUNCTION:
+ASN1_STRING_print                       18      EXIST::FUNCTION:BIO
+ASN1_STRING_set                         19      EXIST::FUNCTION:
+ASN1_STRING_type_new                    20      EXIST::FUNCTION:
+ASN1_TYPE_free                          21      EXIST::FUNCTION:
+ASN1_TYPE_new                           22      EXIST::FUNCTION:
+ASN1_UNIVERSALSTRING_to_string          23      EXIST::FUNCTION:
+ASN1_UTCTIME_check                      24      EXIST::FUNCTION:
+ASN1_UTCTIME_print                      25      EXIST::FUNCTION:BIO
+ASN1_UTCTIME_set                        26      EXIST::FUNCTION:
+ASN1_check_infinite_end                 27      EXIST::FUNCTION:
+ASN1_d2i_bio                            28      EXIST::FUNCTION:BIO
+ASN1_d2i_fp                             29      EXIST::FUNCTION:FP_API
+ASN1_digest                             30      EXIST::FUNCTION:EVP
+ASN1_dup                                31      EXIST::FUNCTION:
+ASN1_get_object                         32      EXIST::FUNCTION:
+ASN1_i2d_bio                            33      EXIST::FUNCTION:BIO
+ASN1_i2d_fp                             34      EXIST::FUNCTION:FP_API
+ASN1_object_size                        35      EXIST::FUNCTION:
+ASN1_parse                              36      EXIST::FUNCTION:BIO
+ASN1_put_object                         37      EXIST::FUNCTION:
+ASN1_sign                               38      EXIST::FUNCTION:EVP
+ASN1_verify                             39      EXIST::FUNCTION:EVP
+BF_cbc_encrypt                          40      EXIST::FUNCTION:BF
+BF_cfb64_encrypt                        41      EXIST::FUNCTION:BF
+BF_ecb_encrypt                          42      EXIST::FUNCTION:BF
+BF_encrypt                              43      EXIST::FUNCTION:BF
+BF_ofb64_encrypt                        44      EXIST::FUNCTION:BF
+BF_options                              45      EXIST::FUNCTION:BF
+BF_set_key                              46      EXIST::FUNCTION:BF
+BIO_CONNECT_free                        47      NOEXIST::FUNCTION:
+BIO_CONNECT_new                         48      NOEXIST::FUNCTION:
+BIO_accept                              51      EXIST::FUNCTION:
+BIO_ctrl                                52      EXIST::FUNCTION:
+BIO_int_ctrl                            53      EXIST::FUNCTION:
+BIO_debug_callback                      54      EXIST::FUNCTION:
+BIO_dump                                55      EXIST::FUNCTION:
+BIO_dup_chain                           56      EXIST::FUNCTION:
+BIO_f_base64                            57      EXIST::FUNCTION:BIO
+BIO_f_buffer                            58      EXIST::FUNCTION:
+BIO_f_cipher                            59      EXIST::FUNCTION:BIO
+BIO_f_md                                60      EXIST::FUNCTION:BIO
+BIO_f_null                              61      EXIST::FUNCTION:
+BIO_f_proxy_server                      62      NOEXIST::FUNCTION:
+BIO_fd_non_fatal_error                  63      EXIST::FUNCTION:
+BIO_fd_should_retry                     64      EXIST::FUNCTION:
+BIO_find_type                           65      EXIST::FUNCTION:
+BIO_free                                66      EXIST::FUNCTION:
+BIO_free_all                            67      EXIST::FUNCTION:
+BIO_get_accept_socket                   69      EXIST::FUNCTION:
+BIO_get_filter_bio                      70      NOEXIST::FUNCTION:
+BIO_get_host_ip                         71      EXIST::FUNCTION:
+BIO_get_port                            72      EXIST::FUNCTION:
+BIO_get_retry_BIO                       73      EXIST::FUNCTION:
+BIO_get_retry_reason                    74      EXIST::FUNCTION:
+BIO_gethostbyname                       75      EXIST::FUNCTION:
+BIO_gets                                76      EXIST::FUNCTION:
+BIO_new                                 78      EXIST::FUNCTION:
+BIO_new_accept                          79      EXIST::FUNCTION:
+BIO_new_connect                         80      EXIST::FUNCTION:
+BIO_new_fd                              81      EXIST::FUNCTION:
+BIO_new_file                            82      EXIST:!WIN16:FUNCTION:FP_API
+BIO_new_fp                              83      EXIST:!WIN16:FUNCTION:FP_API
+BIO_new_socket                          84      EXIST::FUNCTION:
+BIO_pop                                 85      EXIST::FUNCTION:
+BIO_printf                              86      EXIST::FUNCTION:
+BIO_push                                87      EXIST::FUNCTION:
+BIO_puts                                88      EXIST::FUNCTION:
+BIO_read                                89      EXIST::FUNCTION:
+BIO_s_accept                            90      EXIST::FUNCTION:
+BIO_s_connect                           91      EXIST::FUNCTION:
+BIO_s_fd                                92      EXIST::FUNCTION:
+BIO_s_file                              93      EXIST:!WIN16:FUNCTION:FP_API
+BIO_s_mem                               95      EXIST::FUNCTION:
+BIO_s_null                              96      EXIST::FUNCTION:
+BIO_s_proxy_client                      97      NOEXIST::FUNCTION:
+BIO_s_socket                            98      EXIST::FUNCTION:
+BIO_set                                 100     EXIST::FUNCTION:
+BIO_set_cipher                          101     EXIST::FUNCTION:BIO
+BIO_set_tcp_ndelay                      102     EXIST::FUNCTION:
+BIO_sock_cleanup                        103     EXIST::FUNCTION:
+BIO_sock_error                          104     EXIST::FUNCTION:
+BIO_sock_init                           105     EXIST::FUNCTION:
+BIO_sock_non_fatal_error                106     EXIST::FUNCTION:
+BIO_sock_should_retry                   107     EXIST::FUNCTION:
+BIO_socket_ioctl                        108     EXIST::FUNCTION:
+BIO_write                               109     EXIST::FUNCTION:
+BN_CTX_free                             110     EXIST::FUNCTION:
+BN_CTX_new                              111     EXIST::FUNCTION:
+BN_MONT_CTX_free                        112     EXIST::FUNCTION:
+BN_MONT_CTX_new                         113     EXIST::FUNCTION:
+BN_MONT_CTX_set                         114     EXIST::FUNCTION:
+BN_add                                  115     EXIST::FUNCTION:
+BN_add_word                             116     EXIST::FUNCTION:
+BN_hex2bn                               117     EXIST::FUNCTION:
+BN_bin2bn                               118     EXIST::FUNCTION:
+BN_bn2hex                               119     EXIST::FUNCTION:
+BN_bn2bin                               120     EXIST::FUNCTION:
+BN_clear                                121     EXIST::FUNCTION:
+BN_clear_bit                            122     EXIST::FUNCTION:
+BN_clear_free                           123     EXIST::FUNCTION:
+BN_cmp                                  124     EXIST::FUNCTION:
+BN_copy                                 125     EXIST::FUNCTION:
+BN_div                                  126     EXIST::FUNCTION:
+BN_div_word                             127     EXIST::FUNCTION:
+BN_dup                                  128     EXIST::FUNCTION:
+BN_free                                 129     EXIST::FUNCTION:
+BN_from_montgomery                      130     EXIST::FUNCTION:
+BN_gcd                                  131     EXIST::FUNCTION:
+BN_generate_prime                       132     EXIST::FUNCTION:
+BN_get_word                             133     EXIST::FUNCTION:
+BN_is_bit_set                           134     EXIST::FUNCTION:
+BN_is_prime                             135     EXIST::FUNCTION:
+BN_lshift                               136     EXIST::FUNCTION:
+BN_lshift1                              137     EXIST::FUNCTION:
+BN_mask_bits                            138     EXIST::FUNCTION:
+BN_mod                                  139     NOEXIST::FUNCTION:
+BN_mod_exp                              140     EXIST::FUNCTION:
+BN_mod_exp_mont                         141     EXIST::FUNCTION:
+BN_mod_exp_simple                       143     EXIST::FUNCTION:
+BN_mod_inverse                          144     EXIST::FUNCTION:
+BN_mod_mul                              145     EXIST::FUNCTION:
+BN_mod_mul_montgomery                   146     EXIST::FUNCTION:
+BN_mod_word                             148     EXIST::FUNCTION:
+BN_mul                                  149     EXIST::FUNCTION:
+BN_new                                  150     EXIST::FUNCTION:
+BN_num_bits                             151     EXIST::FUNCTION:
+BN_num_bits_word                        152     EXIST::FUNCTION:
+BN_options                              153     EXIST::FUNCTION:
+BN_print                                154     EXIST::FUNCTION:
+BN_print_fp                             155     EXIST::FUNCTION:FP_API
+BN_rand                                 156     EXIST::FUNCTION:
+BN_reciprocal                           157     EXIST::FUNCTION:
+BN_rshift                               158     EXIST::FUNCTION:
+BN_rshift1                              159     EXIST::FUNCTION:
+BN_set_bit                              160     EXIST::FUNCTION:
+BN_set_word                             161     EXIST::FUNCTION:
+BN_sqr                                  162     EXIST::FUNCTION:
+BN_sub                                  163     EXIST::FUNCTION:
+BN_to_ASN1_INTEGER                      164     EXIST::FUNCTION:
+BN_ucmp                                 165     EXIST::FUNCTION:
+BN_value_one                            166     EXIST::FUNCTION:
+BUF_MEM_free                            167     EXIST::FUNCTION:
+BUF_MEM_grow                            168     EXIST::FUNCTION:
+BUF_MEM_new                             169     EXIST::FUNCTION:
+BUF_strdup                              170     EXIST::FUNCTION:
+CONF_free                               171     EXIST::FUNCTION:
+CONF_get_number                         172     EXIST::FUNCTION:
+CONF_get_section                        173     EXIST::FUNCTION:
+CONF_get_string                         174     EXIST::FUNCTION:
+CONF_load                               175     EXIST::FUNCTION:
+CRYPTO_add_lock                         176     EXIST::FUNCTION:
+CRYPTO_dbg_free                         177     EXIST::FUNCTION:
+CRYPTO_dbg_malloc                       178     EXIST::FUNCTION:
+CRYPTO_dbg_realloc                      179     EXIST::FUNCTION:
+CRYPTO_dbg_remalloc                     180     NOEXIST::FUNCTION:
+CRYPTO_free                             181     EXIST::FUNCTION:
+CRYPTO_get_add_lock_callback            182     EXIST::FUNCTION:
+CRYPTO_get_id_callback                  183     EXIST::FUNCTION:
+CRYPTO_get_lock_name                    184     EXIST::FUNCTION:
+CRYPTO_get_locking_callback             185     EXIST::FUNCTION:
+CRYPTO_get_mem_functions                186     EXIST::FUNCTION:
+CRYPTO_lock                             187     EXIST::FUNCTION:
+CRYPTO_malloc                           188     EXIST::FUNCTION:
+CRYPTO_mem_ctrl                         189     EXIST::FUNCTION:
+CRYPTO_mem_leaks                        190     EXIST::FUNCTION:
+CRYPTO_mem_leaks_cb                     191     EXIST::FUNCTION:
+CRYPTO_mem_leaks_fp                     192     EXIST::FUNCTION:FP_API
+CRYPTO_realloc                          193     EXIST::FUNCTION:
+CRYPTO_remalloc                         194     EXIST::FUNCTION:
+CRYPTO_set_add_lock_callback            195     EXIST::FUNCTION:
+CRYPTO_set_id_callback                  196     EXIST::FUNCTION:
+CRYPTO_set_locking_callback             197     EXIST::FUNCTION:
+CRYPTO_set_mem_functions                198     EXIST::FUNCTION:
+CRYPTO_thread_id                        199     EXIST::FUNCTION:
+DH_check                                200     EXIST::FUNCTION:DH
+DH_compute_key                          201     EXIST::FUNCTION:DH
+DH_free                                 202     EXIST::FUNCTION:DH
+DH_generate_key                         203     EXIST::FUNCTION:DH
+DH_generate_parameters                  204     EXIST::FUNCTION:DH
+DH_new                                  205     EXIST::FUNCTION:DH
+DH_size                                 206     EXIST::FUNCTION:DH
+DHparams_print                          207     EXIST::FUNCTION:BIO,DH
+DHparams_print_fp                       208     EXIST::FUNCTION:DH,FP_API
+DSA_free                                209     EXIST::FUNCTION:DSA
+DSA_generate_key                        210     EXIST::FUNCTION:DSA
+DSA_generate_parameters                 211     EXIST::FUNCTION:DSA
+DSA_is_prime                            212     NOEXIST::FUNCTION:
+DSA_new                                 213     EXIST::FUNCTION:DSA
+DSA_print                               214     EXIST::FUNCTION:BIO,DSA
+DSA_print_fp                            215     EXIST::FUNCTION:DSA,FP_API
+DSA_sign                                216     EXIST::FUNCTION:DSA
+DSA_sign_setup                          217     EXIST::FUNCTION:DSA
+DSA_size                                218     EXIST::FUNCTION:DSA
+DSA_verify                              219     EXIST::FUNCTION:DSA
+DSAparams_print                         220     EXIST::FUNCTION:BIO,DSA
+DSAparams_print_fp                      221     EXIST::FUNCTION:DSA,FP_API
+ERR_clear_error                         222     EXIST::FUNCTION:
+ERR_error_string                        223     EXIST::FUNCTION:
+ERR_free_strings                        224     EXIST::FUNCTION:
+ERR_func_error_string                   225     EXIST::FUNCTION:
+ERR_get_err_state_table                 226     EXIST::FUNCTION:LHASH
+ERR_get_error                           227     EXIST::FUNCTION:
+ERR_get_error_line                      228     EXIST::FUNCTION:
+ERR_get_state                           229     EXIST::FUNCTION:
+ERR_get_string_table                    230     EXIST::FUNCTION:LHASH
+ERR_lib_error_string                    231     EXIST::FUNCTION:
+ERR_load_ASN1_strings                   232     EXIST::FUNCTION:
+ERR_load_BIO_strings                    233     EXIST::FUNCTION:
+ERR_load_BN_strings                     234     EXIST::FUNCTION:
+ERR_load_BUF_strings                    235     EXIST::FUNCTION:
+ERR_load_CONF_strings                   236     EXIST::FUNCTION:
+ERR_load_DH_strings                     237     EXIST::FUNCTION:DH
+ERR_load_DSA_strings                    238     EXIST::FUNCTION:DSA
+ERR_load_ERR_strings                    239     EXIST::FUNCTION:
+ERR_load_EVP_strings                    240     EXIST::FUNCTION:
+ERR_load_OBJ_strings                    241     EXIST::FUNCTION:
+ERR_load_PEM_strings                    242     EXIST::FUNCTION:
+ERR_load_PROXY_strings                  243     NOEXIST::FUNCTION:
+ERR_load_RSA_strings                    244     EXIST::FUNCTION:RSA
+ERR_load_X509_strings                   245     EXIST::FUNCTION:
+ERR_load_crypto_strings                 246     EXIST::FUNCTION:
+ERR_load_strings                        247     EXIST::FUNCTION:
+ERR_peek_error                          248     EXIST::FUNCTION:
+ERR_peek_error_line                     249     EXIST::FUNCTION:
+ERR_print_errors                        250     EXIST::FUNCTION:BIO
+ERR_print_errors_fp                     251     EXIST::FUNCTION:FP_API
+ERR_put_error                           252     EXIST::FUNCTION:
+ERR_reason_error_string                 253     EXIST::FUNCTION:
+ERR_remove_state                        254     EXIST::FUNCTION:
+EVP_BytesToKey                          255     EXIST::FUNCTION:
+EVP_CIPHER_CTX_cleanup                  256     EXIST::FUNCTION:
+EVP_CipherFinal                         257     EXIST::FUNCTION:
+EVP_CipherInit                          258     EXIST::FUNCTION:
+EVP_CipherUpdate                        259     EXIST::FUNCTION:
+EVP_DecodeBlock                         260     EXIST::FUNCTION:
+EVP_DecodeFinal                         261     EXIST::FUNCTION:
+EVP_DecodeInit                          262     EXIST::FUNCTION:
+EVP_DecodeUpdate                        263     EXIST::FUNCTION:
+EVP_DecryptFinal                        264     EXIST::FUNCTION:
+EVP_DecryptInit                         265     EXIST::FUNCTION:
+EVP_DecryptUpdate                       266     EXIST::FUNCTION:
+EVP_DigestFinal                         267     EXIST::FUNCTION:
+EVP_DigestInit                          268     EXIST::FUNCTION:
+EVP_DigestUpdate                        269     EXIST::FUNCTION:
+EVP_EncodeBlock                         270     EXIST::FUNCTION:
+EVP_EncodeFinal                         271     EXIST::FUNCTION:
+EVP_EncodeInit                          272     EXIST::FUNCTION:
+EVP_EncodeUpdate                        273     EXIST::FUNCTION:
+EVP_EncryptFinal                        274     EXIST::FUNCTION:
+EVP_EncryptInit                         275     EXIST::FUNCTION:
+EVP_EncryptUpdate                       276     EXIST::FUNCTION:
+EVP_OpenFinal                           277     EXIST::FUNCTION:RSA
+EVP_OpenInit                            278     EXIST::FUNCTION:RSA
+EVP_PKEY_assign                         279     EXIST::FUNCTION:
+EVP_PKEY_copy_parameters                280     EXIST::FUNCTION:
+EVP_PKEY_free                           281     EXIST::FUNCTION:
+EVP_PKEY_missing_parameters             282     EXIST::FUNCTION:
+EVP_PKEY_new                            283     EXIST::FUNCTION:
+EVP_PKEY_save_parameters                284     EXIST::FUNCTION:
+EVP_PKEY_size                           285     EXIST::FUNCTION:
+EVP_PKEY_type                           286     EXIST::FUNCTION:
+EVP_SealFinal                           287     EXIST::FUNCTION:RSA
+EVP_SealInit                            288     EXIST::FUNCTION:RSA
+EVP_SignFinal                           289     EXIST::FUNCTION:
+EVP_VerifyFinal                         290     EXIST::FUNCTION:
+EVP_add_alias                           291     NOEXIST::FUNCTION:
+EVP_add_cipher                          292     EXIST::FUNCTION:
+EVP_add_digest                          293     EXIST::FUNCTION:
+EVP_bf_cbc                              294     EXIST::FUNCTION:BF
+EVP_bf_cfb64                            295     EXIST::FUNCTION:BF
+EVP_bf_ecb                              296     EXIST::FUNCTION:BF
+EVP_bf_ofb                              297     EXIST::FUNCTION:BF
+EVP_cleanup                             298     EXIST::FUNCTION:
+EVP_des_cbc                             299     EXIST::FUNCTION:DES
+EVP_des_cfb64                           300     EXIST::FUNCTION:DES
+EVP_des_ecb                             301     EXIST::FUNCTION:DES
+EVP_des_ede                             302     EXIST::FUNCTION:DES
+EVP_des_ede3                            303     EXIST::FUNCTION:DES
+EVP_des_ede3_cbc                        304     EXIST::FUNCTION:DES
+EVP_des_ede3_cfb64                      305     EXIST::FUNCTION:DES
+EVP_des_ede3_ofb                        306     EXIST::FUNCTION:DES
+EVP_des_ede_cbc                         307     EXIST::FUNCTION:DES
+EVP_des_ede_cfb64                       308     EXIST::FUNCTION:DES
+EVP_des_ede_ofb                         309     EXIST::FUNCTION:DES
+EVP_des_ofb                             310     EXIST::FUNCTION:DES
+EVP_desx_cbc                            311     EXIST::FUNCTION:DES
+EVP_dss                                 312     EXIST::FUNCTION:DSA,SHA
+EVP_dss1                                313     EXIST::FUNCTION:DSA,SHA
+EVP_enc_null                            314     EXIST::FUNCTION:
+EVP_get_cipherbyname                    315     EXIST::FUNCTION:
+EVP_get_digestbyname                    316     EXIST::FUNCTION:
+EVP_get_pw_prompt                       317     EXIST::FUNCTION:
+EVP_idea_cbc                            318     EXIST::FUNCTION:IDEA
+EVP_idea_cfb64                          319     EXIST::FUNCTION:IDEA
+EVP_idea_ecb                            320     EXIST::FUNCTION:IDEA
+EVP_idea_ofb                            321     EXIST::FUNCTION:IDEA
+EVP_md2                                 322     EXIST::FUNCTION:MD2
+EVP_md5                                 323     EXIST::FUNCTION:MD5
+EVP_md_null                             324     EXIST::FUNCTION:
+EVP_rc2_cbc                             325     EXIST::FUNCTION:RC2
+EVP_rc2_cfb64                           326     EXIST::FUNCTION:RC2
+EVP_rc2_ecb                             327     EXIST::FUNCTION:RC2
+EVP_rc2_ofb                             328     EXIST::FUNCTION:RC2
+EVP_rc4                                 329     EXIST::FUNCTION:RC4
+EVP_read_pw_string                      330     EXIST::FUNCTION:
+EVP_set_pw_prompt                       331     EXIST::FUNCTION:
+EVP_sha                                 332     EXIST::FUNCTION:SHA
+EVP_sha1                                333     EXIST::FUNCTION:SHA
+MD2                                     334     EXIST::FUNCTION:MD2
+MD2_Final                               335     EXIST::FUNCTION:MD2
+MD2_Init                                336     EXIST::FUNCTION:MD2
+MD2_Update                              337     EXIST::FUNCTION:MD2
+MD2_options                             338     EXIST::FUNCTION:MD2
+MD5                                     339     EXIST::FUNCTION:MD5
+MD5_Final                               340     EXIST::FUNCTION:MD5
+MD5_Init                                341     EXIST::FUNCTION:MD5
+MD5_Update                              342     EXIST::FUNCTION:MD5
+MDC2                                    343     EXIST::FUNCTION:MDC2
+MDC2_Final                              344     EXIST::FUNCTION:MDC2
+MDC2_Init                               345     EXIST::FUNCTION:MDC2
+MDC2_Update                             346     EXIST::FUNCTION:MDC2
+NETSCAPE_SPKAC_free                     347     EXIST::FUNCTION:
+NETSCAPE_SPKAC_new                      348     EXIST::FUNCTION:
+NETSCAPE_SPKI_free                      349     EXIST::FUNCTION:
+NETSCAPE_SPKI_new                       350     EXIST::FUNCTION:
+NETSCAPE_SPKI_sign                      351     EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_verify                    352     EXIST::FUNCTION:EVP
+OBJ_add_object                          353     EXIST::FUNCTION:
+OBJ_bsearch                             354     EXIST::FUNCTION:
+OBJ_cleanup                             355     EXIST::FUNCTION:
+OBJ_cmp                                 356     EXIST::FUNCTION:
+OBJ_create                              357     EXIST::FUNCTION:
+OBJ_dup                                 358     EXIST::FUNCTION:
+OBJ_ln2nid                              359     EXIST::FUNCTION:
+OBJ_new_nid                             360     EXIST::FUNCTION:
+OBJ_nid2ln                              361     EXIST::FUNCTION:
+OBJ_nid2obj                             362     EXIST::FUNCTION:
+OBJ_nid2sn                              363     EXIST::FUNCTION:
+OBJ_obj2nid                             364     EXIST::FUNCTION:
+OBJ_sn2nid                              365     EXIST::FUNCTION:
+OBJ_txt2nid                             366     EXIST::FUNCTION:
+PEM_ASN1_read                           367     EXIST:!WIN16:FUNCTION:
+PEM_ASN1_read_bio                       368     EXIST::FUNCTION:BIO
+PEM_ASN1_write                          369     EXIST:!WIN16:FUNCTION:
+PEM_ASN1_write_bio                      370     EXIST::FUNCTION:BIO
+PEM_SealFinal                           371     EXIST::FUNCTION:RSA
+PEM_SealInit                            372     EXIST::FUNCTION:RSA
+PEM_SealUpdate                          373     EXIST::FUNCTION:RSA
+PEM_SignFinal                           374     EXIST::FUNCTION:
+PEM_SignInit                            375     EXIST::FUNCTION:
+PEM_SignUpdate                          376     EXIST::FUNCTION:
+PEM_X509_INFO_read                      377     EXIST:!WIN16:FUNCTION:
+PEM_X509_INFO_read_bio                  378     EXIST::FUNCTION:BIO
+PEM_X509_INFO_write_bio                 379     EXIST::FUNCTION:BIO
+PEM_dek_info                            380     EXIST::FUNCTION:
+PEM_do_header                           381     EXIST::FUNCTION:
+PEM_get_EVP_CIPHER_INFO                 382     EXIST::FUNCTION:
+PEM_proc_type                           383     EXIST::FUNCTION:
+PEM_read                                384     EXIST:!WIN16:FUNCTION:
+PEM_read_DHparams                       385     EXIST:!WIN16:FUNCTION:DH
+PEM_read_DSAPrivateKey                  386     EXIST:!WIN16:FUNCTION:DSA
+PEM_read_DSAparams                      387     EXIST:!WIN16:FUNCTION:DSA
+PEM_read_PKCS7                          388     EXIST:!WIN16:FUNCTION:
+PEM_read_PrivateKey                     389     EXIST:!WIN16:FUNCTION:
+PEM_read_RSAPrivateKey                  390     EXIST:!WIN16:FUNCTION:RSA
+PEM_read_X509                           391     EXIST:!WIN16:FUNCTION:
+PEM_read_X509_CRL                       392     EXIST:!WIN16:FUNCTION:
+PEM_read_X509_REQ                       393     EXIST:!WIN16:FUNCTION:
+PEM_read_bio                            394     EXIST::FUNCTION:BIO
+PEM_read_bio_DHparams                   395     EXIST::FUNCTION:DH
+PEM_read_bio_DSAPrivateKey              396     EXIST::FUNCTION:DSA
+PEM_read_bio_DSAparams                  397     EXIST::FUNCTION:DSA
+PEM_read_bio_PKCS7                      398     EXIST::FUNCTION:
+PEM_read_bio_PrivateKey                 399     EXIST::FUNCTION:
+PEM_read_bio_RSAPrivateKey              400     EXIST::FUNCTION:RSA
+PEM_read_bio_X509                       401     EXIST::FUNCTION:
+PEM_read_bio_X509_CRL                   402     EXIST::FUNCTION:
+PEM_read_bio_X509_REQ                   403     EXIST::FUNCTION:
+PEM_write                               404     EXIST:!WIN16:FUNCTION:
+PEM_write_DHparams                      405     EXIST:!WIN16:FUNCTION:DH
+PEM_write_DSAPrivateKey                 406     EXIST:!WIN16:FUNCTION:DSA
+PEM_write_DSAparams                     407     EXIST:!WIN16:FUNCTION:DSA
+PEM_write_PKCS7                         408     EXIST:!WIN16:FUNCTION:
+PEM_write_PrivateKey                    409     EXIST:!WIN16:FUNCTION:
+PEM_write_RSAPrivateKey                 410     EXIST:!WIN16:FUNCTION:RSA
+PEM_write_X509                          411     EXIST:!WIN16:FUNCTION:
+PEM_write_X509_CRL                      412     EXIST:!WIN16:FUNCTION:
+PEM_write_X509_REQ                      413     EXIST:!WIN16:FUNCTION:
+PEM_write_bio                           414     EXIST::FUNCTION:BIO
+PEM_write_bio_DHparams                  415     EXIST::FUNCTION:DH
+PEM_write_bio_DSAPrivateKey             416     EXIST::FUNCTION:DSA
+PEM_write_bio_DSAparams                 417     EXIST::FUNCTION:DSA
+PEM_write_bio_PKCS7                     418     EXIST::FUNCTION:
+PEM_write_bio_PrivateKey                419     EXIST::FUNCTION:
+PEM_write_bio_RSAPrivateKey             420     EXIST::FUNCTION:RSA
+PEM_write_bio_X509                      421     EXIST::FUNCTION:
+PEM_write_bio_X509_CRL                  422     EXIST::FUNCTION:
+PEM_write_bio_X509_REQ                  423     EXIST::FUNCTION:
+PKCS7_DIGEST_free                       424     EXIST::FUNCTION:
+PKCS7_DIGEST_new                        425     EXIST::FUNCTION:
+PKCS7_ENCRYPT_free                      426     EXIST::FUNCTION:
+PKCS7_ENCRYPT_new                       427     EXIST::FUNCTION:
+PKCS7_ENC_CONTENT_free                  428     EXIST::FUNCTION:
+PKCS7_ENC_CONTENT_new                   429     EXIST::FUNCTION:
+PKCS7_ENVELOPE_free                     430     EXIST::FUNCTION:
+PKCS7_ENVELOPE_new                      431     EXIST::FUNCTION:
+PKCS7_ISSUER_AND_SERIAL_digest          432     EXIST::FUNCTION:
+PKCS7_ISSUER_AND_SERIAL_free            433     EXIST::FUNCTION:
+PKCS7_ISSUER_AND_SERIAL_new             434     EXIST::FUNCTION:
+PKCS7_RECIP_INFO_free                   435     EXIST::FUNCTION:
+PKCS7_RECIP_INFO_new                    436     EXIST::FUNCTION:
+PKCS7_SIGNED_free                       437     EXIST::FUNCTION:
+PKCS7_SIGNED_new                        438     EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_free                  439     EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_new                   440     EXIST::FUNCTION:
+PKCS7_SIGN_ENVELOPE_free                441     EXIST::FUNCTION:
+PKCS7_SIGN_ENVELOPE_new                 442     EXIST::FUNCTION:
+PKCS7_dup                               443     EXIST::FUNCTION:
+PKCS7_free                              444     EXIST::FUNCTION:
+PKCS7_new                               445     EXIST::FUNCTION:
+PROXY_ENTRY_add_noproxy                 446     NOEXIST::FUNCTION:
+PROXY_ENTRY_clear_noproxy               447     NOEXIST::FUNCTION:
+PROXY_ENTRY_free                        448     NOEXIST::FUNCTION:
+PROXY_ENTRY_get_noproxy                 449     NOEXIST::FUNCTION:
+PROXY_ENTRY_new                         450     NOEXIST::FUNCTION:
+PROXY_ENTRY_set_server                  451     NOEXIST::FUNCTION:
+PROXY_add_noproxy                       452     NOEXIST::FUNCTION:
+PROXY_add_server                        453     NOEXIST::FUNCTION:
+PROXY_check_by_host                     454     NOEXIST::FUNCTION:
+PROXY_check_url                         455     NOEXIST::FUNCTION:
+PROXY_clear_noproxy                     456     NOEXIST::FUNCTION:
+PROXY_free                              457     NOEXIST::FUNCTION:
+PROXY_get_noproxy                       458     NOEXIST::FUNCTION:
+PROXY_get_proxies                       459     NOEXIST::FUNCTION:
+PROXY_get_proxy_entry                   460     NOEXIST::FUNCTION:
+PROXY_load_conf                         461     NOEXIST::FUNCTION:
+PROXY_new                               462     NOEXIST::FUNCTION:
+PROXY_print                             463     NOEXIST::FUNCTION:
+RAND_bytes                              464     EXIST::FUNCTION:
+RAND_cleanup                            465     EXIST::FUNCTION:
+RAND_file_name                          466     EXIST::FUNCTION:
+RAND_load_file                          467     EXIST::FUNCTION:
+RAND_screen                             468     EXIST:WIN32:FUNCTION:
+RAND_seed                               469     EXIST::FUNCTION:
+RAND_write_file                         470     EXIST::FUNCTION:
+RC2_cbc_encrypt                         471     EXIST::FUNCTION:RC2
+RC2_cfb64_encrypt                       472     EXIST::FUNCTION:RC2
+RC2_ecb_encrypt                         473     EXIST::FUNCTION:RC2
+RC2_encrypt                             474     EXIST::FUNCTION:RC2
+RC2_ofb64_encrypt                       475     EXIST::FUNCTION:RC2
+RC2_set_key                             476     EXIST::FUNCTION:RC2
+RC4                                     477     EXIST::FUNCTION:RC4
+RC4_options                             478     EXIST::FUNCTION:RC4
+RC4_set_key                             479     EXIST::FUNCTION:RC4
+RSAPrivateKey_asn1_meth                 480     EXIST::FUNCTION:RSA
+RSAPrivateKey_dup                       481     EXIST::FUNCTION:RSA
+RSAPublicKey_dup                        482     EXIST::FUNCTION:RSA
+RSA_PKCS1_SSLeay                        483     EXIST::FUNCTION:RSA
+RSA_free                                484     EXIST::FUNCTION:RSA
+RSA_generate_key                        485     EXIST::FUNCTION:RSA
+RSA_new                                 486     EXIST::FUNCTION:RSA
+RSA_new_method                          487     EXIST::FUNCTION:RSA
+RSA_print                               488     EXIST::FUNCTION:BIO,RSA
+RSA_print_fp                            489     EXIST::FUNCTION:FP_API,RSA
+RSA_private_decrypt                     490     EXIST::FUNCTION:RSA
+RSA_private_encrypt                     491     EXIST::FUNCTION:RSA
+RSA_public_decrypt                      492     EXIST::FUNCTION:RSA
+RSA_public_encrypt                      493     EXIST::FUNCTION:RSA
+RSA_set_default_method                  494     EXIST::FUNCTION:RSA
+RSA_sign                                495     EXIST::FUNCTION:RSA
+RSA_sign_ASN1_OCTET_STRING              496     EXIST::FUNCTION:RSA
+RSA_size                                497     EXIST::FUNCTION:RSA
+RSA_verify                              498     EXIST::FUNCTION:RSA
+RSA_verify_ASN1_OCTET_STRING            499     EXIST::FUNCTION:RSA
+SHA                                     500     EXIST::FUNCTION:SHA,SHA0
+SHA1                                    501     EXIST::FUNCTION:SHA,SHA1
+SHA1_Final                              502     EXIST::FUNCTION:SHA,SHA1
+SHA1_Init                               503     EXIST::FUNCTION:SHA,SHA1
+SHA1_Update                             504     EXIST::FUNCTION:SHA,SHA1
+SHA_Final                               505     EXIST::FUNCTION:SHA,SHA0
+SHA_Init                                506     EXIST::FUNCTION:SHA,SHA0
+SHA_Update                              507     EXIST::FUNCTION:SHA,SHA0
+OpenSSL_add_all_algorithms              508     NOEXIST::FUNCTION:
+OpenSSL_add_all_ciphers                 509     EXIST::FUNCTION:
+OpenSSL_add_all_digests                 510     EXIST::FUNCTION:
+TXT_DB_create_index                     511     EXIST::FUNCTION:
+TXT_DB_free                             512     EXIST::FUNCTION:
+TXT_DB_get_by_index                     513     EXIST::FUNCTION:
+TXT_DB_insert                           514     EXIST::FUNCTION:
+TXT_DB_read                             515     EXIST::FUNCTION:BIO
+TXT_DB_write                            516     EXIST::FUNCTION:BIO
+X509_ALGOR_free                         517     EXIST::FUNCTION:
+X509_ALGOR_new                          518     EXIST::FUNCTION:
+X509_ATTRIBUTE_free                     519     EXIST::FUNCTION:
+X509_ATTRIBUTE_new                      520     EXIST::FUNCTION:
+X509_CINF_free                          521     EXIST::FUNCTION:
+X509_CINF_new                           522     EXIST::FUNCTION:
+X509_CRL_INFO_free                      523     EXIST::FUNCTION:
+X509_CRL_INFO_new                       524     EXIST::FUNCTION:
+X509_CRL_add_ext                        525     EXIST::FUNCTION:
+X509_CRL_cmp                            526     EXIST::FUNCTION:
+X509_CRL_delete_ext                     527     EXIST::FUNCTION:
+X509_CRL_dup                            528     EXIST::FUNCTION:
+X509_CRL_free                           529     EXIST::FUNCTION:
+X509_CRL_get_ext                        530     EXIST::FUNCTION:
+X509_CRL_get_ext_by_NID                 531     EXIST::FUNCTION:
+X509_CRL_get_ext_by_OBJ                 532     EXIST::FUNCTION:
+X509_CRL_get_ext_by_critical            533     EXIST::FUNCTION:
+X509_CRL_get_ext_count                  534     EXIST::FUNCTION:
+X509_CRL_new                            535     EXIST::FUNCTION:
+X509_CRL_sign                           536     EXIST::FUNCTION:EVP
+X509_CRL_verify                         537     EXIST::FUNCTION:EVP
+X509_EXTENSION_create_by_NID            538     EXIST::FUNCTION:
+X509_EXTENSION_create_by_OBJ            539     EXIST::FUNCTION:
+X509_EXTENSION_dup                      540     EXIST::FUNCTION:
+X509_EXTENSION_free                     541     EXIST::FUNCTION:
+X509_EXTENSION_get_critical             542     EXIST::FUNCTION:
+X509_EXTENSION_get_data                 543     EXIST::FUNCTION:
+X509_EXTENSION_get_object               544     EXIST::FUNCTION:
+X509_EXTENSION_new                      545     EXIST::FUNCTION:
+X509_EXTENSION_set_critical             546     EXIST::FUNCTION:
+X509_EXTENSION_set_data                 547     EXIST::FUNCTION:
+X509_EXTENSION_set_object               548     EXIST::FUNCTION:
+X509_INFO_free                          549     EXIST::FUNCTION:EVP
+X509_INFO_new                           550     EXIST::FUNCTION:EVP
+X509_LOOKUP_by_alias                    551     EXIST::FUNCTION:
+X509_LOOKUP_by_fingerprint              552     EXIST::FUNCTION:
+X509_LOOKUP_by_issuer_serial            553     EXIST::FUNCTION:
+X509_LOOKUP_by_subject                  554     EXIST::FUNCTION:
+X509_LOOKUP_ctrl                        555     EXIST::FUNCTION:
+X509_LOOKUP_file                        556     EXIST::FUNCTION:
+X509_LOOKUP_free                        557     EXIST::FUNCTION:
+X509_LOOKUP_hash_dir                    558     EXIST::FUNCTION:
+X509_LOOKUP_init                        559     EXIST::FUNCTION:
+X509_LOOKUP_new                         560     EXIST::FUNCTION:
+X509_LOOKUP_shutdown                    561     EXIST::FUNCTION:
+X509_NAME_ENTRY_create_by_NID           562     EXIST::FUNCTION:
+X509_NAME_ENTRY_create_by_OBJ           563     EXIST::FUNCTION:
+X509_NAME_ENTRY_dup                     564     EXIST::FUNCTION:
+X509_NAME_ENTRY_free                    565     EXIST::FUNCTION:
+X509_NAME_ENTRY_get_data                566     EXIST::FUNCTION:
+X509_NAME_ENTRY_get_object              567     EXIST::FUNCTION:
+X509_NAME_ENTRY_new                     568     EXIST::FUNCTION:
+X509_NAME_ENTRY_set_data                569     EXIST::FUNCTION:
+X509_NAME_ENTRY_set_object              570     EXIST::FUNCTION:
+X509_NAME_add_entry                     571     EXIST::FUNCTION:
+X509_NAME_cmp                           572     EXIST::FUNCTION:
+X509_NAME_delete_entry                  573     EXIST::FUNCTION:
+X509_NAME_digest                        574     EXIST::FUNCTION:EVP
+X509_NAME_dup                           575     EXIST::FUNCTION:
+X509_NAME_entry_count                   576     EXIST::FUNCTION:
+X509_NAME_free                          577     EXIST::FUNCTION:
+X509_NAME_get_entry                     578     EXIST::FUNCTION:
+X509_NAME_get_index_by_NID              579     EXIST::FUNCTION:
+X509_NAME_get_index_by_OBJ              580     EXIST::FUNCTION:
+X509_NAME_get_text_by_NID               581     EXIST::FUNCTION:
+X509_NAME_get_text_by_OBJ               582     EXIST::FUNCTION:
+X509_NAME_hash                          583     EXIST::FUNCTION:
+X509_NAME_new                           584     EXIST::FUNCTION:
+X509_NAME_oneline                       585     EXIST::FUNCTION:EVP
+X509_NAME_print                         586     EXIST::FUNCTION:BIO
+X509_NAME_set                           587     EXIST::FUNCTION:
+X509_OBJECT_free_contents               588     EXIST::FUNCTION:
+X509_OBJECT_retrieve_by_subject         589     EXIST::FUNCTION:
+X509_OBJECT_up_ref_count                590     EXIST::FUNCTION:
+X509_PKEY_free                          591     EXIST::FUNCTION:
+X509_PKEY_new                           592     EXIST::FUNCTION:
+X509_PUBKEY_free                        593     EXIST::FUNCTION:
+X509_PUBKEY_get                         594     EXIST::FUNCTION:
+X509_PUBKEY_new                         595     EXIST::FUNCTION:
+X509_PUBKEY_set                         596     EXIST::FUNCTION:
+X509_REQ_INFO_free                      597     EXIST::FUNCTION:
+X509_REQ_INFO_new                       598     EXIST::FUNCTION:
+X509_REQ_dup                            599     EXIST::FUNCTION:
+X509_REQ_free                           600     EXIST::FUNCTION:
+X509_REQ_get_pubkey                     601     EXIST::FUNCTION:
+X509_REQ_new                            602     EXIST::FUNCTION:
+X509_REQ_print                          603     EXIST::FUNCTION:BIO
+X509_REQ_print_fp                       604     EXIST::FUNCTION:FP_API
+X509_REQ_set_pubkey                     605     EXIST::FUNCTION:
+X509_REQ_set_subject_name               606     EXIST::FUNCTION:
+X509_REQ_set_version                    607     EXIST::FUNCTION:
+X509_REQ_sign                           608     EXIST::FUNCTION:EVP
+X509_REQ_to_X509                        609     EXIST::FUNCTION:
+X509_REQ_verify                         610     EXIST::FUNCTION:EVP
+X509_REVOKED_add_ext                    611     EXIST::FUNCTION:
+X509_REVOKED_delete_ext                 612     EXIST::FUNCTION:
+X509_REVOKED_free                       613     EXIST::FUNCTION:
+X509_REVOKED_get_ext                    614     EXIST::FUNCTION:
+X509_REVOKED_get_ext_by_NID             615     EXIST::FUNCTION:
+X509_REVOKED_get_ext_by_OBJ             616     EXIST::FUNCTION:
+X509_REVOKED_get_ext_by_critical        617     EXIST:!VMS:FUNCTION:
+X509_REVOKED_get_ext_by_critic          617     EXIST:VMS:FUNCTION:
+X509_REVOKED_get_ext_count              618     EXIST::FUNCTION:
+X509_REVOKED_new                        619     EXIST::FUNCTION:
+X509_SIG_free                           620     EXIST::FUNCTION:
+X509_SIG_new                            621     EXIST::FUNCTION:
+X509_STORE_CTX_cleanup                  622     EXIST::FUNCTION:
+X509_STORE_CTX_init                     623     EXIST::FUNCTION:
+X509_STORE_add_cert                     624     EXIST::FUNCTION:
+X509_STORE_add_lookup                   625     EXIST::FUNCTION:
+X509_STORE_free                         626     EXIST::FUNCTION:
+X509_STORE_get_by_subject               627     EXIST::FUNCTION:
+X509_STORE_load_locations               628     EXIST::FUNCTION:STDIO
+X509_STORE_new                          629     EXIST::FUNCTION:
+X509_STORE_set_default_paths            630     EXIST::FUNCTION:STDIO
+X509_VAL_free                           631     EXIST::FUNCTION:
+X509_VAL_new                            632     EXIST::FUNCTION:
+X509_add_ext                            633     EXIST::FUNCTION:
+X509_asn1_meth                          634     EXIST::FUNCTION:
+X509_certificate_type                   635     EXIST::FUNCTION:
+X509_check_private_key                  636     EXIST::FUNCTION:
+X509_cmp_current_time                   637     EXIST::FUNCTION:
+X509_delete_ext                         638     EXIST::FUNCTION:
+X509_digest                             639     EXIST::FUNCTION:EVP
+X509_dup                                640     EXIST::FUNCTION:
+X509_free                               641     EXIST::FUNCTION:
+X509_get_default_cert_area              642     EXIST::FUNCTION:
+X509_get_default_cert_dir               643     EXIST::FUNCTION:
+X509_get_default_cert_dir_env           644     EXIST::FUNCTION:
+X509_get_default_cert_file              645     EXIST::FUNCTION:
+X509_get_default_cert_file_env          646     EXIST::FUNCTION:
+X509_get_default_private_dir            647     EXIST::FUNCTION:
+X509_get_ext                            648     EXIST::FUNCTION:
+X509_get_ext_by_NID                     649     EXIST::FUNCTION:
+X509_get_ext_by_OBJ                     650     EXIST::FUNCTION:
+X509_get_ext_by_critical                651     EXIST::FUNCTION:
+X509_get_ext_count                      652     EXIST::FUNCTION:
+X509_get_issuer_name                    653     EXIST::FUNCTION:
+X509_get_pubkey                         654     EXIST::FUNCTION:
+X509_get_pubkey_parameters              655     EXIST::FUNCTION:
+X509_get_serialNumber                   656     EXIST::FUNCTION:
+X509_get_subject_name                   657     EXIST::FUNCTION:
+X509_gmtime_adj                         658     EXIST::FUNCTION:
+X509_issuer_and_serial_cmp              659     EXIST::FUNCTION:
+X509_issuer_and_serial_hash             660     EXIST::FUNCTION:
+X509_issuer_name_cmp                    661     EXIST::FUNCTION:
+X509_issuer_name_hash                   662     EXIST::FUNCTION:
+X509_load_cert_file                     663     EXIST::FUNCTION:STDIO
+X509_new                                664     EXIST::FUNCTION:
+X509_print                              665     EXIST::FUNCTION:BIO
+X509_print_fp                           666     EXIST::FUNCTION:FP_API
+X509_set_issuer_name                    667     EXIST::FUNCTION:
+X509_set_notAfter                       668     EXIST::FUNCTION:
+X509_set_notBefore                      669     EXIST::FUNCTION:
+X509_set_pubkey                         670     EXIST::FUNCTION:
+X509_set_serialNumber                   671     EXIST::FUNCTION:
+X509_set_subject_name                   672     EXIST::FUNCTION:
+X509_set_version                        673     EXIST::FUNCTION:
+X509_sign                               674     EXIST::FUNCTION:EVP
+X509_subject_name_cmp                   675     EXIST::FUNCTION:
+X509_subject_name_hash                  676     EXIST::FUNCTION:
+X509_to_X509_REQ                        677     EXIST::FUNCTION:
+X509_verify                             678     EXIST::FUNCTION:EVP
+X509_verify_cert                        679     EXIST::FUNCTION:
+X509_verify_cert_error_string           680     EXIST::FUNCTION:
+X509v3_add_ext                          681     EXIST::FUNCTION:
+X509v3_add_extension                    682     NOEXIST::FUNCTION:
+X509v3_add_netscape_extensions          683     NOEXIST::FUNCTION:
+X509v3_add_standard_extensions          684     NOEXIST::FUNCTION:
+X509v3_cleanup_extensions               685     NOEXIST::FUNCTION:
+X509v3_data_type_by_NID                 686     NOEXIST::FUNCTION:
+X509v3_data_type_by_OBJ                 687     NOEXIST::FUNCTION:
+X509v3_delete_ext                       688     EXIST::FUNCTION:
+X509v3_get_ext                          689     EXIST::FUNCTION:
+X509v3_get_ext_by_NID                   690     EXIST::FUNCTION:
+X509v3_get_ext_by_OBJ                   691     EXIST::FUNCTION:
+X509v3_get_ext_by_critical              692     EXIST::FUNCTION:
+X509v3_get_ext_count                    693     EXIST::FUNCTION:
+X509v3_pack_string                      694     NOEXIST::FUNCTION:
+X509v3_pack_type_by_NID                 695     NOEXIST::FUNCTION:
+X509v3_pack_type_by_OBJ                 696     NOEXIST::FUNCTION:
+X509v3_unpack_string                    697     NOEXIST::FUNCTION:
+_des_crypt                              698     NOEXIST::FUNCTION:
+a2d_ASN1_OBJECT                         699     EXIST::FUNCTION:
+a2i_ASN1_INTEGER                        700     EXIST::FUNCTION:BIO
+a2i_ASN1_STRING                         701     EXIST::FUNCTION:BIO
+asn1_Finish                             702     EXIST::FUNCTION:
+asn1_GetSequence                        703     EXIST::FUNCTION:
+bn_div_words                            704     EXIST::FUNCTION:
+bn_expand2                              705     EXIST::FUNCTION:
+bn_mul_add_words                        706     EXIST::FUNCTION:
+bn_mul_words                            707     EXIST::FUNCTION:
+BN_uadd                                 708     EXIST::FUNCTION:
+BN_usub                                 709     EXIST::FUNCTION:
+bn_sqr_words                            710     EXIST::FUNCTION:
+_ossl_old_crypt                         711     EXIST:!NeXT,!PERL5:FUNCTION:DES
+d2i_ASN1_BIT_STRING                     712     EXIST::FUNCTION:
+d2i_ASN1_BOOLEAN                        713     EXIST::FUNCTION:
+d2i_ASN1_HEADER                         714     EXIST::FUNCTION:
+d2i_ASN1_IA5STRING                      715     EXIST::FUNCTION:
+d2i_ASN1_INTEGER                        716     EXIST::FUNCTION:
+d2i_ASN1_OBJECT                         717     EXIST::FUNCTION:
+d2i_ASN1_OCTET_STRING                   718     EXIST::FUNCTION:
+d2i_ASN1_PRINTABLE                      719     EXIST::FUNCTION:
+d2i_ASN1_PRINTABLESTRING                720     EXIST::FUNCTION:
+d2i_ASN1_SET                            721     EXIST::FUNCTION:
+d2i_ASN1_T61STRING                      722     EXIST::FUNCTION:
+d2i_ASN1_TYPE                           723     EXIST::FUNCTION:
+d2i_ASN1_UTCTIME                        724     EXIST::FUNCTION:
+d2i_ASN1_bytes                          725     EXIST::FUNCTION:
+d2i_ASN1_type_bytes                     726     EXIST::FUNCTION:
+d2i_DHparams                            727     EXIST::FUNCTION:DH
+d2i_DSAPrivateKey                       728     EXIST::FUNCTION:DSA
+d2i_DSAPrivateKey_bio                   729     EXIST::FUNCTION:BIO,DSA
+d2i_DSAPrivateKey_fp                    730     EXIST::FUNCTION:DSA,FP_API
+d2i_DSAPublicKey                        731     EXIST::FUNCTION:DSA
+d2i_DSAparams                           732     EXIST::FUNCTION:DSA
+d2i_NETSCAPE_SPKAC                      733     EXIST::FUNCTION:
+d2i_NETSCAPE_SPKI                       734     EXIST::FUNCTION:
+d2i_Netscape_RSA                        735     EXIST::FUNCTION:RSA
+d2i_PKCS7                               736     EXIST::FUNCTION:
+d2i_PKCS7_DIGEST                        737     EXIST::FUNCTION:
+d2i_PKCS7_ENCRYPT                       738     EXIST::FUNCTION:
+d2i_PKCS7_ENC_CONTENT                   739     EXIST::FUNCTION:
+d2i_PKCS7_ENVELOPE                      740     EXIST::FUNCTION:
+d2i_PKCS7_ISSUER_AND_SERIAL             741     EXIST::FUNCTION:
+d2i_PKCS7_RECIP_INFO                    742     EXIST::FUNCTION:
+d2i_PKCS7_SIGNED                        743     EXIST::FUNCTION:
+d2i_PKCS7_SIGNER_INFO                   744     EXIST::FUNCTION:
+d2i_PKCS7_SIGN_ENVELOPE                 745     EXIST::FUNCTION:
+d2i_PKCS7_bio                           746     EXIST::FUNCTION:
+d2i_PKCS7_fp                            747     EXIST::FUNCTION:FP_API
+d2i_PrivateKey                          748     EXIST::FUNCTION:
+d2i_PublicKey                           749     EXIST::FUNCTION:
+d2i_RSAPrivateKey                       750     EXIST::FUNCTION:RSA
+d2i_RSAPrivateKey_bio                   751     EXIST::FUNCTION:BIO,RSA
+d2i_RSAPrivateKey_fp                    752     EXIST::FUNCTION:FP_API,RSA
+d2i_RSAPublicKey                        753     EXIST::FUNCTION:RSA
+d2i_X509                                754     EXIST::FUNCTION:
+d2i_X509_ALGOR                          755     EXIST::FUNCTION:
+d2i_X509_ATTRIBUTE                      756     EXIST::FUNCTION:
+d2i_X509_CINF                           757     EXIST::FUNCTION:
+d2i_X509_CRL                            758     EXIST::FUNCTION:
+d2i_X509_CRL_INFO                       759     EXIST::FUNCTION:
+d2i_X509_CRL_bio                        760     EXIST::FUNCTION:BIO
+d2i_X509_CRL_fp                         761     EXIST::FUNCTION:FP_API
+d2i_X509_EXTENSION                      762     EXIST::FUNCTION:
+d2i_X509_NAME                           763     EXIST::FUNCTION:
+d2i_X509_NAME_ENTRY                     764     EXIST::FUNCTION:
+d2i_X509_PKEY                           765     EXIST::FUNCTION:
+d2i_X509_PUBKEY                         766     EXIST::FUNCTION:
+d2i_X509_REQ                            767     EXIST::FUNCTION:
+d2i_X509_REQ_INFO                       768     EXIST::FUNCTION:
+d2i_X509_REQ_bio                        769     EXIST::FUNCTION:BIO
+d2i_X509_REQ_fp                         770     EXIST::FUNCTION:FP_API
+d2i_X509_REVOKED                        771     EXIST::FUNCTION:
+d2i_X509_SIG                            772     EXIST::FUNCTION:
+d2i_X509_VAL                            773     EXIST::FUNCTION:
+d2i_X509_bio                            774     EXIST::FUNCTION:BIO
+d2i_X509_fp                             775     EXIST::FUNCTION:FP_API
+DES_cbc_cksum                           777     EXIST::FUNCTION:DES
+DES_cbc_encrypt                         778     EXIST::FUNCTION:DES
+DES_cblock_print_file                   779     NOEXIST::FUNCTION:
+DES_cfb64_encrypt                       780     EXIST::FUNCTION:DES
+DES_cfb_encrypt                         781     EXIST::FUNCTION:DES
+DES_decrypt3                            782     EXIST::FUNCTION:DES
+DES_ecb3_encrypt                        783     EXIST::FUNCTION:DES
+DES_ecb_encrypt                         784     EXIST::FUNCTION:DES
+DES_ede3_cbc_encrypt                    785     EXIST::FUNCTION:DES
+DES_ede3_cfb64_encrypt                  786     EXIST::FUNCTION:DES
+DES_ede3_ofb64_encrypt                  787     EXIST::FUNCTION:DES
+DES_enc_read                            788     EXIST::FUNCTION:DES
+DES_enc_write                           789     EXIST::FUNCTION:DES
+DES_encrypt1                            790     EXIST::FUNCTION:DES
+DES_encrypt2                            791     EXIST::FUNCTION:DES
+DES_encrypt3                            792     EXIST::FUNCTION:DES
+DES_fcrypt                              793     EXIST::FUNCTION:DES
+DES_is_weak_key                         794     EXIST::FUNCTION:DES
+DES_key_sched                           795     EXIST::FUNCTION:DES
+DES_ncbc_encrypt                        796     EXIST::FUNCTION:DES
+DES_ofb64_encrypt                       797     EXIST::FUNCTION:DES
+DES_ofb_encrypt                         798     EXIST::FUNCTION:DES
+DES_options                             799     EXIST::FUNCTION:DES
+DES_pcbc_encrypt                        800     EXIST::FUNCTION:DES
+DES_quad_cksum                          801     EXIST::FUNCTION:DES
+DES_random_key                          802     EXIST::FUNCTION:DES
+_ossl_old_des_random_seed               803     EXIST::FUNCTION:DES
+_ossl_old_des_read_2passwords           804     EXIST::FUNCTION:DES
+_ossl_old_des_read_password             805     EXIST::FUNCTION:DES
+_ossl_old_des_read_pw                   806     EXIST::FUNCTION:
+_ossl_old_des_read_pw_string            807     EXIST::FUNCTION:
+DES_set_key                             808     EXIST::FUNCTION:DES
+DES_set_odd_parity                      809     EXIST::FUNCTION:DES
+DES_string_to_2keys                     810     EXIST::FUNCTION:DES
+DES_string_to_key                       811     EXIST::FUNCTION:DES
+DES_xcbc_encrypt                        812     EXIST::FUNCTION:DES
+DES_xwhite_in2out                       813     EXIST::FUNCTION:DES
+fcrypt_body                             814     NOEXIST::FUNCTION:
+i2a_ASN1_INTEGER                        815     EXIST::FUNCTION:BIO
+i2a_ASN1_OBJECT                         816     EXIST::FUNCTION:BIO
+i2a_ASN1_STRING                         817     EXIST::FUNCTION:BIO
+i2d_ASN1_BIT_STRING                     818     EXIST::FUNCTION:
+i2d_ASN1_BOOLEAN                        819     EXIST::FUNCTION:
+i2d_ASN1_HEADER                         820     EXIST::FUNCTION:
+i2d_ASN1_IA5STRING                      821     EXIST::FUNCTION:
+i2d_ASN1_INTEGER                        822     EXIST::FUNCTION:
+i2d_ASN1_OBJECT                         823     EXIST::FUNCTION:
+i2d_ASN1_OCTET_STRING                   824     EXIST::FUNCTION:
+i2d_ASN1_PRINTABLE                      825     EXIST::FUNCTION:
+i2d_ASN1_SET                            826     EXIST::FUNCTION:
+i2d_ASN1_TYPE                           827     EXIST::FUNCTION:
+i2d_ASN1_UTCTIME                        828     EXIST::FUNCTION:
+i2d_ASN1_bytes                          829     EXIST::FUNCTION:
+i2d_DHparams                            830     EXIST::FUNCTION:DH
+i2d_DSAPrivateKey                       831     EXIST::FUNCTION:DSA
+i2d_DSAPrivateKey_bio                   832     EXIST::FUNCTION:BIO,DSA
+i2d_DSAPrivateKey_fp                    833     EXIST::FUNCTION:DSA,FP_API
+i2d_DSAPublicKey                        834     EXIST::FUNCTION:DSA
+i2d_DSAparams                           835     EXIST::FUNCTION:DSA
+i2d_NETSCAPE_SPKAC                      836     EXIST::FUNCTION:
+i2d_NETSCAPE_SPKI                       837     EXIST::FUNCTION:
+i2d_Netscape_RSA                        838     EXIST::FUNCTION:RSA
+i2d_PKCS7                               839     EXIST::FUNCTION:
+i2d_PKCS7_DIGEST                        840     EXIST::FUNCTION:
+i2d_PKCS7_ENCRYPT                       841     EXIST::FUNCTION:
+i2d_PKCS7_ENC_CONTENT                   842     EXIST::FUNCTION:
+i2d_PKCS7_ENVELOPE                      843     EXIST::FUNCTION:
+i2d_PKCS7_ISSUER_AND_SERIAL             844     EXIST::FUNCTION:
+i2d_PKCS7_RECIP_INFO                    845     EXIST::FUNCTION:
+i2d_PKCS7_SIGNED                        846     EXIST::FUNCTION:
+i2d_PKCS7_SIGNER_INFO                   847     EXIST::FUNCTION:
+i2d_PKCS7_SIGN_ENVELOPE                 848     EXIST::FUNCTION:
+i2d_PKCS7_bio                           849     EXIST::FUNCTION:
+i2d_PKCS7_fp                            850     EXIST::FUNCTION:FP_API
+i2d_PrivateKey                          851     EXIST::FUNCTION:
+i2d_PublicKey                           852     EXIST::FUNCTION:
+i2d_RSAPrivateKey                       853     EXIST::FUNCTION:RSA
+i2d_RSAPrivateKey_bio                   854     EXIST::FUNCTION:BIO,RSA
+i2d_RSAPrivateKey_fp                    855     EXIST::FUNCTION:FP_API,RSA
+i2d_RSAPublicKey                        856     EXIST::FUNCTION:RSA
+i2d_X509                                857     EXIST::FUNCTION:
+i2d_X509_ALGOR                          858     EXIST::FUNCTION:
+i2d_X509_ATTRIBUTE                      859     EXIST::FUNCTION:
+i2d_X509_CINF                           860     EXIST::FUNCTION:
+i2d_X509_CRL                            861     EXIST::FUNCTION:
+i2d_X509_CRL_INFO                       862     EXIST::FUNCTION:
+i2d_X509_CRL_bio                        863     EXIST::FUNCTION:BIO
+i2d_X509_CRL_fp                         864     EXIST::FUNCTION:FP_API
+i2d_X509_EXTENSION                      865     EXIST::FUNCTION:
+i2d_X509_NAME                           866     EXIST::FUNCTION:
+i2d_X509_NAME_ENTRY                     867     EXIST::FUNCTION:
+i2d_X509_PKEY                           868     EXIST::FUNCTION:
+i2d_X509_PUBKEY                         869     EXIST::FUNCTION:
+i2d_X509_REQ                            870     EXIST::FUNCTION:
+i2d_X509_REQ_INFO                       871     EXIST::FUNCTION:
+i2d_X509_REQ_bio                        872     EXIST::FUNCTION:BIO
+i2d_X509_REQ_fp                         873     EXIST::FUNCTION:FP_API
+i2d_X509_REVOKED                        874     EXIST::FUNCTION:
+i2d_X509_SIG                            875     EXIST::FUNCTION:
+i2d_X509_VAL                            876     EXIST::FUNCTION:
+i2d_X509_bio                            877     EXIST::FUNCTION:BIO
+i2d_X509_fp                             878     EXIST::FUNCTION:FP_API
+idea_cbc_encrypt                        879     EXIST::FUNCTION:IDEA
+idea_cfb64_encrypt                      880     EXIST::FUNCTION:IDEA
+idea_ecb_encrypt                        881     EXIST::FUNCTION:IDEA
+idea_encrypt                            882     EXIST::FUNCTION:IDEA
+idea_ofb64_encrypt                      883     EXIST::FUNCTION:IDEA
+idea_options                            884     EXIST::FUNCTION:IDEA
+idea_set_decrypt_key                    885     EXIST::FUNCTION:IDEA
+idea_set_encrypt_key                    886     EXIST::FUNCTION:IDEA
+lh_delete                               887     EXIST::FUNCTION:
+lh_doall                                888     EXIST::FUNCTION:
+lh_doall_arg                            889     EXIST::FUNCTION:
+lh_free                                 890     EXIST::FUNCTION:
+lh_insert                               891     EXIST::FUNCTION:
+lh_new                                  892     EXIST::FUNCTION:
+lh_node_stats                           893     EXIST::FUNCTION:FP_API
+lh_node_stats_bio                       894     EXIST::FUNCTION:BIO
+lh_node_usage_stats                     895     EXIST::FUNCTION:FP_API
+lh_node_usage_stats_bio                 896     EXIST::FUNCTION:BIO
+lh_retrieve                             897     EXIST::FUNCTION:
+lh_stats                                898     EXIST::FUNCTION:FP_API
+lh_stats_bio                            899     EXIST::FUNCTION:BIO
+lh_strhash                              900     EXIST::FUNCTION:
+sk_delete                               901     EXIST::FUNCTION:
+sk_delete_ptr                           902     EXIST::FUNCTION:
+sk_dup                                  903     EXIST::FUNCTION:
+sk_find                                 904     EXIST::FUNCTION:
+sk_free                                 905     EXIST::FUNCTION:
+sk_insert                               906     EXIST::FUNCTION:
+sk_new                                  907     EXIST::FUNCTION:
+sk_pop                                  908     EXIST::FUNCTION:
+sk_pop_free                             909     EXIST::FUNCTION:
+sk_push                                 910     EXIST::FUNCTION:
+sk_set_cmp_func                         911     EXIST::FUNCTION:
+sk_shift                                912     EXIST::FUNCTION:
+sk_unshift                              913     EXIST::FUNCTION:
+sk_zero                                 914     EXIST::FUNCTION:
+BIO_f_nbio_test                         915     EXIST::FUNCTION:
+ASN1_TYPE_get                           916     EXIST::FUNCTION:
+ASN1_TYPE_set                           917     EXIST::FUNCTION:
+PKCS7_content_free                      918     NOEXIST::FUNCTION:
+ERR_load_PKCS7_strings                  919     EXIST::FUNCTION:
+X509_find_by_issuer_and_serial          920     EXIST::FUNCTION:
+X509_find_by_subject                    921     EXIST::FUNCTION:
+PKCS7_ctrl                              927     EXIST::FUNCTION:
+PKCS7_set_type                          928     EXIST::FUNCTION:
+PKCS7_set_content                       929     EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_set                   930     EXIST::FUNCTION:
+PKCS7_add_signer                        931     EXIST::FUNCTION:
+PKCS7_add_certificate                   932     EXIST::FUNCTION:
+PKCS7_add_crl                           933     EXIST::FUNCTION:
+PKCS7_content_new                       934     EXIST::FUNCTION:
+PKCS7_dataSign                          935     NOEXIST::FUNCTION:
+PKCS7_dataVerify                        936     EXIST::FUNCTION:
+PKCS7_dataInit                          937     EXIST::FUNCTION:
+PKCS7_add_signature                     938     EXIST::FUNCTION:
+PKCS7_cert_from_signer_info             939     EXIST::FUNCTION:
+PKCS7_get_signer_info                   940     EXIST::FUNCTION:
+EVP_delete_alias                        941     NOEXIST::FUNCTION:
+EVP_mdc2                                942     EXIST::FUNCTION:MDC2
+PEM_read_bio_RSAPublicKey               943     EXIST::FUNCTION:RSA
+PEM_write_bio_RSAPublicKey              944     EXIST::FUNCTION:RSA
+d2i_RSAPublicKey_bio                    945     EXIST::FUNCTION:BIO,RSA
+i2d_RSAPublicKey_bio                    946     EXIST::FUNCTION:BIO,RSA
+PEM_read_RSAPublicKey                   947     EXIST:!WIN16:FUNCTION:RSA
+PEM_write_RSAPublicKey                  949     EXIST:!WIN16:FUNCTION:RSA
+d2i_RSAPublicKey_fp                     952     EXIST::FUNCTION:FP_API,RSA
+i2d_RSAPublicKey_fp                     954     EXIST::FUNCTION:FP_API,RSA
+BIO_copy_next_retry                     955     EXIST::FUNCTION:
+RSA_flags                               956     EXIST::FUNCTION:RSA
+X509_STORE_add_crl                      957     EXIST::FUNCTION:
+X509_load_crl_file                      958     EXIST::FUNCTION:STDIO
+EVP_rc2_40_cbc                          959     EXIST::FUNCTION:RC2
+EVP_rc4_40                              960     EXIST::FUNCTION:RC4
+EVP_CIPHER_CTX_init                     961     EXIST::FUNCTION:
+HMAC                                    962     EXIST::FUNCTION:HMAC
+HMAC_Init                               963     EXIST::FUNCTION:HMAC
+HMAC_Update                             964     EXIST::FUNCTION:HMAC
+HMAC_Final                              965     EXIST::FUNCTION:HMAC
+ERR_get_next_error_library              966     EXIST::FUNCTION:
+EVP_PKEY_cmp_parameters                 967     EXIST::FUNCTION:
+HMAC_cleanup                            968     NOEXIST::FUNCTION:
+BIO_ptr_ctrl                            969     EXIST::FUNCTION:
+BIO_new_file_internal                   970     EXIST:WIN16:FUNCTION:FP_API
+BIO_new_fp_internal                     971     EXIST:WIN16:FUNCTION:FP_API
+BIO_s_file_internal                     972     EXIST:WIN16:FUNCTION:FP_API
+BN_BLINDING_convert                     973     EXIST::FUNCTION:
+BN_BLINDING_invert                      974     EXIST::FUNCTION:
+BN_BLINDING_update                      975     EXIST::FUNCTION:
+RSA_blinding_on                         977     EXIST::FUNCTION:RSA
+RSA_blinding_off                        978     EXIST::FUNCTION:RSA
+i2t_ASN1_OBJECT                         979     EXIST::FUNCTION:
+BN_BLINDING_new                         980     EXIST::FUNCTION:
+BN_BLINDING_free                        981     EXIST::FUNCTION:
+EVP_cast5_cbc                           983     EXIST::FUNCTION:CAST
+EVP_cast5_cfb64                         984     EXIST::FUNCTION:CAST
+EVP_cast5_ecb                           985     EXIST::FUNCTION:CAST
+EVP_cast5_ofb                           986     EXIST::FUNCTION:CAST
+BF_decrypt                              987     EXIST::FUNCTION:BF
+CAST_set_key                            988     EXIST::FUNCTION:CAST
+CAST_encrypt                            989     EXIST::FUNCTION:CAST
+CAST_decrypt                            990     EXIST::FUNCTION:CAST
+CAST_ecb_encrypt                        991     EXIST::FUNCTION:CAST
+CAST_cbc_encrypt                        992     EXIST::FUNCTION:CAST
+CAST_cfb64_encrypt                      993     EXIST::FUNCTION:CAST
+CAST_ofb64_encrypt                      994     EXIST::FUNCTION:CAST
+RC2_decrypt                             995     EXIST::FUNCTION:RC2
+OBJ_create_objects                      997     EXIST::FUNCTION:
+BN_exp                                  998     EXIST::FUNCTION:
+BN_mul_word                             999     EXIST::FUNCTION:
+BN_sub_word                             1000    EXIST::FUNCTION:
+BN_dec2bn                               1001    EXIST::FUNCTION:
+BN_bn2dec                               1002    EXIST::FUNCTION:
+BIO_ghbn_ctrl                           1003    NOEXIST::FUNCTION:
+CRYPTO_free_ex_data                     1004    EXIST::FUNCTION:
+CRYPTO_get_ex_data                      1005    EXIST::FUNCTION:
+CRYPTO_set_ex_data                      1007    EXIST::FUNCTION:
+ERR_load_CRYPTO_strings                 1009    EXIST:!OS2,!VMS,!WIN16:FUNCTION:
+ERR_load_CRYPTOlib_strings              1009    EXIST:OS2,VMS,WIN16:FUNCTION:
+EVP_PKEY_bits                           1010    EXIST::FUNCTION:
+MD5_Transform                           1011    EXIST::FUNCTION:MD5
+SHA1_Transform                          1012    EXIST::FUNCTION:SHA,SHA1
+SHA_Transform                           1013    EXIST::FUNCTION:SHA,SHA0
+X509_STORE_CTX_get_chain                1014    EXIST::FUNCTION:
+X509_STORE_CTX_get_current_cert         1015    EXIST::FUNCTION:
+X509_STORE_CTX_get_error                1016    EXIST::FUNCTION:
+X509_STORE_CTX_get_error_depth          1017    EXIST::FUNCTION:
+X509_STORE_CTX_get_ex_data              1018    EXIST::FUNCTION:
+X509_STORE_CTX_set_cert                 1020    EXIST::FUNCTION:
+X509_STORE_CTX_set_chain                1021    EXIST::FUNCTION:
+X509_STORE_CTX_set_error                1022    EXIST::FUNCTION:
+X509_STORE_CTX_set_ex_data              1023    EXIST::FUNCTION:
+CRYPTO_dup_ex_data                      1025    EXIST::FUNCTION:
+CRYPTO_get_new_lockid                   1026    EXIST::FUNCTION:
+CRYPTO_new_ex_data                      1027    EXIST::FUNCTION:
+RSA_set_ex_data                         1028    EXIST::FUNCTION:RSA
+RSA_get_ex_data                         1029    EXIST::FUNCTION:RSA
+RSA_get_ex_new_index                    1030    EXIST::FUNCTION:RSA
+RSA_padding_add_PKCS1_type_1            1031    EXIST::FUNCTION:RSA
+RSA_padding_add_PKCS1_type_2            1032    EXIST::FUNCTION:RSA
+RSA_padding_add_SSLv23                  1033    EXIST::FUNCTION:RSA
+RSA_padding_add_none                    1034    EXIST::FUNCTION:RSA
+RSA_padding_check_PKCS1_type_1          1035    EXIST::FUNCTION:RSA
+RSA_padding_check_PKCS1_type_2          1036    EXIST::FUNCTION:RSA
+RSA_padding_check_SSLv23                1037    EXIST::FUNCTION:RSA
+RSA_padding_check_none                  1038    EXIST::FUNCTION:RSA
+bn_add_words                            1039    EXIST::FUNCTION:
+d2i_Netscape_RSA_2                      1040    NOEXIST::FUNCTION:
+CRYPTO_get_ex_new_index                 1041    EXIST::FUNCTION:
+RIPEMD160_Init                          1042    EXIST::FUNCTION:RIPEMD
+RIPEMD160_Update                        1043    EXIST::FUNCTION:RIPEMD
+RIPEMD160_Final                         1044    EXIST::FUNCTION:RIPEMD
+RIPEMD160                               1045    EXIST::FUNCTION:RIPEMD
+RIPEMD160_Transform                     1046    EXIST::FUNCTION:RIPEMD
+RC5_32_set_key                          1047    EXIST::FUNCTION:RC5
+RC5_32_ecb_encrypt                      1048    EXIST::FUNCTION:RC5
+RC5_32_encrypt                          1049    EXIST::FUNCTION:RC5
+RC5_32_decrypt                          1050    EXIST::FUNCTION:RC5
+RC5_32_cbc_encrypt                      1051    EXIST::FUNCTION:RC5
+RC5_32_cfb64_encrypt                    1052    EXIST::FUNCTION:RC5
+RC5_32_ofb64_encrypt                    1053    EXIST::FUNCTION:RC5
+BN_bn2mpi                               1058    EXIST::FUNCTION:
+BN_mpi2bn                               1059    EXIST::FUNCTION:
+ASN1_BIT_STRING_get_bit                 1060    EXIST::FUNCTION:
+ASN1_BIT_STRING_set_bit                 1061    EXIST::FUNCTION:
+BIO_get_ex_data                         1062    EXIST::FUNCTION:
+BIO_get_ex_new_index                    1063    EXIST::FUNCTION:
+BIO_set_ex_data                         1064    EXIST::FUNCTION:
+X509v3_get_key_usage                    1066    NOEXIST::FUNCTION:
+X509v3_set_key_usage                    1067    NOEXIST::FUNCTION:
+a2i_X509v3_key_usage                    1068    NOEXIST::FUNCTION:
+i2a_X509v3_key_usage                    1069    NOEXIST::FUNCTION:
+EVP_PKEY_decrypt                        1070    EXIST::FUNCTION:
+EVP_PKEY_encrypt                        1071    EXIST::FUNCTION:
+PKCS7_RECIP_INFO_set                    1072    EXIST::FUNCTION:
+PKCS7_add_recipient                     1073    EXIST::FUNCTION:
+PKCS7_add_recipient_info                1074    EXIST::FUNCTION:
+PKCS7_set_cipher                        1075    EXIST::FUNCTION:
+ASN1_TYPE_get_int_octetstring           1076    EXIST::FUNCTION:
+ASN1_TYPE_get_octetstring               1077    EXIST::FUNCTION:
+ASN1_TYPE_set_int_octetstring           1078    EXIST::FUNCTION:
+ASN1_TYPE_set_octetstring               1079    EXIST::FUNCTION:
+ASN1_UTCTIME_set_string                 1080    EXIST::FUNCTION:
+ERR_add_error_data                      1081    EXIST::FUNCTION:BIO
+ERR_set_error_data                      1082    EXIST::FUNCTION:
+EVP_CIPHER_asn1_to_param                1083    EXIST::FUNCTION:
+EVP_CIPHER_param_to_asn1                1084    EXIST::FUNCTION:
+EVP_CIPHER_get_asn1_iv                  1085    EXIST::FUNCTION:
+EVP_CIPHER_set_asn1_iv                  1086    EXIST::FUNCTION:
+EVP_rc5_32_12_16_cbc                    1087    EXIST::FUNCTION:RC5
+EVP_rc5_32_12_16_cfb64                  1088    EXIST::FUNCTION:RC5
+EVP_rc5_32_12_16_ecb                    1089    EXIST::FUNCTION:RC5
+EVP_rc5_32_12_16_ofb                    1090    EXIST::FUNCTION:RC5
+asn1_add_error                          1091    EXIST::FUNCTION:
+d2i_ASN1_BMPSTRING                      1092    EXIST::FUNCTION:
+i2d_ASN1_BMPSTRING                      1093    EXIST::FUNCTION:
+BIO_f_ber                               1094    NOEXIST::FUNCTION:
+BN_init                                 1095    EXIST::FUNCTION:
+COMP_CTX_new                            1096    EXIST::FUNCTION:
+COMP_CTX_free                           1097    EXIST::FUNCTION:
+COMP_CTX_compress_block                 1098    NOEXIST::FUNCTION:
+COMP_CTX_expand_block                   1099    NOEXIST::FUNCTION:
+X509_STORE_CTX_get_ex_new_index         1100    EXIST::FUNCTION:
+OBJ_NAME_add                            1101    EXIST::FUNCTION:
+BIO_socket_nbio                         1102    EXIST::FUNCTION:
+EVP_rc2_64_cbc                          1103    EXIST::FUNCTION:RC2
+OBJ_NAME_cleanup                        1104    EXIST::FUNCTION:
+OBJ_NAME_get                            1105    EXIST::FUNCTION:
+OBJ_NAME_init                           1106    EXIST::FUNCTION:
+OBJ_NAME_new_index                      1107    EXIST::FUNCTION:
+OBJ_NAME_remove                         1108    EXIST::FUNCTION:
+BN_MONT_CTX_copy                        1109    EXIST::FUNCTION:
+BIO_new_socks4a_connect                 1110    NOEXIST::FUNCTION:
+BIO_s_socks4a_connect                   1111    NOEXIST::FUNCTION:
+PROXY_set_connect_mode                  1112    NOEXIST::FUNCTION:
+RAND_SSLeay                             1113    EXIST::FUNCTION:
+RAND_set_rand_method                    1114    EXIST::FUNCTION:
+RSA_memory_lock                         1115    EXIST::FUNCTION:RSA
+bn_sub_words                            1116    EXIST::FUNCTION:
+bn_mul_normal                           1117    NOEXIST::FUNCTION:
+bn_mul_comba8                           1118    NOEXIST::FUNCTION:
+bn_mul_comba4                           1119    NOEXIST::FUNCTION:
+bn_sqr_normal                           1120    NOEXIST::FUNCTION:
+bn_sqr_comba8                           1121    NOEXIST::FUNCTION:
+bn_sqr_comba4                           1122    NOEXIST::FUNCTION:
+bn_cmp_words                            1123    NOEXIST::FUNCTION:
+bn_mul_recursive                        1124    NOEXIST::FUNCTION:
+bn_mul_part_recursive                   1125    NOEXIST::FUNCTION:
+bn_sqr_recursive                        1126    NOEXIST::FUNCTION:
+bn_mul_low_normal                       1127    NOEXIST::FUNCTION:
+BN_RECP_CTX_init                        1128    EXIST::FUNCTION:
+BN_RECP_CTX_new                         1129    EXIST::FUNCTION:
+BN_RECP_CTX_free                        1130    EXIST::FUNCTION:
+BN_RECP_CTX_set                         1131    EXIST::FUNCTION:
+BN_mod_mul_reciprocal                   1132    EXIST::FUNCTION:
+BN_mod_exp_recp                         1133    EXIST::FUNCTION:
+BN_div_recp                             1134    EXIST::FUNCTION:
+BN_CTX_init                             1135    EXIST::FUNCTION:
+BN_MONT_CTX_init                        1136    EXIST::FUNCTION:
+RAND_get_rand_method                    1137    EXIST::FUNCTION:
+PKCS7_add_attribute                     1138    EXIST::FUNCTION:
+PKCS7_add_signed_attribute              1139    EXIST::FUNCTION:
+PKCS7_digest_from_attributes            1140    EXIST::FUNCTION:
+PKCS7_get_attribute                     1141    EXIST::FUNCTION:
+PKCS7_get_issuer_and_serial             1142    EXIST::FUNCTION:
+PKCS7_get_signed_attribute              1143    EXIST::FUNCTION:
+COMP_compress_block                     1144    EXIST::FUNCTION:
+COMP_expand_block                       1145    EXIST::FUNCTION:
+COMP_rle                                1146    EXIST::FUNCTION:
+COMP_zlib                               1147    EXIST::FUNCTION:
+ms_time_diff                            1148    EXIST::FUNCTION:
+ms_time_new                             1149    EXIST::FUNCTION:
+ms_time_free                            1150    EXIST::FUNCTION:
+ms_time_cmp                             1151    EXIST::FUNCTION:
+ms_time_get                             1152    EXIST::FUNCTION:
+PKCS7_set_attributes                    1153    EXIST::FUNCTION:
+PKCS7_set_signed_attributes             1154    EXIST::FUNCTION:
+X509_ATTRIBUTE_create                   1155    EXIST::FUNCTION:
+X509_ATTRIBUTE_dup                      1156    EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_check              1157    EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_print              1158    EXIST::FUNCTION:BIO
+ASN1_GENERALIZEDTIME_set                1159    EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_set_string         1160    EXIST::FUNCTION:
+ASN1_TIME_print                         1161    EXIST::FUNCTION:BIO
+BASIC_CONSTRAINTS_free                  1162    EXIST::FUNCTION:
+BASIC_CONSTRAINTS_new                   1163    EXIST::FUNCTION:
+ERR_load_X509V3_strings                 1164    EXIST::FUNCTION:
+NETSCAPE_CERT_SEQUENCE_free             1165    EXIST::FUNCTION:
+NETSCAPE_CERT_SEQUENCE_new              1166    EXIST::FUNCTION:
+OBJ_txt2obj                             1167    EXIST::FUNCTION:
+PEM_read_NETSCAPE_CERT_SEQUENCE         1168    EXIST:!VMS,!WIN16:FUNCTION:
+PEM_read_NS_CERT_SEQ                    1168    EXIST:VMS:FUNCTION:
+PEM_read_bio_NETSCAPE_CERT_SEQUENCE     1169    EXIST:!VMS:FUNCTION:
+PEM_read_bio_NS_CERT_SEQ                1169    EXIST:VMS:FUNCTION:
+PEM_write_NETSCAPE_CERT_SEQUENCE        1170    EXIST:!VMS,!WIN16:FUNCTION:
+PEM_write_NS_CERT_SEQ                   1170    EXIST:VMS:FUNCTION:
+PEM_write_bio_NETSCAPE_CERT_SEQUENCE    1171    EXIST:!VMS:FUNCTION:
+PEM_write_bio_NS_CERT_SEQ               1171    EXIST:VMS:FUNCTION:
+X509V3_EXT_add                          1172    EXIST::FUNCTION:
+X509V3_EXT_add_alias                    1173    EXIST::FUNCTION:
+X509V3_EXT_add_conf                     1174    EXIST::FUNCTION:
+X509V3_EXT_cleanup                      1175    EXIST::FUNCTION:
+X509V3_EXT_conf                         1176    EXIST::FUNCTION:
+X509V3_EXT_conf_nid                     1177    EXIST::FUNCTION:
+X509V3_EXT_get                          1178    EXIST::FUNCTION:
+X509V3_EXT_get_nid                      1179    EXIST::FUNCTION:
+X509V3_EXT_print                        1180    EXIST::FUNCTION:
+X509V3_EXT_print_fp                     1181    EXIST::FUNCTION:
+X509V3_add_standard_extensions          1182    EXIST::FUNCTION:
+X509V3_add_value                        1183    EXIST::FUNCTION:
+X509V3_add_value_bool                   1184    EXIST::FUNCTION:
+X509V3_add_value_int                    1185    EXIST::FUNCTION:
+X509V3_conf_free                        1186    EXIST::FUNCTION:
+X509V3_get_value_bool                   1187    EXIST::FUNCTION:
+X509V3_get_value_int                    1188    EXIST::FUNCTION:
+X509V3_parse_list                       1189    EXIST::FUNCTION:
+d2i_ASN1_GENERALIZEDTIME                1190    EXIST::FUNCTION:
+d2i_ASN1_TIME                           1191    EXIST::FUNCTION:
+d2i_BASIC_CONSTRAINTS                   1192    EXIST::FUNCTION:
+d2i_NETSCAPE_CERT_SEQUENCE              1193    EXIST::FUNCTION:
+d2i_ext_ku                              1194    NOEXIST::FUNCTION:
+ext_ku_free                             1195    NOEXIST::FUNCTION:
+ext_ku_new                              1196    NOEXIST::FUNCTION:
+i2d_ASN1_GENERALIZEDTIME                1197    EXIST::FUNCTION:
+i2d_ASN1_TIME                           1198    EXIST::FUNCTION:
+i2d_BASIC_CONSTRAINTS                   1199    EXIST::FUNCTION:
+i2d_NETSCAPE_CERT_SEQUENCE              1200    EXIST::FUNCTION:
+i2d_ext_ku                              1201    NOEXIST::FUNCTION:
+EVP_MD_CTX_copy                         1202    EXIST::FUNCTION:
+i2d_ASN1_ENUMERATED                     1203    EXIST::FUNCTION:
+d2i_ASN1_ENUMERATED                     1204    EXIST::FUNCTION:
+ASN1_ENUMERATED_set                     1205    EXIST::FUNCTION:
+ASN1_ENUMERATED_get                     1206    EXIST::FUNCTION:
+BN_to_ASN1_ENUMERATED                   1207    EXIST::FUNCTION:
+ASN1_ENUMERATED_to_BN                   1208    EXIST::FUNCTION:
+i2a_ASN1_ENUMERATED                     1209    EXIST::FUNCTION:BIO
+a2i_ASN1_ENUMERATED                     1210    EXIST::FUNCTION:BIO
+i2d_GENERAL_NAME                        1211    EXIST::FUNCTION:
+d2i_GENERAL_NAME                        1212    EXIST::FUNCTION:
+GENERAL_NAME_new                        1213    EXIST::FUNCTION:
+GENERAL_NAME_free                       1214    EXIST::FUNCTION:
+GENERAL_NAMES_new                       1215    EXIST::FUNCTION:
+GENERAL_NAMES_free                      1216    EXIST::FUNCTION:
+d2i_GENERAL_NAMES                       1217    EXIST::FUNCTION:
+i2d_GENERAL_NAMES                       1218    EXIST::FUNCTION:
+i2v_GENERAL_NAMES                       1219    EXIST::FUNCTION:
+i2s_ASN1_OCTET_STRING                   1220    EXIST::FUNCTION:
+s2i_ASN1_OCTET_STRING                   1221    EXIST::FUNCTION:
+X509V3_EXT_check_conf                   1222    NOEXIST::FUNCTION:
+hex_to_string                           1223    EXIST::FUNCTION:
+string_to_hex                           1224    EXIST::FUNCTION:
+DES_ede3_cbcm_encrypt                   1225    EXIST::FUNCTION:DES
+RSA_padding_add_PKCS1_OAEP              1226    EXIST::FUNCTION:RSA
+RSA_padding_check_PKCS1_OAEP            1227    EXIST::FUNCTION:RSA
+X509_CRL_print_fp                       1228    EXIST::FUNCTION:FP_API
+X509_CRL_print                          1229    EXIST::FUNCTION:BIO
+i2v_GENERAL_NAME                        1230    EXIST::FUNCTION:
+v2i_GENERAL_NAME                        1231    EXIST::FUNCTION:
+i2d_PKEY_USAGE_PERIOD                   1232    EXIST::FUNCTION:
+d2i_PKEY_USAGE_PERIOD                   1233    EXIST::FUNCTION:
+PKEY_USAGE_PERIOD_new                   1234    EXIST::FUNCTION:
+PKEY_USAGE_PERIOD_free                  1235    EXIST::FUNCTION:
+v2i_GENERAL_NAMES                       1236    EXIST::FUNCTION:
+i2s_ASN1_INTEGER                        1237    EXIST::FUNCTION:
+X509V3_EXT_d2i                          1238    EXIST::FUNCTION:
+name_cmp                                1239    EXIST::FUNCTION:
+str_dup                                 1240    NOEXIST::FUNCTION:
+i2s_ASN1_ENUMERATED                     1241    EXIST::FUNCTION:
+i2s_ASN1_ENUMERATED_TABLE               1242    EXIST::FUNCTION:
+BIO_s_log                               1243    EXIST:!OS2,!WIN16,!WIN32,!macintosh:FUNCTION:
+BIO_f_reliable                          1244    EXIST::FUNCTION:BIO
+PKCS7_dataFinal                         1245    EXIST::FUNCTION:
+PKCS7_dataDecode                        1246    EXIST::FUNCTION:
+X509V3_EXT_CRL_add_conf                 1247    EXIST::FUNCTION:
+BN_set_params                           1248    EXIST::FUNCTION:
+BN_get_params                           1249    EXIST::FUNCTION:
+BIO_get_ex_num                          1250    NOEXIST::FUNCTION:
+BIO_set_ex_free_func                    1251    NOEXIST::FUNCTION:
+EVP_ripemd160                           1252    EXIST::FUNCTION:RIPEMD
+ASN1_TIME_set                           1253    EXIST::FUNCTION:
+i2d_AUTHORITY_KEYID                     1254    EXIST::FUNCTION:
+d2i_AUTHORITY_KEYID                     1255    EXIST::FUNCTION:
+AUTHORITY_KEYID_new                     1256    EXIST::FUNCTION:
+AUTHORITY_KEYID_free                    1257    EXIST::FUNCTION:
+ASN1_seq_unpack                         1258    EXIST::FUNCTION:
+ASN1_seq_pack                           1259    EXIST::FUNCTION:
+ASN1_unpack_string                      1260    EXIST::FUNCTION:
+ASN1_pack_string                        1261    EXIST::FUNCTION:
+PKCS12_pack_safebag                     1262    NOEXIST::FUNCTION:
+PKCS12_MAKE_KEYBAG                      1263    EXIST::FUNCTION:
+PKCS8_encrypt                           1264    EXIST::FUNCTION:
+PKCS12_MAKE_SHKEYBAG                    1265    EXIST::FUNCTION:
+PKCS12_pack_p7data                      1266    EXIST::FUNCTION:
+PKCS12_pack_p7encdata                   1267    EXIST::FUNCTION:
+PKCS12_add_localkeyid                   1268    EXIST::FUNCTION:
+PKCS12_add_friendlyname_asc             1269    EXIST::FUNCTION:
+PKCS12_add_friendlyname_uni             1270    EXIST::FUNCTION:
+PKCS12_get_friendlyname                 1271    EXIST::FUNCTION:
+PKCS12_pbe_crypt                        1272    EXIST::FUNCTION:
+PKCS12_decrypt_d2i                      1273    NOEXIST::FUNCTION:
+PKCS12_i2d_encrypt                      1274    NOEXIST::FUNCTION:
+PKCS12_init                             1275    EXIST::FUNCTION:
+PKCS12_key_gen_asc                      1276    EXIST::FUNCTION:
+PKCS12_key_gen_uni                      1277    EXIST::FUNCTION:
+PKCS12_gen_mac                          1278    EXIST::FUNCTION:
+PKCS12_verify_mac                       1279    EXIST::FUNCTION:
+PKCS12_set_mac                          1280    EXIST::FUNCTION:
+PKCS12_setup_mac                        1281    EXIST::FUNCTION:
+asc2uni                                 1282    EXIST::FUNCTION:
+uni2asc                                 1283    EXIST::FUNCTION:
+i2d_PKCS12_BAGS                         1284    EXIST::FUNCTION:
+PKCS12_BAGS_new                         1285    EXIST::FUNCTION:
+d2i_PKCS12_BAGS                         1286    EXIST::FUNCTION:
+PKCS12_BAGS_free                        1287    EXIST::FUNCTION:
+i2d_PKCS12                              1288    EXIST::FUNCTION:
+d2i_PKCS12                              1289    EXIST::FUNCTION:
+PKCS12_new                              1290    EXIST::FUNCTION:
+PKCS12_free                             1291    EXIST::FUNCTION:
+i2d_PKCS12_MAC_DATA                     1292    EXIST::FUNCTION:
+PKCS12_MAC_DATA_new                     1293    EXIST::FUNCTION:
+d2i_PKCS12_MAC_DATA                     1294    EXIST::FUNCTION:
+PKCS12_MAC_DATA_free                    1295    EXIST::FUNCTION:
+i2d_PKCS12_SAFEBAG                      1296    EXIST::FUNCTION:
+PKCS12_SAFEBAG_new                      1297    EXIST::FUNCTION:
+d2i_PKCS12_SAFEBAG                      1298    EXIST::FUNCTION:
+PKCS12_SAFEBAG_free                     1299    EXIST::FUNCTION:
+ERR_load_PKCS12_strings                 1300    EXIST::FUNCTION:
+PKCS12_PBE_add                          1301    EXIST::FUNCTION:
+PKCS8_add_keyusage                      1302    EXIST::FUNCTION:
+PKCS12_get_attr_gen                     1303    EXIST::FUNCTION:
+PKCS12_parse                            1304    EXIST::FUNCTION:
+PKCS12_create                           1305    EXIST::FUNCTION:
+i2d_PKCS12_bio                          1306    EXIST::FUNCTION:
+i2d_PKCS12_fp                           1307    EXIST::FUNCTION:
+d2i_PKCS12_bio                          1308    EXIST::FUNCTION:
+d2i_PKCS12_fp                           1309    EXIST::FUNCTION:
+i2d_PBEPARAM                            1310    EXIST::FUNCTION:
+PBEPARAM_new                            1311    EXIST::FUNCTION:
+d2i_PBEPARAM                            1312    EXIST::FUNCTION:
+PBEPARAM_free                           1313    EXIST::FUNCTION:
+i2d_PKCS8_PRIV_KEY_INFO                 1314    EXIST::FUNCTION:
+PKCS8_PRIV_KEY_INFO_new                 1315    EXIST::FUNCTION:
+d2i_PKCS8_PRIV_KEY_INFO                 1316    EXIST::FUNCTION:
+PKCS8_PRIV_KEY_INFO_free                1317    EXIST::FUNCTION:
+EVP_PKCS82PKEY                          1318    EXIST::FUNCTION:
+EVP_PKEY2PKCS8                          1319    EXIST::FUNCTION:
+PKCS8_set_broken                        1320    EXIST::FUNCTION:
+EVP_PBE_ALGOR_CipherInit                1321    NOEXIST::FUNCTION:
+EVP_PBE_alg_add                         1322    EXIST::FUNCTION:
+PKCS5_pbe_set                           1323    EXIST::FUNCTION:
+EVP_PBE_cleanup                         1324    EXIST::FUNCTION:
+i2d_SXNET                               1325    EXIST::FUNCTION:
+d2i_SXNET                               1326    EXIST::FUNCTION:
+SXNET_new                               1327    EXIST::FUNCTION:
+SXNET_free                              1328    EXIST::FUNCTION:
+i2d_SXNETID                             1329    EXIST::FUNCTION:
+d2i_SXNETID                             1330    EXIST::FUNCTION:
+SXNETID_new                             1331    EXIST::FUNCTION:
+SXNETID_free                            1332    EXIST::FUNCTION:
+DSA_SIG_new                             1333    EXIST::FUNCTION:DSA
+DSA_SIG_free                            1334    EXIST::FUNCTION:DSA
+DSA_do_sign                             1335    EXIST::FUNCTION:DSA
+DSA_do_verify                           1336    EXIST::FUNCTION:DSA
+d2i_DSA_SIG                             1337    EXIST::FUNCTION:DSA
+i2d_DSA_SIG                             1338    EXIST::FUNCTION:DSA
+i2d_ASN1_VISIBLESTRING                  1339    EXIST::FUNCTION:
+d2i_ASN1_VISIBLESTRING                  1340    EXIST::FUNCTION:
+i2d_ASN1_UTF8STRING                     1341    EXIST::FUNCTION:
+d2i_ASN1_UTF8STRING                     1342    EXIST::FUNCTION:
+i2d_DIRECTORYSTRING                     1343    EXIST::FUNCTION:
+d2i_DIRECTORYSTRING                     1344    EXIST::FUNCTION:
+i2d_DISPLAYTEXT                         1345    EXIST::FUNCTION:
+d2i_DISPLAYTEXT                         1346    EXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509                    1379    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509                    1380    NOEXIST::FUNCTION:
+i2d_PBKDF2PARAM                         1397    EXIST::FUNCTION:
+PBKDF2PARAM_new                         1398    EXIST::FUNCTION:
+d2i_PBKDF2PARAM                         1399    EXIST::FUNCTION:
+PBKDF2PARAM_free                        1400    EXIST::FUNCTION:
+i2d_PBE2PARAM                           1401    EXIST::FUNCTION:
+PBE2PARAM_new                           1402    EXIST::FUNCTION:
+d2i_PBE2PARAM                           1403    EXIST::FUNCTION:
+PBE2PARAM_free                          1404    EXIST::FUNCTION:
+d2i_ASN1_SET_OF_GENERAL_NAME            1421    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_GENERAL_NAME            1422    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_SXNETID                 1439    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_SXNETID                 1440    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_POLICYQUALINFO          1457    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_POLICYQUALINFO          1458    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_POLICYINFO              1475    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_POLICYINFO              1476    NOEXIST::FUNCTION:
+SXNET_add_id_asc                        1477    EXIST::FUNCTION:
+SXNET_add_id_ulong                      1478    EXIST::FUNCTION:
+SXNET_add_id_INTEGER                    1479    EXIST::FUNCTION:
+SXNET_get_id_asc                        1480    EXIST::FUNCTION:
+SXNET_get_id_ulong                      1481    EXIST::FUNCTION:
+SXNET_get_id_INTEGER                    1482    EXIST::FUNCTION:
+X509V3_set_conf_lhash                   1483    EXIST::FUNCTION:
+i2d_CERTIFICATEPOLICIES                 1484    EXIST::FUNCTION:
+CERTIFICATEPOLICIES_new                 1485    EXIST::FUNCTION:
+CERTIFICATEPOLICIES_free                1486    EXIST::FUNCTION:
+d2i_CERTIFICATEPOLICIES                 1487    EXIST::FUNCTION:
+i2d_POLICYINFO                          1488    EXIST::FUNCTION:
+POLICYINFO_new                          1489    EXIST::FUNCTION:
+d2i_POLICYINFO                          1490    EXIST::FUNCTION:
+POLICYINFO_free                         1491    EXIST::FUNCTION:
+i2d_POLICYQUALINFO                      1492    EXIST::FUNCTION:
+POLICYQUALINFO_new                      1493    EXIST::FUNCTION:
+d2i_POLICYQUALINFO                      1494    EXIST::FUNCTION:
+POLICYQUALINFO_free                     1495    EXIST::FUNCTION:
+i2d_USERNOTICE                          1496    EXIST::FUNCTION:
+USERNOTICE_new                          1497    EXIST::FUNCTION:
+d2i_USERNOTICE                          1498    EXIST::FUNCTION:
+USERNOTICE_free                         1499    EXIST::FUNCTION:
+i2d_NOTICEREF                           1500    EXIST::FUNCTION:
+NOTICEREF_new                           1501    EXIST::FUNCTION:
+d2i_NOTICEREF                           1502    EXIST::FUNCTION:
+NOTICEREF_free                          1503    EXIST::FUNCTION:
+X509V3_get_string                       1504    EXIST::FUNCTION:
+X509V3_get_section                      1505    EXIST::FUNCTION:
+X509V3_string_free                      1506    EXIST::FUNCTION:
+X509V3_section_free                     1507    EXIST::FUNCTION:
+X509V3_set_ctx                          1508    EXIST::FUNCTION:
+s2i_ASN1_INTEGER                        1509    EXIST::FUNCTION:
+CRYPTO_set_locked_mem_functions         1510    EXIST::FUNCTION:
+CRYPTO_get_locked_mem_functions         1511    EXIST::FUNCTION:
+CRYPTO_malloc_locked                    1512    EXIST::FUNCTION:
+CRYPTO_free_locked                      1513    EXIST::FUNCTION:
+BN_mod_exp2_mont                        1514    EXIST::FUNCTION:
+ERR_get_error_line_data                 1515    EXIST::FUNCTION:
+ERR_peek_error_line_data                1516    EXIST::FUNCTION:
+PKCS12_PBE_keyivgen                     1517    EXIST::FUNCTION:
+X509_ALGOR_dup                          1518    EXIST::FUNCTION:
+d2i_ASN1_SET_OF_DIST_POINT              1535    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_DIST_POINT              1536    NOEXIST::FUNCTION:
+i2d_CRL_DIST_POINTS                     1537    EXIST::FUNCTION:
+CRL_DIST_POINTS_new                     1538    EXIST::FUNCTION:
+CRL_DIST_POINTS_free                    1539    EXIST::FUNCTION:
+d2i_CRL_DIST_POINTS                     1540    EXIST::FUNCTION:
+i2d_DIST_POINT                          1541    EXIST::FUNCTION:
+DIST_POINT_new                          1542    EXIST::FUNCTION:
+d2i_DIST_POINT                          1543    EXIST::FUNCTION:
+DIST_POINT_free                         1544    EXIST::FUNCTION:
+i2d_DIST_POINT_NAME                     1545    EXIST::FUNCTION:
+DIST_POINT_NAME_new                     1546    EXIST::FUNCTION:
+DIST_POINT_NAME_free                    1547    EXIST::FUNCTION:
+d2i_DIST_POINT_NAME                     1548    EXIST::FUNCTION:
+X509V3_add_value_uchar                  1549    EXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_ATTRIBUTE          1555    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_ASN1_TYPE               1560    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_EXTENSION          1567    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_NAME_ENTRY         1574    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_ASN1_TYPE               1589    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_ATTRIBUTE          1615    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_EXTENSION          1624    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_NAME_ENTRY         1633    NOEXIST::FUNCTION:
+X509V3_EXT_i2d                          1646    EXIST::FUNCTION:
+X509V3_EXT_val_prn                      1647    EXIST::FUNCTION:
+X509V3_EXT_add_list                     1648    EXIST::FUNCTION:
+EVP_CIPHER_type                         1649    EXIST::FUNCTION:
+EVP_PBE_CipherInit                      1650    EXIST::FUNCTION:
+X509V3_add_value_bool_nf                1651    EXIST::FUNCTION:
+d2i_ASN1_UINTEGER                       1652    EXIST::FUNCTION:
+sk_value                                1653    EXIST::FUNCTION:
+sk_num                                  1654    EXIST::FUNCTION:
+sk_set                                  1655    EXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_REVOKED            1661    NOEXIST::FUNCTION:
+sk_sort                                 1671    EXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_REVOKED            1674    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_ALGOR              1682    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_CRL                1685    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_ALGOR              1696    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_CRL                1702    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO       1723    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_PKCS7_RECIP_INFO        1738    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO       1748    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_PKCS7_RECIP_INFO        1753    NOEXIST::FUNCTION:
+PKCS5_PBE_add                           1775    EXIST::FUNCTION:
+PEM_write_bio_PKCS8                     1776    EXIST::FUNCTION:
+i2d_PKCS8_fp                            1777    EXIST::FUNCTION:FP_API
+PEM_read_bio_PKCS8_PRIV_KEY_INFO        1778    EXIST:!VMS:FUNCTION:
+PEM_read_bio_P8_PRIV_KEY_INFO           1778    EXIST:VMS:FUNCTION:
+d2i_PKCS8_bio                           1779    EXIST::FUNCTION:BIO
+d2i_PKCS8_PRIV_KEY_INFO_fp              1780    EXIST::FUNCTION:FP_API
+PEM_write_bio_PKCS8_PRIV_KEY_INFO       1781    EXIST:!VMS:FUNCTION:
+PEM_write_bio_P8_PRIV_KEY_INFO          1781    EXIST:VMS:FUNCTION:
+PEM_read_PKCS8                          1782    EXIST:!WIN16:FUNCTION:
+d2i_PKCS8_PRIV_KEY_INFO_bio             1783    EXIST::FUNCTION:BIO
+d2i_PKCS8_fp                            1784    EXIST::FUNCTION:FP_API
+PEM_write_PKCS8                         1785    EXIST:!WIN16:FUNCTION:
+PEM_read_PKCS8_PRIV_KEY_INFO            1786    EXIST:!VMS,!WIN16:FUNCTION:
+PEM_read_P8_PRIV_KEY_INFO               1786    EXIST:VMS:FUNCTION:
+PEM_read_bio_PKCS8                      1787    EXIST::FUNCTION:
+PEM_write_PKCS8_PRIV_KEY_INFO           1788    EXIST:!VMS,!WIN16:FUNCTION:
+PEM_write_P8_PRIV_KEY_INFO              1788    EXIST:VMS:FUNCTION:
+PKCS5_PBE_keyivgen                      1789    EXIST::FUNCTION:
+i2d_PKCS8_bio                           1790    EXIST::FUNCTION:BIO
+i2d_PKCS8_PRIV_KEY_INFO_fp              1791    EXIST::FUNCTION:FP_API
+i2d_PKCS8_PRIV_KEY_INFO_bio             1792    EXIST::FUNCTION:BIO
+BIO_s_bio                               1793    EXIST::FUNCTION:
+PKCS5_pbe2_set                          1794    EXIST::FUNCTION:
+PKCS5_PBKDF2_HMAC_SHA1                  1795    EXIST::FUNCTION:
+PKCS5_v2_PBE_keyivgen                   1796    EXIST::FUNCTION:
+PEM_write_bio_PKCS8PrivateKey           1797    EXIST::FUNCTION:
+PEM_write_PKCS8PrivateKey               1798    EXIST::FUNCTION:
+BIO_ctrl_get_read_request               1799    EXIST::FUNCTION:
+BIO_ctrl_pending                        1800    EXIST::FUNCTION:
+BIO_ctrl_wpending                       1801    EXIST::FUNCTION:
+BIO_new_bio_pair                        1802    EXIST::FUNCTION:
+BIO_ctrl_get_write_guarantee            1803    EXIST::FUNCTION:
+CRYPTO_num_locks                        1804    EXIST::FUNCTION:
+CONF_load_bio                           1805    EXIST::FUNCTION:
+CONF_load_fp                            1806    EXIST::FUNCTION:FP_API
+i2d_ASN1_SET_OF_ASN1_OBJECT             1837    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_ASN1_OBJECT             1844    NOEXIST::FUNCTION:
+PKCS7_signatureVerify                   1845    EXIST::FUNCTION:
+RSA_set_method                          1846    EXIST::FUNCTION:RSA
+RSA_get_method                          1847    EXIST::FUNCTION:RSA
+RSA_get_default_method                  1848    EXIST::FUNCTION:RSA
+RSA_check_key                           1869    EXIST::FUNCTION:RSA
+OBJ_obj2txt                             1870    EXIST::FUNCTION:
+DSA_dup_DH                              1871    EXIST::FUNCTION:DH,DSA
+X509_REQ_get_extensions                 1872    EXIST::FUNCTION:
+X509_REQ_set_extension_nids             1873    EXIST::FUNCTION:
+BIO_nwrite                              1874    EXIST::FUNCTION:
+X509_REQ_extension_nid                  1875    EXIST::FUNCTION:
+BIO_nread                               1876    EXIST::FUNCTION:
+X509_REQ_get_extension_nids             1877    EXIST::FUNCTION:
+BIO_nwrite0                             1878    EXIST::FUNCTION:
+X509_REQ_add_extensions_nid             1879    EXIST::FUNCTION:
+BIO_nread0                              1880    EXIST::FUNCTION:
+X509_REQ_add_extensions                 1881    EXIST::FUNCTION:
+BIO_new_mem_buf                         1882    EXIST::FUNCTION:
+DH_set_ex_data                          1883    EXIST::FUNCTION:DH
+DH_set_method                           1884    EXIST::FUNCTION:DH
+DSA_OpenSSL                             1885    EXIST::FUNCTION:DSA
+DH_get_ex_data                          1886    EXIST::FUNCTION:DH
+DH_get_ex_new_index                     1887    EXIST::FUNCTION:DH
+DSA_new_method                          1888    EXIST::FUNCTION:DSA
+DH_new_method                           1889    EXIST::FUNCTION:DH
+DH_OpenSSL                              1890    EXIST::FUNCTION:DH
+DSA_get_ex_new_index                    1891    EXIST::FUNCTION:DSA
+DH_get_default_method                   1892    EXIST::FUNCTION:DH
+DSA_set_ex_data                         1893    EXIST::FUNCTION:DSA
+DH_set_default_method                   1894    EXIST::FUNCTION:DH
+DSA_get_ex_data                         1895    EXIST::FUNCTION:DSA
+X509V3_EXT_REQ_add_conf                 1896    EXIST::FUNCTION:
+NETSCAPE_SPKI_print                     1897    EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_set_pubkey                1898    EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_b64_encode                1899    EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_get_pubkey                1900    EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_b64_decode                1901    EXIST::FUNCTION:EVP
+UTF8_putc                               1902    EXIST::FUNCTION:
+UTF8_getc                               1903    EXIST::FUNCTION:
+RSA_null_method                         1904    EXIST::FUNCTION:RSA
+ASN1_tag2str                            1905    EXIST::FUNCTION:
+BIO_ctrl_reset_read_request             1906    EXIST::FUNCTION:
+DISPLAYTEXT_new                         1907    EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_free               1908    EXIST::FUNCTION:
+X509_REVOKED_get_ext_d2i                1909    EXIST::FUNCTION:
+X509_set_ex_data                        1910    EXIST::FUNCTION:
+X509_reject_set_bit_asc                 1911    NOEXIST::FUNCTION:
+X509_NAME_add_entry_by_txt              1912    EXIST::FUNCTION:
+X509_NAME_add_entry_by_NID              1914    EXIST::FUNCTION:
+X509_PURPOSE_get0                       1915    EXIST::FUNCTION:
+PEM_read_X509_AUX                       1917    EXIST:!WIN16:FUNCTION:
+d2i_AUTHORITY_INFO_ACCESS               1918    EXIST::FUNCTION:
+PEM_write_PUBKEY                        1921    EXIST:!WIN16:FUNCTION:
+ACCESS_DESCRIPTION_new                  1925    EXIST::FUNCTION:
+X509_CERT_AUX_free                      1926    EXIST::FUNCTION:
+d2i_ACCESS_DESCRIPTION                  1927    EXIST::FUNCTION:
+X509_trust_clear                        1928    EXIST::FUNCTION:
+X509_TRUST_add                          1931    EXIST::FUNCTION:
+ASN1_VISIBLESTRING_new                  1932    EXIST::FUNCTION:
+X509_alias_set1                         1933    EXIST::FUNCTION:
+ASN1_PRINTABLESTRING_free               1934    EXIST::FUNCTION:
+EVP_PKEY_get1_DSA                       1935    EXIST::FUNCTION:DSA
+ASN1_BMPSTRING_new                      1936    EXIST::FUNCTION:
+ASN1_mbstring_copy                      1937    EXIST::FUNCTION:
+ASN1_UTF8STRING_new                     1938    EXIST::FUNCTION:
+DSA_get_default_method                  1941    EXIST::FUNCTION:DSA
+i2d_ASN1_SET_OF_ACCESS_DESCRIPTION      1945    NOEXIST::FUNCTION:
+ASN1_T61STRING_free                     1946    EXIST::FUNCTION:
+DSA_set_method                          1949    EXIST::FUNCTION:DSA
+X509_get_ex_data                        1950    EXIST::FUNCTION:
+ASN1_STRING_type                        1951    EXIST::FUNCTION:
+X509_PURPOSE_get_by_sname               1952    EXIST::FUNCTION:
+ASN1_TIME_free                          1954    EXIST::FUNCTION:
+ASN1_OCTET_STRING_cmp                   1955    EXIST::FUNCTION:
+ASN1_BIT_STRING_new                     1957    EXIST::FUNCTION:
+X509_get_ext_d2i                        1958    EXIST::FUNCTION:
+PEM_read_bio_X509_AUX                   1959    EXIST::FUNCTION:
+ASN1_STRING_set_default_mask_asc        1960    EXIST:!VMS:FUNCTION:
+ASN1_STRING_set_def_mask_asc            1960    EXIST:VMS:FUNCTION:
+PEM_write_bio_RSA_PUBKEY                1961    EXIST::FUNCTION:RSA
+ASN1_INTEGER_cmp                        1963    EXIST::FUNCTION:
+d2i_RSA_PUBKEY_fp                       1964    EXIST::FUNCTION:FP_API,RSA
+X509_trust_set_bit_asc                  1967    NOEXIST::FUNCTION:
+PEM_write_bio_DSA_PUBKEY                1968    EXIST::FUNCTION:DSA
+X509_STORE_CTX_free                     1969    EXIST::FUNCTION:
+EVP_PKEY_set1_DSA                       1970    EXIST::FUNCTION:DSA
+i2d_DSA_PUBKEY_fp                       1971    EXIST::FUNCTION:DSA,FP_API
+X509_load_cert_crl_file                 1972    EXIST::FUNCTION:STDIO
+ASN1_TIME_new                           1973    EXIST::FUNCTION:
+i2d_RSA_PUBKEY                          1974    EXIST::FUNCTION:RSA
+X509_STORE_CTX_purpose_inherit          1976    EXIST::FUNCTION:
+PEM_read_RSA_PUBKEY                     1977    EXIST:!WIN16:FUNCTION:RSA
+d2i_X509_AUX                            1980    EXIST::FUNCTION:
+i2d_DSA_PUBKEY                          1981    EXIST::FUNCTION:DSA
+X509_CERT_AUX_print                     1982    EXIST::FUNCTION:BIO
+PEM_read_DSA_PUBKEY                     1984    EXIST:!WIN16:FUNCTION:DSA
+i2d_RSA_PUBKEY_bio                      1985    EXIST::FUNCTION:BIO,RSA
+ASN1_BIT_STRING_num_asc                 1986    EXIST::FUNCTION:
+i2d_PUBKEY                              1987    EXIST::FUNCTION:
+ASN1_UTCTIME_free                       1988    EXIST::FUNCTION:
+DSA_set_default_method                  1989    EXIST::FUNCTION:DSA
+X509_PURPOSE_get_by_id                  1990    EXIST::FUNCTION:
+ACCESS_DESCRIPTION_free                 1994    EXIST::FUNCTION:
+PEM_read_bio_PUBKEY                     1995    EXIST::FUNCTION:
+ASN1_STRING_set_by_NID                  1996    EXIST::FUNCTION:
+X509_PURPOSE_get_id                     1997    EXIST::FUNCTION:
+DISPLAYTEXT_free                        1998    EXIST::FUNCTION:
+OTHERNAME_new                           1999    EXIST::FUNCTION:
+X509_CERT_AUX_new                       2001    EXIST::FUNCTION:
+X509_TRUST_cleanup                      2007    EXIST::FUNCTION:
+X509_NAME_add_entry_by_OBJ              2008    EXIST::FUNCTION:
+X509_CRL_get_ext_d2i                    2009    EXIST::FUNCTION:
+X509_PURPOSE_get0_name                  2011    EXIST::FUNCTION:
+PEM_read_PUBKEY                         2012    EXIST:!WIN16:FUNCTION:
+i2d_DSA_PUBKEY_bio                      2014    EXIST::FUNCTION:BIO,DSA
+i2d_OTHERNAME                           2015    EXIST::FUNCTION:
+ASN1_OCTET_STRING_free                  2016    EXIST::FUNCTION:
+ASN1_BIT_STRING_set_asc                 2017    EXIST::FUNCTION:
+X509_get_ex_new_index                   2019    EXIST::FUNCTION:
+ASN1_STRING_TABLE_cleanup               2020    EXIST::FUNCTION:
+X509_TRUST_get_by_id                    2021    EXIST::FUNCTION:
+X509_PURPOSE_get_trust                  2022    EXIST::FUNCTION:
+ASN1_STRING_length                      2023    EXIST::FUNCTION:
+d2i_ASN1_SET_OF_ACCESS_DESCRIPTION      2024    NOEXIST::FUNCTION:
+ASN1_PRINTABLESTRING_new                2025    EXIST::FUNCTION:
+X509V3_get_d2i                          2026    EXIST::FUNCTION:
+ASN1_ENUMERATED_free                    2027    EXIST::FUNCTION:
+i2d_X509_CERT_AUX                       2028    EXIST::FUNCTION:
+X509_STORE_CTX_set_trust                2030    EXIST::FUNCTION:
+ASN1_STRING_set_default_mask            2032    EXIST::FUNCTION:
+X509_STORE_CTX_new                      2033    EXIST::FUNCTION:
+EVP_PKEY_get1_RSA                       2034    EXIST::FUNCTION:RSA
+DIRECTORYSTRING_free                    2038    EXIST::FUNCTION:
+PEM_write_X509_AUX                      2039    EXIST:!WIN16:FUNCTION:
+ASN1_OCTET_STRING_set                   2040    EXIST::FUNCTION:
+d2i_DSA_PUBKEY_fp                       2041    EXIST::FUNCTION:DSA,FP_API
+d2i_RSA_PUBKEY                          2044    EXIST::FUNCTION:RSA
+X509_TRUST_get0_name                    2046    EXIST::FUNCTION:
+X509_TRUST_get0                         2047    EXIST::FUNCTION:
+AUTHORITY_INFO_ACCESS_free              2048    EXIST::FUNCTION:
+ASN1_IA5STRING_new                      2049    EXIST::FUNCTION:
+d2i_DSA_PUBKEY                          2050    EXIST::FUNCTION:DSA
+X509_check_purpose                      2051    EXIST::FUNCTION:
+ASN1_ENUMERATED_new                     2052    EXIST::FUNCTION:
+d2i_RSA_PUBKEY_bio                      2053    EXIST::FUNCTION:BIO,RSA
+d2i_PUBKEY                              2054    EXIST::FUNCTION:
+X509_TRUST_get_trust                    2055    EXIST::FUNCTION:
+X509_TRUST_get_flags                    2056    EXIST::FUNCTION:
+ASN1_BMPSTRING_free                     2057    EXIST::FUNCTION:
+ASN1_T61STRING_new                      2058    EXIST::FUNCTION:
+ASN1_UTCTIME_new                        2060    EXIST::FUNCTION:
+i2d_AUTHORITY_INFO_ACCESS               2062    EXIST::FUNCTION:
+EVP_PKEY_set1_RSA                       2063    EXIST::FUNCTION:RSA
+X509_STORE_CTX_set_purpose              2064    EXIST::FUNCTION:
+ASN1_IA5STRING_free                     2065    EXIST::FUNCTION:
+PEM_write_bio_X509_AUX                  2066    EXIST::FUNCTION:
+X509_PURPOSE_get_count                  2067    EXIST::FUNCTION:
+CRYPTO_add_info                         2068    NOEXIST::FUNCTION:
+X509_NAME_ENTRY_create_by_txt           2071    EXIST::FUNCTION:
+ASN1_STRING_get_default_mask            2072    EXIST::FUNCTION:
+X509_alias_get0                         2074    EXIST::FUNCTION:
+ASN1_STRING_data                        2075    EXIST::FUNCTION:
+i2d_ACCESS_DESCRIPTION                  2077    EXIST::FUNCTION:
+X509_trust_set_bit                      2078    NOEXIST::FUNCTION:
+ASN1_BIT_STRING_free                    2080    EXIST::FUNCTION:
+PEM_read_bio_RSA_PUBKEY                 2081    EXIST::FUNCTION:RSA
+X509_add1_reject_object                 2082    EXIST::FUNCTION:
+X509_check_trust                        2083    EXIST::FUNCTION:
+PEM_read_bio_DSA_PUBKEY                 2088    EXIST::FUNCTION:DSA
+X509_PURPOSE_add                        2090    EXIST::FUNCTION:
+ASN1_STRING_TABLE_get                   2091    EXIST::FUNCTION:
+ASN1_UTF8STRING_free                    2092    EXIST::FUNCTION:
+d2i_DSA_PUBKEY_bio                      2093    EXIST::FUNCTION:BIO,DSA
+PEM_write_RSA_PUBKEY                    2095    EXIST:!WIN16:FUNCTION:RSA
+d2i_OTHERNAME                           2096    EXIST::FUNCTION:
+X509_reject_set_bit                     2098    NOEXIST::FUNCTION:
+PEM_write_DSA_PUBKEY                    2101    EXIST:!WIN16:FUNCTION:DSA
+X509_PURPOSE_get0_sname                 2105    EXIST::FUNCTION:
+EVP_PKEY_set1_DH                        2107    EXIST::FUNCTION:DH
+ASN1_OCTET_STRING_dup                   2108    EXIST::FUNCTION:
+ASN1_BIT_STRING_set                     2109    EXIST::FUNCTION:
+X509_TRUST_get_count                    2110    EXIST::FUNCTION:
+ASN1_INTEGER_free                       2111    EXIST::FUNCTION:
+OTHERNAME_free                          2112    EXIST::FUNCTION:
+i2d_RSA_PUBKEY_fp                       2113    EXIST::FUNCTION:FP_API,RSA
+ASN1_INTEGER_dup                        2114    EXIST::FUNCTION:
+d2i_X509_CERT_AUX                       2115    EXIST::FUNCTION:
+PEM_write_bio_PUBKEY                    2117    EXIST::FUNCTION:
+ASN1_VISIBLESTRING_free                 2118    EXIST::FUNCTION:
+X509_PURPOSE_cleanup                    2119    EXIST::FUNCTION:
+ASN1_mbstring_ncopy                     2123    EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_new                2126    EXIST::FUNCTION:
+EVP_PKEY_get1_DH                        2128    EXIST::FUNCTION:DH
+ASN1_OCTET_STRING_new                   2130    EXIST::FUNCTION:
+ASN1_INTEGER_new                        2131    EXIST::FUNCTION:
+i2d_X509_AUX                            2132    EXIST::FUNCTION:
+ASN1_BIT_STRING_name_print              2134    EXIST::FUNCTION:BIO
+X509_cmp                                2135    EXIST::FUNCTION:
+ASN1_STRING_length_set                  2136    EXIST::FUNCTION:
+DIRECTORYSTRING_new                     2137    EXIST::FUNCTION:
+X509_add1_trust_object                  2140    EXIST::FUNCTION:
+PKCS12_newpass                          2141    EXIST::FUNCTION:
+SMIME_write_PKCS7                       2142    EXIST::FUNCTION:
+SMIME_read_PKCS7                        2143    EXIST::FUNCTION:
+DES_set_key_checked                     2144    EXIST::FUNCTION:DES
+PKCS7_verify                            2145    EXIST::FUNCTION:
+PKCS7_encrypt                           2146    EXIST::FUNCTION:
+DES_set_key_unchecked                   2147    EXIST::FUNCTION:DES
+SMIME_crlf_copy                         2148    EXIST::FUNCTION:
+i2d_ASN1_PRINTABLESTRING                2149    EXIST::FUNCTION:
+PKCS7_get0_signers                      2150    EXIST::FUNCTION:
+PKCS7_decrypt                           2151    EXIST::FUNCTION:
+SMIME_text                              2152    EXIST::FUNCTION:
+PKCS7_simple_smimecap                   2153    EXIST::FUNCTION:
+PKCS7_get_smimecap                      2154    EXIST::FUNCTION:
+PKCS7_sign                              2155    EXIST::FUNCTION:
+PKCS7_add_attrib_smimecap               2156    EXIST::FUNCTION:
+CRYPTO_dbg_set_options                  2157    EXIST::FUNCTION:
+CRYPTO_remove_all_info                  2158    EXIST::FUNCTION:
+CRYPTO_get_mem_debug_functions          2159    EXIST::FUNCTION:
+CRYPTO_is_mem_check_on                  2160    EXIST::FUNCTION:
+CRYPTO_set_mem_debug_functions          2161    EXIST::FUNCTION:
+CRYPTO_pop_info                         2162    EXIST::FUNCTION:
+CRYPTO_push_info_                       2163    EXIST::FUNCTION:
+CRYPTO_set_mem_debug_options            2164    EXIST::FUNCTION:
+PEM_write_PKCS8PrivateKey_nid           2165    EXIST::FUNCTION:
+PEM_write_bio_PKCS8PrivateKey_nid       2166    EXIST:!VMS:FUNCTION:
+PEM_write_bio_PKCS8PrivKey_nid          2166    EXIST:VMS:FUNCTION:
+d2i_PKCS8PrivateKey_bio                 2167    EXIST::FUNCTION:
+ASN1_NULL_free                          2168    EXIST::FUNCTION:
+d2i_ASN1_NULL                           2169    EXIST::FUNCTION:
+ASN1_NULL_new                           2170    EXIST::FUNCTION:
+i2d_PKCS8PrivateKey_bio                 2171    EXIST::FUNCTION:
+i2d_PKCS8PrivateKey_fp                  2172    EXIST::FUNCTION:
+i2d_ASN1_NULL                           2173    EXIST::FUNCTION:
+i2d_PKCS8PrivateKey_nid_fp              2174    EXIST::FUNCTION:
+d2i_PKCS8PrivateKey_fp                  2175    EXIST::FUNCTION:
+i2d_PKCS8PrivateKey_nid_bio             2176    EXIST::FUNCTION:
+i2d_PKCS8PrivateKeyInfo_fp              2177    EXIST::FUNCTION:FP_API
+i2d_PKCS8PrivateKeyInfo_bio             2178    EXIST::FUNCTION:BIO
+PEM_cb                                  2179    NOEXIST::FUNCTION:
+i2d_PrivateKey_fp                       2180    EXIST::FUNCTION:FP_API
+d2i_PrivateKey_bio                      2181    EXIST::FUNCTION:BIO
+d2i_PrivateKey_fp                       2182    EXIST::FUNCTION:FP_API
+i2d_PrivateKey_bio                      2183    EXIST::FUNCTION:BIO
+X509_reject_clear                       2184    EXIST::FUNCTION:
+X509_TRUST_set_default                  2185    EXIST::FUNCTION:
+d2i_AutoPrivateKey                      2186    EXIST::FUNCTION:
+X509_ATTRIBUTE_get0_type                2187    EXIST::FUNCTION:
+X509_ATTRIBUTE_set1_data                2188    EXIST::FUNCTION:
+X509at_get_attr                         2189    EXIST::FUNCTION:
+X509at_get_attr_count                   2190    EXIST::FUNCTION:
+X509_ATTRIBUTE_create_by_NID            2191    EXIST::FUNCTION:
+X509_ATTRIBUTE_set1_object              2192    EXIST::FUNCTION:
+X509_ATTRIBUTE_count                    2193    EXIST::FUNCTION:
+X509_ATTRIBUTE_create_by_OBJ            2194    EXIST::FUNCTION:
+X509_ATTRIBUTE_get0_object              2195    EXIST::FUNCTION:
+X509at_get_attr_by_NID                  2196    EXIST::FUNCTION:
+X509at_add1_attr                        2197    EXIST::FUNCTION:
+X509_ATTRIBUTE_get0_data                2198    EXIST::FUNCTION:
+X509at_delete_attr                      2199    EXIST::FUNCTION:
+X509at_get_attr_by_OBJ                  2200    EXIST::FUNCTION:
+RAND_add                                2201    EXIST::FUNCTION:
+BIO_number_written                      2202    EXIST::FUNCTION:
+BIO_number_read                         2203    EXIST::FUNCTION:
+X509_STORE_CTX_get1_chain               2204    EXIST::FUNCTION:
+ERR_load_RAND_strings                   2205    EXIST::FUNCTION:
+RAND_pseudo_bytes                       2206    EXIST::FUNCTION:
+X509_REQ_get_attr_by_NID                2207    EXIST::FUNCTION:
+X509_REQ_get_attr                       2208    EXIST::FUNCTION:
+X509_REQ_add1_attr_by_NID               2209    EXIST::FUNCTION:
+X509_REQ_get_attr_by_OBJ                2210    EXIST::FUNCTION:
+X509at_add1_attr_by_NID                 2211    EXIST::FUNCTION:
+X509_REQ_add1_attr_by_OBJ               2212    EXIST::FUNCTION:
+X509_REQ_get_attr_count                 2213    EXIST::FUNCTION:
+X509_REQ_add1_attr                      2214    EXIST::FUNCTION:
+X509_REQ_delete_attr                    2215    EXIST::FUNCTION:
+X509at_add1_attr_by_OBJ                 2216    EXIST::FUNCTION:
+X509_REQ_add1_attr_by_txt               2217    EXIST::FUNCTION:
+X509_ATTRIBUTE_create_by_txt            2218    EXIST::FUNCTION:
+X509at_add1_attr_by_txt                 2219    EXIST::FUNCTION:
+BN_pseudo_rand                          2239    EXIST::FUNCTION:
+BN_is_prime_fasttest                    2240    EXIST::FUNCTION:
+BN_CTX_end                              2241    EXIST::FUNCTION:
+BN_CTX_start                            2242    EXIST::FUNCTION:
+BN_CTX_get                              2243    EXIST::FUNCTION:
+EVP_PKEY2PKCS8_broken                   2244    EXIST::FUNCTION:
+ASN1_STRING_TABLE_add                   2245    EXIST::FUNCTION:
+CRYPTO_dbg_get_options                  2246    EXIST::FUNCTION:
+AUTHORITY_INFO_ACCESS_new               2247    EXIST::FUNCTION:
+CRYPTO_get_mem_debug_options            2248    EXIST::FUNCTION:
+DES_crypt                               2249    EXIST::FUNCTION:DES
+PEM_write_bio_X509_REQ_NEW              2250    EXIST::FUNCTION:
+PEM_write_X509_REQ_NEW                  2251    EXIST:!WIN16:FUNCTION:
+BIO_callback_ctrl                       2252    EXIST::FUNCTION:
+RAND_egd                                2253    EXIST::FUNCTION:
+RAND_status                             2254    EXIST::FUNCTION:
+bn_dump1                                2255    NOEXIST::FUNCTION:
+DES_check_key_parity                    2256    EXIST::FUNCTION:DES
+lh_num_items                            2257    EXIST::FUNCTION:
+RAND_event                              2258    EXIST:WIN32:FUNCTION:
+DSO_new                                 2259    EXIST::FUNCTION:
+DSO_new_method                          2260    EXIST::FUNCTION:
+DSO_free                                2261    EXIST::FUNCTION:
+DSO_flags                               2262    EXIST::FUNCTION:
+DSO_up                                  2263    NOEXIST::FUNCTION:
+DSO_set_default_method                  2264    EXIST::FUNCTION:
+DSO_get_default_method                  2265    EXIST::FUNCTION:
+DSO_get_method                          2266    EXIST::FUNCTION:
+DSO_set_method                          2267    EXIST::FUNCTION:
+DSO_load                                2268    EXIST::FUNCTION:
+DSO_bind_var                            2269    EXIST::FUNCTION:
+DSO_METHOD_null                         2270    EXIST::FUNCTION:
+DSO_METHOD_openssl                      2271    EXIST::FUNCTION:
+DSO_METHOD_dlfcn                        2272    EXIST::FUNCTION:
+DSO_METHOD_win32                        2273    EXIST::FUNCTION:
+ERR_load_DSO_strings                    2274    EXIST::FUNCTION:
+DSO_METHOD_dl                           2275    EXIST::FUNCTION:
+NCONF_load                              2276    EXIST::FUNCTION:
+NCONF_load_fp                           2278    EXIST::FUNCTION:FP_API
+NCONF_new                               2279    EXIST::FUNCTION:
+NCONF_get_string                        2280    EXIST::FUNCTION:
+NCONF_free                              2281    EXIST::FUNCTION:
+NCONF_get_number                        2282    NOEXIST::FUNCTION:
+CONF_dump_fp                            2283    EXIST::FUNCTION:
+NCONF_load_bio                          2284    EXIST::FUNCTION:
+NCONF_dump_fp                           2285    EXIST::FUNCTION:
+NCONF_get_section                       2286    EXIST::FUNCTION:
+NCONF_dump_bio                          2287    EXIST::FUNCTION:
+CONF_dump_bio                           2288    EXIST::FUNCTION:
+NCONF_free_data                         2289    EXIST::FUNCTION:
+CONF_set_default_method                 2290    EXIST::FUNCTION:
+ERR_error_string_n                      2291    EXIST::FUNCTION:
+BIO_snprintf                            2292    EXIST::FUNCTION:
+DSO_ctrl                                2293    EXIST::FUNCTION:
+i2d_ASN1_SET_OF_ASN1_INTEGER            2317    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_PKCS12_SAFEBAG          2320    NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_PKCS7                   2328    NOEXIST::FUNCTION:
+BIO_vfree                               2334    EXIST::FUNCTION:
+d2i_ASN1_SET_OF_ASN1_INTEGER            2339    NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_PKCS12_SAFEBAG          2341    NOEXIST::FUNCTION:
+ASN1_UTCTIME_get                        2350    NOEXIST::FUNCTION:
+X509_REQ_digest                         2362    EXIST::FUNCTION:EVP
+X509_CRL_digest                         2391    EXIST::FUNCTION:EVP
+d2i_ASN1_SET_OF_PKCS7                   2397    NOEXIST::FUNCTION:
+EVP_CIPHER_CTX_set_key_length           2399    EXIST::FUNCTION:
+EVP_CIPHER_CTX_ctrl                     2400    EXIST::FUNCTION:
+BN_mod_exp_mont_word                    2401    EXIST::FUNCTION:
+RAND_egd_bytes                          2402    EXIST::FUNCTION:
+X509_REQ_get1_email                     2403    EXIST::FUNCTION:
+X509_get1_email                         2404    EXIST::FUNCTION:
+X509_email_free                         2405    EXIST::FUNCTION:
+i2d_RSA_NET                             2406    EXIST::FUNCTION:RSA
+d2i_RSA_NET_2                           2407    NOEXIST::FUNCTION:
+d2i_RSA_NET                             2408    EXIST::FUNCTION:RSA
+DSO_bind_func                           2409    EXIST::FUNCTION:
+CRYPTO_get_new_dynlockid                2410    EXIST::FUNCTION:
+sk_new_null                             2411    EXIST::FUNCTION:
+CRYPTO_set_dynlock_destroy_callback     2412    EXIST:!VMS:FUNCTION:
+CRYPTO_set_dynlock_destroy_cb           2412    EXIST:VMS:FUNCTION:
+CRYPTO_destroy_dynlockid                2413    EXIST::FUNCTION:
+CRYPTO_set_dynlock_size                 2414    NOEXIST::FUNCTION:
+CRYPTO_set_dynlock_create_callback      2415    EXIST:!VMS:FUNCTION:
+CRYPTO_set_dynlock_create_cb            2415    EXIST:VMS:FUNCTION:
+CRYPTO_set_dynlock_lock_callback        2416    EXIST:!VMS:FUNCTION:
+CRYPTO_set_dynlock_lock_cb              2416    EXIST:VMS:FUNCTION:
+CRYPTO_get_dynlock_lock_callback        2417    EXIST:!VMS:FUNCTION:
+CRYPTO_get_dynlock_lock_cb              2417    EXIST:VMS:FUNCTION:
+CRYPTO_get_dynlock_destroy_callback     2418    EXIST:!VMS:FUNCTION:
+CRYPTO_get_dynlock_destroy_cb           2418    EXIST:VMS:FUNCTION:
+CRYPTO_get_dynlock_value                2419    EXIST::FUNCTION:
+CRYPTO_get_dynlock_create_callback      2420    EXIST:!VMS:FUNCTION:
+CRYPTO_get_dynlock_create_cb            2420    EXIST:VMS:FUNCTION:
+c2i_ASN1_BIT_STRING                     2421    EXIST::FUNCTION:
+i2c_ASN1_BIT_STRING                     2422    EXIST::FUNCTION:
+RAND_poll                               2423    EXIST::FUNCTION:
+c2i_ASN1_INTEGER                        2424    EXIST::FUNCTION:
+i2c_ASN1_INTEGER                        2425    EXIST::FUNCTION:
+BIO_dump_indent                         2426    EXIST::FUNCTION:
+ASN1_parse_dump                         2427    EXIST::FUNCTION:BIO
+c2i_ASN1_OBJECT                         2428    EXIST::FUNCTION:
+X509_NAME_print_ex_fp                   2429    EXIST::FUNCTION:FP_API
+ASN1_STRING_print_ex_fp                 2430    EXIST::FUNCTION:FP_API
+X509_NAME_print_ex                      2431    EXIST::FUNCTION:BIO
+ASN1_STRING_print_ex                    2432    EXIST::FUNCTION:BIO
+MD4                                     2433    EXIST::FUNCTION:MD4
+MD4_Transform                           2434    EXIST::FUNCTION:MD4
+MD4_Final                               2435    EXIST::FUNCTION:MD4
+MD4_Update                              2436    EXIST::FUNCTION:MD4
+MD4_Init                                2437    EXIST::FUNCTION:MD4
+EVP_md4                                 2438    EXIST::FUNCTION:MD4
+i2d_PUBKEY_bio                          2439    EXIST::FUNCTION:BIO
+i2d_PUBKEY_fp                           2440    EXIST::FUNCTION:FP_API
+d2i_PUBKEY_bio                          2441    EXIST::FUNCTION:BIO
+ASN1_STRING_to_UTF8                     2442    EXIST::FUNCTION:
+BIO_vprintf                             2443    EXIST::FUNCTION:
+BIO_vsnprintf                           2444    EXIST::FUNCTION:
+d2i_PUBKEY_fp                           2445    EXIST::FUNCTION:FP_API
+X509_cmp_time                           2446    EXIST::FUNCTION:
+X509_STORE_CTX_set_time                 2447    EXIST::FUNCTION:
+X509_STORE_CTX_get1_issuer              2448    EXIST::FUNCTION:
+X509_OBJECT_retrieve_match              2449    EXIST::FUNCTION:
+X509_OBJECT_idx_by_subject              2450    EXIST::FUNCTION:
+X509_STORE_CTX_set_flags                2451    EXIST::FUNCTION:
+X509_STORE_CTX_trusted_stack            2452    EXIST::FUNCTION:
+X509_time_adj                           2453    EXIST::FUNCTION:
+X509_check_issued                       2454    EXIST::FUNCTION:
+ASN1_UTCTIME_cmp_time_t                 2455    EXIST::FUNCTION:
+DES_set_weak_key_flag                   2456    NOEXIST::FUNCTION:
+DES_check_key                           2457    NOEXIST::FUNCTION:
+DES_rw_mode                             2458    NOEXIST::FUNCTION:
+RSA_PKCS1_RSAref                        2459    NOEXIST::FUNCTION:
+X509_keyid_set1                         2460    EXIST::FUNCTION:
+BIO_next                                2461    EXIST::FUNCTION:
+DSO_METHOD_vms                          2462    EXIST::FUNCTION:
+BIO_f_linebuffer                        2463    EXIST:VMS:FUNCTION:
+BN_bntest_rand                          2464    EXIST::FUNCTION:
+OPENSSL_issetugid                       2465    EXIST::FUNCTION:
+BN_rand_range                           2466    EXIST::FUNCTION:
+ERR_load_ENGINE_strings                 2467    EXIST::FUNCTION:ENGINE
+ENGINE_set_DSA                          2468    EXIST::FUNCTION:ENGINE
+ENGINE_get_finish_function              2469    EXIST::FUNCTION:ENGINE
+ENGINE_get_default_RSA                  2470    EXIST::FUNCTION:ENGINE
+ENGINE_get_BN_mod_exp                   2471    NOEXIST::FUNCTION:
+DSA_get_default_openssl_method          2472    NOEXIST::FUNCTION:
+ENGINE_set_DH                           2473    EXIST::FUNCTION:ENGINE
+ENGINE_set_def_BN_mod_exp_crt           2474    NOEXIST::FUNCTION:
+ENGINE_set_default_BN_mod_exp_crt       2474    NOEXIST::FUNCTION:
+ENGINE_init                             2475    EXIST::FUNCTION:ENGINE
+DH_get_default_openssl_method           2476    NOEXIST::FUNCTION:
+RSA_set_default_openssl_method          2477    NOEXIST::FUNCTION:
+ENGINE_finish                           2478    EXIST::FUNCTION:ENGINE
+ENGINE_load_public_key                  2479    EXIST::FUNCTION:ENGINE
+ENGINE_get_DH                           2480    EXIST::FUNCTION:ENGINE
+ENGINE_ctrl                             2481    EXIST::FUNCTION:ENGINE
+ENGINE_get_init_function                2482    EXIST::FUNCTION:ENGINE
+ENGINE_set_init_function                2483    EXIST::FUNCTION:ENGINE
+ENGINE_set_default_DSA                  2484    EXIST::FUNCTION:ENGINE
+ENGINE_get_name                         2485    EXIST::FUNCTION:ENGINE
+ENGINE_get_last                         2486    EXIST::FUNCTION:ENGINE
+ENGINE_get_prev                         2487    EXIST::FUNCTION:ENGINE
+ENGINE_get_default_DH                   2488    EXIST::FUNCTION:ENGINE
+ENGINE_get_RSA                          2489    EXIST::FUNCTION:ENGINE
+ENGINE_set_default                      2490    EXIST::FUNCTION:ENGINE
+ENGINE_get_RAND                         2491    EXIST::FUNCTION:ENGINE
+ENGINE_get_first                        2492    EXIST::FUNCTION:ENGINE
+ENGINE_by_id                            2493    EXIST::FUNCTION:ENGINE
+ENGINE_set_finish_function              2494    EXIST::FUNCTION:ENGINE
+ENGINE_get_def_BN_mod_exp_crt           2495    NOEXIST::FUNCTION:
+ENGINE_get_default_BN_mod_exp_crt       2495    NOEXIST::FUNCTION:
+RSA_get_default_openssl_method          2496    NOEXIST::FUNCTION:
+ENGINE_set_RSA                          2497    EXIST::FUNCTION:ENGINE
+ENGINE_load_private_key                 2498    EXIST::FUNCTION:ENGINE
+ENGINE_set_default_RAND                 2499    EXIST::FUNCTION:ENGINE
+ENGINE_set_BN_mod_exp                   2500    NOEXIST::FUNCTION:
+ENGINE_remove                           2501    EXIST::FUNCTION:ENGINE
+ENGINE_free                             2502    EXIST::FUNCTION:ENGINE
+ENGINE_get_BN_mod_exp_crt               2503    NOEXIST::FUNCTION:
+ENGINE_get_next                         2504    EXIST::FUNCTION:ENGINE
+ENGINE_set_name                         2505    EXIST::FUNCTION:ENGINE
+ENGINE_get_default_DSA                  2506    EXIST::FUNCTION:ENGINE
+ENGINE_set_default_BN_mod_exp           2507    NOEXIST::FUNCTION:
+ENGINE_set_default_RSA                  2508    EXIST::FUNCTION:ENGINE
+ENGINE_get_default_RAND                 2509    EXIST::FUNCTION:ENGINE
+ENGINE_get_default_BN_mod_exp           2510    NOEXIST::FUNCTION:
+ENGINE_set_RAND                         2511    EXIST::FUNCTION:ENGINE
+ENGINE_set_id                           2512    EXIST::FUNCTION:ENGINE
+ENGINE_set_BN_mod_exp_crt               2513    NOEXIST::FUNCTION:
+ENGINE_set_default_DH                   2514    EXIST::FUNCTION:ENGINE
+ENGINE_new                              2515    EXIST::FUNCTION:ENGINE
+ENGINE_get_id                           2516    EXIST::FUNCTION:ENGINE
+DSA_set_default_openssl_method          2517    NOEXIST::FUNCTION:
+ENGINE_add                              2518    EXIST::FUNCTION:ENGINE
+DH_set_default_openssl_method           2519    NOEXIST::FUNCTION:
+ENGINE_get_DSA                          2520    EXIST::FUNCTION:ENGINE
+ENGINE_get_ctrl_function                2521    EXIST::FUNCTION:ENGINE
+ENGINE_set_ctrl_function                2522    EXIST::FUNCTION:ENGINE
+BN_pseudo_rand_range                    2523    EXIST::FUNCTION:
+X509_STORE_CTX_set_verify_cb            2524    EXIST::FUNCTION:
+ERR_load_COMP_strings                   2525    EXIST::FUNCTION:
+PKCS12_item_decrypt_d2i                 2526    EXIST::FUNCTION:
+ASN1_UTF8STRING_it                      2527    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_UTF8STRING_it                      2527    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_unregister_ciphers               2528    EXIST::FUNCTION:ENGINE
+ENGINE_get_ciphers                      2529    EXIST::FUNCTION:ENGINE
+d2i_OCSP_BASICRESP                      2530    EXIST::FUNCTION:
+KRB5_CHECKSUM_it                        2531    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_CHECKSUM_it                        2531    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_POINT_add                            2532    EXIST::FUNCTION:EC
+ASN1_item_ex_i2d                        2533    EXIST::FUNCTION:
+OCSP_CERTID_it                          2534    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_CERTID_it                          2534    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_OCSP_RESPBYTES                      2535    EXIST::FUNCTION:
+X509V3_add1_i2d                         2536    EXIST::FUNCTION:
+PKCS7_ENVELOPE_it                       2537    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ENVELOPE_it                       2537    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_add_input_boolean                    2538    EXIST::FUNCTION:
+ENGINE_unregister_RSA                   2539    EXIST::FUNCTION:ENGINE
+X509V3_EXT_nconf                        2540    EXIST::FUNCTION:
+ASN1_GENERALSTRING_free                 2541    EXIST::FUNCTION:
+d2i_OCSP_CERTSTATUS                     2542    EXIST::FUNCTION:
+X509_REVOKED_set_serialNumber           2543    EXIST::FUNCTION:
+X509_print_ex                           2544    EXIST::FUNCTION:BIO
+OCSP_ONEREQ_get1_ext_d2i                2545    EXIST::FUNCTION:
+ENGINE_register_all_RAND                2546    EXIST::FUNCTION:ENGINE
+ENGINE_load_dynamic                     2547    EXIST::FUNCTION:ENGINE
+PBKDF2PARAM_it                          2548    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PBKDF2PARAM_it                          2548    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EXTENDED_KEY_USAGE_new                  2549    EXIST::FUNCTION:
+EC_GROUP_clear_free                     2550    EXIST::FUNCTION:EC
+OCSP_sendreq_bio                        2551    EXIST::FUNCTION:
+ASN1_item_digest                        2552    EXIST::FUNCTION:EVP
+OCSP_BASICRESP_delete_ext               2553    EXIST::FUNCTION:
+OCSP_SIGNATURE_it                       2554    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_SIGNATURE_it                       2554    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_CRL_it                             2555    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CRL_it                             2555    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_BASICRESP_add_ext                  2556    EXIST::FUNCTION:
+KRB5_ENCKEY_it                          2557    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_ENCKEY_it                          2557    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_method_set_closer                    2558    EXIST::FUNCTION:
+X509_STORE_set_purpose                  2559    EXIST::FUNCTION:
+i2d_ASN1_GENERALSTRING                  2560    EXIST::FUNCTION:
+OCSP_response_status                    2561    EXIST::FUNCTION:
+i2d_OCSP_SERVICELOC                     2562    EXIST::FUNCTION:
+ENGINE_get_digest_engine                2563    EXIST::FUNCTION:ENGINE
+EC_GROUP_set_curve_GFp                  2564    EXIST::FUNCTION:EC
+OCSP_REQUEST_get_ext_by_OBJ             2565    EXIST::FUNCTION:
+_ossl_old_des_random_key                2566    EXIST::FUNCTION:DES
+ASN1_T61STRING_it                       2567    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_T61STRING_it                       2567    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_GROUP_method_of                      2568    EXIST::FUNCTION:EC
+i2d_KRB5_APREQ                          2569    EXIST::FUNCTION:
+_ossl_old_des_encrypt                   2570    EXIST::FUNCTION:DES
+ASN1_PRINTABLE_new                      2571    EXIST::FUNCTION:
+HMAC_Init_ex                            2572    EXIST::FUNCTION:HMAC
+d2i_KRB5_AUTHENT                        2573    EXIST::FUNCTION:
+OCSP_archive_cutoff_new                 2574    EXIST::FUNCTION:
+EC_POINT_set_Jprojective_coordinates_GFp 2575   EXIST:!VMS:FUNCTION:EC
+EC_POINT_set_Jproj_coords_GFp           2575    EXIST:VMS:FUNCTION:EC
+_ossl_old_des_is_weak_key               2576    EXIST::FUNCTION:DES
+OCSP_BASICRESP_get_ext_by_OBJ           2577    EXIST::FUNCTION:
+EC_POINT_oct2point                      2578    EXIST::FUNCTION:EC
+OCSP_SINGLERESP_get_ext_count           2579    EXIST::FUNCTION:
+UI_ctrl                                 2580    EXIST::FUNCTION:
+_shadow_DES_rw_mode                     2581    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
+_shadow_DES_rw_mode                     2581    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
+asn1_do_adb                             2582    EXIST::FUNCTION:
+ASN1_template_i2d                       2583    EXIST::FUNCTION:
+ENGINE_register_DH                      2584    EXIST::FUNCTION:ENGINE
+UI_construct_prompt                     2585    EXIST::FUNCTION:
+X509_STORE_set_trust                    2586    EXIST::FUNCTION:
+UI_dup_input_string                     2587    EXIST::FUNCTION:
+d2i_KRB5_APREQ                          2588    EXIST::FUNCTION:
+EVP_MD_CTX_copy_ex                      2589    EXIST::FUNCTION:
+OCSP_request_is_signed                  2590    EXIST::FUNCTION:
+i2d_OCSP_REQINFO                        2591    EXIST::FUNCTION:
+KRB5_ENCKEY_free                        2592    EXIST::FUNCTION:
+OCSP_resp_get0                          2593    EXIST::FUNCTION:
+GENERAL_NAME_it                         2594    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+GENERAL_NAME_it                         2594    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_GENERALIZEDTIME_it                 2595    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_GENERALIZEDTIME_it                 2595    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_STORE_set_flags                    2596    EXIST::FUNCTION:
+EC_POINT_set_compressed_coordinates_GFp 2597    EXIST:!VMS:FUNCTION:EC
+EC_POINT_set_compr_coords_GFp           2597    EXIST:VMS:FUNCTION:EC
+OCSP_response_status_str                2598    EXIST::FUNCTION:
+d2i_OCSP_REVOKEDINFO                    2599    EXIST::FUNCTION:
+OCSP_basic_add1_cert                    2600    EXIST::FUNCTION:
+ERR_get_implementation                  2601    EXIST::FUNCTION:
+EVP_CipherFinal_ex                      2602    EXIST::FUNCTION:
+OCSP_CERTSTATUS_new                     2603    EXIST::FUNCTION:
+CRYPTO_cleanup_all_ex_data              2604    EXIST::FUNCTION:
+OCSP_resp_find                          2605    EXIST::FUNCTION:
+BN_nnmod                                2606    EXIST::FUNCTION:
+X509_CRL_sort                           2607    EXIST::FUNCTION:
+X509_REVOKED_set_revocationDate         2608    EXIST::FUNCTION:
+ENGINE_register_RAND                    2609    EXIST::FUNCTION:ENGINE
+OCSP_SERVICELOC_new                     2610    EXIST::FUNCTION:
+EC_POINT_set_affine_coordinates_GFp     2611    EXIST:!VMS:FUNCTION:EC
+EC_POINT_set_affine_coords_GFp          2611    EXIST:VMS:FUNCTION:EC
+_ossl_old_des_options                   2612    EXIST::FUNCTION:DES
+SXNET_it                                2613    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+SXNET_it                                2613    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_dup_input_boolean                    2614    EXIST::FUNCTION:
+PKCS12_add_CSPName_asc                  2615    EXIST::FUNCTION:
+EC_POINT_is_at_infinity                 2616    EXIST::FUNCTION:EC
+ENGINE_load_cryptodev                   2617    EXIST::FUNCTION:ENGINE
+DSO_convert_filename                    2618    EXIST::FUNCTION:
+POLICYQUALINFO_it                       2619    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICYQUALINFO_it                       2619    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_register_ciphers                 2620    EXIST::FUNCTION:ENGINE
+BN_mod_lshift_quick                     2621    EXIST::FUNCTION:
+DSO_set_filename                        2622    EXIST::FUNCTION:
+ASN1_item_free                          2623    EXIST::FUNCTION:
+KRB5_TKTBODY_free                       2624    EXIST::FUNCTION:
+AUTHORITY_KEYID_it                      2625    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+AUTHORITY_KEYID_it                      2625    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+KRB5_APREQBODY_new                      2626    EXIST::FUNCTION:
+X509V3_EXT_REQ_add_nconf                2627    EXIST::FUNCTION:
+ENGINE_ctrl_cmd_string                  2628    EXIST::FUNCTION:ENGINE
+i2d_OCSP_RESPDATA                       2629    EXIST::FUNCTION:
+EVP_MD_CTX_init                         2630    EXIST::FUNCTION:
+EXTENDED_KEY_USAGE_free                 2631    EXIST::FUNCTION:
+PKCS7_ATTR_SIGN_it                      2632    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ATTR_SIGN_it                      2632    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_add_error_string                     2633    EXIST::FUNCTION:
+KRB5_CHECKSUM_free                      2634    EXIST::FUNCTION:
+OCSP_REQUEST_get_ext                    2635    EXIST::FUNCTION:
+ENGINE_load_ubsec                       2636    EXIST::FUNCTION:ENGINE
+ENGINE_register_all_digests             2637    EXIST::FUNCTION:ENGINE
+PKEY_USAGE_PERIOD_it                    2638    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKEY_USAGE_PERIOD_it                    2638    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS12_unpack_authsafes                 2639    EXIST::FUNCTION:
+ASN1_item_unpack                        2640    EXIST::FUNCTION:
+NETSCAPE_SPKAC_it                       2641    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NETSCAPE_SPKAC_it                       2641    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_REVOKED_it                         2642    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_REVOKED_it                         2642    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_STRING_encode                      2643    EXIST::FUNCTION:
+EVP_aes_128_ecb                         2644    EXIST::FUNCTION:AES
+KRB5_AUTHENT_free                       2645    EXIST::FUNCTION:
+OCSP_BASICRESP_get_ext_by_critical      2646    EXIST:!VMS:FUNCTION:
+OCSP_BASICRESP_get_ext_by_crit          2646    EXIST:VMS:FUNCTION:
+OCSP_cert_status_str                    2647    EXIST::FUNCTION:
+d2i_OCSP_REQUEST                        2648    EXIST::FUNCTION:
+UI_dup_info_string                      2649    EXIST::FUNCTION:
+_ossl_old_des_xwhite_in2out             2650    EXIST::FUNCTION:DES
+PKCS12_it                               2651    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_it                               2651    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_SINGLERESP_get_ext_by_critical     2652    EXIST:!VMS:FUNCTION:
+OCSP_SINGLERESP_get_ext_by_crit         2652    EXIST:VMS:FUNCTION:
+OCSP_CERTSTATUS_free                    2653    EXIST::FUNCTION:
+_ossl_old_des_crypt                     2654    EXIST::FUNCTION:DES
+ASN1_item_i2d                           2655    EXIST::FUNCTION:
+EVP_DecryptFinal_ex                     2656    EXIST::FUNCTION:
+ENGINE_load_openssl                     2657    EXIST::FUNCTION:ENGINE
+ENGINE_get_cmd_defns                    2658    EXIST::FUNCTION:ENGINE
+ENGINE_set_load_privkey_function        2659    EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_set_load_privkey_fn              2659    EXIST:VMS:FUNCTION:ENGINE
+EVP_EncryptFinal_ex                     2660    EXIST::FUNCTION:
+ENGINE_set_default_digests              2661    EXIST::FUNCTION:ENGINE
+X509_get0_pubkey_bitstr                 2662    EXIST::FUNCTION:
+asn1_ex_i2c                             2663    EXIST::FUNCTION:
+ENGINE_register_RSA                     2664    EXIST::FUNCTION:ENGINE
+ENGINE_unregister_DSA                   2665    EXIST::FUNCTION:ENGINE
+_ossl_old_des_key_sched                 2666    EXIST::FUNCTION:DES
+X509_EXTENSION_it                       2667    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_EXTENSION_it                       2667    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_KRB5_AUTHENT                        2668    EXIST::FUNCTION:
+SXNETID_it                              2669    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+SXNETID_it                              2669    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_OCSP_SINGLERESP                     2670    EXIST::FUNCTION:
+EDIPARTYNAME_new                        2671    EXIST::FUNCTION:
+PKCS12_certbag2x509                     2672    EXIST::FUNCTION:
+_ossl_old_des_ofb64_encrypt             2673    EXIST::FUNCTION:DES
+d2i_EXTENDED_KEY_USAGE                  2674    EXIST::FUNCTION:
+ERR_print_errors_cb                     2675    EXIST::FUNCTION:
+ENGINE_set_ciphers                      2676    EXIST::FUNCTION:ENGINE
+d2i_KRB5_APREQBODY                      2677    EXIST::FUNCTION:
+UI_method_get_flusher                   2678    EXIST::FUNCTION:
+X509_PUBKEY_it                          2679    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_PUBKEY_it                          2679    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+_ossl_old_des_enc_read                  2680    EXIST::FUNCTION:DES
+PKCS7_ENCRYPT_it                        2681    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ENCRYPT_it                        2681    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_OCSP_RESPONSE                       2682    EXIST::FUNCTION:
+EC_GROUP_get_cofactor                   2683    EXIST::FUNCTION:EC
+PKCS12_unpack_p7data                    2684    EXIST::FUNCTION:
+d2i_KRB5_AUTHDATA                       2685    EXIST::FUNCTION:
+OCSP_copy_nonce                         2686    EXIST::FUNCTION:
+KRB5_AUTHDATA_new                       2687    EXIST::FUNCTION:
+OCSP_RESPDATA_new                       2688    EXIST::FUNCTION:
+EC_GFp_mont_method                      2689    EXIST::FUNCTION:EC
+OCSP_REVOKEDINFO_free                   2690    EXIST::FUNCTION:
+UI_get_ex_data                          2691    EXIST::FUNCTION:
+KRB5_APREQBODY_free                     2692    EXIST::FUNCTION:
+EC_GROUP_get0_generator                 2693    EXIST::FUNCTION:EC
+UI_get_default_method                   2694    EXIST::FUNCTION:
+X509V3_set_nconf                        2695    EXIST::FUNCTION:
+PKCS12_item_i2d_encrypt                 2696    EXIST::FUNCTION:
+X509_add1_ext_i2d                       2697    EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_it                    2698    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_SIGNER_INFO_it                    2698    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+KRB5_PRINCNAME_new                      2699    EXIST::FUNCTION:
+PKCS12_SAFEBAG_it                       2700    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_SAFEBAG_it                       2700    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_GROUP_get_order                      2701    EXIST::FUNCTION:EC
+d2i_OCSP_RESPID                         2702    EXIST::FUNCTION:
+OCSP_request_verify                     2703    EXIST::FUNCTION:
+NCONF_get_number_e                      2704    EXIST::FUNCTION:
+_ossl_old_des_decrypt3                  2705    EXIST::FUNCTION:DES
+X509_signature_print                    2706    EXIST::FUNCTION:EVP
+OCSP_SINGLERESP_free                    2707    EXIST::FUNCTION:
+ENGINE_load_builtin_engines             2708    EXIST::FUNCTION:ENGINE
+i2d_OCSP_ONEREQ                         2709    EXIST::FUNCTION:
+OCSP_REQUEST_add_ext                    2710    EXIST::FUNCTION:
+OCSP_RESPBYTES_new                      2711    EXIST::FUNCTION:
+EVP_MD_CTX_create                       2712    EXIST::FUNCTION:
+OCSP_resp_find_status                   2713    EXIST::FUNCTION:
+X509_ALGOR_it                           2714    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_ALGOR_it                           2714    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_TIME_it                            2715    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_TIME_it                            2715    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_request_set1_name                  2716    EXIST::FUNCTION:
+OCSP_ONEREQ_get_ext_count               2717    EXIST::FUNCTION:
+UI_get0_result                          2718    EXIST::FUNCTION:
+PKCS12_AUTHSAFES_it                     2719    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_AUTHSAFES_it                     2719    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_aes_256_ecb                         2720    EXIST::FUNCTION:AES
+PKCS12_pack_authsafes                   2721    EXIST::FUNCTION:
+ASN1_IA5STRING_it                       2722    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_IA5STRING_it                       2722    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_get_input_flags                      2723    EXIST::FUNCTION:
+EC_GROUP_set_generator                  2724    EXIST::FUNCTION:EC
+_ossl_old_des_string_to_2keys           2725    EXIST::FUNCTION:DES
+OCSP_CERTID_free                        2726    EXIST::FUNCTION:
+X509_CERT_AUX_it                        2727    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CERT_AUX_it                        2727    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CERTIFICATEPOLICIES_it                  2728    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+CERTIFICATEPOLICIES_it                  2728    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+_ossl_old_des_ede3_cbc_encrypt          2729    EXIST::FUNCTION:DES
+RAND_set_rand_engine                    2730    EXIST::FUNCTION:ENGINE
+DSO_get_loaded_filename                 2731    EXIST::FUNCTION:
+X509_ATTRIBUTE_it                       2732    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_ATTRIBUTE_it                       2732    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_ONEREQ_get_ext_by_NID              2733    EXIST::FUNCTION:
+PKCS12_decrypt_skey                     2734    EXIST::FUNCTION:
+KRB5_AUTHENT_it                         2735    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_AUTHENT_it                         2735    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_dup_error_string                     2736    EXIST::FUNCTION:
+RSAPublicKey_it                         2737    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
+RSAPublicKey_it                         2737    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
+i2d_OCSP_REQUEST                        2738    EXIST::FUNCTION:
+PKCS12_x509crl2certbag                  2739    EXIST::FUNCTION:
+OCSP_SERVICELOC_it                      2740    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_SERVICELOC_it                      2740    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_item_sign                          2741    EXIST::FUNCTION:EVP
+X509_CRL_set_issuer_name                2742    EXIST::FUNCTION:
+OBJ_NAME_do_all_sorted                  2743    EXIST::FUNCTION:
+i2d_OCSP_BASICRESP                      2744    EXIST::FUNCTION:
+i2d_OCSP_RESPBYTES                      2745    EXIST::FUNCTION:
+PKCS12_unpack_p7encdata                 2746    EXIST::FUNCTION:
+HMAC_CTX_init                           2747    EXIST::FUNCTION:HMAC
+ENGINE_get_digest                       2748    EXIST::FUNCTION:ENGINE
+OCSP_RESPONSE_print                     2749    EXIST::FUNCTION:
+KRB5_TKTBODY_it                         2750    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_TKTBODY_it                         2750    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ACCESS_DESCRIPTION_it                   2751    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ACCESS_DESCRIPTION_it                   2751    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS7_ISSUER_AND_SERIAL_it              2752    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ISSUER_AND_SERIAL_it              2752    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PBE2PARAM_it                            2753    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PBE2PARAM_it                            2753    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS12_certbag2x509crl                  2754    EXIST::FUNCTION:
+PKCS7_SIGNED_it                         2755    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_SIGNED_it                         2755    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_get_cipher                       2756    EXIST::FUNCTION:ENGINE
+i2d_OCSP_CRLID                          2757    EXIST::FUNCTION:
+OCSP_SINGLERESP_new                     2758    EXIST::FUNCTION:
+ENGINE_cmd_is_executable                2759    EXIST::FUNCTION:ENGINE
+RSA_up_ref                              2760    EXIST::FUNCTION:RSA
+ASN1_GENERALSTRING_it                   2761    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_GENERALSTRING_it                   2761    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_register_DSA                     2762    EXIST::FUNCTION:ENGINE
+X509V3_EXT_add_nconf_sk                 2763    EXIST::FUNCTION:
+ENGINE_set_load_pubkey_function         2764    EXIST::FUNCTION:ENGINE
+PKCS8_decrypt                           2765    EXIST::FUNCTION:
+PEM_bytes_read_bio                      2766    EXIST::FUNCTION:BIO
+DIRECTORYSTRING_it                      2767    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DIRECTORYSTRING_it                      2767    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_OCSP_CRLID                          2768    EXIST::FUNCTION:
+EC_POINT_is_on_curve                    2769    EXIST::FUNCTION:EC
+CRYPTO_set_locked_mem_ex_functions      2770    EXIST:!VMS:FUNCTION:
+CRYPTO_set_locked_mem_ex_funcs          2770    EXIST:VMS:FUNCTION:
+d2i_KRB5_CHECKSUM                       2771    EXIST::FUNCTION:
+ASN1_item_dup                           2772    EXIST::FUNCTION:
+X509_it                                 2773    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_it                                 2773    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BN_mod_add                              2774    EXIST::FUNCTION:
+KRB5_AUTHDATA_free                      2775    EXIST::FUNCTION:
+_ossl_old_des_cbc_cksum                 2776    EXIST::FUNCTION:DES
+ASN1_item_verify                        2777    EXIST::FUNCTION:EVP
+CRYPTO_set_mem_ex_functions             2778    EXIST::FUNCTION:
+EC_POINT_get_Jprojective_coordinates_GFp 2779   EXIST:!VMS:FUNCTION:EC
+EC_POINT_get_Jproj_coords_GFp           2779    EXIST:VMS:FUNCTION:EC
+ZLONG_it                                2780    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ZLONG_it                                2780    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CRYPTO_get_locked_mem_ex_functions      2781    EXIST:!VMS:FUNCTION:
+CRYPTO_get_locked_mem_ex_funcs          2781    EXIST:VMS:FUNCTION:
+ASN1_TIME_check                         2782    EXIST::FUNCTION:
+UI_get0_user_data                       2783    EXIST::FUNCTION:
+HMAC_CTX_cleanup                        2784    EXIST::FUNCTION:HMAC
+DSA_up_ref                              2785    EXIST::FUNCTION:DSA
+_ossl_old_des_ede3_cfb64_encrypt        2786    EXIST:!VMS:FUNCTION:DES
+_ossl_odes_ede3_cfb64_encrypt           2786    EXIST:VMS:FUNCTION:DES
+ASN1_BMPSTRING_it                       2787    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_BMPSTRING_it                       2787    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_tag2bit                            2788    EXIST::FUNCTION:
+UI_method_set_flusher                   2789    EXIST::FUNCTION:
+X509_ocspid_print                       2790    EXIST::FUNCTION:BIO
+KRB5_ENCDATA_it                         2791    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_ENCDATA_it                         2791    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_get_load_pubkey_function         2792    EXIST::FUNCTION:ENGINE
+UI_add_user_data                        2793    EXIST::FUNCTION:
+OCSP_REQUEST_delete_ext                 2794    EXIST::FUNCTION:
+UI_get_method                           2795    EXIST::FUNCTION:
+OCSP_ONEREQ_free                        2796    EXIST::FUNCTION:
+ASN1_PRINTABLESTRING_it                 2797    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_PRINTABLESTRING_it                 2797    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_CRL_set_nextUpdate                 2798    EXIST::FUNCTION:
+OCSP_REQUEST_it                         2799    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_REQUEST_it                         2799    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_BASICRESP_it                       2800    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_BASICRESP_it                       2800    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+AES_ecb_encrypt                         2801    EXIST::FUNCTION:AES
+BN_mod_sqr                              2802    EXIST::FUNCTION:
+NETSCAPE_CERT_SEQUENCE_it               2803    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NETSCAPE_CERT_SEQUENCE_it               2803    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+GENERAL_NAMES_it                        2804    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+GENERAL_NAMES_it                        2804    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+AUTHORITY_INFO_ACCESS_it                2805    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+AUTHORITY_INFO_ACCESS_it                2805    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_FBOOLEAN_it                        2806    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_FBOOLEAN_it                        2806    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_set_ex_data                          2807    EXIST::FUNCTION:
+_ossl_old_des_string_to_key             2808    EXIST::FUNCTION:DES
+ENGINE_register_all_RSA                 2809    EXIST::FUNCTION:ENGINE
+d2i_KRB5_PRINCNAME                      2810    EXIST::FUNCTION:
+OCSP_RESPBYTES_it                       2811    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_RESPBYTES_it                       2811    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_CINF_it                            2812    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CINF_it                            2812    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_unregister_digests               2813    EXIST::FUNCTION:ENGINE
+d2i_EDIPARTYNAME                        2814    EXIST::FUNCTION:
+d2i_OCSP_SERVICELOC                     2815    EXIST::FUNCTION:
+ENGINE_get_digests                      2816    EXIST::FUNCTION:ENGINE
+_ossl_old_des_set_odd_parity            2817    EXIST::FUNCTION:DES
+OCSP_RESPDATA_free                      2818    EXIST::FUNCTION:
+d2i_KRB5_TICKET                         2819    EXIST::FUNCTION:
+OTHERNAME_it                            2820    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OTHERNAME_it                            2820    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_MD_CTX_cleanup                      2821    EXIST::FUNCTION:
+d2i_ASN1_GENERALSTRING                  2822    EXIST::FUNCTION:
+X509_CRL_set_version                    2823    EXIST::FUNCTION:
+BN_mod_sub                              2824    EXIST::FUNCTION:
+OCSP_SINGLERESP_get_ext_by_NID          2825    EXIST::FUNCTION:
+ENGINE_get_ex_new_index                 2826    EXIST::FUNCTION:ENGINE
+OCSP_REQUEST_free                       2827    EXIST::FUNCTION:
+OCSP_REQUEST_add1_ext_i2d               2828    EXIST::FUNCTION:
+X509_VAL_it                             2829    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_VAL_it                             2829    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_POINTs_make_affine                   2830    EXIST::FUNCTION:EC
+EC_POINT_mul                            2831    EXIST::FUNCTION:EC
+X509V3_EXT_add_nconf                    2832    EXIST::FUNCTION:
+X509_TRUST_set                          2833    EXIST::FUNCTION:
+X509_CRL_add1_ext_i2d                   2834    EXIST::FUNCTION:
+_ossl_old_des_fcrypt                    2835    EXIST::FUNCTION:DES
+DISPLAYTEXT_it                          2836    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DISPLAYTEXT_it                          2836    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_CRL_set_lastUpdate                 2837    EXIST::FUNCTION:
+OCSP_BASICRESP_free                     2838    EXIST::FUNCTION:
+OCSP_BASICRESP_add1_ext_i2d             2839    EXIST::FUNCTION:
+d2i_KRB5_AUTHENTBODY                    2840    EXIST::FUNCTION:
+CRYPTO_set_ex_data_implementation       2841    EXIST:!VMS:FUNCTION:
+CRYPTO_set_ex_data_impl                 2841    EXIST:VMS:FUNCTION:
+KRB5_ENCDATA_new                        2842    EXIST::FUNCTION:
+DSO_up_ref                              2843    EXIST::FUNCTION:
+OCSP_crl_reason_str                     2844    EXIST::FUNCTION:
+UI_get0_result_string                   2845    EXIST::FUNCTION:
+ASN1_GENERALSTRING_new                  2846    EXIST::FUNCTION:
+X509_SIG_it                             2847    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_SIG_it                             2847    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ERR_set_implementation                  2848    EXIST::FUNCTION:
+ERR_load_EC_strings                     2849    EXIST::FUNCTION:EC
+UI_get0_action_string                   2850    EXIST::FUNCTION:
+OCSP_ONEREQ_get_ext                     2851    EXIST::FUNCTION:
+EC_POINT_method_of                      2852    EXIST::FUNCTION:EC
+i2d_KRB5_APREQBODY                      2853    EXIST::FUNCTION:
+_ossl_old_des_ecb3_encrypt              2854    EXIST::FUNCTION:DES
+CRYPTO_get_mem_ex_functions             2855    EXIST::FUNCTION:
+ENGINE_get_ex_data                      2856    EXIST::FUNCTION:ENGINE
+UI_destroy_method                       2857    EXIST::FUNCTION:
+ASN1_item_i2d_bio                       2858    EXIST::FUNCTION:BIO
+OCSP_ONEREQ_get_ext_by_OBJ              2859    EXIST::FUNCTION:
+ASN1_primitive_new                      2860    EXIST::FUNCTION:
+ASN1_PRINTABLE_it                       2861    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_PRINTABLE_it                       2861    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_aes_192_ecb                         2862    EXIST::FUNCTION:AES
+OCSP_SIGNATURE_new                      2863    EXIST::FUNCTION:
+LONG_it                                 2864    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+LONG_it                                 2864    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_VISIBLESTRING_it                   2865    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_VISIBLESTRING_it                   2865    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_SINGLERESP_add1_ext_i2d            2866    EXIST::FUNCTION:
+d2i_OCSP_CERTID                         2867    EXIST::FUNCTION:
+ASN1_item_d2i_fp                        2868    EXIST::FUNCTION:FP_API
+CRL_DIST_POINTS_it                      2869    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+CRL_DIST_POINTS_it                      2869    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+GENERAL_NAME_print                      2870    EXIST::FUNCTION:
+OCSP_SINGLERESP_delete_ext              2871    EXIST::FUNCTION:
+PKCS12_SAFEBAGS_it                      2872    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_SAFEBAGS_it                      2872    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_OCSP_SIGNATURE                      2873    EXIST::FUNCTION:
+OCSP_request_add1_nonce                 2874    EXIST::FUNCTION:
+ENGINE_set_cmd_defns                    2875    EXIST::FUNCTION:ENGINE
+OCSP_SERVICELOC_free                    2876    EXIST::FUNCTION:
+EC_GROUP_free                           2877    EXIST::FUNCTION:EC
+ASN1_BIT_STRING_it                      2878    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_BIT_STRING_it                      2878    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_REQ_it                             2879    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_REQ_it                             2879    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+_ossl_old_des_cbc_encrypt               2880    EXIST::FUNCTION:DES
+ERR_unload_strings                      2881    EXIST::FUNCTION:
+PKCS7_SIGN_ENVELOPE_it                  2882    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_SIGN_ENVELOPE_it                  2882    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EDIPARTYNAME_free                       2883    EXIST::FUNCTION:
+OCSP_REQINFO_free                       2884    EXIST::FUNCTION:
+EC_GROUP_new_curve_GFp                  2885    EXIST::FUNCTION:EC
+OCSP_REQUEST_get1_ext_d2i               2886    EXIST::FUNCTION:
+PKCS12_item_pack_safebag                2887    EXIST::FUNCTION:
+asn1_ex_c2i                             2888    EXIST::FUNCTION:
+ENGINE_register_digests                 2889    EXIST::FUNCTION:ENGINE
+i2d_OCSP_REVOKEDINFO                    2890    EXIST::FUNCTION:
+asn1_enc_restore                        2891    EXIST::FUNCTION:
+UI_free                                 2892    EXIST::FUNCTION:
+UI_new_method                           2893    EXIST::FUNCTION:
+EVP_EncryptInit_ex                      2894    EXIST::FUNCTION:
+X509_pubkey_digest                      2895    EXIST::FUNCTION:EVP
+EC_POINT_invert                         2896    EXIST::FUNCTION:EC
+OCSP_basic_sign                         2897    EXIST::FUNCTION:
+i2d_OCSP_RESPID                         2898    EXIST::FUNCTION:
+OCSP_check_nonce                        2899    EXIST::FUNCTION:
+ENGINE_ctrl_cmd                         2900    EXIST::FUNCTION:ENGINE
+d2i_KRB5_ENCKEY                         2901    EXIST::FUNCTION:
+OCSP_parse_url                          2902    EXIST::FUNCTION:
+OCSP_SINGLERESP_get_ext                 2903    EXIST::FUNCTION:
+OCSP_CRLID_free                         2904    EXIST::FUNCTION:
+OCSP_BASICRESP_get1_ext_d2i             2905    EXIST::FUNCTION:
+RSAPrivateKey_it                        2906    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
+RSAPrivateKey_it                        2906    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
+ENGINE_register_all_DH                  2907    EXIST::FUNCTION:ENGINE
+i2d_EDIPARTYNAME                        2908    EXIST::FUNCTION:
+EC_POINT_get_affine_coordinates_GFp     2909    EXIST:!VMS:FUNCTION:EC
+EC_POINT_get_affine_coords_GFp          2909    EXIST:VMS:FUNCTION:EC
+OCSP_CRLID_new                          2910    EXIST::FUNCTION:
+ENGINE_get_flags                        2911    EXIST::FUNCTION:ENGINE
+OCSP_ONEREQ_it                          2912    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_ONEREQ_it                          2912    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_process                              2913    EXIST::FUNCTION:
+ASN1_INTEGER_it                         2914    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_INTEGER_it                         2914    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_CipherInit_ex                       2915    EXIST::FUNCTION:
+UI_get_string_type                      2916    EXIST::FUNCTION:
+ENGINE_unregister_DH                    2917    EXIST::FUNCTION:ENGINE
+ENGINE_register_all_DSA                 2918    EXIST::FUNCTION:ENGINE
+OCSP_ONEREQ_get_ext_by_critical         2919    EXIST::FUNCTION:
+bn_dup_expand                           2920    EXIST::FUNCTION:
+OCSP_cert_id_new                        2921    EXIST::FUNCTION:
+BASIC_CONSTRAINTS_it                    2922    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+BASIC_CONSTRAINTS_it                    2922    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BN_mod_add_quick                        2923    EXIST::FUNCTION:
+EC_POINT_new                            2924    EXIST::FUNCTION:EC
+EVP_MD_CTX_destroy                      2925    EXIST::FUNCTION:
+OCSP_RESPBYTES_free                     2926    EXIST::FUNCTION:
+EVP_aes_128_cbc                         2927    EXIST::FUNCTION:AES
+OCSP_SINGLERESP_get1_ext_d2i            2928    EXIST::FUNCTION:
+EC_POINT_free                           2929    EXIST::FUNCTION:EC
+DH_up_ref                               2930    EXIST::FUNCTION:DH
+X509_NAME_ENTRY_it                      2931    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_NAME_ENTRY_it                      2931    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_get_ex_new_index                     2932    EXIST::FUNCTION:
+BN_mod_sub_quick                        2933    EXIST::FUNCTION:
+OCSP_ONEREQ_add_ext                     2934    EXIST::FUNCTION:
+OCSP_request_sign                       2935    EXIST::FUNCTION:
+EVP_DigestFinal_ex                      2936    EXIST::FUNCTION:
+ENGINE_set_digests                      2937    EXIST::FUNCTION:ENGINE
+OCSP_id_issuer_cmp                      2938    EXIST::FUNCTION:
+OBJ_NAME_do_all                         2939    EXIST::FUNCTION:
+EC_POINTs_mul                           2940    EXIST::FUNCTION:EC
+ENGINE_register_complete                2941    EXIST::FUNCTION:ENGINE
+X509V3_EXT_nconf_nid                    2942    EXIST::FUNCTION:
+ASN1_SEQUENCE_it                        2943    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_SEQUENCE_it                        2943    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_set_default_method                   2944    EXIST::FUNCTION:
+RAND_query_egd_bytes                    2945    EXIST::FUNCTION:
+UI_method_get_writer                    2946    EXIST::FUNCTION:
+UI_OpenSSL                              2947    EXIST::FUNCTION:
+PEM_def_callback                        2948    EXIST::FUNCTION:
+ENGINE_cleanup                          2949    EXIST::FUNCTION:ENGINE
+DIST_POINT_it                           2950    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DIST_POINT_it                           2950    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_SINGLERESP_it                      2951    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_SINGLERESP_it                      2951    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_KRB5_TKTBODY                        2952    EXIST::FUNCTION:
+EC_POINT_cmp                            2953    EXIST::FUNCTION:EC
+OCSP_REVOKEDINFO_new                    2954    EXIST::FUNCTION:
+i2d_OCSP_CERTSTATUS                     2955    EXIST::FUNCTION:
+OCSP_basic_add1_nonce                   2956    EXIST::FUNCTION:
+ASN1_item_ex_d2i                        2957    EXIST::FUNCTION:
+BN_mod_lshift1_quick                    2958    EXIST::FUNCTION:
+UI_set_method                           2959    EXIST::FUNCTION:
+OCSP_id_get0_info                       2960    EXIST::FUNCTION:
+BN_mod_sqrt                             2961    EXIST::FUNCTION:
+EC_GROUP_copy                           2962    EXIST::FUNCTION:EC
+KRB5_ENCDATA_free                       2963    EXIST::FUNCTION:
+_ossl_old_des_cfb_encrypt               2964    EXIST::FUNCTION:DES
+OCSP_SINGLERESP_get_ext_by_OBJ          2965    EXIST::FUNCTION:
+OCSP_cert_to_id                         2966    EXIST::FUNCTION:
+OCSP_RESPID_new                         2967    EXIST::FUNCTION:
+OCSP_RESPDATA_it                        2968    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_RESPDATA_it                        2968    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_OCSP_RESPDATA                       2969    EXIST::FUNCTION:
+ENGINE_register_all_complete            2970    EXIST::FUNCTION:ENGINE
+OCSP_check_validity                     2971    EXIST::FUNCTION:
+PKCS12_BAGS_it                          2972    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_BAGS_it                          2972    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_url_svcloc_new                     2973    EXIST::FUNCTION:
+ASN1_template_free                      2974    EXIST::FUNCTION:
+OCSP_SINGLERESP_add_ext                 2975    EXIST::FUNCTION:
+KRB5_AUTHENTBODY_it                     2976    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_AUTHENTBODY_it                     2976    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_supported_extension                2977    EXIST::FUNCTION:
+i2d_KRB5_AUTHDATA                       2978    EXIST::FUNCTION:
+UI_method_get_opener                    2979    EXIST::FUNCTION:
+ENGINE_set_ex_data                      2980    EXIST::FUNCTION:ENGINE
+OCSP_REQUEST_print                      2981    EXIST::FUNCTION:
+CBIGNUM_it                              2982    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+CBIGNUM_it                              2982    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+KRB5_TICKET_new                         2983    EXIST::FUNCTION:
+KRB5_APREQ_new                          2984    EXIST::FUNCTION:
+EC_GROUP_get_curve_GFp                  2985    EXIST::FUNCTION:EC
+KRB5_ENCKEY_new                         2986    EXIST::FUNCTION:
+ASN1_template_d2i                       2987    EXIST::FUNCTION:
+_ossl_old_des_quad_cksum                2988    EXIST::FUNCTION:DES
+OCSP_single_get0_status                 2989    EXIST::FUNCTION:
+BN_swap                                 2990    EXIST::FUNCTION:
+POLICYINFO_it                           2991    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICYINFO_it                           2991    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_set_destroy_function             2992    EXIST::FUNCTION:ENGINE
+asn1_enc_free                           2993    EXIST::FUNCTION:
+OCSP_RESPID_it                          2994    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_RESPID_it                          2994    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_GROUP_new                            2995    EXIST::FUNCTION:EC
+EVP_aes_256_cbc                         2996    EXIST::FUNCTION:AES
+i2d_KRB5_PRINCNAME                      2997    EXIST::FUNCTION:
+_ossl_old_des_encrypt2                  2998    EXIST::FUNCTION:DES
+_ossl_old_des_encrypt3                  2999    EXIST::FUNCTION:DES
+PKCS8_PRIV_KEY_INFO_it                  3000    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS8_PRIV_KEY_INFO_it                  3000    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_REQINFO_it                         3001    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_REQINFO_it                         3001    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PBEPARAM_it                             3002    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PBEPARAM_it                             3002    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+KRB5_AUTHENTBODY_new                    3003    EXIST::FUNCTION:
+X509_CRL_add0_revoked                   3004    EXIST::FUNCTION:
+EDIPARTYNAME_it                         3005    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+EDIPARTYNAME_it                         3005    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+NETSCAPE_SPKI_it                        3006    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NETSCAPE_SPKI_it                        3006    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_get0_test_string                     3007    EXIST::FUNCTION:
+ENGINE_get_cipher_engine                3008    EXIST::FUNCTION:ENGINE
+ENGINE_register_all_ciphers             3009    EXIST::FUNCTION:ENGINE
+EC_POINT_copy                           3010    EXIST::FUNCTION:EC
+BN_kronecker                            3011    EXIST::FUNCTION:
+_ossl_old_des_ede3_ofb64_encrypt        3012    EXIST:!VMS:FUNCTION:DES
+_ossl_odes_ede3_ofb64_encrypt           3012    EXIST:VMS:FUNCTION:DES
+UI_method_get_reader                    3013    EXIST::FUNCTION:
+OCSP_BASICRESP_get_ext_count            3014    EXIST::FUNCTION:
+ASN1_ENUMERATED_it                      3015    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_ENUMERATED_it                      3015    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_set_result                           3016    EXIST::FUNCTION:
+i2d_KRB5_TICKET                         3017    EXIST::FUNCTION:
+X509_print_ex_fp                        3018    EXIST::FUNCTION:FP_API
+EVP_CIPHER_CTX_set_padding              3019    EXIST::FUNCTION:
+d2i_OCSP_RESPONSE                       3020    EXIST::FUNCTION:
+ASN1_UTCTIME_it                         3021    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_UTCTIME_it                         3021    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+_ossl_old_des_enc_write                 3022    EXIST::FUNCTION:DES
+OCSP_RESPONSE_new                       3023    EXIST::FUNCTION:
+AES_set_encrypt_key                     3024    EXIST::FUNCTION:AES
+OCSP_resp_count                         3025    EXIST::FUNCTION:
+KRB5_CHECKSUM_new                       3026    EXIST::FUNCTION:
+ENGINE_load_cswift                      3027    EXIST::FUNCTION:ENGINE
+OCSP_onereq_get0_id                     3028    EXIST::FUNCTION:
+ENGINE_set_default_ciphers              3029    EXIST::FUNCTION:ENGINE
+NOTICEREF_it                            3030    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NOTICEREF_it                            3030    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509V3_EXT_CRL_add_nconf                3031    EXIST::FUNCTION:
+OCSP_REVOKEDINFO_it                     3032    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_REVOKEDINFO_it                     3032    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+AES_encrypt                             3033    EXIST::FUNCTION:AES
+OCSP_REQUEST_new                        3034    EXIST::FUNCTION:
+ASN1_ANY_it                             3035    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_ANY_it                             3035    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CRYPTO_ex_data_new_class                3036    EXIST::FUNCTION:
+_ossl_old_des_ncbc_encrypt              3037    EXIST::FUNCTION:DES
+i2d_KRB5_TKTBODY                        3038    EXIST::FUNCTION:
+EC_POINT_clear_free                     3039    EXIST::FUNCTION:EC
+AES_decrypt                             3040    EXIST::FUNCTION:AES
+asn1_enc_init                           3041    EXIST::FUNCTION:
+UI_get_result_maxsize                   3042    EXIST::FUNCTION:
+OCSP_CERTID_new                         3043    EXIST::FUNCTION:
+ENGINE_unregister_RAND                  3044    EXIST::FUNCTION:ENGINE
+UI_method_get_closer                    3045    EXIST::FUNCTION:
+d2i_KRB5_ENCDATA                        3046    EXIST::FUNCTION:
+OCSP_request_onereq_count               3047    EXIST::FUNCTION:
+OCSP_basic_verify                       3048    EXIST::FUNCTION:
+KRB5_AUTHENTBODY_free                   3049    EXIST::FUNCTION:
+ASN1_item_d2i                           3050    EXIST::FUNCTION:
+ASN1_primitive_free                     3051    EXIST::FUNCTION:
+i2d_EXTENDED_KEY_USAGE                  3052    EXIST::FUNCTION:
+i2d_OCSP_SIGNATURE                      3053    EXIST::FUNCTION:
+asn1_enc_save                           3054    EXIST::FUNCTION:
+ENGINE_load_nuron                       3055    EXIST::FUNCTION:ENGINE
+_ossl_old_des_pcbc_encrypt              3056    EXIST::FUNCTION:DES
+PKCS12_MAC_DATA_it                      3057    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_MAC_DATA_it                      3057    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_accept_responses_new               3058    EXIST::FUNCTION:
+asn1_do_lock                            3059    EXIST::FUNCTION:
+PKCS7_ATTR_VERIFY_it                    3060    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ATTR_VERIFY_it                    3060    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+KRB5_APREQBODY_it                       3061    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_APREQBODY_it                       3061    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_OCSP_SINGLERESP                     3062    EXIST::FUNCTION:
+ASN1_item_ex_new                        3063    EXIST::FUNCTION:
+UI_add_verify_string                    3064    EXIST::FUNCTION:
+_ossl_old_des_set_key                   3065    EXIST::FUNCTION:DES
+KRB5_PRINCNAME_it                       3066    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_PRINCNAME_it                       3066    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_DecryptInit_ex                      3067    EXIST::FUNCTION:
+i2d_OCSP_CERTID                         3068    EXIST::FUNCTION:
+ASN1_item_d2i_bio                       3069    EXIST::FUNCTION:BIO
+EC_POINT_dbl                            3070    EXIST::FUNCTION:EC
+asn1_get_choice_selector                3071    EXIST::FUNCTION:
+i2d_KRB5_CHECKSUM                       3072    EXIST::FUNCTION:
+ENGINE_set_table_flags                  3073    EXIST::FUNCTION:ENGINE
+AES_options                             3074    EXIST::FUNCTION:AES
+ENGINE_load_chil                        3075    EXIST::FUNCTION:ENGINE
+OCSP_id_cmp                             3076    EXIST::FUNCTION:
+OCSP_BASICRESP_new                      3077    EXIST::FUNCTION:
+OCSP_REQUEST_get_ext_by_NID             3078    EXIST::FUNCTION:
+KRB5_APREQ_it                           3079    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_APREQ_it                           3079    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_get_destroy_function             3080    EXIST::FUNCTION:ENGINE
+CONF_set_nconf                          3081    EXIST::FUNCTION:
+ASN1_PRINTABLE_free                     3082    EXIST::FUNCTION:
+OCSP_BASICRESP_get_ext_by_NID           3083    EXIST::FUNCTION:
+DIST_POINT_NAME_it                      3084    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DIST_POINT_NAME_it                      3084    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509V3_extensions_print                 3085    EXIST::FUNCTION:
+_ossl_old_des_cfb64_encrypt             3086    EXIST::FUNCTION:DES
+X509_REVOKED_add1_ext_i2d               3087    EXIST::FUNCTION:
+_ossl_old_des_ofb_encrypt               3088    EXIST::FUNCTION:DES
+KRB5_TKTBODY_new                        3089    EXIST::FUNCTION:
+ASN1_OCTET_STRING_it                    3090    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_OCTET_STRING_it                    3090    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ERR_load_UI_strings                     3091    EXIST::FUNCTION:
+i2d_KRB5_ENCKEY                         3092    EXIST::FUNCTION:
+ASN1_template_new                       3093    EXIST::FUNCTION:
+OCSP_SIGNATURE_free                     3094    EXIST::FUNCTION:
+ASN1_item_i2d_fp                        3095    EXIST::FUNCTION:FP_API
+KRB5_PRINCNAME_free                     3096    EXIST::FUNCTION:
+PKCS7_RECIP_INFO_it                     3097    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_RECIP_INFO_it                     3097    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EXTENDED_KEY_USAGE_it                   3098    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+EXTENDED_KEY_USAGE_it                   3098    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_GFp_simple_method                    3099    EXIST::FUNCTION:EC
+EC_GROUP_precompute_mult                3100    EXIST::FUNCTION:EC
+OCSP_request_onereq_get0                3101    EXIST::FUNCTION:
+UI_method_set_writer                    3102    EXIST::FUNCTION:
+KRB5_AUTHENT_new                        3103    EXIST::FUNCTION:
+X509_CRL_INFO_it                        3104    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CRL_INFO_it                        3104    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+DSO_set_name_converter                  3105    EXIST::FUNCTION:
+AES_set_decrypt_key                     3106    EXIST::FUNCTION:AES
+PKCS7_DIGEST_it                         3107    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_DIGEST_it                         3107    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS12_x5092certbag                     3108    EXIST::FUNCTION:
+EVP_DigestInit_ex                       3109    EXIST::FUNCTION:
+i2a_ACCESS_DESCRIPTION                  3110    EXIST::FUNCTION:
+OCSP_RESPONSE_it                        3111    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_RESPONSE_it                        3111    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS7_ENC_CONTENT_it                    3112    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ENC_CONTENT_it                    3112    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_request_add0_id                    3113    EXIST::FUNCTION:
+EC_POINT_make_affine                    3114    EXIST::FUNCTION:EC
+DSO_get_filename                        3115    EXIST::FUNCTION:
+OCSP_CERTSTATUS_it                      3116    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_CERTSTATUS_it                      3116    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_request_add1_cert                  3117    EXIST::FUNCTION:
+UI_get0_output_string                   3118    EXIST::FUNCTION:
+UI_dup_verify_string                    3119    EXIST::FUNCTION:
+BN_mod_lshift                           3120    EXIST::FUNCTION:
+KRB5_AUTHDATA_it                        3121    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_AUTHDATA_it                        3121    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+asn1_set_choice_selector                3122    EXIST::FUNCTION:
+OCSP_basic_add1_status                  3123    EXIST::FUNCTION:
+OCSP_RESPID_free                        3124    EXIST::FUNCTION:
+asn1_get_field_ptr                      3125    EXIST::FUNCTION:
+UI_add_input_string                     3126    EXIST::FUNCTION:
+OCSP_CRLID_it                           3127    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_CRLID_it                           3127    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_KRB5_AUTHENTBODY                    3128    EXIST::FUNCTION:
+OCSP_REQUEST_get_ext_count              3129    EXIST::FUNCTION:
+ENGINE_load_atalla                      3130    EXIST::FUNCTION:ENGINE
+X509_NAME_it                            3131    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_NAME_it                            3131    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+USERNOTICE_it                           3132    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+USERNOTICE_it                           3132    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_REQINFO_new                        3133    EXIST::FUNCTION:
+OCSP_BASICRESP_get_ext                  3134    EXIST::FUNCTION:
+CRYPTO_get_ex_data_implementation       3135    EXIST:!VMS:FUNCTION:
+CRYPTO_get_ex_data_impl                 3135    EXIST:VMS:FUNCTION:
+ASN1_item_pack                          3136    EXIST::FUNCTION:
+i2d_KRB5_ENCDATA                        3137    EXIST::FUNCTION:
+X509_PURPOSE_set                        3138    EXIST::FUNCTION:
+X509_REQ_INFO_it                        3139    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_REQ_INFO_it                        3139    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_method_set_opener                    3140    EXIST::FUNCTION:
+ASN1_item_ex_free                       3141    EXIST::FUNCTION:
+ASN1_BOOLEAN_it                         3142    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_BOOLEAN_it                         3142    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_get_table_flags                  3143    EXIST::FUNCTION:ENGINE
+UI_create_method                        3144    EXIST::FUNCTION:
+OCSP_ONEREQ_add1_ext_i2d                3145    EXIST::FUNCTION:
+_shadow_DES_check_key                   3146    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
+_shadow_DES_check_key                   3146    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
+d2i_OCSP_REQINFO                        3147    EXIST::FUNCTION:
+UI_add_info_string                      3148    EXIST::FUNCTION:
+UI_get_result_minsize                   3149    EXIST::FUNCTION:
+ASN1_NULL_it                            3150    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_NULL_it                            3150    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BN_mod_lshift1                          3151    EXIST::FUNCTION:
+d2i_OCSP_ONEREQ                         3152    EXIST::FUNCTION:
+OCSP_ONEREQ_new                         3153    EXIST::FUNCTION:
+KRB5_TICKET_it                          3154    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_TICKET_it                          3154    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_aes_192_cbc                         3155    EXIST::FUNCTION:AES
+KRB5_TICKET_free                        3156    EXIST::FUNCTION:
+UI_new                                  3157    EXIST::FUNCTION:
+OCSP_response_create                    3158    EXIST::FUNCTION:
+_ossl_old_des_xcbc_encrypt              3159    EXIST::FUNCTION:DES
+PKCS7_it                                3160    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_it                                3160    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_REQUEST_get_ext_by_critical        3161    EXIST:!VMS:FUNCTION:
+OCSP_REQUEST_get_ext_by_crit            3161    EXIST:VMS:FUNCTION:
+ENGINE_set_flags                        3162    EXIST::FUNCTION:ENGINE
+_ossl_old_des_ecb_encrypt               3163    EXIST::FUNCTION:DES
+OCSP_response_get1_basic                3164    EXIST::FUNCTION:
+EVP_Digest                              3165    EXIST::FUNCTION:
+OCSP_ONEREQ_delete_ext                  3166    EXIST::FUNCTION:
+ASN1_TBOOLEAN_it                        3167    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_TBOOLEAN_it                        3167    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_item_new                           3168    EXIST::FUNCTION:
+ASN1_TIME_to_generalizedtime            3169    EXIST::FUNCTION:
+BIGNUM_it                               3170    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+BIGNUM_it                               3170    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+AES_cbc_encrypt                         3171    EXIST::FUNCTION:AES
+ENGINE_get_load_privkey_function        3172    EXIST:!VMS:FUNCTION:ENGINE
+ENGINE_get_load_privkey_fn              3172    EXIST:VMS:FUNCTION:ENGINE
+OCSP_RESPONSE_free                      3173    EXIST::FUNCTION:
+UI_method_set_reader                    3174    EXIST::FUNCTION:
+i2d_ASN1_T61STRING                      3175    EXIST::FUNCTION:
+EC_POINT_set_to_infinity                3176    EXIST::FUNCTION:EC
+ERR_load_OCSP_strings                   3177    EXIST::FUNCTION:
+EC_POINT_point2oct                      3178    EXIST::FUNCTION:EC
+KRB5_APREQ_free                         3179    EXIST::FUNCTION:
+ASN1_OBJECT_it                          3180    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_OBJECT_it                          3180    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_crlID_new                          3181    EXIST:!OS2,!VMS,!WIN16:FUNCTION:
+OCSP_crlID2_new                         3181    EXIST:OS2,VMS,WIN16:FUNCTION:
+CONF_modules_load_file                  3182    EXIST::FUNCTION:
+CONF_imodule_set_usr_data               3183    EXIST::FUNCTION:
+ENGINE_set_default_string               3184    EXIST::FUNCTION:ENGINE
+CONF_module_get_usr_data                3185    EXIST::FUNCTION:
+ASN1_add_oid_module                     3186    EXIST::FUNCTION:
+CONF_modules_finish                     3187    EXIST::FUNCTION:
+OPENSSL_config                          3188    EXIST::FUNCTION:
+CONF_modules_unload                     3189    EXIST::FUNCTION:
+CONF_imodule_get_value                  3190    EXIST::FUNCTION:
+CONF_module_set_usr_data                3191    EXIST::FUNCTION:
+CONF_parse_list                         3192    EXIST::FUNCTION:
+CONF_module_add                         3193    EXIST::FUNCTION:
+CONF_get1_default_config_file           3194    EXIST::FUNCTION:
+CONF_imodule_get_flags                  3195    EXIST::FUNCTION:
+CONF_imodule_get_module                 3196    EXIST::FUNCTION:
+CONF_modules_load                       3197    EXIST::FUNCTION:
+CONF_imodule_get_name                   3198    EXIST::FUNCTION:
+ERR_peek_top_error                      3199    NOEXIST::FUNCTION:
+CONF_imodule_get_usr_data               3200    EXIST::FUNCTION:
+CONF_imodule_set_flags                  3201    EXIST::FUNCTION:
+ENGINE_add_conf_module                  3202    EXIST::FUNCTION:ENGINE
+ERR_peek_last_error_line                3203    EXIST::FUNCTION:
+ERR_peek_last_error_line_data           3204    EXIST::FUNCTION:
+ERR_peek_last_error                     3205    EXIST::FUNCTION:
+DES_read_2passwords                     3206    EXIST::FUNCTION:DES
+DES_read_password                       3207    EXIST::FUNCTION:DES
+UI_UTIL_read_pw                         3208    EXIST::FUNCTION:
+UI_UTIL_read_pw_string                  3209    EXIST::FUNCTION:
+ENGINE_load_aep                         3210    EXIST::FUNCTION:ENGINE
+ENGINE_load_sureware                    3211    EXIST::FUNCTION:ENGINE
+OPENSSL_add_all_algorithms_noconf       3212    EXIST:!VMS:FUNCTION:
+OPENSSL_add_all_algo_noconf             3212    EXIST:VMS:FUNCTION:
+OPENSSL_add_all_algorithms_conf         3213    EXIST:!VMS:FUNCTION:
+OPENSSL_add_all_algo_conf               3213    EXIST:VMS:FUNCTION:
+OPENSSL_load_builtin_modules            3214    EXIST::FUNCTION:
+AES_ofb128_encrypt                      3215    EXIST::FUNCTION:AES
+AES_ctr128_encrypt                      3216    EXIST::FUNCTION:AES
+AES_cfb128_encrypt                      3217    EXIST::FUNCTION:AES
+ENGINE_load_4758cca                     3218    EXIST::FUNCTION:ENGINE
+_ossl_096_des_random_seed               3219    EXIST::FUNCTION:DES
+EVP_aes_256_ofb                         3220    EXIST::FUNCTION:AES
+EVP_aes_192_ofb                         3221    EXIST::FUNCTION:AES
+EVP_aes_128_cfb128                      3222    EXIST::FUNCTION:AES
+EVP_aes_256_cfb128                      3223    EXIST::FUNCTION:AES
+EVP_aes_128_ofb                         3224    EXIST::FUNCTION:AES
+EVP_aes_192_cfb128                      3225    EXIST::FUNCTION:AES
+CONF_modules_free                       3226    EXIST::FUNCTION:
+NCONF_default                           3227    EXIST::FUNCTION:
+OPENSSL_no_config                       3228    EXIST::FUNCTION:
+NCONF_WIN32                             3229    EXIST::FUNCTION:
+ASN1_UNIVERSALSTRING_new                3230    EXIST::FUNCTION:
+EVP_des_ede_ecb                         3231    EXIST::FUNCTION:DES
+i2d_ASN1_UNIVERSALSTRING                3232    EXIST::FUNCTION:
+ASN1_UNIVERSALSTRING_free               3233    EXIST::FUNCTION:
+ASN1_UNIVERSALSTRING_it                 3234    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_UNIVERSALSTRING_it                 3234    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_ASN1_UNIVERSALSTRING                3235    EXIST::FUNCTION:
+EVP_des_ede3_ecb                        3236    EXIST::FUNCTION:DES
+X509_REQ_print_ex                       3237    EXIST::FUNCTION:BIO
+ENGINE_up_ref                           3238    EXIST::FUNCTION:ENGINE
+BUF_MEM_grow_clean                      3239    EXIST::FUNCTION:
+CRYPTO_realloc_clean                    3240    EXIST::FUNCTION:
+BUF_strlcat                             3241    EXIST::FUNCTION:
+BIO_indent                              3242    EXIST::FUNCTION:
+BUF_strlcpy                             3243    EXIST::FUNCTION:
+OpenSSLDie                              3244    EXIST::FUNCTION:
+OPENSSL_cleanse                         3245    EXIST::FUNCTION:
+ENGINE_setup_bsd_cryptodev              3246    EXIST:__FreeBSD__:FUNCTION:ENGINE
+ERR_release_err_state_table             3247    EXIST::FUNCTION:LHASH
+EVP_aes_128_cfb8                        3248    EXIST::FUNCTION:AES
+FIPS_corrupt_rsa                        3249    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_des                       3250    EXIST:OPENSSL_FIPS:FUNCTION:
+EVP_aes_128_cfb1                        3251    EXIST::FUNCTION:AES
+EVP_aes_192_cfb8                        3252    EXIST::FUNCTION:AES
+FIPS_mode_set                           3253    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_dsa                       3254    EXIST:OPENSSL_FIPS:FUNCTION:
+EVP_aes_256_cfb8                        3255    EXIST::FUNCTION:AES
+FIPS_allow_md5                          3256    NOEXIST::FUNCTION:
+DES_ede3_cfb_encrypt                    3257    EXIST::FUNCTION:DES
+EVP_des_ede3_cfb8                       3258    EXIST::FUNCTION:DES
+FIPS_rand_seeded                        3259    EXIST:OPENSSL_FIPS:FUNCTION:
+AES_cfbr_encrypt_block                  3260    EXIST::FUNCTION:AES
+AES_cfb8_encrypt                        3261    EXIST::FUNCTION:AES
+FIPS_rand_seed                          3262    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_des                        3263    EXIST:OPENSSL_FIPS:FUNCTION:
+EVP_aes_192_cfb1                        3264    EXIST::FUNCTION:AES
+FIPS_selftest_aes                       3265    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_set_prng_key                       3266    EXIST:OPENSSL_FIPS:FUNCTION:
+EVP_des_cfb8                            3267    EXIST::FUNCTION:DES
+FIPS_corrupt_dsa                        3268    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_test_mode                          3269    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_rand_method                        3270    EXIST:OPENSSL_FIPS:FUNCTION:
+EVP_aes_256_cfb1                        3271    EXIST::FUNCTION:AES
+ERR_load_FIPS_strings                   3272    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_aes                        3273    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_sha1                      3274    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_rsa                       3275    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_sha1                       3276    EXIST:OPENSSL_FIPS:FUNCTION:
+EVP_des_cfb1                            3277    EXIST::FUNCTION:DES
+FIPS_dsa_check                          3278    EXIST:OPENSSL_FIPS:FUNCTION:
+AES_cfb1_encrypt                        3279    EXIST::FUNCTION:AES
+EVP_des_ede3_cfb1                       3280    EXIST::FUNCTION:DES
+FIPS_rand_check                         3281    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_md5_allowed                        3282    NOEXIST::FUNCTION:
+FIPS_mode                               3283    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_selftest_failed                    3284    EXIST:OPENSSL_FIPS:FUNCTION:
+sk_is_sorted                            3285    EXIST::FUNCTION:
+X509_check_ca                           3286    EXIST::FUNCTION:
+private_idea_set_encrypt_key            3287    EXIST:OPENSSL_FIPS:FUNCTION:IDEA
+HMAC_CTX_set_flags                      3288    EXIST::FUNCTION:HMAC
+private_SHA_Init                        3289    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA0
+private_CAST_set_key                    3290    EXIST:OPENSSL_FIPS:FUNCTION:CAST
+private_RIPEMD160_Init                  3291    EXIST:OPENSSL_FIPS:FUNCTION:RIPEMD
+private_RC5_32_set_key                  3292    EXIST:OPENSSL_FIPS:FUNCTION:RC5
+private_MD5_Init                        3293    EXIST:OPENSSL_FIPS:FUNCTION:MD5
+private_RC4_set_key                     3294    EXIST:OPENSSL_FIPS:FUNCTION:RC4
+private_MDC2_Init                       3295    EXIST:OPENSSL_FIPS:FUNCTION:MDC2
+private_RC2_set_key                     3296    EXIST:OPENSSL_FIPS:FUNCTION:RC2
+private_MD4_Init                        3297    EXIST:OPENSSL_FIPS:FUNCTION:MD4
+private_BF_set_key                      3298    EXIST:OPENSSL_FIPS:FUNCTION:BF
+private_MD2_Init                        3299    EXIST:OPENSSL_FIPS:FUNCTION:MD2
+d2i_PROXY_CERT_INFO_EXTENSION           3300    EXIST::FUNCTION:
+PROXY_POLICY_it                         3301    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PROXY_POLICY_it                         3301    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_PROXY_POLICY                        3302    EXIST::FUNCTION:
+i2d_PROXY_CERT_INFO_EXTENSION           3303    EXIST::FUNCTION:
+d2i_PROXY_POLICY                        3304    EXIST::FUNCTION:
+PROXY_CERT_INFO_EXTENSION_new           3305    EXIST::FUNCTION:
+PROXY_CERT_INFO_EXTENSION_free          3306    EXIST::FUNCTION:
+PROXY_CERT_INFO_EXTENSION_it            3307    EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PROXY_CERT_INFO_EXTENSION_it            3307    EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PROXY_POLICY_free                       3308    EXIST::FUNCTION:
+PROXY_POLICY_new                        3309    EXIST::FUNCTION:
+BN_MONT_CTX_set_locked                  3310    EXIST::FUNCTION:
+FIPS_selftest_rng                       3311    EXIST:OPENSSL_FIPS:FUNCTION:
+EVP_sha384                              3312    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+EVP_sha512                              3313    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+EVP_sha224                              3314    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+EVP_sha256                              3315    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+FIPS_selftest_hmac                      3316    EXIST:OPENSSL_FIPS:FUNCTION:
+FIPS_corrupt_rng                        3317    EXIST:OPENSSL_FIPS:FUNCTION:
+BN_mod_exp_mont_consttime               3318    EXIST::FUNCTION:
+RSA_X931_hash_id                        3319    EXIST::FUNCTION:RSA
+RSA_padding_check_X931                  3320    EXIST::FUNCTION:RSA
+RSA_verify_PKCS1_PSS                    3321    EXIST::FUNCTION:RSA
+RSA_padding_add_X931                    3322    EXIST::FUNCTION:RSA
+RSA_padding_add_PKCS1_PSS               3323    EXIST::FUNCTION:RSA
+PKCS1_MGF1                              3324    EXIST::FUNCTION:RSA
+BN_X931_generate_Xpq                    3325    EXIST:OPENSSL_FIPS:FUNCTION:
+RSA_X931_generate_key                   3326    EXIST:OPENSSL_FIPS:FUNCTION:RSA
+BN_X931_derive_prime                    3327    EXIST:OPENSSL_FIPS:FUNCTION:
+BN_X931_generate_prime                  3328    EXIST:OPENSSL_FIPS:FUNCTION:
+RSA_X931_derive                         3329    EXIST:OPENSSL_FIPS:FUNCTION:RSA
+SHA512_Update                           3356    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA256_Init                             3479    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA224                                  3510    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA384_Update                           3551    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA224_Final                            3560    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA224_Update                           3562    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA512_Final                            3581    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA224_Init                             3631    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA512_Init                             3633    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA256                                  3654    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA256_Transform                        3664    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA512                                  3669    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA512_Transform                        3675    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA256_Final                            3712    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+SHA384_Init                             3737    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA384_Final                            3740    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA384                                  3745    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+SHA256_Update                           3765    EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
diff --git a/src/lib/libcrypto/util/mk1mf.pl b/src/lib/libcrypto/util/mk1mf.pl
new file mode 100644
index 0000000000..05a6086164
--- /dev/null
+++ b/src/lib/libcrypto/util/mk1mf.pl
@@ -0,0 +1,1165 @@
+#!/usr/local/bin/perl
+# A bit of an evil hack but it post processes the file ../MINFO which
+# is generated by `make files` in the top directory.
+# This script outputs one mega makefile that has no shell stuff or any
+# funny stuff
+#
+$INSTALLTOP="/usr/local/ssl";
+$OPTIONS="";
+$ssl_version="";
+$banner="\t\@echo Building OpenSSL";
+local $zlib_opt = 0;    # 0 = no zlib, 1 = static, 2 = dynamic
+local $zlib_lib = "";
+my $fips_canister_path = "";
+my $fips_premain_dso_exe_path = "";
+my $fips_premain_c_path = "";
+my $fips_sha1_exe_path = "";
+my $fipslibdir = "";
+my $baseaddr = "";
+my $ex_l_libs = "";
+open(IN,"<Makefile") || die "unable to open Makefile!\n";
+while(<IN>) {
+    $ssl_version=$1 if (/^VERSION=(.*)$/);
+    $OPTIONS=$1 if (/^OPTIONS=(.*)$/);
+    $INSTALLTOP=$1 if (/^INSTALLTOP=(.*$)/);
+}
+close(IN);
+die "Makefile is not the toplevel Makefile!\n" if $ssl_version eq "";
+$infile="MINFO";
+%ops=(
+        "VC-WIN32",   "Microsoft Visual C++ [4-6] - Windows NT or 9X",
+        "VC-WIN32-GMAKE", "Microsoft Visual C++ [4-6] - Windows NT or 9X, GNU make",
+        "VC-CE",   "Microsoft eMbedded Visual C++ 3.0 - Windows CE ONLY",
+        "VC-NT",   "Microsoft Visual C++ [4-6] - Windows NT ONLY",
+        "VC-W31-16",  "Microsoft Visual C++ 1.52 - Windows 3.1 - 286",
+        "VC-WIN16",   "Alias for VC-W31-32",
+        "VC-W31-32",  "Microsoft Visual C++ 1.52 - Windows 3.1 - 386+",
+        "VC-MSDOS","Microsoft Visual C++ 1.52 - MSDOS",
+        "Mingw32", "GNU C++ - Windows NT or 9x",
+        "Mingw32-files", "Create files with DOS copy ...",
+        "BC-NT",   "Borland C++ 4.5 - Windows NT",
+        "BC-W31",  "Borland C++ 4.5 - Windows 3.1 - PROBABLY NOT WORKING",
+        "BC-MSDOS","Borland C++ 4.5 - MSDOS",
+        "linux-elf","Linux elf",
+        "ultrix-mips","DEC mips ultrix",
+        "FreeBSD","FreeBSD distribution",
+        "OS2-EMX", "EMX GCC OS/2",
+        "default","cc under unix",
+        );
+$platform="";
+my $xcflags="";
+foreach (@ARGV)
+        {
+        if (!&read_options && !defined($ops{$_}))
+                {
+                print STDERR "unknown option - $_\n";
+                print STDERR "usage: perl mk1mf.pl [options] [system]\n";
+                print STDERR "\nwhere [system] can be one of the following\n";
+                foreach $i (sort keys %ops)
+                { printf STDERR "\t%-10s\t%s\n",$i,$ops{$i}; }
+                print STDERR <<"EOF";
+and [options] can be one of
+        no-md2 no-md4 no-md5 no-sha no-mdc2     - Skip this digest
+        no-ripemd
+        no-rc2 no-rc4 no-rc5 no-idea no-des     - Skip this symetric cipher
+        no-bf no-cast no-aes
+        no-rsa no-dsa no-dh                     - Skip this public key cipher
+        no-ssl2 no-ssl3                         - Skip this version of SSL
+        just-ssl                                - remove all non-ssl keys/digest
+        no-asm                                  - No x86 asm
+        no-krb5                                 - No KRB5
+        no-ec                                   - No EC
+        no-engine                               - No engine
+        no-hw                                   - No hw
+        nasm                                    - Use NASM for x86 asm
+        gaswin                                  - Use GNU as with Mingw32
+        no-socks                                - No socket code
+        no-err                                  - No error strings
+        dll/shlib                               - Build shared libraries (MS)
+        debug                                   - Debug build
+        profile                                 - Profiling build
+        gcc                                     - Use Gcc (unix)
+Values that can be set
+TMP=tmpdir OUT=outdir SRC=srcdir BIN=binpath INC=header-outdir CC=C-compiler
+-L<ex_lib_path> -l<ex_lib>                      - extra library flags (unix)
+-<ex_cc_flags>                                  - extra 'cc' flags,
+                                                  added (MS), or replace (unix)
+EOF
+                exit(1);
+                }
+        $platform=$_;
+        }
+foreach (grep(!/^$/, split(/ /, $OPTIONS)))
+        {
+        print STDERR "unknown option - $_\n" if !&read_options;
+        }
+$no_mdc2=1 if ($no_des);
+$no_ssl3=1 if ($no_md5 || $no_sha);
+$no_ssl3=1 if ($no_rsa && $no_dh);
+$no_ssl2=1 if ($no_md5);
+$no_ssl2=1 if ($no_rsa);
+$out_def="out";
+$inc_def="outinc";
+$tmp_def="tmp";
+$mkdir="-mkdir";
+$mkcanister="ld -r -o";
+$ex_build_targets = "";
+($ssl,$crypto)=("ssl","crypto");
+$cryptocompat = "";
+$ranlib="echo ranlib";
+$cc=(defined($VARS{'CC'}))?$VARS{'CC'}:'cc';
+$src_dir=(defined($VARS{'SRC'}))?$VARS{'SRC'}:'.';
+$bin_dir=(defined($VARS{'BIN'}))?$VARS{'BIN'}:'';
+# $bin_dir.=$o causes a core dump on my sparc :-(
+$NT=0;
+push(@INC,"util/pl","pl");
+if ($platform eq "VC-MSDOS")
+        {
+        $asmbits=16;
+        $msdos=1;
+        require 'VC-16.pl';
+        }
+elsif ($platform eq "VC-W31-16")
+        {
+        $asmbits=16;
+        $msdos=1; $win16=1;
+        require 'VC-16.pl';
+        }
+elsif (($platform eq "VC-W31-32") || ($platform eq "VC-WIN16"))
+        {
+        $asmbits=32;
+        $msdos=1; $win16=1;
+        require 'VC-16.pl';
+        }
+elsif (($platform eq "VC-WIN32") || ($platform eq "VC-NT"))
+        {
+        $NT = 1 if $platform eq "VC-NT";
+        require 'VC-32.pl';
+        }
+elsif ($platform eq "VC-WIN32-GMAKE")
+        {
+        require 'VC-32-GMAKE.pl';
+        }
+elsif ($platform eq "VC-CE")
+        {
+        require 'VC-CE.pl';
+        }
+elsif ($platform eq "Mingw32")
+        {
+        require 'Mingw32.pl';
+        }
+elsif ($platform eq "Mingw32-files")
+        {
+        require 'Mingw32f.pl';
+        }
+elsif ($platform eq "BC-NT")
+        {
+        $bc=1;
+        require 'BC-32.pl';
+        }
+elsif ($platform eq "BC-W31")
+        {
+        $bc=1;
+        $msdos=1; $w16=1;
+        require 'BC-16.pl';
+        }
+elsif ($platform eq "BC-Q16")
+        {
+        $msdos=1; $w16=1; $shlib=0; $qw=1;
+        require 'BC-16.pl';
+        }
+elsif ($platform eq "BC-MSDOS")
+        {
+        $asmbits=16;
+        $msdos=1;
+        require 'BC-16.pl';
+        }
+elsif ($platform eq "FreeBSD")
+        {
+        require 'unix.pl';
+        $cflags='-DTERMIO -D_ANSI_SOURCE -O2 -fomit-frame-pointer';
+        }
+elsif ($platform eq "linux-elf")
+        {
+        require "unix.pl";
+        require "linux.pl";
+        $unix=1;
+        }
+elsif ($platform eq "ultrix-mips")
+        {
+        require "unix.pl";
+        require "ultrix.pl";
+        $unix=1;
+        }
+elsif ($platform eq "OS2-EMX")
+        {
+        $wc=1;
+        require 'OS2-EMX.pl';
+        }
+else
+        {
+        require "unix.pl";
+        $unix=1;
+        $cflags.=' -DTERMIO';
+        }
+$out_dir=(defined($VARS{'OUT'}))?$VARS{'OUT'}:$out_def.($debug?".dbg":"");
+$tmp_dir=(defined($VARS{'TMP'}))?$VARS{'TMP'}:$tmp_def.($debug?".dbg":"");
+$inc_dir=(defined($VARS{'INC'}))?$VARS{'INC'}:$inc_def;
+$bin_dir=$bin_dir.$o unless ((substr($bin_dir,-1,1) eq $o) || ($bin_dir eq ''));
+$cflags= "$xcflags$cflags" if $xcflags ne "";
+$cflags.=" -DOPENSSL_NO_IDEA" if $no_idea;
+$cflags.=" -DOPENSSL_NO_AES"  if $no_aes;
+$cflags.=" -DOPENSSL_NO_RC2"  if $no_rc2;
+$cflags.=" -DOPENSSL_NO_RC4"  if $no_rc4;
+$cflags.=" -DOPENSSL_NO_RC5"  if $no_rc5;
+$cflags.=" -DOPENSSL_NO_MD2"  if $no_md2;
+$cflags.=" -DOPENSSL_NO_MD4"  if $no_md4;
+$cflags.=" -DOPENSSL_NO_MD5"  if $no_md5;
+$cflags.=" -DOPENSSL_NO_SHA"  if $no_sha;
+$cflags.=" -DOPENSSL_NO_SHA1" if $no_sha1;
+$cflags.=" -DOPENSSL_NO_RIPEMD" if $no_ripemd;
+$cflags.=" -DOPENSSL_NO_MDC2" if $no_mdc2;
+$cflags.=" -DOPENSSL_NO_BF"   if $no_bf;
+$cflags.=" -DOPENSSL_NO_CAST" if $no_cast;
+$cflags.=" -DOPENSSL_NO_DES"  if $no_des;
+$cflags.=" -DOPENSSL_NO_RSA"  if $no_rsa;
+$cflags.=" -DOPENSSL_NO_DSA"  if $no_dsa;
+$cflags.=" -DOPENSSL_NO_DH"   if $no_dh;
+$cflags.=" -DOPENSSL_NO_SOCK" if $no_sock;
+$cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2;
+$cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3;
+$cflags.=" -DOPENSSL_NO_ERR"  if $no_err;
+$cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5;
+$cflags.=" -DOPENSSL_NO_EC"   if $no_ec;
+$cflags.=" -DOPENSSL_NO_ENGINE"   if $no_engine;
+$cflags.=" -DOPENSSL_NO_HW"   if $no_hw;
+$cflags.=" -DOPENSSL_FIPS"    if $fips;
+#$cflags.=" -DRSAref"  if $rsaref ne "";
+$cflags.= " -DZLIB" if $zlib_opt;
+$cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
+## if ($unix)
+##      { $cflags="$c_flags" if ($c_flags ne ""); }
+##else
+        { $cflags="$c_flags$cflags" if ($c_flags ne ""); }
+$ex_libs="$l_flags$ex_libs" if ($l_flags ne "");
+%shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL",
+                  "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO");
+if ($msdos)
+        {
+        $banner ="\t\@echo Make sure you have run 'perl Configure $platform' in the\n";
+        $banner.="\t\@echo top level directory, if you don't have perl, you will\n";
+        $banner.="\t\@echo need to probably edit crypto/bn/bn.h, check the\n";
+        $banner.="\t\@echo documentation for details.\n";
+        }
+# have to do this to allow $(CC) under unix
+$link="$bin_dir$link" if ($link !~ /^\$/);
+$INSTALLTOP =~ s|/|$o|g;
+#############################################
+# We parse in input file and 'store' info for later printing.
+open(IN,"<$infile") || die "unable to open $infile:$!\n";
+$_=<IN>;
+for (;;)
+        {
+        chop;
+        ($key,$val)=/^([^=]+)=(.*)/;
+        if ($key eq "RELATIVE_DIRECTORY")
+                {
+                if ($lib ne "")
+                        {
+                        if ($fips && $dir =~ /^fips/)
+                                {
+                                $uc = "FIPS";
+                                }
+                        else
+                                {
+                                $uc=$lib;
+                                $uc =~ s/^lib(.*)\.a/$1/;
+                                $uc =~ tr/a-z/A-Z/;
+                                }
+                        if (($uc ne "FIPS") || $fips_canister_build)
+                                {
+                                $lib_nam{$uc}=$uc;
+                                $lib_obj{$uc}.=$libobj." ";
+                                }
+                        }
+                last if ($val eq "FINISHED");
+                $lib="";
+                $libobj="";
+                $dir=$val;
+                }
+        if ($key eq "KRB5_INCLUDES")
+                { $cflags .= " $val";}
+        if ($key eq "ZLIB_INCLUDE")
+                { $cflags .= " $val" if $val ne "";}
+        if ($key eq "LIBZLIB")
+                { $zlib_lib = "$val" if $val ne "";}
+        if ($key eq "LIBKRB5")
+                { $ex_libs .= " $val" if $val ne "";}
+        if ($key eq "TEST")
+                { $test.=&var_add($dir,$val); }
+        if (($key eq "PROGS") || ($key eq "E_OBJ"))
+                { $e_exe.=&var_add($dir,$val); }
+        if ($key eq "LIB")
+                {
+                $lib=$val;
+                $lib =~ s/^.*\/([^\/]+)$/$1/;
+                }
+        if ($key eq "EXHEADER")
+                { $exheader.=&var_add($dir,$val); }
+        if ($key eq "HEADER")
+                { $header.=&var_add($dir,$val); }
+        if ($key eq "LIBOBJ")
+                { $libobj=&var_add($dir,$val); }
+        if ($key eq "FIPSLIBDIR")
+                { $fipslibdir=$val;}
+        if ($key eq "BASEADDR")
+                { $baseaddr=$val;}
+        if (!($_=<IN>))
+                { $_="RELATIVE_DIRECTORY=FINISHED\n"; }
+        }
+close(IN);
+if ($fips_canister_path eq "")
+        {
+        $fips_canister_path = "\$(FIPSLIB_D)${o}fipscanister.o";
+        }
+if ($fips_premain_c_path eq "")
+        {
+        $fips_premain_c_path = "\$(FIPSLIB_D)${o}fips_premain.c";
+        }
+if ($fips)
+        {
+        if ($fips_sha1_exe_path eq "")
+                {
+                $fips_sha1_exe_path =
+                        "\$(BIN_D)${o}fips_standalone_sha1$exep";
+                }
+        }
+        else
+        {
+        $fips_sha1_exe_path = "";
+        }
+if ($fips_premain_dso_exe_path eq "")
+        {
+        $fips_premain_dso_exe_path = "\$(BIN_D)${o}fips_premain_dso$exep";
+        }
+#       $ex_build_targets .= "\$(BIN_D)${o}\$(E_PREMAIN_DSO)$exep" if ($fips);
+if ($fips)
+        {
+        if (!$shlib)
+                {
+                $ex_build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)";
+                $ex_l_libs .= " \$(O_FIPSCANISTER)";
+                }
+        if ($fipslibdir eq "")
+                {
+                open (IN, "util/fipslib_path.txt") || fipslib_error();
+                $fipslibdir = <IN>;
+                chomp $fipslibdir;
+                close IN;
+                }
+        fips_check_files($fipslibdir,
+                        "fipscanister.o", "fipscanister.o.sha1",
+                        "fips_premain.c", "fips_premain.c.sha1");
+        }
+        
+$defs= <<"EOF";
+# This makefile has been automatically generated from the OpenSSL distribution.
+# This single makefile will build the complete OpenSSL distribution and
+# by default leave the 'intertesting' output files in .${o}out and the stuff
+# that needs deleting in .${o}tmp.
+# The file was generated by running 'make makefile.one', which
+# does a 'make files', which writes all the environment variables from all
+# the makefiles to the file call MINFO.  This file is used by
+# util${o}mk1mf.pl to generate makefile.one.
+# The 'makefile per directory' system suites me when developing this
+# library and also so I can 'distribute' indervidual library sections.
+# The one monster makefile better suits building in non-unix
+# environments.
+EOF
+$defs .= $preamble if defined $preamble;
+if ($platform eq "VC-CE")
+        {
+        $defs.= <<"EOF";
+!INCLUDE <\$(WCECOMPAT)/wcedefs.mak>
+EOF
+        $ex_libs .= " $zlib_lib" if $zlib_opt == 1;
+        }
+$defs.= <<"EOF";
+INSTALLTOP=$INSTALLTOP
+# Set your compiler options
+PLATFORM=$platform
+CC=$bin_dir${cc}
+CFLAG=$cflags
+APP_CFLAG=$app_cflag
+LIB_CFLAG=$lib_cflag
+SHLIB_CFLAG=$shl_cflag
+APP_EX_OBJ=$app_ex_obj
+SHLIB_EX_OBJ=$shlib_ex_obj
+# add extra libraries to this define, for solaris -lsocket -lnsl would
+# be added
+EX_LIBS=$ex_libs
+# The OpenSSL directory
+SRC_D=$src_dir
+LINK=$link
+PERL=perl
+FIPSLINK=\$(PERL) util${o}fipslink.pl
+LFLAGS=$lflags
+BN_ASM_OBJ=$bn_asm_obj
+BN_ASM_SRC=$bn_asm_src
+BNCO_ASM_OBJ=$bnco_asm_obj
+BNCO_ASM_SRC=$bnco_asm_src
+DES_ENC_OBJ=$des_enc_obj
+DES_ENC_SRC=$des_enc_src
+BF_ENC_OBJ=$bf_enc_obj
+BF_ENC_SRC=$bf_enc_src
+CAST_ENC_OBJ=$cast_enc_obj
+CAST_ENC_SRC=$cast_enc_src
+RC4_ENC_OBJ=$rc4_enc_obj
+RC4_ENC_SRC=$rc4_enc_src
+RC5_ENC_OBJ=$rc5_enc_obj
+RC5_ENC_SRC=$rc5_enc_src
+MD5_ASM_OBJ=$md5_asm_obj
+MD5_ASM_SRC=$md5_asm_src
+SHA1_ASM_OBJ=$sha1_asm_obj
+SHA1_ASM_SRC=$sha1_asm_src
+RMD160_ASM_OBJ=$rmd160_asm_obj
+RMD160_ASM_SRC=$rmd160_asm_src
+# The output directory for everything intersting
+OUT_D=$out_dir
+# The output directory for all the temporary muck
+TMP_D=$tmp_dir
+# The output directory for the header files
+INC_D=$inc_dir
+INCO_D=$inc_dir${o}openssl
+# Directory containing FIPS module
+CP=$cp
+RM=$rm
+RANLIB=$ranlib
+MKDIR=$mkdir
+MKLIB=$bin_dir$mklib
+MLFLAGS=$mlflags
+ASM=$bin_dir$asm
+MKCANISTER=$mkcanister
+# FIPS validated module and support file locations
+E_PREMAIN_DSO=fips_premain_dso
+FIPSLIB_D=$fipslibdir
+BASEADDR=$baseaddr
+FIPS_PREMAIN_SRC=$fips_premain_c_path
+O_FIPSCANISTER=$fips_canister_path
+FIPS_SHA1_EXE=$fips_sha1_exe_path
+PREMAIN_DSO_EXE=$fips_premain_dso_exe_path
+######################################################
+# You should not need to touch anything below this point
+######################################################
+E_EXE=openssl
+SSL=$ssl
+CRYPTO=$crypto
+# BIN_D  - Binary output directory
+# TEST_D - Binary test file output directory
+# LIB_D  - library output directory
+# Note: if you change these point to different directories then uncomment out
+# the lines around the 'NB' comment below.
+# 
+BIN_D=\$(OUT_D)
+TEST_D=\$(OUT_D)
+LIB_D=\$(OUT_D)
+# INCL_D - local library directory
+# OBJ_D  - temp object file directory
+OBJ_D=\$(TMP_D)
+INCL_D=\$(TMP_D)
+O_SSL=     \$(LIB_D)$o$plib\$(SSL)$shlibp
+O_CRYPTO=  \$(LIB_D)$o$plib\$(CRYPTO)$shlibp
+SO_SSL=    $plib\$(SSL)$so_shlibp
+SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
+L_SSL=     \$(LIB_D)$o$plib\$(SSL)$libp
+L_CRYPTO=  \$(LIB_D)$o$plib\$(CRYPTO)$libp
+L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs
+######################################################
+# Don't touch anything below this point
+######################################################
+INC=-I\$(INC_D) -I\$(INCL_D)
+APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG)
+LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG)
+SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG)
+LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) $ex_libs_dep
+#############################################
+EOF
+$rules=<<"EOF";
+all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers \$(FIPS_SHA1_EXE) lib exe $ex_build_targets
+banner:
+$banner
+\$(TMP_D):
+        \$(MKDIR) \$(TMP_D)
+# NB: uncomment out these lines if BIN_D, TEST_D and LIB_D are different
+#\$(BIN_D):
+#       \$(MKDIR) \$(BIN_D)
+#
+#\$(TEST_D):
+#       \$(MKDIR) \$(TEST_D)
+\$(LIB_D):
+        \$(MKDIR) \$(LIB_D)
+\$(INCO_D): \$(INC_D)
+        \$(MKDIR) \$(INCO_D)
+\$(INC_D):
+        \$(MKDIR) \$(INC_D)
+headers: \$(HEADER) \$(EXHEADER)
+        @
+lib: \$(LIBS_DEP)
+exe: \$(T_EXE) \$(BIN_D)$o\$(E_EXE)$exep
+install:
+        \$(MKDIR) \$(INSTALLTOP)
+        \$(MKDIR) \$(INSTALLTOP)${o}bin
+        \$(MKDIR) \$(INSTALLTOP)${o}include
+        \$(MKDIR) \$(INSTALLTOP)${o}include${o}openssl
+        \$(MKDIR) \$(INSTALLTOP)${o}lib
+        \$(CP) \$(INCO_D)${o}*.\[ch\] \$(INSTALLTOP)${o}include${o}openssl
+        \$(CP) \$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin
+        \$(CP) \$(O_SSL) \$(INSTALLTOP)${o}lib
+        \$(CP) \$(O_CRYPTO) \$(INSTALLTOP)${o}lib
+clean:
+        \$(RM) \$(TMP_D)$o*.*
+vclean:
+        \$(RM) \$(TMP_D)$o*.*
+        \$(RM) \$(OUT_D)$o*.*
+EOF
+    
+my $platform_cpp_symbol = "MK1MF_PLATFORM_$platform";
+$platform_cpp_symbol =~ s/-/_/g;
+if (open(IN,"crypto/buildinf.h"))
+        {
+        # Remove entry for this platform in existing file buildinf.h.
+        my $old_buildinf_h = "";
+        while (<IN>)
+                {
+                if (/^\#ifdef $platform_cpp_symbol$/)
+                        {
+                        while (<IN>) { last if (/^\#endif/); }
+                        }
+                else
+                        {
+                        $old_buildinf_h .= $_;
+                        }
+                }
+        close(IN);
+        open(OUT,">crypto/buildinf.h") || die "Can't open buildinf.h";
+        print OUT $old_buildinf_h;
+        close(OUT);
+        }
+open (OUT,">>crypto/buildinf.h") || die "Can't open buildinf.h";
+printf OUT <<EOF;
+#ifdef $platform_cpp_symbol
+  /* auto-generated/updated by util/mk1mf.pl for crypto/cversion.c */
+  #define CFLAGS "$cc $cflags"
+  #define PLATFORM "$platform"
+EOF
+printf OUT "  #define DATE \"%s\"\n", scalar gmtime();
+printf OUT "#endif\n";
+close(OUT);
+# Strip of trailing ' '
+foreach (keys %lib_obj) { $lib_obj{$_}=&clean_up_ws($lib_obj{$_}); }
+$test=&clean_up_ws($test);
+$e_exe=&clean_up_ws($e_exe);
+$exheader=&clean_up_ws($exheader);
+$header=&clean_up_ws($header);
+# First we strip the exheaders from the headers list
+foreach (split(/\s+/,$exheader)){ $h{$_}=1; }
+foreach (split(/\s+/,$header))  { $h.=$_." " unless $h{$_}; }
+chop($h); $header=$h;
+$defs.=&do_defs("HEADER",$header,"\$(INCL_D)",".h");
+$rules.=&do_copy_rule("\$(INCL_D)",$header,".h");
+$defs.=&do_defs("EXHEADER",$exheader,"\$(INCO_D)",".h");
+$rules.=&do_copy_rule("\$(INCO_D)",$exheader,".h");
+$defs.=&do_defs("T_OBJ",$test,"\$(OBJ_D)",$obj);
+$rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)");
+$defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj);
+$rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');
+# Special case rules for fips_start and fips_end fips_premain_dso
+if ($fips)
+        {
+        if ($fips_canister_build)
+                {
+                $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_start$obj",
+                        "fips-1.0${o}fips_canister.c",
+                        "-DFIPS_START \$(SHLIB_CFLAGS)");
+                $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_end$obj",
+                        "fips-1.0${o}fips_canister.c", "\$(SHLIB_CFLAGS)");
+                }
+        $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_standalone_sha1$obj",
+                "fips-1.0${o}sha${o}fips_standalone_sha1.c",
+                "\$(SHLIB_CFLAGS)");
+        $rules.=&cc_compile_target("\$(OBJ_D)${o}fips_sha1dgst$obj",
+                "fips-1.0${o}sha${o}fips_sha1dgst.c",
+                "\$(SHLIB_CFLAGS)") unless $fips_canister_build;
+        $rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj",
+                "fips-1.0${o}fips_premain.c",
+                "-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)");
+        }
+foreach (values %lib_nam)
+        {
+        $lib_obj=$lib_obj{$_};
+        local($slib)=$shlib;
+        if (($_ eq "SSL") && $no_ssl2 && $no_ssl3)
+                {
+                $rules.="\$(O_SSL):\n\n"; 
+                next;
+                }
+        if (($bn_asm_obj ne "") && ($_ eq "CRYPTO"))
+                {
+                $lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/;
+                $rules.=&do_asm_rule($bn_asm_obj,$bn_asm_src);
+                }
+        if (($bnco_asm_obj ne "") && ($_ eq "CRYPTO"))
+                {
+                $lib_obj .= "\$(BNCO_ASM_OBJ)";
+                $rules.=&do_asm_rule($bnco_asm_obj,$bnco_asm_src);
+                }
+        if (($des_enc_obj ne "") && ($_ eq "CRYPTO"))
+                {
+                $lib_obj =~ s/\s\S*des_enc\S*/ \$(DES_ENC_OBJ)/;
+                $lib_obj =~ s/\s\S*\/fcrypt_b\S*\s*/ /;
+                $rules.=&do_asm_rule($des_enc_obj,$des_enc_src);
+                }
+        if (($bf_enc_obj ne "") && ($_ eq "CRYPTO"))
+                {
+                $lib_obj =~ s/\s\S*\/bf_enc\S*/ \$(BF_ENC_OBJ)/;
+                $rules.=&do_asm_rule($bf_enc_obj,$bf_enc_src);
+                }
+        if (($cast_enc_obj ne "") && ($_ eq "CRYPTO"))
+                {
+                $lib_obj =~ s/(\s\S*\/c_enc\S*)/ \$(CAST_ENC_OBJ)/;
+                $rules.=&do_asm_rule($cast_enc_obj,$cast_enc_src);
+                }
+        if (($rc4_enc_obj ne "") && ($_ eq "CRYPTO"))
+                {
+                $lib_obj =~ s/\s\S*\/rc4_enc\S*/ \$(RC4_ENC_OBJ)/;
+                $rules.=&do_asm_rule($rc4_enc_obj,$rc4_enc_src);
+                }
+        if (($rc5_enc_obj ne "") && ($_ eq "CRYPTO"))
+                {
+                $lib_obj =~ s/\s\S*\/rc5_enc\S*/ \$(RC5_ENC_OBJ)/;
+                $rules.=&do_asm_rule($rc5_enc_obj,$rc5_enc_src);
+                }
+        if (($md5_asm_obj ne "") && ($_ eq "CRYPTO"))
+                {
+                $lib_obj =~ s/\s(\S*\/md5_dgst\S*)/ $1 \$(MD5_ASM_OBJ)/;
+                $rules.=&do_asm_rule($md5_asm_obj,$md5_asm_src);
+                }
+        if (($sha1_asm_obj ne "") && ($_ eq "CRYPTO"))
+                {
+                $lib_obj =~ s/\s(\S*\/sha1dgst\S*)/ $1 \$(SHA1_ASM_OBJ)/;
+                $rules.=&do_asm_rule($sha1_asm_obj,$sha1_asm_src);
+                }
+        if (($rmd160_asm_obj ne "") && ($_ eq "CRYPTO"))
+                {
+                $lib_obj =~ s/\s(\S*\/rmd_dgst\S*)/ $1 \$(RMD160_ASM_OBJ)/;
+                $rules.=&do_asm_rule($rmd160_asm_obj,$rmd160_asm_src);
+                }
+        $defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj);
+        $lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:" \$(LIB_CFLAGS)";
+        $rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib);
+        }
+$defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep);
+foreach (split(/\s+/,$test))
+        {
+        $t=&bname($_);
+        $tt="\$(OBJ_D)${o}$t${obj}";
+        $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
+        }
+$rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
+if ($fips)
+        {
+        if ($shlib)
+                {
+                $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
+                        "\$(O_CRYPTO)",
+                        "$crypto",
+                        $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");
+                }
+        else
+                {
+                $rules.= &do_lib_rule("\$(CRYPTOOBJ)",
+                        "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", "");
+                $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
+                        "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", "");
+                }
+        }
+        else
+        {
+        $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,
+                                                        "\$(SO_CRYPTO)");
+        }
+if ($fips)
+        {
+        $rules.= &do_rlink_rule("\$(O_FIPSCANISTER)", "\$(OBJ_D)${o}fips_start$obj \$(FIPSOBJ) \$(OBJ_D)${o}fips_end$obj", "\$(FIPSLIB_D)${o}fips_standalone_sha1$exep", "") if $fips_canister_build;
+        $rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1);
+        
+        $rules.=&do_link_rule("\$(FIPS_SHA1_EXE)","\$(OBJ_D)${o}fips_standalone_sha1$obj \$(OBJ_D)${o}fips_sha1dgst$obj","","", 1);
+        }
+        $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)",0);
+print $defs;
+if ($platform eq "linux-elf") {
+    print <<"EOF";
+# Generate perlasm output files
+%.cpp:
+        (cd \$(\@D)/..; PERL=perl make -f Makefile asm/\$(\@F))
+EOF
+}
+print "###################################################################\n";
+print $rules;
+###############################################
+# strip off any trailing .[och] and append the relative directory
+# also remembering to do nothing if we are in one of the dropped
+# directories
+sub var_add
+        {
+        local($dir,$val)=@_;
+        local(@a,$_,$ret);
+        return("") if $no_engine && $dir =~ /\/engine/;
+        return("") if $no_hw   && $dir =~ /\/hw/;
+        return("") if $no_idea && $dir =~ /\/idea/;
+        return("") if $no_aes  && $dir =~ /\/aes/;
+        return("") if $no_rc2  && $dir =~ /\/rc2/;
+        return("") if $no_rc4  && $dir =~ /\/rc4/;
+        return("") if $no_rc5  && $dir =~ /\/rc5/;
+        return("") if $no_rsa  && $dir =~ /\/rsa/;
+        return("") if $no_rsa  && $dir =~ /^rsaref/;
+        return("") if $no_dsa  && $dir =~ /\/dsa/;
+        return("") if $no_dh   && $dir =~ /\/dh/;
+        return("") if $no_ec   && $dir =~ /\/ec/;
+        if ($no_des && $dir =~ /\/des/)
+                {
+                if ($val =~ /read_pwd/)
+                        { return("$dir/read_pwd "); }
+                else
+                        { return(""); }
+                }
+        return("") if $no_mdc2 && $dir =~ /\/mdc2/;
+        return("") if $no_sock && $dir =~ /\/proxy/;
+        return("") if $no_bf   && $dir =~ /\/bf/;
+        return("") if $no_cast && $dir =~ /\/cast/;
+        $val =~ s/^\s*(.*)\s*$/$1/;
+        @a=split(/\s+/,$val);
+        grep(s/\.[och]$//,@a);
+        @a=grep(!/^e_.*_3d$/,@a) if $no_des;
+        @a=grep(!/^e_.*_d$/,@a) if $no_des;
+        @a=grep(!/^e_.*_ae$/,@a) if $no_idea;
+        @a=grep(!/^e_.*_i$/,@a) if $no_aes;
+        @a=grep(!/^e_.*_r2$/,@a) if $no_rc2;
+        @a=grep(!/^e_.*_r5$/,@a) if $no_rc5;
+        @a=grep(!/^e_.*_bf$/,@a) if $no_bf;
+        @a=grep(!/^e_.*_c$/,@a) if $no_cast;
+        @a=grep(!/^e_rc4$/,@a) if $no_rc4;
+        @a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2;
+        @a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3;
+        @a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/,@a) if $no_sock;
+        @a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
+        @a=grep(!/(^md4)|(_md4$)/,@a) if $no_md4;
+        @a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
+        @a=grep(!/(rmd)|(ripemd)/,@a) if $no_ripemd;
+        @a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa;
+        @a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa;
+        @a=grep(!/(^pem_seal$)/,@a) if $no_rsa;
+        @a=grep(!/(m_dss$)|(m_dss1$)/,@a) if $no_dsa;
+        @a=grep(!/(^d2i_s_)|(^i2d_s_)|(_dsap$)/,@a) if $no_dsa;
+        @a=grep(!/^n_pkey$/,@a) if $no_rsa || $no_rc4;
+        @a=grep(!/_dhp$/,@a) if $no_dh;
+        @a=grep(!/(^sha[^1])|(_sha$)|(m_dss$)/,@a) if $no_sha;
+        @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
+        @a=grep(!/_mdc2$/,@a) if $no_mdc2;
+        @a=grep(!/^engine$/,@a) if $no_engine;
+        @a=grep(!/^hw$/,@a) if $no_hw;
+        @a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa;
+        @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa;
+        @a=grep(!/^gendsa$/,@a) if $no_sha1;
+        @a=grep(!/(^dh$)|(^gendh$)/,@a) if $no_dh;
+        @a=grep(!/(^dh)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
+        grep($_="$dir/$_",@a);
+        @a=grep(!/(^|\/)s_/,@a) if $no_sock;
+        @a=grep(!/(^|\/)bio_sock/,@a) if $no_sock;
+        $ret=join(' ',@a)." ";
+        return($ret);
+        }
+# change things so that each 'token' is only separated by one space
+sub clean_up_ws
+        {
+        local($w)=@_;
+        $w =~ s/^\s*(.*)\s*$/$1/;
+        $w =~ s/\s+/ /g;
+        return($w);
+        }
+sub do_defs
+        {
+        local($var,$files,$location,$postfix)=@_;
+        local($_,$ret,$pf);
+        local(*OUT,$tmp,$t);
+        $files =~ s/\//$o/g if $o ne '/';
+        $ret="$var="; 
+        $n=1;
+        $Vars{$var}.="";
+        foreach (split(/ /,$files))
+                {
+                $orig=$_;
+                $_=&bname($_) unless /^\$/;
+                if ($n++ == 2)
+                        {
+                        $n=0;
+                        $ret.="\\\n\t";
+                        }
+                if (($_ =~ /bss_file/) && ($postfix eq ".h"))
+                        { $pf=".c"; }
+                else    { $pf=$postfix; }
+                if ($_ =~ /BN_ASM/)     { $t="$_ "; }
+                elsif ($_ =~ /BNCO_ASM/){ $t="$_ "; }
+                elsif ($_ =~ /DES_ENC/) { $t="$_ "; }
+                elsif ($_ =~ /BF_ENC/)  { $t="$_ "; }
+                elsif ($_ =~ /CAST_ENC/){ $t="$_ "; }
+                elsif ($_ =~ /RC4_ENC/) { $t="$_ "; }
+                elsif ($_ =~ /RC5_ENC/) { $t="$_ "; }
+                elsif ($_ =~ /MD5_ASM/) { $t="$_ "; }
+                elsif ($_ =~ /SHA1_ASM/){ $t="$_ "; }
+                elsif ($_ =~ /RMD160_ASM/){ $t="$_ "; }
+                else    { $t="$location${o}$_$pf "; }
+                $Vars{$var}.="$t ";
+                $ret.=$t;
+                }
+        chop($ret);
+        $ret.="\n\n";
+        return($ret);
+        }
+# return the name with the leading path removed
+sub bname
+        {
+        local($ret)=@_;
+        $ret =~ s/^.*[\\\/]([^\\\/]+)$/$1/;
+        return($ret);
+        }
+##############################################################
+# do a rule for each file that says 'compile' to new direcory
+# compile the files in '$files' into $to
+sub do_compile_rule
+        {
+        local($to,$files,$ex)=@_;
+        local($ret,$_,$n);
+        
+        $files =~ s/\//$o/g if $o ne '/';
+        foreach (split(/\s+/,$files))
+                {
+                $n=&bname($_);
+                $ret.=&cc_compile_target("$to${o}$n$obj","${_}.c",$ex)
+                }
+        return($ret);
+        }
+##############################################################
+# do a rule for each file that says 'compile' to new direcory
+sub cc_compile_target
+        {
+        local($target,$source,$ex_flags)=@_;
+        local($ret);
+        
+        $ex_flags.=" -DMK1MF_BUILD -D$platform_cpp_symbol" if ($source =~ /cversion/);
+        $target =~ s/\//$o/g if $o ne "/";
+        $source =~ s/\//$o/g if $o ne "/";
+        $ret ="$target: \$(SRC_D)$o$source\n\t";
+        $ret.="\$(CC) ${ofile}$target $ex_flags -c \$(SRC_D)$o$source\n\n";
+        return($ret);
+        }
+##############################################################
+sub do_asm_rule
+        {
+        local($target,$src)=@_;
+        local($ret,@s,@t,$i);
+        $target =~ s/\//$o/g if $o ne "/";
+        $src =~ s/\//$o/g if $o ne "/";
+        @s=split(/\s+/,$src);
+        @t=split(/\s+/,$target);
+        for ($i=0; $i<=$#s; $i++)
+                {
+                $ret.="$t[$i]: $s[$i]\n";
+                $ret.="\t\$(ASM) $afile$t[$i] \$(SRC_D)$o$s[$i]\n\n";
+                }
+        return($ret);
+        }
+sub do_shlib_rule
+        {
+        local($n,$def)=@_;
+        local($ret,$nn);
+        local($t);
+        ($nn=$n) =~ tr/a-z/A-Z/;
+        $ret.="$n.dll: \$(${nn}OBJ)\n";
+        if ($vc && $w32)
+                {
+                $ret.="\t\$(MKSHLIB) $efile$n.dll $def @<<\n  \$(${nn}OBJ_F)\n<<\n";
+                }
+        $ret.="\n";
+        return($ret);
+        }
+# do a rule for each file that says 'copy' to new direcory on change
+sub do_copy_rule
+        {
+        local($to,$files,$p)=@_;
+        local($ret,$_,$n,$pp);
+        
+        $files =~ s/\//$o/g if $o ne '/';
+        foreach (split(/\s+/,$files))
+                {
+                $n=&bname($_);
+                if ($n =~ /bss_file/)
+                        { $pp=".c"; }
+                else    { $pp=$p; }
+                $ret.="$to${o}$n$pp: \$(SRC_D)$o$_$pp\n\t\$(CP) \$(SRC_D)$o$_$pp $to${o}$n$pp\n\n";
+                }
+        return($ret);
+        }
+sub read_options
+        {
+        if    (/^no-rc2$/)      { $no_rc2=1; }
+        elsif (/^no-rc4$/)      { $no_rc4=1; }
+        elsif (/^no-rc5$/)      { $no_rc5=1; }
+        elsif (/^no-idea$/)     { $no_idea=1; }
+        elsif (/^no-aes$/)      { $no_aes=1; }
+        elsif (/^no-des$/)      { $no_des=1; }
+        elsif (/^no-bf$/)       { $no_bf=1; }
+        elsif (/^no-cast$/)     { $no_cast=1; }
+        elsif (/^no-md2$/)      { $no_md2=1; }
+        elsif (/^no-md4$/)      { $no_md4=1; }
+        elsif (/^no-md5$/)      { $no_md5=1; }
+        elsif (/^no-sha$/)      { $no_sha=1; }
+        elsif (/^no-sha1$/)     { $no_sha1=1; }
+        elsif (/^no-ripemd$/)   { $no_ripemd=1; }
+        elsif (/^no-mdc2$/)     { $no_mdc2=1; }
+        elsif (/^no-patents$/)  { $no_rc2=$no_rc4=$no_rc5=$no_idea=$no_rsa=1; }
+        elsif (/^no-rsa$/)      { $no_rsa=1; }
+        elsif (/^no-dsa$/)      { $no_dsa=1; }
+        elsif (/^no-dh$/)       { $no_dh=1; }
+        elsif (/^no-hmac$/)     { $no_hmac=1; }
+        elsif (/^no-aes$/)      { $no_aes=1; }
+        elsif (/^no-asm$/)      { $no_asm=1; }
+        elsif (/^nasm$/)        { $nasm=1; }
+        elsif (/^gaswin$/)      { $gaswin=1; }
+        elsif (/^no-ssl2$/)     { $no_ssl2=1; }
+        elsif (/^no-ssl3$/)     { $no_ssl3=1; }
+        elsif (/^no-err$/)      { $no_err=1; }
+        elsif (/^no-sock$/)     { $no_sock=1; }
+        elsif (/^no-krb5$/)     { $no_krb5=1; }
+        elsif (/^no-ec$/)       { $no_ec=1; }
+        elsif (/^no-engine$/)   { $no_engine=1; }
+        elsif (/^no-hw$/)       { $no_hw=1; }
+        elsif (/^just-ssl$/)    { $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1;
+                                  $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1;
+                                  $no_ssl2=$no_err=$no_ripemd=$no_rc5=1;
+                                  $no_aes=1; }
+        elsif (/^rsaref$/)      { }
+        elsif (/^fips$/)        { $fips=1; }
+        elsif (/^gcc$/)         { $gcc=1; }
+        elsif (/^debug$/)       { $debug=1; }
+        elsif (/^profile$/)     { $profile=1; }
+        elsif (/^shlib$/)       { $shlib=1; }
+        elsif (/^dll$/)         { $shlib=1; }
+        elsif (/^shared$/)      { } # We just need to ignore it for now...
+        elsif (/^zlib$/) { $zlib_opt = 1 if $zlib_opt == 0 }
+        elsif (/^zlib-dynamic$/){ $zlib_opt = 2; }
+        elsif (/^--with-krb5-flavor=(.*)$/)
+                {
+                my $krb5_flavor = $1;
+                if ($krb5_flavor =~ /^force-[Hh]eimdal$/)
+                        {
+                        $xcflags="-DKRB5_HEIMDAL $xcflags";
+                        }
+                elsif ($krb5_flavor =~ /^MIT/i)
+                        {
+                        $xcflags="-DKRB5_MIT $xcflags";
+                        if ($krb5_flavor =~ /^MIT[._-]*1[._-]*[01]/i)
+                                {
+                                $xcflags="-DKRB5_MIT_OLD11 $xcflags"
+                                }
+                        }
+                }
+        elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
+        elsif (/^-[lL].*$/)     { $l_flags.="$_ "; }
+        elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)
+                { $c_flags.="$_ "; }
+        else { return(0); }
+        return(1);
+        }
+sub fipslib_error
+        {
+        print STDERR "***FIPS module directory sanity check failed***\n";
+        print STDERR "FIPS module build failed, or was deleted\n";
+        print STDERR "Please rebuild FIPS module.\n"; 
+        exit 1;
+        }
+sub fips_check_files
+        {
+        my $dir = shift @_;
+        my $ret = 1;
+        if (!-d $dir)
+                {
+                print STDERR "FIPS module directory $dir does not exist\n";
+                fipslib_error();
+                }
+        foreach (@_)
+                {
+                if (!-f "$dir${o}$_")
+                        {
+                        print STDERR "FIPS module file $_ does not exist!\n";
+                        $ret = 0;
+                        }
+                }
+        fipslib_error() if ($ret == 0);
+        }
diff --git a/src/lib/libcrypto/util/mkcerts.sh b/src/lib/libcrypto/util/mkcerts.sh
new file mode 100644
index 0000000000..0184fcb70e
--- /dev/null
+++ b/src/lib/libcrypto/util/mkcerts.sh
@@ -0,0 +1,220 @@
+#!/bin/sh
+# This script will re-make all the required certs.
+# cd apps
+# sh ../util/mkcerts.sh
+# mv ca-cert.pem pca-cert.pem ../certs
+# cd ..
+# cat certs/*.pem >>apps/server.pem
+# cat certs/*.pem >>apps/server2.pem
+# SSLEAY=`pwd`/apps/ssleay; export SSLEAY
+# sh tools/c_rehash certs
+#
+ 
+CAbits=1024
+SSLEAY="../apps/openssl"
+CONF="-config ../apps/openssl.cnf"
+# create pca request.
+echo creating $CAbits bit PCA cert request
+$SSLEAY req $CONF \
+        -new -md5 -newkey $CAbits \
+        -keyout pca-key.pem \
+        -out pca-req.pem -nodes >/dev/null <<EOF
+AU
+Queensland
+.
+CryptSoft Pty Ltd
+.
+Test PCA (1024 bit)
+EOF
+if [ $? != 0 ]; then
+        echo problems generating PCA request
+        exit 1
+fi
+#sign it.
+echo
+echo self signing PCA
+$SSLEAY x509 -md5 -days 1461 \
+        -req -signkey pca-key.pem \
+        -CAcreateserial -CAserial pca-cert.srl \
+        -in pca-req.pem -out pca-cert.pem
+if [ $? != 0 ]; then
+        echo problems self signing PCA cert
+        exit 1
+fi
+echo
+# create ca request.
+echo creating $CAbits bit CA cert request
+$SSLEAY req $CONF \
+        -new -md5 -newkey $CAbits \
+        -keyout ca-key.pem \
+        -out ca-req.pem -nodes >/dev/null <<EOF
+AU
+Queensland
+.
+CryptSoft Pty Ltd
+.
+Test CA (1024 bit)
+EOF
+if [ $? != 0 ]; then
+        echo problems generating CA request
+        exit 1
+fi
+#sign it.
+echo
+echo signing CA
+$SSLEAY x509 -md5 -days 1461 \
+        -req \
+        -CAcreateserial -CAserial pca-cert.srl \
+        -CA pca-cert.pem -CAkey pca-key.pem \
+        -in ca-req.pem -out ca-cert.pem
+if [ $? != 0 ]; then
+        echo problems signing CA cert
+        exit 1
+fi
+echo
+# create server request.
+echo creating 512 bit server cert request
+$SSLEAY req $CONF \
+        -new -md5 -newkey 512 \
+        -keyout s512-key.pem \
+        -out s512-req.pem -nodes >/dev/null <<EOF
+AU
+Queensland
+.
+CryptSoft Pty Ltd
+.
+Server test cert (512 bit)
+EOF
+if [ $? != 0 ]; then
+        echo problems generating 512 bit server cert request
+        exit 1
+fi
+#sign it.
+echo
+echo signing 512 bit server cert
+$SSLEAY x509 -md5 -days 365 \
+        -req \
+        -CAcreateserial -CAserial ca-cert.srl \
+        -CA ca-cert.pem -CAkey ca-key.pem \
+        -in s512-req.pem -out server.pem
+if [ $? != 0 ]; then
+        echo problems signing 512 bit server cert
+        exit 1
+fi
+echo
+# create 1024 bit server request.
+echo creating 1024 bit server cert request
+$SSLEAY req $CONF \
+        -new -md5 -newkey 1024 \
+        -keyout s1024key.pem \
+        -out s1024req.pem -nodes >/dev/null <<EOF
+AU
+Queensland
+.
+CryptSoft Pty Ltd
+.
+Server test cert (1024 bit)
+EOF
+if [ $? != 0 ]; then
+        echo problems generating 1024 bit server cert request
+        exit 1
+fi
+#sign it.
+echo
+echo signing 1024 bit server cert
+$SSLEAY x509 -md5 -days 365 \
+        -req \
+        -CAcreateserial -CAserial ca-cert.srl \
+        -CA ca-cert.pem -CAkey ca-key.pem \
+        -in s1024req.pem -out server2.pem
+if [ $? != 0 ]; then
+        echo problems signing 1024 bit server cert
+        exit 1
+fi
+echo
+# create 512 bit client request.
+echo creating 512 bit client cert request
+$SSLEAY req $CONF \
+        -new -md5 -newkey 512 \
+        -keyout c512-key.pem \
+        -out c512-req.pem -nodes >/dev/null <<EOF
+AU
+Queensland
+.
+CryptSoft Pty Ltd
+.
+Client test cert (512 bit)
+EOF
+if [ $? != 0 ]; then
+        echo problems generating 512 bit client cert request
+        exit 1
+fi
+#sign it.
+echo
+echo signing 512 bit client cert
+$SSLEAY x509 -md5 -days 365 \
+        -req \
+        -CAcreateserial -CAserial ca-cert.srl \
+        -CA ca-cert.pem -CAkey ca-key.pem \
+        -in c512-req.pem -out client.pem
+if [ $? != 0 ]; then
+        echo problems signing 512 bit client cert
+        exit 1
+fi
+echo cleanup
+cat pca-key.pem  >> pca-cert.pem
+cat ca-key.pem   >> ca-cert.pem
+cat s512-key.pem >> server.pem
+cat s1024key.pem >> server2.pem
+cat c512-key.pem >> client.pem
+for i in pca-cert.pem ca-cert.pem server.pem server2.pem client.pem
+do
+$SSLEAY x509 -issuer -subject -in $i -noout >$$
+cat $$
+/bin/cat $i >>$$
+/bin/mv $$ $i
+done
+#/bin/rm -f *key.pem *req.pem *.srl
+echo Finished
diff --git a/src/lib/libcrypto/util/mkdef.pl b/src/lib/libcrypto/util/mkdef.pl
new file mode 100644
index 0000000000..6c1e53bb14
--- /dev/null
+++ b/src/lib/libcrypto/util/mkdef.pl
@@ -0,0 +1,1407 @@
+#!/usr/local/bin/perl -w
+#
+# generate a .def file
+#
+# It does this by parsing the header files and looking for the
+# prototyped functions: it then prunes the output.
+#
+# Intermediary files are created, call libeay.num and ssleay.num,...
+# Previously, they had the following format:
+#
+#       routine-name    nnnn
+#
+# But that isn't enough for a number of reasons, the first on being that
+# this format is (needlessly) very Win32-centric, and even then...
+# One of the biggest problems is that there's no information about what
+# routines should actually be used, which varies with what crypto algorithms
+# are disabled.  Also, some operating systems (for example VMS with VAX C)
+# need to keep track of the global variables as well as the functions.
+#
+# So, a remake of this script is done so as to include information on the
+# kind of symbol it is (function or variable) and what algorithms they're
+# part of.  This will allow easy translating to .def files or the corresponding
+# file in other operating systems (a .opt file for VMS, possibly with a .mar
+# file).
+#
+# The format now becomes:
+#
+#       routine-name    nnnn    info
+#
+# and the "info" part is actually a colon-separated string of fields with
+# the following meaning:
+#
+#       existence:platform:kind:algorithms
+#
+# - "existence" can be "EXIST" or "NOEXIST" depending on if the symbol is
+#   found somewhere in the source, 
+# - "platforms" is empty if it exists on all platforms, otherwise it contains
+#   comma-separated list of the platform, just as they are if the symbol exists
+#   for those platforms, or prepended with a "!" if not.  This helps resolve
+#   symbol name variants for platforms where the names are too long for the
+#   compiler or linker, or if the systems is case insensitive and there is a
+#   clash, or the symbol is implemented differently (see
+#   EXPORT_VAR_AS_FUNCTION).  This script assumes renaming of symbols is found
+#   in the file crypto/symhacks.h.
+#   The semantics for the platforms is that every item is checked against the
+#   environment.  For the negative items ("!FOO"), if any of them is false
+#   (i.e. "FOO" is true) in the environment, the corresponding symbol can't be
+#   used.  For the positive itms, if all of them are false in the environment,
+#   the corresponding symbol can't be used.  Any combination of positive and
+#   negative items are possible, and of course leave room for some redundancy.
+# - "kind" is "FUNCTION" or "VARIABLE".  The meaning of that is obvious.
+# - "algorithms" is a comma-separated list of algorithm names.  This helps
+#   exclude symbols that are part of an algorithm that some user wants to
+#   exclude.
+#
+my $debug=0;
+my $crypto_num= "util/libeay.num";
+my $ssl_num=    "util/ssleay.num";
+my $libname;
+my $do_update = 0;
+my $do_rewrite = 1;
+my $do_crypto = 0;
+my $do_ssl = 0;
+my $do_ctest = 0;
+my $do_ctestall = 0;
+my $do_checkexist = 0;
+my $VMSVAX=0;
+my $VMSAlpha=0;
+my $VMS=0;
+my $W32=0;
+my $W16=0;
+my $NT=0;
+my $OS2=0;
+# Set this to make typesafe STACK definitions appear in DEF
+my $safe_stack_def = 0;
+my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT",
+                        "EXPORT_VAR_AS_FUNCTION", "OPENSSL_FIPS" );
+my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" );
+my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
+                         "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
+                         "SHA256", "SHA512", "RIPEMD",
+                         "MDC2", "RSA", "DSA", "DH", "EC", "HMAC", "AES",
+                         # Envelope "algorithms"
+                         "EVP", "X509", "ASN1_TYPEDEFS",
+                         # Helper "algorithms"
+                         "BIO", "COMP", "BUFFER", "LHASH", "STACK", "ERR",
+                         "LOCKING",
+                         # External "algorithms"
+                         "FP_API", "STDIO", "SOCK", "KRB5", "ENGINE", "HW" );
+my $options="";
+open(IN,"<Makefile") || die "unable to open Makefile!\n";
+while(<IN>) {
+    $options=$1 if (/^OPTIONS=(.*)$/);
+}
+close(IN);
+# The following ciphers may be excluded (by Configure). This means functions
+# defined with ifndef(NO_XXX) are not included in the .def file, and everything
+# in directory xxx is ignored.
+my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf;
+my $no_cast;
+my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
+my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
+my $no_ec; my $no_engine; my $no_hw;
+my $no_fp_api;
+my $fips;
+foreach (@ARGV, split(/ /, $options))
+        {
+        $debug=1 if $_ eq "debug";
+        $W32=1 if $_ eq "32";
+        $W16=1 if $_ eq "16";
+        if($_ eq "NT") {
+                $W32 = 1;
+                $NT = 1;
+        }
+        if ($_ eq "VMS-VAX") {
+                $VMS=1;
+                $VMSVAX=1;
+        }
+        if ($_ eq "VMS-Alpha") {
+                $VMS=1;
+                $VMSAlpha=1;
+        }
+        $VMS=1 if $_ eq "VMS";
+        $OS2=1 if $_ eq "OS2";
+        $fips=1 if $_ eq "fips";
+        $do_ssl=1 if $_ eq "ssleay";
+        if ($_ eq "ssl") {
+                $do_ssl=1; 
+                $libname=$_
+        }
+        $do_crypto=1 if $_ eq "libeay";
+        if ($_ eq "crypto") {
+                $do_crypto=1;
+                $libname=$_;
+        }
+        $do_update=1 if $_ eq "update";
+        $do_rewrite=1 if $_ eq "rewrite";
+        $do_ctest=1 if $_ eq "ctest";
+        $do_ctestall=1 if $_ eq "ctestall";
+        $do_checkexist=1 if $_ eq "exist";
+        #$safe_stack_def=1 if $_ eq "-DDEBUG_SAFESTACK";
+        if    (/^no-rc2$/)      { $no_rc2=1; }
+        elsif (/^no-rc4$/)      { $no_rc4=1; }
+        elsif (/^no-rc5$/)      { $no_rc5=1; }
+        elsif (/^no-idea$/)     { $no_idea=1; }
+        elsif (/^no-des$/)      { $no_des=1; $no_mdc2=1; }
+        elsif (/^no-bf$/)       { $no_bf=1; }
+        elsif (/^no-cast$/)     { $no_cast=1; }
+        elsif (/^no-md2$/)      { $no_md2=1; }
+        elsif (/^no-md4$/)      { $no_md4=1; }
+        elsif (/^no-md5$/)      { $no_md5=1; }
+        elsif (/^no-sha$/)      { $no_sha=1; }
+        elsif (/^no-ripemd$/)   { $no_ripemd=1; }
+        elsif (/^no-mdc2$/)     { $no_mdc2=1; }
+        elsif (/^no-rsa$/)      { $no_rsa=1; }
+        elsif (/^no-dsa$/)      { $no_dsa=1; }
+        elsif (/^no-dh$/)       { $no_dh=1; }
+        elsif (/^no-ec$/)       { $no_ec=1; }
+        elsif (/^no-hmac$/)     { $no_hmac=1; }
+        elsif (/^no-aes$/)      { $no_aes=1; }
+        elsif (/^no-evp$/)      { $no_evp=1; }
+        elsif (/^no-lhash$/)    { $no_lhash=1; }
+        elsif (/^no-stack$/)    { $no_stack=1; }
+        elsif (/^no-err$/)      { $no_err=1; }
+        elsif (/^no-buffer$/)   { $no_buffer=1; }
+        elsif (/^no-bio$/)      { $no_bio=1; }
+        #elsif (/^no-locking$/) { $no_locking=1; }
+        elsif (/^no-comp$/)     { $no_comp=1; }
+        elsif (/^no-dso$/)      { $no_dso=1; }
+        elsif (/^no-krb5$/)     { $no_krb5=1; }
+        elsif (/^no-engine$/)   { $no_engine=1; }
+        elsif (/^no-hw$/)       { $no_hw=1; }
+        }
+if (!$libname) { 
+        if ($do_ssl) {
+                $libname="SSLEAY";
+        }
+        if ($do_crypto) {
+                $libname="LIBEAY";
+        }
+}
+# If no platform is given, assume WIN32
+if ($W32 + $W16 + $VMS + $OS2 == 0) {
+        $W32 = 1;
+}
+# Add extra knowledge
+if ($W16) {
+        $no_fp_api=1;
+}
+if (!$do_ssl && !$do_crypto)
+        {
+        print STDERR "usage: $0 ( ssl | crypto ) [ 16 | 32 | NT | OS2 ]\n";
+        exit(1);
+        }
+%ssl_list=&load_numbers($ssl_num);
+$max_ssl = $max_num;
+%crypto_list=&load_numbers($crypto_num);
+$max_crypto = $max_num;
+my $ssl="ssl/ssl.h";
+$ssl.=" ssl/kssl.h";
+my $crypto ="crypto/crypto.h";
+$crypto.=" crypto/des/des.h crypto/des/des_old.h" ; # unless $no_des;
+$crypto.=" crypto/idea/idea.h" ; # unless $no_idea;
+$crypto.=" crypto/rc4/rc4.h" ; # unless $no_rc4;
+$crypto.=" crypto/rc5/rc5.h" ; # unless $no_rc5;
+$crypto.=" crypto/rc2/rc2.h" ; # unless $no_rc2;
+$crypto.=" crypto/bf/blowfish.h" ; # unless $no_bf;
+$crypto.=" crypto/cast/cast.h" ; # unless $no_cast;
+$crypto.=" crypto/md2/md2.h" ; # unless $no_md2;
+$crypto.=" crypto/md4/md4.h" ; # unless $no_md4;
+$crypto.=" crypto/md5/md5.h" ; # unless $no_md5;
+$crypto.=" crypto/mdc2/mdc2.h" ; # unless $no_mdc2;
+$crypto.=" crypto/sha/sha.h" ; # unless $no_sha;
+$crypto.=" crypto/ripemd/ripemd.h" ; # unless $no_ripemd;
+$crypto.=" crypto/aes/aes.h" ; # unless $no_aes;
+$crypto.=" crypto/bn/bn.h";
+$crypto.=" crypto/rsa/rsa.h" ; # unless $no_rsa;
+$crypto.=" crypto/dsa/dsa.h" ; # unless $no_dsa;
+$crypto.=" crypto/dh/dh.h" ; # unless $no_dh;
+$crypto.=" crypto/ec/ec.h" ; # unless $no_ec;
+$crypto.=" crypto/hmac/hmac.h" ; # unless $no_hmac;
+$crypto.=" crypto/engine/engine.h"; # unless $no_engine;
+$crypto.=" crypto/stack/stack.h" ; # unless $no_stack;
+$crypto.=" crypto/buffer/buffer.h" ; # unless $no_buffer;
+$crypto.=" crypto/bio/bio.h" ; # unless $no_bio;
+$crypto.=" crypto/dso/dso.h" ; # unless $no_dso;
+$crypto.=" crypto/lhash/lhash.h" ; # unless $no_lhash;
+$crypto.=" crypto/conf/conf.h";
+$crypto.=" crypto/txt_db/txt_db.h";
+$crypto.=" crypto/evp/evp.h" ; # unless $no_evp;
+$crypto.=" crypto/objects/objects.h";
+$crypto.=" crypto/pem/pem.h";
+#$crypto.=" crypto/meth/meth.h";
+$crypto.=" crypto/asn1/asn1.h";
+$crypto.=" crypto/asn1/asn1t.h";
+$crypto.=" crypto/asn1/asn1_mac.h";
+$crypto.=" crypto/err/err.h" ; # unless $no_err;
+$crypto.=" crypto/pkcs7/pkcs7.h";
+$crypto.=" crypto/pkcs12/pkcs12.h";
+$crypto.=" crypto/x509/x509.h";
+$crypto.=" crypto/x509/x509_vfy.h";
+$crypto.=" crypto/x509v3/x509v3.h";
+$crypto.=" crypto/rand/rand.h";
+$crypto.=" crypto/comp/comp.h" ; # unless $no_comp;
+$crypto.=" crypto/ocsp/ocsp.h";
+$crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h";
+$crypto.=" crypto/krb5/krb5_asn.h";
+$crypto.=" crypto/tmdiff.h";
+$crypto.=" fips-1.0/fips.h fips-1.0/rand/fips_rand.h fips-1.0/sha/fips_sha.h";
+my $symhacks="crypto/symhacks.h";
+my @ssl_symbols = &do_defs("SSLEAY", $ssl, $symhacks);
+my @crypto_symbols = &do_defs("LIBEAY", $crypto, $symhacks);
+if ($do_update) {
+if ($do_ssl == 1) {
+        &maybe_add_info("SSLEAY",*ssl_list,@ssl_symbols);
+        if ($do_rewrite == 1) {
+                open(OUT, ">$ssl_num");
+                &rewrite_numbers(*OUT,"SSLEAY",*ssl_list,@ssl_symbols);
+        } else {
+                open(OUT, ">>$ssl_num");
+        }
+        &update_numbers(*OUT,"SSLEAY",*ssl_list,$max_ssl,@ssl_symbols);
+        close OUT;
+}
+if($do_crypto == 1) {
+        &maybe_add_info("LIBEAY",*crypto_list,@crypto_symbols);
+        if ($do_rewrite == 1) {
+                open(OUT, ">$crypto_num");
+                &rewrite_numbers(*OUT,"LIBEAY",*crypto_list,@crypto_symbols);
+        } else {
+                open(OUT, ">>$crypto_num");
+        }
+        &update_numbers(*OUT,"LIBEAY",*crypto_list,$max_crypto,@crypto_symbols);
+        close OUT;
+} 
+} elsif ($do_checkexist) {
+        &check_existing(*ssl_list, @ssl_symbols)
+                if $do_ssl == 1;
+        &check_existing(*crypto_list, @crypto_symbols)
+                if $do_crypto == 1;
+} elsif ($do_ctest || $do_ctestall) {
+        print <<"EOF";
+/* Test file to check all DEF file symbols are present by trying
+ * to link to all of them. This is *not* intended to be run!
+ */
+int main()
+{
+EOF
+        &print_test_file(*STDOUT,"SSLEAY",*ssl_list,$do_ctestall,@ssl_symbols)
+                if $do_ssl == 1;
+        &print_test_file(*STDOUT,"LIBEAY",*crypto_list,$do_ctestall,@crypto_symbols)
+                if $do_crypto == 1;
+        print "}\n";
+} else {
+        &print_def_file(*STDOUT,$libname,*ssl_list,@ssl_symbols)
+                if $do_ssl == 1;
+        &print_def_file(*STDOUT,$libname,*crypto_list,@crypto_symbols)
+                if $do_crypto == 1;
+}
+sub do_defs
+{
+        my($name,$files,$symhacksfile)=@_;
+        my $file;
+        my @ret;
+        my %syms;
+        my %platform;           # For anything undefined, we assume ""
+        my %kind;               # For anything undefined, we assume "FUNCTION"
+        my %algorithm;          # For anything undefined, we assume ""
+        my %variant;
+        my %variant_cnt;        # To be able to allocate "name{n}" if "name"
+                                # is the same name as the original.
+        my $cpp;
+        my %unknown_algorithms = ();
+        foreach $file (split(/\s+/,$symhacksfile." ".$files))
+                {
+                print STDERR "DEBUG: starting on $file:\n" if $debug;
+                open(IN,"<$file") || die "unable to open $file:$!\n";
+                my $line = "", my $def= "";
+                my %tag = (
+                        (map { $_ => 0 } @known_platforms),
+                        (map { "OPENSSL_SYS_".$_ => 0 } @known_ossl_platforms),
+                        (map { "OPENSSL_NO_".$_ => 0 } @known_algorithms),
+                        NOPROTO         => 0,
+                        PERL5           => 0,
+                        _WINDLL         => 0,
+                        CONST_STRICT    => 0,
+                        TRUE            => 1,
+                );
+                my $symhacking = $file eq $symhacksfile;
+                my @current_platforms = ();
+                my @current_algorithms = ();
+                # params: symbol, alias, platforms, kind
+                # The reason to put this subroutine in a variable is that
+                # it will otherwise create it's own, unshared, version of
+                # %tag and %variant...
+                my $make_variant = sub
+                {
+                        my ($s, $a, $p, $k) = @_;
+                        my ($a1, $a2);
+                        print STDERR "DEBUG: make_variant: Entered with ",$s,", ",$a,", ",(defined($p)?$p:""),", ",(defined($k)?$k:""),"\n" if $debug;
+                        if (defined($p))
+                        {
+                                $a1 = join(",",$p,
+                                           grep(!/^$/,
+                                                map { $tag{$_} == 1 ? $_ : "" }
+                                                @known_platforms));
+                        }
+                        else
+                        {
+                                $a1 = join(",",
+                                           grep(!/^$/,
+                                                map { $tag{$_} == 1 ? $_ : "" }
+                                                @known_platforms));
+                        }
+                        $a2 = join(",",
+                                   grep(!/^$/,
+                                        map { $tag{"OPENSSL_SYS_".$_} == 1 ? $_ : "" }
+                                        @known_ossl_platforms));
+                        print STDERR "DEBUG: make_variant: a1 = $a1; a2 = $a2\n" if $debug;
+                        if ($a1 eq "") { $a1 = $a2; }
+                        elsif ($a1 ne "" && $a2 ne "") { $a1 .= ",".$a2; }
+                        if ($a eq $s)
+                        {
+                                if (!defined($variant_cnt{$s}))
+                                {
+                                        $variant_cnt{$s} = 0;
+                                }
+                                $variant_cnt{$s}++;
+                                $a .= "{$variant_cnt{$s}}";
+                        }
+                        my $toadd = $a.":".$a1.(defined($k)?":".$k:"");
+                        my $togrep = $s.'(\{[0-9]+\})?:'.$a1.(defined($k)?":".$k:"");
+                        if (!grep(/^$togrep$/,
+                                  split(/;/, defined($variant{$s})?$variant{$s}:""))) {
+                                if (defined($variant{$s})) { $variant{$s} .= ";"; }
+                                $variant{$s} .= $toadd;
+                        }
+                        print STDERR "DEBUG: make_variant: Exit with variant of ",$s," = ",$variant{$s},"\n" if $debug;
+                };
+                print STDERR "DEBUG: parsing ----------\n" if $debug;
+                while(<IN>) {
+                        last if (/\/\* Error codes for the \w+ functions\. \*\//);
+                        if ($line ne '') {
+                                $_ = $line . $_;
+                                $line = '';
+                        }
+                        if (/\\$/) {
+                                chomp; # remove eol
+                                chop; # remove ending backslash
+                                $line = $_;
+                                next;
+                        }
+                        $cpp = 1 if /^\#.*ifdef.*cplusplus/;
+                        if ($cpp) {
+                                $cpp = 0 if /^\#.*endif/;
+                                next;
+                        }
+                        s/\/\*.*?\*\///gs;                   # ignore comments
+                        if (/\/\*/) {                        # if we have part
+                                $line = $_;                  # of a comment,
+                                next;                        # continue reading
+                        }
+                        s/{[^{}]*}//gs;                      # ignore {} blocks
+                        print STDERR "DEBUG: \$def=\"$def\"\n" if $debug && $def ne "";
+                        print STDERR "DEBUG: \$_=\"$_\"\n" if $debug;
+                        if (/^\#\s*ifndef\s+(.*)/) {
+                                push(@tag,"-");
+                                push(@tag,$1);
+                                $tag{$1}=-1;
+                                print STDERR "DEBUG: $file: found tag $1 = -1\n" if $debug;
+                        } elsif (/^\#\s*if\s+!defined\(([^\)]+)\)/) {
+                                push(@tag,"-");
+                                if (/^\#\s*if\s+(!defined\(([^\)]+)\)(\s+\&\&\s+!defined\(([^\)]+)\))*)$/) {
+                                        my $tmp_1 = $1;
+                                        my $tmp_;
+                                        foreach $tmp_ (split '\&\&',$tmp_1) {
+                                                $tmp_ =~ /!defined\(([^\)]+)\)/;
+                                                print STDERR "DEBUG: $file: found tag $1 = -1\n" if $debug;
+                                                push(@tag,$1);
+                                                $tag{$1}=-1;
+                                        }
+                                } else {
+                                        print STDERR "Warning: $file: complicated expression: $_" if $debug; # because it is O...
+                                        print STDERR "DEBUG: $file: found tag $1 = -1\n" if $debug;
+                                        push(@tag,$1);
+                                        $tag{$1}=-1;
+                                }
+                        } elsif (/^\#\s*ifdef\s+(\S*)/) {
+                                push(@tag,"-");
+                                push(@tag,$1);
+                                $tag{$1}=1;
+                                print STDERR "DEBUG: $file: found tag $1 = 1\n" if $debug;
+                        } elsif (/^\#\s*if\s+defined\(([^\)]+)\)/) {
+                                push(@tag,"-");
+                                if (/^\#\s*if\s+(defined\(([^\)]+)\)(\s+\|\|\s+defined\(([^\)]+)\))*)$/) {
+                                        my $tmp_1 = $1;
+                                        my $tmp_;
+                                        foreach $tmp_ (split '\|\|',$tmp_1) {
+                                                $tmp_ =~ /defined\(([^\)]+)\)/;
+                                                print STDERR "DEBUG: $file: found tag $1 = 1\n" if $debug;
+                                                push(@tag,$1);
+                                                $tag{$1}=1;
+                                        }
+                                } else {
+                                        print STDERR "Warning: $file: complicated expression: $_\n" if $debug; # because it is O...
+                                        print STDERR "DEBUG: $file: found tag $1 = 1\n" if $debug;
+                                        push(@tag,$1);
+                                        $tag{$1}=1;
+                                }
+                        } elsif (/^\#\s*error\s+(\w+) is disabled\./) {
+                                my $tag_i = $#tag;
+                                while($tag[$tag_i] ne "-") {
+                                        if ($tag[$tag_i] eq "OPENSSL_NO_".$1) {
+                                                $tag{$tag[$tag_i]}=2;
+                                                print STDERR "DEBUG: $file: chaged tag $1 = 2\n" if $debug;
+                                        }
+                                        $tag_i--;
+                                }
+                        } elsif (/^\#\s*endif/) {
+                                my $tag_i = $#tag;
+                                while($tag[$tag_i] ne "-") {
+                                        my $t=$tag[$tag_i];
+                                        print STDERR "DEBUG: \$t=\"$t\"\n" if $debug;
+                                        if ($tag{$t}==2) {
+                                                $tag{$t}=-1;
+                                        } else {
+                                                $tag{$t}=0;
+                                        }
+                                        print STDERR "DEBUG: $file: changed tag ",$t," = ",$tag{$t},"\n" if $debug;
+                                        pop(@tag);
+                                        if ($t =~ /^OPENSSL_NO_([A-Z0-9_]+)$/) {
+                                                $t=$1;
+                                        } else {
+                                                $t="";
+                                        }
+                                        if ($t ne ""
+                                            && !grep(/^$t$/, @known_algorithms)) {
+                                                $unknown_algorithms{$t} = 1;
+                                                #print STDERR "DEBUG: Added as unknown algorithm: $t\n" if $debug;
+                                        }
+                                        $tag_i--;
+                                }
+                                pop(@tag);
+                        } elsif (/^\#\s*else/) {
+                                my $tag_i = $#tag;
+                                while($tag[$tag_i] ne "-") {
+                                        my $t=$tag[$tag_i];
+                                        $tag{$t}= -$tag{$t};
+                                        print STDERR "DEBUG: $file: changed tag ",$t," = ",$tag{$t},"\n" if $debug;
+                                        $tag_i--;
+                                }
+                        } elsif (/^\#\s*if\s+1/) {
+                                push(@tag,"-");
+                                # Dummy tag
+                                push(@tag,"TRUE");
+                                $tag{"TRUE"}=1;
+                                print STDERR "DEBUG: $file: found 1\n" if $debug;
+                        } elsif (/^\#\s*if\s+0/) {
+                                push(@tag,"-");
+                                # Dummy tag
+                                push(@tag,"TRUE");
+                                $tag{"TRUE"}=-1;
+                                print STDERR "DEBUG: $file: found 0\n" if $debug;
+                        } elsif (/^\#\s*define\s+(\w+)\s+(\w+)/
+                                 && $symhacking && $tag{'TRUE'} != -1) {
+                                # This is for aliasing.  When we find an alias,
+                                # we have to invert
+                                &$make_variant($1,$2);
+                                print STDERR "DEBUG: $file: defined $1 = $2\n" if $debug;
+                        }
+                        if (/^\#/) {
+                                @current_platforms =
+                                    grep(!/^$/,
+                                         map { $tag{$_} == 1 ? $_ :
+                                                   $tag{$_} == -1 ? "!".$_  : "" }
+                                         @known_platforms);
+                                push @current_platforms
+                                    , grep(!/^$/,
+                                           map { $tag{"OPENSSL_SYS_".$_} == 1 ? $_ :
+                                                     $tag{"OPENSSL_SYS_".$_} == -1 ? "!".$_  : "" }
+                                           @known_ossl_platforms);
+                                @current_algorithms =
+                                    grep(!/^$/,
+                                         map { $tag{"OPENSSL_NO_".$_} == -1 ? $_ : "" }
+                                         @known_algorithms);
+                                $def .=
+                                    "#INFO:"
+                                        .join(',',@current_platforms).":"
+                                            .join(',',@current_algorithms).";";
+                                next;
+                        }
+                        if ($tag{'TRUE'} != -1) {
+                                if (/^\s*DECLARE_STACK_OF\s*\(\s*(\w*)\s*\)/) {
+                                        next;
+                                } elsif (/^\s*DECLARE_ASN1_ENCODE_FUNCTIONS\s*\(\s*(\w*)\s*,\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+                                        $def .= "int d2i_$3(void);";
+                                        $def .= "int i2d_$3(void);";
+                                        # Variant for platforms that do not
+                                        # have to access globale variables
+                                        # in shared libraries through functions
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        $def .= "OPENSSL_EXTERN int $2_it;";
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        # Variant for platforms that have to
+                                        # access globale variables in shared
+                                        # libraries through functions
+                                        &$make_variant("$2_it","$2_it",
+                                                      "EXPORT_VAR_AS_FUNCTION",
+                                                      "FUNCTION");
+                                        next;
+                                } elsif (/^\s*DECLARE_ASN1_FUNCTIONS_fname\s*\(\s*(\w*)\s*,\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+                                        $def .= "int d2i_$3(void);";
+                                        $def .= "int i2d_$3(void);";
+                                        $def .= "int $3_free(void);";
+                                        $def .= "int $3_new(void);";
+                                        # Variant for platforms that do not
+                                        # have to access globale variables
+                                        # in shared libraries through functions
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        $def .= "OPENSSL_EXTERN int $2_it;";
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        # Variant for platforms that have to
+                                        # access globale variables in shared
+                                        # libraries through functions
+                                        &$make_variant("$2_it","$2_it",
+                                                      "EXPORT_VAR_AS_FUNCTION",
+                                                      "FUNCTION");
+                                        next;
+                                } elsif (/^\s*DECLARE_ASN1_FUNCTIONS\s*\(\s*(\w*)\s*\)/ ||
+                                         /^\s*DECLARE_ASN1_FUNCTIONS_const\s*\(\s*(\w*)\s*\)/) {
+                                        $def .= "int d2i_$1(void);";
+                                        $def .= "int i2d_$1(void);";
+                                        $def .= "int $1_free(void);";
+                                        $def .= "int $1_new(void);";
+                                        # Variant for platforms that do not
+                                        # have to access globale variables
+                                        # in shared libraries through functions
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        $def .= "OPENSSL_EXTERN int $1_it;";
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        # Variant for platforms that have to
+                                        # access globale variables in shared
+                                        # libraries through functions
+                                        &$make_variant("$1_it","$1_it",
+                                                      "EXPORT_VAR_AS_FUNCTION",
+                                                      "FUNCTION");
+                                        next;
+                                } elsif (/^\s*DECLARE_ASN1_ENCODE_FUNCTIONS_const\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+                                        $def .= "int d2i_$2(void);";
+                                        $def .= "int i2d_$2(void);";
+                                        # Variant for platforms that do not
+                                        # have to access globale variables
+                                        # in shared libraries through functions
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        $def .= "OPENSSL_EXTERN int $2_it;";
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        # Variant for platforms that have to
+                                        # access globale variables in shared
+                                        # libraries through functions
+                                        &$make_variant("$2_it","$2_it",
+                                                      "EXPORT_VAR_AS_FUNCTION",
+                                                      "FUNCTION");
+                                        next;
+                                } elsif (/^\s*DECLARE_ASN1_FUNCTIONS_name\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+                                        $def .= "int d2i_$2(void);";
+                                        $def .= "int i2d_$2(void);";
+                                        $def .= "int $2_free(void);";
+                                        $def .= "int $2_new(void);";
+                                        # Variant for platforms that do not
+                                        # have to access globale variables
+                                        # in shared libraries through functions
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        $def .= "OPENSSL_EXTERN int $2_it;";
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        # Variant for platforms that have to
+                                        # access globale variables in shared
+                                        # libraries through functions
+                                        &$make_variant("$2_it","$2_it",
+                                                      "EXPORT_VAR_AS_FUNCTION",
+                                                      "FUNCTION");
+                                        next;
+                                } elsif (/^\s*DECLARE_ASN1_ITEM\s*\(\s*(\w*)\s*\)/) {
+                                        # Variant for platforms that do not
+                                        # have to access globale variables
+                                        # in shared libraries through functions
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        $def .= "OPENSSL_EXTERN int $1_it;";
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        # Variant for platforms that have to
+                                        # access globale variables in shared
+                                        # libraries through functions
+                                        &$make_variant("$1_it","$1_it",
+                                                      "EXPORT_VAR_AS_FUNCTION",
+                                                      "FUNCTION");
+                                        next;
+                                } elsif (/^\s*DECLARE_ASN1_SET_OF\s*\(\s*(\w*)\s*\)/) {
+                                        next;
+                                } elsif (/^\s*DECLARE_PKCS12_STACK_OF\s*\(\s*(\w*)\s*\)/) {
+                                        next;
+                                } elsif (/^DECLARE_PEM_rw\s*\(\s*(\w*)\s*,/ ||
+                                         /^DECLARE_PEM_rw_cb\s*\(\s*(\w*)\s*,/ ) {
+                                        # Things not in Win16
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',"!WIN16",@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        $def .= "int PEM_read_$1(void);";
+                                        $def .= "int PEM_write_$1(void);";
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        # Things that are everywhere
+                                        $def .= "int PEM_read_bio_$1(void);";
+                                        $def .= "int PEM_write_bio_$1(void);";
+                                        next;
+                                } elsif (/^DECLARE_PEM_write\s*\(\s*(\w*)\s*,/ ||
+                                         /^DECLARE_PEM_write_cb\s*\(\s*(\w*)\s*,/ ) {
+                                        # Things not in Win16
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',"!WIN16",@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        $def .= "int PEM_write_$1(void);";
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        # Things that are everywhere
+                                        $def .= "int PEM_write_bio_$1(void);";
+                                        next;
+                                } elsif (/^DECLARE_PEM_read\s*\(\s*(\w*)\s*,/ ||
+                                         /^DECLARE_PEM_read_cb\s*\(\s*(\w*)\s*,/ ) {
+                                        # Things not in Win16
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',"!WIN16",@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        $def .= "int PEM_read_$1(void);";
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        # Things that are everywhere
+                                        $def .= "int PEM_read_bio_$1(void);";
+                                        next;
+                                } elsif (/^OPENSSL_DECLARE_GLOBAL\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+                                        # Variant for platforms that do not
+                                        # have to access globale variables
+                                        # in shared libraries through functions
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        $def .= "OPENSSL_EXTERN int _shadow_$2;";
+                                        $def .=
+                                            "#INFO:"
+                                                .join(',',@current_platforms).":"
+                                                    .join(',',@current_algorithms).";";
+                                        # Variant for platforms that have to
+                                        # access globale variables in shared
+                                        # libraries through functions
+                                        &$make_variant("_shadow_$2","_shadow_$2",
+                                                      "EXPORT_VAR_AS_FUNCTION",
+                                                      "FUNCTION");
+                                } elsif ($tag{'CONST_STRICT'} != 1) {
+                                        if (/\{|\/\*|\([^\)]*$/) {
+                                                $line = $_;
+                                        } else {
+                                                $def .= $_;
+                                        }
+                                }
+                        }
+                }
+                close(IN);
+                my $algs = '';
+                my $plays;
+                print STDERR "DEBUG: postprocessing ----------\n" if $debug;
+                foreach (split /;/, $def) {
+                        my $s; my $k = "FUNCTION"; my $p; my $a;
+                        s/^[\n\s]*//g;
+                        s/[\n\s]*$//g;
+                        next if(/\#undef/);
+                        next if(/typedef\W/);
+                        next if(/\#define/);
+                        print STDERR "DEBUG: \$_ = \"$_\"\n" if $debug;
+                        if (/^\#INFO:([^:]*):(.*)$/) {
+                                $plats = $1;
+                                $algs = $2;
+                                print STDERR "DEBUG: found info on platforms ($plats) and algorithms ($algs)\n" if $debug;
+                                next;
+                        } elsif (/^\s*OPENSSL_EXTERN\s.*?(\w+(\{[0-9]+\})?)(\[[0-9]*\])*\s*$/) {
+                                $s = $1;
+                                $k = "VARIABLE";
+                                print STDERR "DEBUG: found external variable $s\n" if $debug;
+                        } elsif (/\(\*(\w*(\{[0-9]+\})?)\([^\)]+/) {
+                                $s = $1;
+                                print STDERR "DEBUG: found ANSI C function $s\n" if $debug;
+                        } elsif (/\w+\W+(\w+)\W*\(\s*\)(\s*__attribute__\(.*\)\s*)?$/s) {
+                                # K&R C
+                                print STDERR "DEBUG: found K&R C function $s\n" if $debug;
+                                next;
+                        } elsif (/\w+\W+\w+(\{[0-9]+\})?\W*\(.*\)(\s*__attribute__\(.*\)\s*)?$/s) {
+                                while (not /\(\)(\s*__attribute__\(.*\)\s*)?$/s) {
+                                        s/[^\(\)]*\)(\s*__attribute__\(.*\)\s*)?$/\)/s;
+                                        s/\([^\(\)]*\)\)(\s*__attribute__\(.*\)\s*)?$/\)/s;
+                                }
+                                s/\(void\)//;
+                                /(\w+(\{[0-9]+\})?)\W*\(\)/s;
+                                $s = $1;
+                                print STDERR "DEBUG: found function $s\n" if $debug;
+                        } elsif (/\(/ and not (/=/)) {
+                                print STDERR "File $file: cannot parse: $_;\n";
+                                next;
+                        } else {
+                                next;
+                        }
+                        $syms{$s} = 1;
+                        $kind{$s} = $k;
+                        $p = $plats;
+                        $a = $algs;
+                        $a .= ",BF" if($s =~ /EVP_bf/);
+                        $a .= ",CAST" if($s =~ /EVP_cast/);
+                        $a .= ",DES" if($s =~ /EVP_des/);
+                        $a .= ",DSA" if($s =~ /EVP_dss/);
+                        $a .= ",IDEA" if($s =~ /EVP_idea/);
+                        $a .= ",MD2" if($s =~ /EVP_md2/);
+                        $a .= ",MD4" if($s =~ /EVP_md4/);
+                        $a .= ",MD5" if($s =~ /EVP_md5/);
+                        $a .= ",RC2" if($s =~ /EVP_rc2/);
+                        $a .= ",RC4" if($s =~ /EVP_rc4/);
+                        $a .= ",RC5" if($s =~ /EVP_rc5/);
+                        $a .= ",RIPEMD" if($s =~ /EVP_ripemd/);
+                        $a .= ",SHA" if($s =~ /EVP_sha/);
+                        $a .= ",RSA" if($s =~ /EVP_(Open|Seal)(Final|Init)/);
+                        $a .= ",RSA" if($s =~ /PEM_Seal(Final|Init|Update)/);
+                        $a .= ",RSA" if($s =~ /RSAPrivateKey/);
+                        $a .= ",RSA" if($s =~ /SSLv23?_((client|server)_)?method/);
+                        # SHA2 algorithms only defined in FIPS mode for
+                        # OpenSSL 0.9.7
+                        $p .= "OPENSSL_FIPS" if($s =~ /SHA[235]/);
+                        $platform{$s} =
+                            &reduce_platforms((defined($platform{$s})?$platform{$s}.',':"").$p);
+                        $algorithm{$s} = '' if !defined $algorithm{$s};
+                        $algorithm{$s} .= ','.$a;
+                        if (defined($variant{$s})) {
+                                foreach $v (split /;/,$variant{$s}) {
+                                        (my $r, my $p, my $k) = split(/:/,$v);
+                                        my $ip = join ',',map({ /^!(.*)$/ ? $1 : "!".$_ } split /,/, $p);
+                                        $syms{$r} = 1;
+                                        if (!defined($k)) { $k = $kind{$s}; }
+                                        $kind{$r} = $k."(".$s.")";
+                                        $algorithm{$r} = $algorithm{$s};
+                                        $platform{$r} = &reduce_platforms($platform{$s}.",".$p.",".$p);
+                                        $platform{$s} = &reduce_platforms($platform{$s}.','.$ip.','.$ip);
+                                        print STDERR "DEBUG: \$variant{\"$s\"} = ",$v,"; \$r = $r; \$p = ",$platform{$r},"; \$a = ",$algorithm{$r},"; \$kind = ",$kind{$r},"\n" if $debug;
+                                }
+                        }
+                        print STDERR "DEBUG: \$s = $s; \$p = ",$platform{$s},"; \$a = ",$algorithm{$s},"; \$kind = ",$kind{$s},"\n" if $debug;
+                }
+        }
+        # Prune the returned symbols
+        delete $syms{"bn_dump1"};
+        $platform{"BIO_s_log"} .= ",!WIN32,!WIN16,!macintosh";
+        $platform{"PEM_read_NS_CERT_SEQ"} = "VMS";
+        $platform{"PEM_write_NS_CERT_SEQ"} = "VMS";
+        $platform{"PEM_read_P8_PRIV_KEY_INFO"} = "VMS";
+        $platform{"PEM_write_P8_PRIV_KEY_INFO"} = "VMS";
+        # Info we know about
+        push @ret, map { $_."\\".&info_string($_,"EXIST",
+                                              $platform{$_},
+                                              $kind{$_},
+                                              $algorithm{$_}) } keys %syms;
+        if (keys %unknown_algorithms) {
+                print STDERR "WARNING: mkdef.pl doesn't know the following algorithms:\n";
+                print STDERR "\t",join("\n\t",keys %unknown_algorithms),"\n";
+        }
+        return(@ret);
+}
+# Param: string of comma-separated platform-specs.
+sub reduce_platforms
+{
+        my ($platforms) = @_;
+        my $pl = defined($platforms) ? $platforms : "";
+        my %p = map { $_ => 0 } split /,/, $pl;
+        my $ret;
+        print STDERR "DEBUG: Entered reduce_platforms with \"$platforms\"\n"
+            if $debug;
+        # We do this, because if there's code like the following, it really
+        # means the function exists in all cases and should therefore be
+        # everywhere.  By increasing and decreasing, we may attain 0:
+        #
+        # ifndef WIN16
+        #    int foo();
+        # else
+        #    int _fat foo();
+        # endif
+        foreach $platform (split /,/, $pl) {
+                if ($platform =~ /^!(.*)$/) {
+                        $p{$1}--;
+                } else {
+                        $p{$platform}++;
+                }
+        }
+        foreach $platform (keys %p) {
+                if ($p{$platform} == 0) { delete $p{$platform}; }
+        }
+        delete $p{""};
+        $ret = join(',',sort(map { $p{$_} < 0 ? "!".$_ : $_ } keys %p));
+        print STDERR "DEBUG: Exiting reduce_platforms with \"$ret\"\n"
+            if $debug;
+        return $ret;
+}
+sub info_string {
+        (my $symbol, my $exist, my $platforms, my $kind, my $algorithms) = @_;
+        my %a = defined($algorithms) ?
+            map { $_ => 1 } split /,/, $algorithms : ();
+        my $k = defined($kind) ? $kind : "FUNCTION";
+        my $ret;
+        my $p = &reduce_platforms($platforms);
+        delete $a{""};
+        $ret = $exist;
+        $ret .= ":".$p;
+        $ret .= ":".$k;
+        $ret .= ":".join(',',sort keys %a);
+        return $ret;
+}
+sub maybe_add_info {
+        (my $name, *nums, my @symbols) = @_;
+        my $sym;
+        my $new_info = 0;
+        my %syms=();
+        print STDERR "Updating $name info\n";
+        foreach $sym (@symbols) {
+                (my $s, my $i) = split /\\/, $sym;
+                if (defined($nums{$s})) {
+                        $i =~ s/^(.*?:.*?:\w+)(\(\w+\))?/$1/;
+                        (my $n, my $dummy) = split /\\/, $nums{$s};
+                        if (!defined($dummy) || $i ne $dummy) {
+                                $nums{$s} = $n."\\".$i;
+                                $new_info++;
+                                print STDERR "DEBUG: maybe_add_info for $s: \"$dummy\" => \"$i\"\n" if $debug;
+                        }
+                }
+                $syms{$s} = 1;
+        }
+        my @s=sort { &parse_number($nums{$a},"n") <=> &parse_number($nums{$b},"n") } keys %nums;
+        foreach $sym (@s) {
+                (my $n, my $i) = split /\\/, $nums{$sym};
+                if (!defined($syms{$sym}) && $i !~ /^NOEXIST:/) {
+                        $new_info++;
+                        print STDERR "DEBUG: maybe_add_info for $sym: -> undefined\n" if $debug;
+                }
+        }
+        if ($new_info) {
+                print STDERR "$new_info old symbols got an info update\n";
+                if (!$do_rewrite) {
+                        print STDERR "You should do a rewrite to fix this.\n";
+                }
+        } else {
+                print STDERR "No old symbols needed info update\n";
+        }
+}
+# Param: string of comma-separated keywords, each possibly prefixed with a "!"
+sub is_valid
+{
+        my ($keywords_txt,$platforms) = @_;
+        my (@keywords) = split /,/,$keywords_txt;
+        my ($falsesum, $truesum) = (0, 1);
+        # Param: one keyword
+        sub recognise
+        {
+                my ($keyword,$platforms) = @_;
+                if ($platforms) {
+                        # platforms
+                        if ($keyword eq "VMS" && $VMS) { return 1; }
+                        if ($keyword eq "WIN32" && $W32) { return 1; }
+                        if ($keyword eq "WIN16" && $W16) { return 1; }
+                        if ($keyword eq "WINNT" && $NT) { return 1; }
+                        if ($keyword eq "OS2" && $OS2) { return 1; }
+                        # Special platforms:
+                        # EXPORT_VAR_AS_FUNCTION means that global variables
+                        # will be represented as functions.  This currently
+                        # only happens on VMS-VAX.
+                        if ($keyword eq "EXPORT_VAR_AS_FUNCTION" && ($VMSVAX || $W32 || $W16)) {
+                                return 1;
+                        }
+                        if ($keyword eq "OPENSSL_FIPS" && $fips) {
+                                return 1;
+                        }
+                        return 0;
+                } else {
+                        # algorithms
+                        if ($keyword eq "RC2" && $no_rc2) { return 0; }
+                        if ($keyword eq "RC4" && $no_rc4) { return 0; }
+                        if ($keyword eq "RC5" && $no_rc5) { return 0; }
+                        if ($keyword eq "IDEA" && $no_idea) { return 0; }
+                        if ($keyword eq "DES" && $no_des) { return 0; }
+                        if ($keyword eq "BF" && $no_bf) { return 0; }
+                        if ($keyword eq "CAST" && $no_cast) { return 0; }
+                        if ($keyword eq "MD2" && $no_md2) { return 0; }
+                        if ($keyword eq "MD4" && $no_md4) { return 0; }
+                        if ($keyword eq "MD5" && $no_md5) { return 0; }
+                        if ($keyword eq "SHA" && $no_sha) { return 0; }
+                        if ($keyword eq "RIPEMD" && $no_ripemd) { return 0; }
+                        if ($keyword eq "MDC2" && $no_mdc2) { return 0; }
+                        if ($keyword eq "RSA" && $no_rsa) { return 0; }
+                        if ($keyword eq "DSA" && $no_dsa) { return 0; }
+                        if ($keyword eq "DH" && $no_dh) { return 0; }
+                        if ($keyword eq "EC" && $no_ec) { return 0; }
+                        if ($keyword eq "HMAC" && $no_hmac) { return 0; }
+                        if ($keyword eq "AES" && $no_aes) { return 0; }
+                        if ($keyword eq "EVP" && $no_evp) { return 0; }
+                        if ($keyword eq "LHASH" && $no_lhash) { return 0; }
+                        if ($keyword eq "STACK" && $no_stack) { return 0; }
+                        if ($keyword eq "ERR" && $no_err) { return 0; }
+                        if ($keyword eq "BUFFER" && $no_buffer) { return 0; }
+                        if ($keyword eq "BIO" && $no_bio) { return 0; }
+                        if ($keyword eq "COMP" && $no_comp) { return 0; }
+                        if ($keyword eq "DSO" && $no_dso) { return 0; }
+                        if ($keyword eq "KRB5" && $no_krb5) { return 0; }
+                        if ($keyword eq "ENGINE" && $no_engine) { return 0; }
+                        if ($keyword eq "HW" && $no_hw) { return 0; }
+                        if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
+                        # Nothing recognise as true
+                        return 1;
+                }
+        }
+        foreach $k (@keywords) {
+                if ($k =~ /^!(.*)$/) {
+                        $falsesum += &recognise($1,$platforms);
+                } else {
+                        $truesum *= &recognise($k,$platforms);
+                }
+        }
+        print STDERR "DEBUG: [",$#keywords,",",$#keywords < 0,"] is_valid($keywords_txt) => (\!$falsesum) && $truesum = ",(!$falsesum) && $truesum,"\n" if $debug;
+        return (!$falsesum) && $truesum;
+}
+sub print_test_file
+{
+        (*OUT,my $name,*nums,my $testall,my @symbols)=@_;
+        my $n = 1; my @e; my @r;
+        my $sym; my $prev = ""; my $prefSSLeay;
+        (@e)=grep(/^SSLeay(\{[0-9]+\})?\\.*?:.*?:.*/,@symbols);
+        (@r)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:.*/ && !/^SSLeay(\{[0-9]+\})?\\.*?:.*?:.*/,@symbols);
+        @symbols=((sort @e),(sort @r));
+        foreach $sym (@symbols) {
+                (my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
+                my $v = 0;
+                $v = 1 if $i=~ /^.*?:.*?:VARIABLE/;
+                my $p = ($i =~ /^[^:]*:([^:]*):/,$1);
+                my $a = ($i =~ /^[^:]*:[^:]*:[^:]*:([^:]*)/,$1);
+                if (!defined($nums{$s})) {
+                        print STDERR "Warning: $s does not have a number assigned\n"
+                            if(!$do_update);
+                } elsif (is_valid($p,1) && is_valid($a,0)) {
+                        my $s2 = ($s =~ /^(.*?)(\{[0-9]+\})?$/, $1);
+                        if ($prev eq $s2) {
+                                print OUT "\t/* The following has already appeared previously */\n";
+                                print STDERR "Warning: Symbol '",$s2,"' redefined. old=",($nums{$prev} =~ /^(.*?)\\/,$1),", new=",($nums{$s2} =~ /^(.*?)\\/,$1),"\n";
+                        }
+                        $prev = $s2;    # To warn about duplicates...
+                        ($nn,$ni)=($nums{$s2} =~ /^(.*?)\\(.*)$/);
+                        if ($v) {
+                                print OUT "\textern int $s2; /* type unknown */ /* $nn $ni */\n";
+                        } else {
+                                print OUT "\textern int $s2(); /* type unknown */ /* $nn $ni */\n";
+                        }
+                }
+        }
+}
+sub get_version {
+   local *MF;
+   my $v = '?';
+   open MF, 'Makefile' or return $v;
+   while (<MF>) {
+     $v = $1, last if /^VERSION=(.*?)\s*$/;
+   }
+   close MF;
+   return $v;
+}
+sub print_def_file
+{
+        (*OUT,my $name,*nums,my @symbols)=@_;
+        my $n = 1; my @e; my @r; my @v; my $prev="";
+        my $liboptions="";
+        my $libname = $name;
+        my $http_vendor = 'www.openssl.org/';
+        my $version = get_version();
+        my $what = "OpenSSL: implementation of Secure Socket Layer";
+        my $description = "$what $version, $name - http://$http_vendor";
+        if ($W32)
+                { $libname.="32"; }
+        elsif ($W16)
+                { $libname.="16"; }
+        elsif ($OS2)
+                { # DLL names should not clash on the whole system.
+                  # However, they should not have any particular relationship
+                  # to the name of the static library.  Chose descriptive names
+                  # (must be at most 8 chars).
+                  my %translate = (ssl => 'open_ssl', crypto => 'cryptssl');
+                  $libname = $translate{$name} || $name;
+                  $liboptions = <<EOO;
+INITINSTANCE
+DATA MULTIPLE NONSHARED
+EOO
+                  # Vendor field can't contain colon, drat; so we omit http://
+                  $description = "\@#$http_vendor:$version#\@$what; DLL for library $name.  Build for EMX -Zmtd";
+                }
+        print OUT <<"EOF";
+;
+; Definition file for the DLL version of the $name library from OpenSSL
+;
+LIBRARY         $libname        $liboptions
+DESCRIPTION     '$description'
+EOF
+        if ($W16) {
+                print <<"EOF";
+CODE            PRELOAD MOVEABLE
+DATA            PRELOAD MOVEABLE SINGLE
+EXETYPE         WINDOWS
+HEAPSIZE        4096
+STACKSIZE       8192
+EOF
+        }
+        print "EXPORTS\n";
+        (@e)=grep(/^SSLeay(\{[0-9]+\})?\\.*?:.*?:FUNCTION/,@symbols);
+        (@r)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:FUNCTION/ && !/^SSLeay(\{[0-9]+\})?\\.*?:.*?:FUNCTION/,@symbols);
+        (@v)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:VARIABLE/,@symbols);
+        @symbols=((sort @e),(sort @r), (sort @v));
+        foreach $sym (@symbols) {
+                (my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
+                my $v = 0;
+                $v = 1 if $i =~ /^.*?:.*?:VARIABLE/;
+                if (!defined($nums{$s})) {
+                        printf STDERR "Warning: $s does not have a number assigned\n"
+                            if(!$do_update);
+                } else {
+                        (my $n, my $dummy) = split /\\/, $nums{$s};
+                        my %pf = ();
+                        my $p = ($i =~ /^[^:]*:([^:]*):/,$1);
+                        my $a = ($i =~ /^[^:]*:[^:]*:[^:]*:([^:]*)/,$1);
+                        if (is_valid($p,1) && is_valid($a,0)) {
+                                my $s2 = ($s =~ /^(.*?)(\{[0-9]+\})?$/, $1);
+                                if ($prev eq $s2) {
+                                        print STDERR "Warning: Symbol '",$s2,"' redefined. old=",($nums{$prev} =~ /^(.*?)\\/,$1),", new=",($nums{$s2} =~ /^(.*?)\\/,$1),"\n";
+                                }
+                                $prev = $s2;    # To warn about duplicates...
+                                if($v && !$OS2) {
+                                        printf OUT "    %s%-39s @%-8d DATA\n",($W32)?"":"_",$s2,$n;
+                                } else {
+                                        printf OUT "    %s%-39s @%d\n",($W32||$OS2)?"":"_",$s2,$n;
+                                }
+                        }
+                }
+        }
+        printf OUT "\n";
+}
+sub load_numbers
+{
+        my($name)=@_;
+        my(@a,%ret);
+        $max_num = 0;
+        $num_noinfo = 0;
+        $prev = "";
+        $prev_cnt = 0;
+        open(IN,"<$name") || die "unable to open $name:$!\n";
+        while (<IN>) {
+                chop;
+                s/#.*$//;
+                next if /^\s*$/;
+                @a=split;
+                if (defined $ret{$a[0]}) {
+                        # This is actually perfectly OK
+                        #print STDERR "Warning: Symbol '",$a[0],"' redefined. old=",$ret{$a[0]},", new=",$a[1],"\n";
+                }
+                if ($max_num > $a[1]) {
+                        print STDERR "Warning: Number decreased from ",$max_num," to ",$a[1],"\n";
+                }
+                elsif ($max_num == $a[1]) {
+                        # This is actually perfectly OK
+                        #print STDERR "Warning: Symbol ",$a[0]," has same number as previous ",$prev,": ",$a[1],"\n";
+                        if ($a[0] eq $prev) {
+                                $prev_cnt++;
+                                $a[0] .= "{$prev_cnt}";
+                        }
+                }
+                else {
+                        $prev_cnt = 0;
+                }
+                if ($#a < 2) {
+                        # Existence will be proven later, in do_defs
+                        $ret{$a[0]}=$a[1];
+                        $num_noinfo++;
+                } else {
+                        $ret{$a[0]}=$a[1]."\\".$a[2]; # \\ is a special marker
+                }
+                $max_num = $a[1] if $a[1] > $max_num;
+                $prev=$a[0];
+        }
+        if ($num_noinfo) {
+                print STDERR "Warning: $num_noinfo symbols were without info.";
+                if ($do_rewrite) {
+                        printf STDERR "  The rewrite will fix this.\n";
+                } else {
+                        printf STDERR "  You should do a rewrite to fix this.\n";
+                }
+        }
+        close(IN);
+        return(%ret);
+}
+sub parse_number
+{
+        (my $str, my $what) = @_;
+        (my $n, my $i) = split(/\\/,$str);
+        if ($what eq "n") {
+                return $n;
+        } else {
+                return $i;
+        }
+}
+sub rewrite_numbers
+{
+        (*OUT,$name,*nums,@symbols)=@_;
+        my $thing;
+        print STDERR "Rewriting $name\n";
+        my @r = grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:\w+\(\w+\)/,@symbols);
+        my $r; my %r; my %rsyms;
+        foreach $r (@r) {
+                (my $s, my $i) = split /\\/, $r;
+                my $a = $1 if $i =~ /^.*?:.*?:\w+\((\w+)\)/;
+                $i =~ s/^(.*?:.*?:\w+)\(\w+\)/$1/;
+                $r{$a} = $s."\\".$i;
+                $rsyms{$s} = 1;
+        }
+        my %syms = ();
+        foreach $_ (@symbols) {
+                (my $n, my $i) = split /\\/;
+                $syms{$n} = 1;
+        }
+        my @s=sort {
+            &parse_number($nums{$a},"n") <=> &parse_number($nums{$b},"n")
+            || $a cmp $b
+        } keys %nums;
+        foreach $sym (@s) {
+                (my $n, my $i) = split /\\/, $nums{$sym};
+                next if defined($i) && $i =~ /^.*?:.*?:\w+\(\w+\)/;
+                next if defined($rsyms{$sym});
+                print STDERR "DEBUG: rewrite_numbers for sym = ",$sym,": i = ",$i,", n = ",$n,", rsym{sym} = ",$rsyms{$sym},"syms{sym} = ",$syms{$sym},"\n" if $debug;
+                $i="NOEXIST::FUNCTION:"
+                        if !defined($i) || $i eq "" || !defined($syms{$sym});
+                my $s2 = $sym;
+                $s2 =~ s/\{[0-9]+\}$//;
+                printf OUT "%s%-39s %d\t%s\n","",$s2,$n,$i;
+                if (exists $r{$sym}) {
+                        (my $s, $i) = split /\\/,$r{$sym};
+                        my $s2 = $s;
+                        $s2 =~ s/\{[0-9]+\}$//;
+                        printf OUT "%s%-39s %d\t%s\n","",$s2,$n,$i;
+                }
+        }
+}
+sub update_numbers
+{
+        (*OUT,$name,*nums,my $start_num, my @symbols)=@_;
+        my $new_syms = 0;
+        print STDERR "Updating $name numbers\n";
+        my @r = grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:\w+\(\w+\)/,@symbols);
+        my $r; my %r; my %rsyms;
+        foreach $r (@r) {
+                (my $s, my $i) = split /\\/, $r;
+                my $a = $1 if $i =~ /^.*?:.*?:\w+\((\w+)\)/;
+                $i =~ s/^(.*?:.*?:\w+)\(\w+\)/$1/;
+                $r{$a} = $s."\\".$i;
+                $rsyms{$s} = 1;
+        }
+        foreach $sym (@symbols) {
+                (my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
+                next if $i =~ /^.*?:.*?:\w+\(\w+\)/;
+                next if defined($rsyms{$sym});
+                die "ERROR: Symbol $sym had no info attached to it."
+                    if $i eq "";
+                if (!exists $nums{$s}) {
+                        $new_syms++;
+                        my $s2 = $s;
+                        $s2 =~ s/\{[0-9]+\}$//;
+                        printf OUT "%s%-39s %d\t%s\n","",$s2, ++$start_num,$i;
+                        if (exists $r{$s}) {
+                                ($s, $i) = split /\\/,$r{$s};
+                                $s =~ s/\{[0-9]+\}$//;
+                                printf OUT "%s%-39s %d\t%s\n","",$s, $start_num,$i;
+                        }
+                }
+        }
+        if($new_syms) {
+                print STDERR "$new_syms New symbols added\n";
+        } else {
+                print STDERR "No New symbols Added\n";
+        }
+}
+sub check_existing
+{
+        (*nums, my @symbols)=@_;
+        my %existing; my @remaining;
+        @remaining=();
+        foreach $sym (@symbols) {
+                (my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
+                $existing{$s}=1;
+        }
+        foreach $sym (keys %nums) {
+                if (!exists $existing{$sym}) {
+                        push @remaining, $sym;
+                }
+        }
+        if(@remaining) {
+                print STDERR "The following symbols do not seem to exist:\n";
+                foreach $sym (@remaining) {
+                        print STDERR "\t",$sym,"\n";
+                }
+        }
+}
diff --git a/src/lib/libcrypto/util/mkdir-p.pl b/src/lib/libcrypto/util/mkdir-p.pl
new file mode 100644
index 0000000000..6c69c2daa4
--- /dev/null
+++ b/src/lib/libcrypto/util/mkdir-p.pl
@@ -0,0 +1,33 @@
+#!/usr/local/bin/perl
+# mkdir-p.pl
+# On some systems, the -p option to mkdir (= also create any missing parent
+# directories) is not available.
+my $arg;
+foreach $arg (@ARGV) {
+  &do_mkdir_p($arg);
+}
+sub do_mkdir_p {
+  local($dir) = @_;
+  $dir =~ s|/*\Z(?!\n)||s;
+  if (-d $dir) {
+    return;
+  }
+  if ($dir =~ m|[^/]/|s) {
+    local($parent) = $dir;
+    $parent =~ s|[^/]*\Z(?!\n)||s;
+    do_mkdir_p($parent);
+  }
+  mkdir($dir, 0777) || die "Cannot create directory $dir: $!\n";
+  print "created directory `$dir'\n";
+}
diff --git a/src/lib/libcrypto/util/mkerr.pl b/src/lib/libcrypto/util/mkerr.pl
index 53e14ab4df..9678514604 100644
--- a/src/lib/libcrypto/util/mkerr.pl
+++ b/src/lib/libcrypto/util/mkerr.pl
@@ -44,7 +44,8 @@ while (@ARGV) {
 }
 if($recurse) {
-        @source = (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>);
+        @source = (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>, <fips-1.0/*.c>,
+                   <fips-1.0/*/*.c>);
 } else {
        @source = @ARGV;
 }
@@ -65,8 +66,6 @@ while(<IN>)
                        $csrc{$1} = $3;
                        $fmax{$1} = 99;
                        $rmax{$1} = 99;
-                        $fassigned{$1} = ":";
-                        $rassigned{$1} = ":";
                        $fnew{$1} = 0;
                        $rnew{$1} = 0;
                }
@@ -105,24 +104,15 @@ while (($hdr, $lib) = each %libinc)
                    next;
                }
-                if(/\/\*/) {
+                $cpp = 1 if /^#.*ifdef.*cplusplus/;  # skip "C" declaration
-                    if (not /\*\//) {           # multiline comment...
-                        $line = $_;             # ... just accumulate
-                        next; 
-                    } else {
-                        s/\/\*.*?\*\///gs;      # wipe it
-                    }
-                }
                if ($cpp) {
-                    $cpp++ if /^#\s*if/;
+                    $cpp = 0 if /^#.*endif/;
-                    $cpp-- if /^#\s*endif/;
                    next;
                }
-                $cpp = 1 if /^#.*ifdef.*cplusplus/;  # skip "C" declaration
                next if (/^\#/);                      # skip preprocessor directives
+                s/\/\*.*?\*\///gs;                   # ignore comments
                s/{[^{}]*}//gs;                      # ignore {} blocks
                if (/\{|\/\*/) { # Add a } so editor works...
@@ -135,37 +125,31 @@ while (($hdr, $lib) = each %libinc)
        print STDERR "                                  \r" if $debug;
        $defnr = 0;
-        # Delete any DECLARE_ macros
-        $def =~ s/DECLARE_\w+\([\w,\s]+\)//gs;
        foreach (split /;/, $def) {
            $defnr++;
            print STDERR "def: $defnr\r" if $debug;
-            # The goal is to collect function names from function declarations.
            s/^[\n\s]*//g;
            s/[\n\s]*$//g;
+            next if(/typedef\W/);
-            # Skip over recognized non-function declarations
+            if (/\(\*(\w*)\([^\)]+/) {
-            next if(/typedef\W/ or /DECLARE_STACK_OF/ or /TYPEDEF_.*_OF/);
+                my $name = $1;
+                $name =~ tr/[a-z]/[A-Z]/;
-            # Remove STACK_OF(foo)
+                $ftrans{$name} = $1;
-            s/STACK_OF\(\w+\)/void/;
+            } elsif (/\w+\W+(\w+)\W*\(\s*\)(\s*__attribute__\(.*\)\s*)?$/s){
+                # K&R C
-            # Reduce argument lists to empty ()
+                next ;
-            # fold round brackets recursively: (t(*v)(t),t) -> (t{}{},t) -> {}
+            } elsif (/\w+\W+\w+\W*\(.*\)(\s*__attribute__\(.*\)\s*)?$/s) {
-            while(/\(.*\)/s) {
+                while (not /\(\)(\s*__attribute__\(.*\)\s*)?$/s) {
-                s/\([^\(\)]+\)/\{\}/gs;
+                    s/[^\(\)]*\)(\s*__attribute__\(.*\)\s*)?$/\)/s;
-                s/\(\s*\*\s*(\w+)\s*\{\}\s*\)/$1/gs;    #(*f{}) -> f
+                    s/\([^\(\)]*\)\)(\s*__attribute__\(.*\)\s*)?$/\)/s;
-            }
+                }
-            # pretend as we didn't use curly braces: {} -> ()
+                s/\(void\)//;
-            s/\{\}/\(\)/gs;
+                /(\w+(\{[0-9]+\})?)\W*\(\)/s;
+                my $name = $1;
-            if (/(\w+)\s*\(\).*/s) {    # first token prior [first] () is
-                my $name = $1;          # a function name!
                $name =~ tr/[a-z]/[A-Z]/;
                $ftrans{$name} = $1;
-            } elsif (/[\(\)]/ and not (/=/)) {
+            } elsif (/\(/ and not (/=/ or /DECLARE_STACK/)) {
                print STDERR "Header $hdr: cannot parse: $_;\n";
            }
        }
@@ -178,7 +162,7 @@ while (($hdr, $lib) = each %libinc)
        # maximum code used.
        if ($gotfile) {
-          while(<IN>) {
+            while(<IN>) {
                if(/^\#define\s+(\S+)\s+(\S+)/) {
                        $name = $1;
                        $code = $2;
@@ -189,49 +173,18 @@ while (($hdr, $lib) = each %libinc)
                        }
                        if($1 eq "R") {
                                $rcodes{$name} = $code;
-                                if ($rassigned{$lib} =~ /:$code:/) {
-                                        print STDERR "!! ERROR: $lib reason code $code assigned twice\n";
-                                }
-                                $rassigned{$lib} .= "$code:";
                                if(!(exists $rextra{$name}) &&
                                         ($code > $rmax{$lib}) ) {
                                        $rmax{$lib} = $code;
                                }
                        } else {
-                                if ($fassigned{$lib} =~ /:$code:/) {
-                                        print STDERR "!! ERROR: $lib function code $code assigned twice\n";
-                                }
-                                $fassigned{$lib} .= "$code:";
                                if($code > $fmax{$lib}) {
                                        $fmax{$lib} = $code;
                                }
                                $fcodes{$name} = $code;
                        }
                }
-          }
+            }
-        }
-        if ($debug) {
-                if (defined($fmax{$lib})) {
-                        print STDERR "Max function code fmax" . "{" . "$lib" . "} = $fmax{$lib}\n";
-                        $fassigned{$lib} =~ m/^:(.*):$/;
-                        @fassigned = sort {$a <=> $b} split(":", $1);
-                        print STDERR "  @fassigned\n";
-                }
-                if (defined($rmax{$lib})) {
-                        print STDERR "Max reason code rmax" . "{" . "$lib" . "} = $rmax{$lib}\n";
-                        $rassigned{$lib} =~ m/^:(.*):$/;
-                        @rassigned = sort {$a <=> $b} split(":", $1);
-                        print STDERR "  @rassigned\n";
-                }
-        }
-        if ($lib eq "SSL") {
-                if ($rmax{$lib} >= 1000) {
-                        print STDERR "!! ERROR: SSL error codes 1000+ are reserved for alerts.\n";
-                        print STDERR "!!        Any new alerts must be added to $config.\n";
-                        print STDERR "\n";
-                }
        }
        close IN;
 }
@@ -248,10 +201,11 @@ while (($hdr, $lib) = each %libinc)
 # so all those unreferenced can be printed out.
+print STDERR "Files loaded: " if $debug;
 foreach $file (@source) {
        # Don't parse the error source file.
        next if exists $cskip{$file};
-        print STDERR "File loaded: ".$file."\r" if $debug;
+        print STDERR $file if $debug;
        open(IN, "<$file") || die "Can't open source file $file\n";
        while(<IN>) {
                if(/(([A-Z0-9]+)_F_([A-Z0-9_]+))/) {
@@ -275,7 +229,7 @@ foreach $file (@source) {
        }
        close IN;
 }
-print STDERR "                                  \n" if $debug;
+print STDERR "\n" if $debug;
 # Now process each library in turn.
@@ -312,7 +266,7 @@ foreach $lib (keys %csrc)
        } else {
            push @out,
 "/* ====================================================================\n",
-" * Copyright (c) 2001-2008 The OpenSSL Project.  All rights reserved.\n",
+" * Copyright (c) 2001-2005 The OpenSSL Project.  All rights reserved.\n",
 " *\n",
 " * Redistribution and use in source and binary forms, with or without\n",
 " * modification, are permitted provided that the following conditions\n",
@@ -402,16 +356,7 @@ EOF
        foreach $i (@function) {
                $z=6-int(length($i)/8);
                if($fcodes{$i} eq "X") {
-                        $fassigned{$lib} =~ m/^:([^:]*):/;
+                        $fcodes{$i} = ++$fmax{$lib};
-                        $findcode = $1;
-                        if (!defined($findcode)) {
-                                $findcode = $fmax{$lib};
-                        }
-                        while ($fassigned{$lib} =~ m/:$findcode:/) {
-                                $findcode++;
-                        }
-                        $fcodes{$i} = $findcode;
-                        $fassigned{$lib} .= "$findcode:";
                        print STDERR "New Function code $i\n" if $debug;
                }
                printf OUT "#define $i%s $fcodes{$i}\n","\t" x $z;
@@ -422,16 +367,7 @@ EOF
        foreach $i (@reasons) {
                $z=6-int(length($i)/8);
                if($rcodes{$i} eq "X") {
-                        $rassigned{$lib} =~ m/^:([^:]*):/;
+                        $rcodes{$i} = ++$rmax{$lib};
-                        $findcode = $1;
-                        if (!defined($findcode)) {
-                                $findcode = $rmax{$lib};
-                        }
-                        while ($rassigned{$lib} =~ m/:$findcode:/) {
-                                $findcode++;
-                        }
-                        $rcodes{$i} = $findcode;
-                        $rassigned{$lib} .= "$findcode:";
                        print STDERR "New Reason code   $i\n" if $debug;
                }
                printf OUT "#define $i%s $rcodes{$i}\n","\t" x $z;
@@ -486,7 +422,7 @@ EOF
        print OUT <<"EOF";
 /* $cfile */
 /* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -600,14 +536,17 @@ if($static) {
 ${staticloader}void ERR_load_${lib}_strings(void)
        {
-#ifndef OPENSSL_NO_ERR
+        static int init=1;
-        if (ERR_func_error_string(${lib}_str_functs[0].error) == NULL)
+        if (init)
                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
                ERR_load_strings($load_errcode,${lib}_str_functs);
                ERR_load_strings($load_errcode,${lib}_str_reasons);
-                }
 #endif
+                }
        }
 EOF
 } else {
diff --git a/src/lib/libcrypto/util/mkfiles.pl b/src/lib/libcrypto/util/mkfiles.pl
new file mode 100644
index 0000000000..bc78510f56
--- /dev/null
+++ b/src/lib/libcrypto/util/mkfiles.pl
@@ -0,0 +1,126 @@
+#!/usr/local/bin/perl
+#
+# This is a hacked version of files.pl for systems that can't do a 'make files'.
+# Do a perl util/mkminfo.pl >MINFO to build MINFO
+# Written by Steve Henson 1999.
+# List of directories to process
+my @dirs = (
+".",
+"crypto",
+"crypto/md2",
+"crypto/md4",
+"crypto/md5",
+"crypto/sha",
+"crypto/mdc2",
+"crypto/hmac",
+"crypto/ripemd",
+"crypto/des",
+"crypto/rc2",
+"crypto/rc4",
+"crypto/rc5",
+"crypto/idea",
+"crypto/bf",
+"crypto/cast",
+"crypto/aes",
+"crypto/bn",
+"crypto/rsa",
+"crypto/dsa",
+"crypto/dso",
+"crypto/dh",
+"crypto/ec",
+"crypto/buffer",
+"crypto/bio",
+"crypto/stack",
+"crypto/lhash",
+"crypto/rand",
+"crypto/err",
+"crypto/objects",
+"crypto/evp",
+"crypto/asn1",
+"crypto/pem",
+"crypto/x509",
+"crypto/x509v3",
+"crypto/conf",
+"crypto/txt_db",
+"crypto/pkcs7",
+"crypto/pkcs12",
+"crypto/comp",
+"crypto/engine",
+"crypto/ocsp",
+"crypto/ui",
+"crypto/krb5",
+"fips-1.0",
+"fips-1.0/aes",
+"fips-1.0/des",
+"fips-1.0/dsa",
+"fips-1.0/dh",
+"fips-1.0/hmac",
+"fips-1.0/rand",
+"fips-1.0/rsa",
+"fips-1.0/sha",
+"ssl",
+"apps",
+"test",
+"tools"
+);
+foreach (@dirs) {
+        &files_dir ($_, "Makefile");
+}
+exit(0);
+sub files_dir
+{
+my ($dir, $makefile) = @_;
+my %sym;
+open (IN, "$dir/$makefile") || die "Can't open $dir/$makefile";
+my $s="";
+while (<IN>)
+        {
+        chop;
+        s/#.*//;
+        if (/^(\S+)\s*=\s*(.*)$/)
+                {
+                $o="";
+                ($s,$b)=($1,$2);
+                for (;;)
+                        {
+                        if ($b =~ /\\$/)
+                                {
+                                chop($b);
+                                $o.=$b." ";
+                                $b=<IN>;
+                                chop($b);
+                                }
+                        else
+                                {
+                                $o.=$b." ";
+                                last;
+                                }
+                        }
+                $o =~ s/^\s+//;
+                $o =~ s/\s+$//;
+                $o =~ s/\s+/ /g;
+                $o =~ s/\$[({]([^)}]+)[)}]/$sym{$1}/g;
+                $sym{$s}=$o;
+                }
+        }
+print "RELATIVE_DIRECTORY=$dir\n";
+foreach (sort keys %sym)
+        {
+        print "$_=$sym{$_}\n";
+        }
+print "RELATIVE_DIRECTORY=\n";
+close (IN);
+}
diff --git a/src/lib/libcrypto/util/mklink.pl b/src/lib/libcrypto/util/mklink.pl
new file mode 100644
index 0000000000..182732d959
--- /dev/null
+++ b/src/lib/libcrypto/util/mklink.pl
@@ -0,0 +1,73 @@
+#!/usr/local/bin/perl
+# mklink.pl
+# The first command line argument is a non-empty relative path
+# specifying the "from" directory.
+# Each other argument is a file name not containing / and
+# names a file in the current directory.
+#
+# For each of these files, we create in the "from" directory a link
+# of the same name pointing to the local file.
+#
+# We assume that the directory structure is a tree, i.e. that it does
+# not contain symbolic links and that the parent of / is never referenced.
+# Apart from this, this script should be able to handle even the most
+# pathological cases.
+#
+use Cwd;
+my $from = shift;
+my @files = @ARGV;
+my @from_path = split(/[\\\/]/, $from);
+my $pwd = getcwd();
+chomp($pwd);
+my @pwd_path = split(/[\\\/]/, $pwd);
+my @to_path = ();
+my $dirname;
+foreach $dirname (@from_path) {
+    # In this loop, @to_path always is a relative path from
+    # @pwd_path (interpreted is an absolute path) to the original pwd.
+    # At the end, @from_path (as a relative path from the original pwd)
+    # designates the same directory as the absolute path @pwd_path,
+    # which means that @to_path then is a path from there to the original pwd.
+    next if ($dirname eq "" || $dirname eq ".");
+    if ($dirname eq "..") {
+        @to_path = (pop(@pwd_path), @to_path);
+    } else {
+        @to_path = ("..", @to_path);
+        push(@pwd_path, $dirname);
+    }
+}
+my $to = join('/', @to_path);
+my $file;
+$symlink_exists=eval {symlink("",""); 1};
+foreach $file (@files) {
+    my $err = "";
+    if ($symlink_exists) {
+        unlink "$from/$file";
+        symlink("$to/$file", "$from/$file") or $err = " [$!]";
+    } else {
+        unlink "$from/$file"; 
+        open (OLD, "<$file") or die "Can't open $file: $!";
+        open (NEW, ">$from/$file") or die "Can't open $from/$file: $!";
+        binmode(OLD);
+        binmode(NEW);
+        while (<OLD>) {
+            print NEW $_;
+        }
+        close (OLD) or die "Can't close $file: $!";
+        close (NEW) or die "Can't close $from/$file: $!";
+    }
+    print $file . " => $from/$file$err\n";
+}
diff --git a/src/lib/libcrypto/util/mkstack.pl b/src/lib/libcrypto/util/mkstack.pl
index 2a968f395f..0ca9eb6a76 100644
--- a/src/lib/libcrypto/util/mkstack.pl
+++ b/src/lib/libcrypto/util/mkstack.pl
@@ -75,7 +75,6 @@ while(<IN>) {
 #define sk_${type_thing}_push(st, val) SKM_sk_push($type_thing, (st), (val))
 #define sk_${type_thing}_unshift(st, val) SKM_sk_unshift($type_thing, (st), (val))
 #define sk_${type_thing}_find(st, val) SKM_sk_find($type_thing, (st), (val))
-#define sk_${type_thing}_find_ex(st, val) SKM_sk_find_ex($type_thing, (st), (val))
 #define sk_${type_thing}_delete(st, i) SKM_sk_delete($type_thing, (st), (i))
 #define sk_${type_thing}_delete_ptr(st, ptr) SKM_sk_delete_ptr($type_thing, (st), (ptr))
 #define sk_${type_thing}_insert(st, val, i) SKM_sk_insert($type_thing, (st), (val), (i))
diff --git a/src/lib/libcrypto/util/opensslwrap.sh b/src/lib/libcrypto/util/opensslwrap.sh
new file mode 100755
index 0000000000..b27cbb897f
--- /dev/null
+++ b/src/lib/libcrypto/util/opensslwrap.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+HERE="`echo $0 | sed -e 's|[^/]*$||'`"
+OPENSSL="${HERE}../apps/openssl"
+if [ -d "${HERE}../engines" -a "x$OPENSSL_ENGINES" = "x" ]; then
+        OPENSSL_ENGINES="${HERE}../engines"; export OPENSSL_ENGINES
+fi
+if [ -x "${OPENSSL}.exe" ]; then
+        # The original reason for this script existence is to work around
+        # certain caveats in run-time linker behaviour. On Windows platforms
+        # adjusting $PATH used to be sufficient, but with introduction of
+        # SafeDllSearchMode in XP/2003 the only way to get it right in
+        # *all* possible situations is to copy newly built .DLLs to apps/
+        # and test/, which is now done elsewhere... The $PATH is adjusted
+        # for backward compatibility (and nostagical reasons:-).
+        if [ "$OSTYPE" != msdosdjgpp ]; then
+                PATH="${HERE}..:$PATH"; export PATH
+        fi
+        exec "${OPENSSL}.exe" "$@"
+elif [ -x "${OPENSSL}" -a -x "${HERE}shlib_wrap.sh" ]; then
+        exec "${HERE}shlib_wrap.sh" "${OPENSSL}" "$@"
+else
+        exec "${OPENSSL}" "$@"  # hope for the best...
+fi
diff --git a/src/lib/libcrypto/util/perlpath.pl b/src/lib/libcrypto/util/perlpath.pl
new file mode 100644
index 0000000000..a1f236bd98
--- /dev/null
+++ b/src/lib/libcrypto/util/perlpath.pl
@@ -0,0 +1,35 @@
+#!/usr/local/bin/perl
+#
+# modify the '#!/usr/local/bin/perl'
+# line in all scripts that rely on perl.
+#
+require "find.pl";
+$#ARGV == 0 || print STDERR "usage: perlpath newpath  (eg /usr/bin)\n";
+&find(".");
+sub wanted
+        {
+        return unless /\.pl$/ || /^[Cc]onfigur/;
+        open(IN,"<$_") || die "unable to open $dir/$_:$!\n";
+        @a=<IN>;
+        close(IN);
+        if (-d $ARGV[0]) {
+                $a[0]="#!$ARGV[0]/perl\n";
+        }
+        else {
+                $a[0]="#!$ARGV[0]\n";
+        }
+        # Playing it safe...
+        $new="$_.new";
+        open(OUT,">$new") || die "unable to open $dir/$new:$!\n";
+        print OUT @a;
+        close(OUT);
+        rename($new,$_) || die "unable to rename $dir/$new:$!\n";
+        chmod(0755,$_) || die "unable to chmod $dir/$new:$!\n";
+        }
diff --git a/src/lib/libcrypto/util/pl/BC-16.pl b/src/lib/libcrypto/util/pl/BC-16.pl
new file mode 100644
index 0000000000..8030653daa
--- /dev/null
+++ b/src/lib/libcrypto/util/pl/BC-16.pl
@@ -0,0 +1,151 @@
+#!/usr/local/bin/perl
+# VCw16lib.pl - the file for Visual C++ 1.52b for windows, static libraries
+#
+$o='\\';
+$cp='copy';
+$rm='del';
+# C compiler stuff
+$cc='bcc';
+if ($debug)
+        { $op="-v "; }
+else    { $op="-O "; }
+$cflags="-d -ml $op -DL_ENDIAN";
+# I add the stack opt
+$base_lflags="/c /C";
+$lflags="$base_lflags";
+if ($win16)
+        {
+        $shlib=1;
+        $cflags.=" -DOPENSSL_SYSNAME_WIN16";
+        $app_cflag="-W";
+        $lib_cflag="-WD";
+        $lflags.="/Twe";
+        }
+else
+        {
+        $cflags.=" -DOENSSL_SYSNAME_MSDOS";
+        $lflags.=" /Tde";
+        }
+if ($shlib)
+        {
+        $mlflags=" /Twd $base_lflags"; # stack if defined in .def file
+        $libs="libw ldllcew";
+        $no_asm=1;
+        }
+else
+        { $mlflags=''; }
+$obj='.obj';
+$ofile="-o";
+# EXE linking stuff
+$link="tlink";
+$efile="";
+$exep='.exe';
+$ex_libs="CL";
+$ex_libs.=$no_sock?"":" winsock.lib";
+$app_ex_obj="C0L.obj ";
+$shlib_ex_obj="" if ($shlib);
+# static library stuff
+$mklib='tlib';
+$ranlib='echo no ranlib';
+$plib="";
+$libp=".lib";
+$shlibp=($shlib)?".dll":".lib";
+$lfile='';
+$asm='bcc -c -B -Tml';
+$afile='/o';
+if ($no_asm || $fips)
+        {
+        $bn_asm_obj='';
+        $bn_asm_src='';
+        }
+elsif ($asmbits == 32)
+        {
+        $bn_asm_obj='crypto\bn\asm\x86w32.obj';
+        $bn_asm_src='crypto\bn\asm\x86w32.asm';
+        }
+else
+        {
+        $bn_asm_obj='crypto\bn\asm\x86w16.obj';
+        $bn_asm_src='crypto\bn\asm\x86w16.asm';
+        }
+sub do_lib_rule
+        {
+        local($target,$name,$shlib)=@_;
+        local($ret,$Name);
+        $taget =~ s/\//$o/g if $o ne '/';
+        ($Name=$name) =~ tr/a-z/A-Z/;
+        $ret.="$target: \$(${Name}OBJ)\n";
+        $ret.="\t\$(RM) \$(O_$Name)\n";
+        # Due to a pathetic line length limit, I unwrap the args.
+        local($lib_names)="";
+        local($dll_names)="";
+        foreach $_ (sort split(/\s+/,$Vars{"${Name}OBJ"}))
+                {
+                $lib_names.="  +$_ &\n";
+                $dll_names.="  $_\n";
+                }
+        if (!$shlib)
+                {
+                $ret.="\t\$(MKLIB) $target & <<|\n$lib_names\n,\n|\n";
+                }
+        else
+                {
+                local($ex)=($Name eq "SSL")?' $(L_CRYPTO) winsock':"";
+                $ret.="\t\$(LINK) \$(MLFLAGS) @&&|\n";
+                $ret.=$dll_names;
+                $ret.="\n  $target\n\n  $ex $libs\nms$o${name}16.def;\n|\n";
+                ($out_lib=$target) =~ s/O_/L_/;
+                $ret.="\timplib /nowep $out_lib $target\n\n";
+                }
+        $ret.="\n";
+        return($ret);
+        }
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs,$sha1file,$openssl)=@_;
+        local($ret,$f,$_,@f);
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($target);
+        $ret.="$target: $files $dep_libs\n";
+        $ret.="  \$(LINK) @&&|";
+        
+        # Due to a pathetic line length limit, I have to unwrap the args.
+        $ret.=" \$(LFLAGS) ";
+        if ($files =~ /\(([^)]*)\)$/)
+                {
+                $ret.=" \$(APP_EX_OBJ)";
+                foreach $_ (sort split(/\s+/,$Vars{$1}))
+                        { $ret.="\n  $r $_ +"; }
+                chop($ret);
+                $ret.="\n";
+                }
+        else
+                { $ret.="\n $r \$(APP_EX_OBJ) $files\n"; }
+        $ret.="  $target\n\n  $libs\n\n|\n";
+        if (defined $sha1file)
+                {
+                $ret.="  $openssl sha1 -hmac etaonrishdlcupfm -binary $target > $sha1file";
+                }
+        $ret.="\n";
+        return($ret);
+        }
+1;
diff --git a/src/lib/libcrypto/util/pl/BC-32.pl b/src/lib/libcrypto/util/pl/BC-32.pl
new file mode 100644
index 0000000000..28869c868d
--- /dev/null
+++ b/src/lib/libcrypto/util/pl/BC-32.pl
@@ -0,0 +1,144 @@
+#!/usr/local/bin/perl
+# Borland C++ builder 3 and 4 -- Janez Jere <jj@void.si>
+#
+$ssl=   "ssleay32";
+$crypto="libeay32";
+$o='\\';
+$cp='copy';
+$rm='del';
+# C compiler stuff
+$cc='bcc32';
+$lflags="-ap -Tpe -x -Gn ";
+$mlflags='';
+$out_def="out32";
+$tmp_def="tmp32";
+$inc_def="inc32";
+#enable max error messages, disable most common warnings
+$cflags="-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl  -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp ";
+if ($debug)
+{
+    $cflags.="-Od -y -v -vi- -D_DEBUG";
+    $mlflags.=' ';
+}
+else
+{
+    $cflags.="-O2 -ff -fp";
+}
+$obj='.obj';
+$ofile="-o";
+# EXE linking stuff
+$link="ilink32";
+$efile="";
+$exep='.exe';
+if ($no_sock)
+        { $ex_libs=""; }
+else    { $ex_libs="cw32mt.lib import32.lib"; }
+# static library stuff
+$mklib='tlib /P64';
+$ranlib='';
+$plib="";
+$libp=".lib";
+$shlibp=($shlib)?".dll":".lib";
+$lfile='';
+$shlib_ex_obj="";
+$app_ex_obj="c0x32.obj"; 
+$asm='nasmw -f obj -d__omf__';
+$asm.=" /Zi" if $debug;
+$afile='-o';
+$bn_mulw_obj='';
+$bn_mulw_src='';
+$des_enc_obj='';
+$des_enc_src='';
+$bf_enc_obj='';
+$bf_enc_src='';
+if (!$no_asm && !$fips)
+        {
+        $bn_mulw_obj='crypto\bn\asm\bn_win32.obj';
+        $bn_mulw_src='crypto\bn\asm\bn_win32.asm';
+        $des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj';
+        $des_enc_src='crypto\des\asm\d_win32.asm crypto\des\asm\y_win32.asm';
+        $bf_enc_obj='crypto\bf\asm\b_win32.obj';
+        $bf_enc_src='crypto\bf\asm\b_win32.asm';
+        $cast_enc_obj='crypto\cast\asm\c_win32.obj';
+        $cast_enc_src='crypto\cast\asm\c_win32.asm';
+        $rc4_enc_obj='crypto\rc4\asm\r4_win32.obj';
+        $rc4_enc_src='crypto\rc4\asm\r4_win32.asm';
+        $rc5_enc_obj='crypto\rc5\asm\r5_win32.obj';
+        $rc5_enc_src='crypto\rc5\asm\r5_win32.asm';
+        $md5_asm_obj='crypto\md5\asm\m5_win32.obj';
+        $md5_asm_src='crypto\md5\asm\m5_win32.asm';
+        $sha1_asm_obj='crypto\sha\asm\s1_win32.obj';
+        $sha1_asm_src='crypto\sha\asm\s1_win32.asm';
+        $rmd160_asm_obj='crypto\ripemd\asm\rm_win32.obj';
+        $rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm';
+        $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
+        }
+if ($shlib)
+        {
+        $mlflags.=" $lflags /dll";
+#       $cflags =~ s| /MD| /MT|;
+        $lib_cflag=" /GD -D_WINDLL -D_DLL";
+        $out_def="out32dll";
+        $tmp_def="tmp32dll";
+        }
+sub do_lib_rule
+        {
+        local($objs,$target,$name,$shlib)=@_;
+        local($ret,$Name);
+        $taget =~ s/\//$o/g if $o ne '/';
+        ($Name=$name) =~ tr/a-z/A-Z/;
+#       $target="\$(LIB_D)$o$target";
+        $ret.="$target: $objs\n";
+        if (!$shlib)
+                {
+                $ret.=<<___;
+        -\$(RM) $lfile$target
+        \$(MKLIB) $lfile$target \@&&!
+\$(**: = &^
+)
+!
+___
+                }
+        else
+                {
+                local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
+                $ex.=' wsock32.lib gdi32.lib';
+                $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
+                }
+        $ret.="\n";
+        return($ret);
+        }
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs,$sha1file,$openssl)=@_;
+        local($ret,$_);
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($targer);
+        $ret.="$target: $files $dep_libs\n";
+        $ret.="\t\$(LINK) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, $libs\n";
+        if (defined $sha1file)
+                {
+                $ret.="\t$openssl sha1 -hmac etaonrishdlcupfm -binary $target > $sha1file";
+                }
+        $ret.="\n";
+        return($ret);
+        }
+1;
diff --git a/src/lib/libcrypto/util/pl/Mingw32.pl b/src/lib/libcrypto/util/pl/Mingw32.pl
new file mode 100644
index 0000000000..b9bb24d21d
--- /dev/null
+++ b/src/lib/libcrypto/util/pl/Mingw32.pl
@@ -0,0 +1,109 @@
+#!/usr/local/bin/perl
+#
+# Mingw32.pl -- Mingw
+#
+$o='/';
+$cp='cp';
+$rm='rm -f';
+$mkdir='gmkdir';
+$o='\\';
+$cp='copy';
+$rm='del';
+$mkdir='mkdir';
+# C compiler stuff
+$cc='gcc';
+if ($debug)
+        { $cflags="-DL_ENDIAN -DDSO_WIN32 -g2 -ggdb"; }
+else
+        { $cflags="-DL_ENDIAN -DDSO_WIN32 -fomit-frame-pointer -O3 -mcpu=i486 -Wall"; }
+if ($gaswin and !$no_asm and !$fips)
+        {
+        $bn_asm_obj='$(OBJ_D)\bn-win32.o';
+        $bn_asm_src='crypto/bn/asm/bn-win32.s';
+        $bnco_asm_obj='$(OBJ_D)\co-win32.o';
+        $bnco_asm_src='crypto/bn/asm/co-win32.s';
+        $des_enc_obj='$(OBJ_D)\d-win32.o $(OBJ_D)\y-win32.o';
+        $des_enc_src='crypto/des/asm/d-win32.s crypto/des/asm/y-win32.s';
+        $bf_enc_obj='$(OBJ_D)\b-win32.o';
+        $bf_enc_src='crypto/bf/asm/b-win32.s';
+#       $cast_enc_obj='$(OBJ_D)\c-win32.o';
+#       $cast_enc_src='crypto/cast/asm/c-win32.s';
+        $rc4_enc_obj='$(OBJ_D)\r4-win32.o';
+        $rc4_enc_src='crypto/rc4/asm/r4-win32.s';
+        $rc5_enc_obj='$(OBJ_D)\r5-win32.o';
+        $rc5_enc_src='crypto/rc5/asm/r5-win32.s';
+        $md5_asm_obj='$(OBJ_D)\m5-win32.o';
+        $md5_asm_src='crypto/md5/asm/m5-win32.s';
+        $rmd160_asm_obj='$(OBJ_D)\rm-win32.o';
+        $rmd160_asm_src='crypto/ripemd/asm/rm-win32.s';
+        $sha1_asm_obj='$(OBJ_D)\s1-win32.o';
+        $sha1_asm_src='crypto/sha/asm/s1-win32.s';
+        $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM";
+        }
+$obj='.o';
+$ofile='-o ';
+# EXE linking stuff
+$link='${CC}';
+$lflags='${CFLAGS}';
+$efile='-o ';
+$exep='';
+$ex_libs="-lwsock32 -lgdi32";
+# static library stuff
+$mklib='ar r';
+$mlflags='';
+$ranlib='ranlib';
+$plib='lib';
+$libp=".a";
+$shlibp=".a";
+$lfile='';
+$asm='as';
+$afile='-o ';
+#$bn_asm_obj="";
+#$bn_asm_src="";
+#$des_enc_obj="";
+#$des_enc_src="";
+#$bf_enc_obj="";
+#$bf_enc_src="";
+sub do_lib_rule
+        {
+        local($obj,$target,$name,$shlib)=@_;
+        local($ret,$_,$Name);
+        $target =~ s/\//$o/g if $o ne '/';
+        $target="$target";
+        ($Name=$name) =~ tr/a-z/A-Z/;
+        $ret.="$target: \$(${Name}OBJ)\n";
+        $ret.="\tif exist $target \$(RM) $target\n";
+        $ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
+        $ret.="\t\$(RANLIB) $target\n\n";
+        }
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs,$sha1file,$openssl)=@_;
+        local($ret,$_);
+        
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($target);
+        $ret.="$target: $files $dep_libs\n";
+        $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n";
+        if (defined $sha1file)
+                {
+                $ret.="\t$openssl sha1 -hmac etaonrishdlcupfm -binary $target > $sha1file";
+                }
+        $ret.="\n";
+        return($ret);
+        }
+1;
diff --git a/src/lib/libcrypto/util/pl/OS2-EMX.pl b/src/lib/libcrypto/util/pl/OS2-EMX.pl
new file mode 100644
index 0000000000..8dbeaa7a08
--- /dev/null
+++ b/src/lib/libcrypto/util/pl/OS2-EMX.pl
@@ -0,0 +1,125 @@
+#!/usr/local/bin/perl
+#
+# OS2-EMX.pl - for EMX GCC on OS/2
+#
+$o='/';
+$cp='cp';
+$rm='rm -f';
+$preamble = "SHELL=sh\n";
+# C compiler stuff
+$cc='gcc';
+$cflags="-DL_ENDIAN -O3 -fomit-frame-pointer -m486 -Zmtd -Wall ";
+$cflags.="-Zomf " if $shlib;
+$shl_cflag="-Zdll";
+if ($debug) { 
+        $cflags.="-g "; 
+}
+$obj=$shlib ? '.obj' : '.o';
+$ofile='-o ';
+# EXE linking stuff
+$link='${CC}';
+$lflags='${CFLAGS} -Zbsd-signals -s';
+$efile='-o ';
+$exep='.exe';
+$ex_libs="-lsocket";
+# static library stuff
+$mklib='ar r';
+$mlflags='';
+$ranlib="ar s";
+$plib='';
+$libp=$shlib ? ".lib" : ".a";
+$shlibp=$shlib ? ".dll" : ".a";
+$lfile='';
+$asm=$shlib ? 'as -Zomf' : 'as';
+$afile='-o ';
+$bn_asm_obj="";
+$bn_asm_src="";
+$des_enc_obj="";
+$des_enc_src="";
+$bf_enc_obj="";
+$bf_enc_src="";
+if (!$no_asm && !$fips)
+        {
+        $bn_asm_obj="crypto/bn/asm/bn-os2$obj crypto/bn/asm/co-os2$obj";
+        $bn_asm_src="crypto/bn/asm/bn-os2.asm crypto/bn/asm/co-os2.asm";
+        $des_enc_obj="crypto/des/asm/d-os2$obj crypto/des/asm/y-os2$obj";
+        $des_enc_src="crypto/des/asm/d-os2.asm crypto/des/asm/y-os2.asm";
+        $bf_enc_obj="crypto/bf/asm/b-os2$obj";
+        $bf_enc_src="crypto/bf/asm/b-os2.asm";
+        $cast_enc_obj="crypto/cast/asm/c-os2$obj";
+        $cast_enc_src="crypto/cast/asm/c-os2.asm";
+        $rc4_enc_obj="crypto/rc4/asm/r4-os2$obj";
+        $rc4_enc_src="crypto/rc4/asm/r4-os2.asm";
+        $rc5_enc_obj="crypto/rc5/asm/r5-os2$obj";
+        $rc5_enc_src="crypto/rc5/asm/r5-os2.asm";
+        $md5_asm_obj="crypto/md5/asm/m5-os2$obj";
+        $md5_asm_src="crypto/md5/asm/m5-os2.asm";
+        $sha1_asm_obj="crypto/sha/asm/s1-os2$obj";
+        $sha1_asm_src="crypto/sha/asm/s1-os2.asm";
+        $rmd160_asm_obj="crypto/ripemd/asm/rm-os2$obj";
+        $rmd160_asm_src="crypto/ripemd/asm/rm-os2.asm";
+        $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DOPENSSL_BN_ASM_PART_WORDS";
+        }
+if ($shlib)
+        {
+        $mlflags.=" $lflags -Zdll";
+        $lib_cflag=" -D_DLL";
+        $out_def="out_dll";
+        $tmp_def="tmp_dll";
+        }
+sub do_lib_rule
+        {
+        local($obj,$target,$name,$shlib)=@_;
+        local($ret,$_,$Name);
+        $target =~ s/\//$o/g if $o ne '/';
+        $target="$target";
+        ($Name=$name) =~ tr/a-z/A-Z/;
+        $ret.="$target: \$(${Name}OBJ)\n";
+        if (!$shlib) 
+                {
+                $ret.="\t\$(RM) $target\n";
+                $ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
+                $ret.="\t\$(RANLIB) $target\n\n";
+                }
+        else
+                {
+                local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
+                $ex.=' -lsocket';
+                $ret.="\t\$(LINK) \$(SHLIB_CFLAGS) \$(MLFLAGS) $efile$target \$(SHLIB_EX_OBJ) \$(${Name}OBJ) $ex os2/${Name}.def\n";
+                $ret.="\temximp -o $out_def/$name.a os2/${Name}.def\n";
+                $ret.="\temximp -o $out_def/$name.lib os2/${Name}.def\n\n";
+                }
+        }
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs,$sha1file,$openssl)=@_;
+        local($ret,$_);
+        
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($target);
+        $ret.="$target: $files $dep_libs\n";
+        $ret.="\t\$(LINK) ${efile}$target \$(CFLAG) \$(LFLAGS) $files $libs\n";
+        if (defined $sha1file)
+                {
+                $ret.="\t$openssl sha1 -hmac etaonrishdlcupfm -binary $target > $sha1file";
+                }
+        $ret.="\n";
+        return($ret);
+        }
+1;
diff --git a/src/lib/libcrypto/util/pl/VC-16.pl b/src/lib/libcrypto/util/pl/VC-16.pl
new file mode 100644
index 0000000000..564ba3fd08
--- /dev/null
+++ b/src/lib/libcrypto/util/pl/VC-16.pl
@@ -0,0 +1,177 @@
+#!/usr/local/bin/perl
+# VCw16lib.pl - the file for Visual C++ 1.52b for windows, static libraries
+#
+$ssl=   "ssleay16";
+$crypto="libeay16";
+$o='\\';
+$cp='copy';
+$rm='del';
+# C compiler stuff
+$cc='cl';
+$out_def="out16";
+$tmp_def="tmp16";
+$inc_def="inc16";
+if ($debug)
+        {
+        $op="/Od /Zi /Zd";
+        $base_lflags="/CO";
+        }
+else    {
+        $op="/G2 /f- /Ocgnotb2";
+        }
+$base_lflags.=" /FARCALL /NOLOGO /NOD /SEG:1024 /ONERROR:NOEXE /NOE /PACKC:60000";
+if ($win16) { $base_lflags.=" /PACKD:60000"; }
+$cflags="/ALw /Gx- /Gt256 /Gf $op /W3 /WX -DL_ENDIAN /nologo";
+# I add the stack opt
+$lflags="$base_lflags /STACK:20000";
+if ($win16)
+        {
+        $cflags.=" -DOPENSSL_SYSNAME_WIN16";
+        $app_cflag="/Gw /FPi87";
+        $lib_cflag="/Gw";
+        $lib_cflag.=" -D_WINDLL -D_DLL" if $shlib;
+        $lib_cflag.=" -DWIN16TTY" if !$shlib;
+        $lflags.=" /ALIGN:256";
+        $ex_libs.="oldnames llibcewq libw";
+        }
+else
+        {
+        $no_sock=1;
+        $cflags.=" -DMSDOS";
+        $lflags.=" /EXEPACK";
+        $ex_libs.="oldnames.lib llibce.lib";
+        }
+if ($shlib)
+        {
+        $mlflags="$base_lflags";
+        $libs="oldnames ldllcew libw";
+        $shlib_ex_obj="";
+#       $no_asm=1;
+        $out_def="out16dll";
+        $tmp_def="tmp16dll";
+        }
+else
+        { $mlflags=''; }
+$app_ex_obj="";
+$obj='.obj';
+$ofile="/Fo";
+# EXE linking stuff
+$link="link";
+$efile="";
+$exep='.exe';
+$ex_libs.=$no_sock?"":" winsock";
+# static library stuff
+$mklib='lib /PAGESIZE:1024';
+$ranlib='';
+$plib="";
+$libp=".lib";
+$shlibp=($shlib)?".dll":".lib";
+$lfile='';
+$asm='ml /Cp /c /Cx';
+$afile='/Fo';
+$bn_asm_obj='';
+$bn_asm_src='';
+$des_enc_obj='';
+$des_enc_src='';
+$bf_enc_obj='';
+$bf_enc_src='';
+if (!$no_asm && !$fips)
+        {
+        if ($asmbits == 32)
+                {
+                $bn_asm_obj='crypto\bn\asm\x86w32.obj';
+                $bn_asm_src='crypto\bn\asm\x86w32.asm';
+                }
+        else
+                {
+                $bn_asm_obj='crypto\bn\asm\x86w16.obj';
+                $bn_asm_src='crypto\bn\asm\x86w16.asm';
+                }
+        }
+sub do_lib_rule
+        {
+        local($objs,$target,$name,$shlib)=@_;
+        local($ret,$Name);
+        $taget =~ s/\//$o/g if $o ne '/';
+        ($Name=$name) =~ tr/a-z/A-Z/;
+#       $target="\$(LIB_D)$o$target";
+        $ret.="$target: $objs\n";
+#       $ret.="\t\$(RM) \$(O_$Name)\n";
+        # Due to a pathetic line length limit, I unwrap the args.
+        local($lib_names)="";
+        local($dll_names)="  \$(SHLIB_EX_OBJ) +\n";
+        ($obj)= ($objs =~ /\((.*)\)/);
+        foreach $_ (sort split(/\s+/,$Vars{$obj}))
+                {
+                $lib_names.="+$_ &\n";
+                $dll_names.="  $_ +\n";
+                }
+        if (!$shlib)
+                {
+                $ret.="\tdel $target\n";
+                $ret.="\t\$(MKLIB) @<<\n$target\ny\n$lib_names\n\n<<\n";
+                }
+        else
+                {
+                local($ex)=($target =~ /O_SSL/)?'$(L_CRYPTO)':"";
+                $ex.=' winsock';
+                $ret.="\t\$(LINK) \$(MLFLAGS) @<<\n";
+                $ret.=$dll_names;
+                $ret.="\n  $target\n\n  $ex $libs\nms$o${name}.def;\n<<\n";
+                ($out_lib=$target) =~ s/O_/L_/;
+                $ret.="\timplib /noignorecase /nowep $out_lib $target\n";
+                }
+        $ret.="\n";
+        return($ret);
+        }
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs,$sha1file,$openssl)=@_;
+        local($ret,$f,$_,@f);
+        
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($targer);
+        $ret.="$target: $files $dep_libs\n";
+        $ret.="  \$(LINK) \$(LFLAGS) @<<\n";
+        
+        # Due to a pathetic line length limit, I have to unwrap the args.
+        if ($files =~ /\(([^)]*)\)$/)
+                {
+                @a=('$(APP_EX_OBJ)');
+                push(@a,sort split(/\s+/,$Vars{$1}));
+                for $_ (@a)
+                        { $ret.="  $_ +\n"; }
+                }
+        else
+                { $ret.="  \$(APP_EX_OBJ) $files"; }
+        $ret.="\n  $target\n\n  $libs\n\n<<\n";
+        if (defined $sha1file)
+                {
+                $ret.="  $openssl sha1 -hmac etaonrishdlcupfm -binary $target > $sha1file";
+                }
+        $ret.="\n";
+        return($ret);
+        }
+1;
diff --git a/src/lib/libcrypto/util/pl/VC-32-GMAKE.pl b/src/lib/libcrypto/util/pl/VC-32-GMAKE.pl
new file mode 100644
index 0000000000..b5bbcac6c2
--- /dev/null
+++ b/src/lib/libcrypto/util/pl/VC-32-GMAKE.pl
@@ -0,0 +1,222 @@
+#!/usr/local/bin/perl
+# VCw32lib.pl - the file for Visual C++ 4.[01] for windows NT, static libraries
+#
+if ($fips && !$shlib)
+        {
+        $crypto="libeayfips32";
+        $crypto_compat = "libeaycompat32.lib";
+        }
+else
+        {
+        $crypto="libeay32";
+        }
+$ssl=   "ssleay32";
+$o='/';
+#$cp='copy nul+';       # Timestamps get stuffed otherwise
+#$rm='del';
+$cp='cp';
+$rm='rm';
+$zlib_lib="zlib1.lib";
+# C compiler stuff
+$cc='cl';
+$cflags=' -MD -W3 -WX -Ox -O2 -Ob2 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
+$cflags.=' -D_CRT_SECURE_NO_DEPRECATE';         # shut up VC8
+$cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE';        # shut up VC8
+$lflags="-nologo -subsystem:console -machine:I386 -opt:ref";
+$mlflags='';
+$out_def="gmout32";
+$tmp_def="gmtmp32";
+$inc_def="gminc32";
+if ($debug)
+        {
+        $cflags=" -MDd -W3 -WX -Zi -Yd -Od -nologo -DOPENSSL_SYSNAME_WIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG -DDSO_WIN32";
+        $lflags.=" -debug";
+        $mlflags.=' -debug';
+        }
+$cflags .= " -DOPENSSL_SYSNAME_WINNT" if $NT == 1;
+$obj='.obj';
+$ofile="-Fo";
+# EXE linking stuff
+$link="link";
+$efile="-out:";
+$exep='.exe';
+if ($no_sock)
+        { $ex_libs=""; }
+else    { $ex_libs="wsock32.lib user32.lib gdi32.lib"; }
+# static library stuff
+$mklib='lib';
+$ranlib='';
+$plib="";
+$libp=".lib";
+$shlibp=($shlib)?".dll":".lib";
+$lfile='-out:';
+$shlib_ex_obj="";
+$app_ex_obj="setargv.obj";
+if ($nasm) {
+        $asm='nasmw -f win32';
+        $afile='-o ';
+} else {
+        $asm='ml -Cp -coff -c -Cx';
+        $asm.=" -Zi" if $debug;
+        $afile='-Fo';
+}
+$bn_asm_obj='';
+$bn_asm_src='';
+$des_enc_obj='';
+$des_enc_src='';
+$bf_enc_obj='';
+$bf_enc_src='';
+if (!$no_asm && !$fips)
+        {
+        $bn_asm_obj='crypto/bn/asm/bn_win32.obj';
+        $bn_asm_src='crypto/bn/asm/bn_win32.asm';
+        $des_enc_obj='crypto/des/asm/d_win32.obj crypto/des/asm/y_win32.obj';
+        $des_enc_src='crypto/des/asm/d_win32.asm crypto/des/asm/y_win32.asm';
+        $bf_enc_obj='crypto/bf/asm/b_win32.obj';
+        $bf_enc_src='crypto/bf/asm/b_win32.asm';
+        $cast_enc_obj='crypto/cast/asm/c_win32.obj';
+        $cast_enc_src='crypto/cast/asm/c_win32.asm';
+        $rc4_enc_obj='crypto/rc4/asm/r4_win32.obj';
+        $rc4_enc_src='crypto/rc4/asm/r4_win32.asm';
+        $rc5_enc_obj='crypto/rc5/asm/r5_win32.obj';
+        $rc5_enc_src='crypto/rc5/asm/r5_win32.asm';
+        $md5_asm_obj='crypto/md5/asm/m5_win32.obj';
+        $md5_asm_src='crypto/md5/asm/m5_win32.asm';
+        $sha1_asm_obj='crypto/sha/asm/s1_win32.obj';
+        $sha1_asm_src='crypto/sha/asm/s1_win32.asm';
+        $rmd160_asm_obj='crypto/ripemd/asm/rm_win32.obj';
+        $rmd160_asm_src='crypto/ripemd/asm/rm_win32.asm';
+        $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
+        }
+if ($shlib)
+        {
+        $mlflags.=" $lflags -dll";
+#       $cflags =~ s| -MD| -MT|;
+        $lib_cflag=" -D_WINDLL";
+        $out_def="gmout32dll";
+        $tmp_def="gmtmp32dll";
+        }
+$cflags.=" -Fd$out_def";
+sub do_lib_rule
+        {
+        local($objs,$target,$name,$shlib,$ign,$base_addr, $fips_get_sig, $fips_premain_src)=@_;
+        local($ret,$Name);
+        $taget =~ s/\//$o/g if $o ne '/';
+        ($Name=$name) =~ tr/a-z/A-Z/;
+        my $base_arg;
+        if ($base_addr ne "")
+                {
+                $base_arg= " -base:$base_addr";
+                }
+        else
+                {
+                $base_arg = "";
+                }
+#       $target="\$(LIB_D)$o$target";
+        if (!$shlib)
+                {
+#               $ret.="\t\$(RM) \$(O_$Name)\n";
+                $ret.="$target: $objs\n";
+                $ex =' advapi32.lib';
+                $ret.="\t\$(MKLIB) $lfile$target $objs $ex\n\n";
+                }
+        else
+                {
+                local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
+                $ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib';
+                $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/;
+                if (defined $fips_get_sig)
+                        {
+                        $ret.="$target: \$(O_FIPSCANISTER) $objs $fips_get_sig\n";
+                        $ret.="\tFIPS_LINK=\$(LINK) ";
+                        $ret.="FIPS_CC=\$(CC) ";
+                        $ret.="FIPS_CC_ARGS=\"-Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\" ";
+                        $ret.="FIPS_PREMAIN_DSO=$fips_get_sig ";
+                        $ret.="FIPS_TARGET=$target ";
+                        $ret.="FIPS_LIBDIR=\$(FIPSLIB_D) ";
+                        $ret.="\$(FIPSLINK) \$(MLFLAGS) $base_arg $efile$target ";
+                        $ret.="-def:ms/${Name}.def \$(SHLIB_EX_OBJ) $objs ";
+                        $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n\n";
+                        }
+                else
+                        {
+                        $ret.="$target: $objs\n";
+                        $ret.="\t\$(LINK) \$(MLFLAGS) $base_arg $efile$target /def:ms/${Name}.def \$(SHLIB_EX_OBJ) $objs $ex\n\n";
+                        }
+                }
+        $ret.="\n";
+        return($ret);
+        }
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs,$standalone)=@_;
+        local($ret,$_);
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($targer);
+        if ($standalone)
+                {
+                $ret.="$target: $files $dep_libs\n";
+                $ret.="\t\$(LINK) \$(LFLAGS) $efile$target ";
+                $ret.="$files $libs\n\n";
+                }
+        elsif ($fips && !$shlib)
+                {
+                $ret.="$target: \$(O_FIPSCANISTER) $files $dep_libs\n";
+                $ret.="\tFIPS_LINK=\$(LINK) ";
+                $ret.="FIPS_CC=\$(CC) ";
+                $ret.="FIPS_CC_ARGS=\"-Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\" ";
+                $ret.="FIPS_PREMAIN_DSO= ";
+                $ret.="FIPS_TARGET=$target ";
+                $ret.="FIPS_LIBDIR=\$(FIPSLIB_D) ";
+                $ret.=" \$(FIPSLINK) \$(LFLAGS) $efile$target ";
+                $ret.="\$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n\n";
+                }
+        else
+                {
+                $ret.="$target: $files $dep_libs\n";
+                $ret.="\t\$(LINK) \$(LFLAGS) $efile$target ";
+                $ret.="\$(APP_EX_OBJ) $files $libs\n\n";
+                }
+        $ret.="\n";
+        return($ret);
+        }
+sub do_rlink_rule
+        {
+        local($target,$files,$check_hash, $deps)=@_;
+        local($ret,$_);
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($targer);
+        $ret.="$target: $check_hash $files $deps\n";
+        $ret.="\t\$(PERL) util${o}checkhash.pl -chdir fips-1.0 -program_path ..$o$check_hash\n";
+        $ret.="\t\$(MKCANISTER) $target $files\n";
+        $ret.="\t$check_hash $target > $target.sha1\n";
+        $ret.="\t\$(CP) fips-1.0${o}fips_premain.c \$(FIPSLIB_D)\n";
+        $ret.="\t$check_hash \$(FIPSLIB_D)${o}fips_premain.c > \$(FIPSLIB_D)${o}fips_premain.c.sha1\n\n";
+        return($ret);
+        }
+1;
diff --git a/src/lib/libcrypto/util/pl/VC-32.pl b/src/lib/libcrypto/util/pl/VC-32.pl
new file mode 100644
index 0000000000..4e97dfa9af
--- /dev/null
+++ b/src/lib/libcrypto/util/pl/VC-32.pl
@@ -0,0 +1,220 @@
+#!/usr/local/bin/perl
+# VCw32lib.pl - the file for Visual C++ 4.[01] for windows NT, static libraries
+#
+$ssl=   "ssleay32";
+if ($fips && !$shlib)
+        {
+        $crypto="libeayfips32";
+        $crypto_compat = "libeaycompat32.lib";
+        }
+else
+        {
+        $crypto="libeay32";
+        }
+$o='\\';
+$cp='copy nul+';        # Timestamps get stuffed otherwise
+$rm='del';
+$zlib_lib="zlib1.lib";
+# C compiler stuff
+$cc='cl';
+$cflags=' /MD /W3 /WX /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
+$cflags.=' -D_CRT_SECURE_NO_DEPRECATE';         # shut up VC8
+$cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE';        # shut up VC8
+$lflags="/nologo /subsystem:console /machine:I386 /opt:ref";
+$mlflags='';
+$out_def="out32";
+$tmp_def="tmp32";
+$inc_def="inc32";
+if ($debug)
+        {
+        $cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DOPENSSL_SYSNAME_WIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG -DDSO_WIN32";
+        $lflags.=" /debug";
+        $mlflags.=' /debug';
+        }
+$cflags .= " -DOPENSSL_SYSNAME_WINNT" if $NT == 1;
+$obj='.obj';
+$ofile="/Fo";
+# EXE linking stuff
+$link="link";
+$efile="/out:";
+$exep='.exe';
+if ($no_sock)
+        { $ex_libs=""; }
+else    { $ex_libs="wsock32.lib user32.lib gdi32.lib"; }
+# static library stuff
+$mklib='lib';
+$ranlib='';
+$plib="";
+$libp=".lib";
+$shlibp=($shlib)?".dll":".lib";
+$lfile='/out:';
+$shlib_ex_obj="";
+$app_ex_obj="setargv.obj";
+if ($nasm) {
+        $asm='nasmw -f win32';
+        $afile='-o ';
+} else {
+        $asm='ml /Cp /coff /c /Cx';
+        $asm.=" /Zi" if $debug;
+        $afile='/Fo';
+}
+$bn_asm_obj='';
+$bn_asm_src='';
+$des_enc_obj='';
+$des_enc_src='';
+$bf_enc_obj='';
+$bf_enc_src='';
+if (!$no_asm && !$fips)
+        {
+        $bn_asm_obj='crypto\bn\asm\bn_win32.obj';
+        $bn_asm_src='crypto\bn\asm\bn_win32.asm';
+        $des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj';
+        $des_enc_src='crypto\des\asm\d_win32.asm crypto\des\asm\y_win32.asm';
+        $bf_enc_obj='crypto\bf\asm\b_win32.obj';
+        $bf_enc_src='crypto\bf\asm\b_win32.asm';
+        $cast_enc_obj='crypto\cast\asm\c_win32.obj';
+        $cast_enc_src='crypto\cast\asm\c_win32.asm';
+        $rc4_enc_obj='crypto\rc4\asm\r4_win32.obj';
+        $rc4_enc_src='crypto\rc4\asm\r4_win32.asm';
+        $rc5_enc_obj='crypto\rc5\asm\r5_win32.obj';
+        $rc5_enc_src='crypto\rc5\asm\r5_win32.asm';
+        $md5_asm_obj='crypto\md5\asm\m5_win32.obj';
+        $md5_asm_src='crypto\md5\asm\m5_win32.asm';
+        $sha1_asm_obj='crypto\sha\asm\s1_win32.obj';
+        $sha1_asm_src='crypto\sha\asm\s1_win32.asm';
+        $rmd160_asm_obj='crypto\ripemd\asm\rm_win32.obj';
+        $rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm';
+        $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
+        }
+if ($shlib)
+        {
+        $mlflags.=" $lflags /dll";
+#       $cflags =~ s| /MD| /MT|;
+        $lib_cflag=" -D_WINDLL";
+        $out_def="out32dll";
+        $tmp_def="tmp32dll";
+        }
+$cflags.=" /Fd$out_def";
+sub do_lib_rule
+        {
+        local($objs,$target,$name,$shlib,$ign,$base_addr) = @_;
+        local($ret,$Name);
+        $taget =~ s/\//$o/g if $o ne '/';
+        ($Name=$name) =~ tr/a-z/A-Z/;
+        my $base_arg;
+        if ($base_addr ne "")
+                {
+                $base_arg= " /base:$base_addr";
+                }
+        else
+                {
+                $base_arg = "";
+                }
+#       $target="\$(LIB_D)$o$target";
+        if (!$shlib)
+                {
+#               $ret.="\t\$(RM) \$(O_$Name)\n";
+                $ret.="$target: $objs\n";
+                $ex =' advapi32.lib';
+                $ex.=" \$(FIPSLIB_D)${o}_chkstk.o" if $fips && $target =~ /O_CRYPTO/;
+                $ret.="\t\$(MKLIB) $lfile$target @<<\n  $objs $ex\n<<\n";
+                }
+        else
+                {
+                local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
+                $ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib';
+                $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/;
+                if ($fips && $target =~ /O_CRYPTO/)
+                        {
+                        $ex.=" \$(FIPSLIB_D)${o}_chkstk.o";
+                        $ret.="$target: $objs \$(PREMAIN_DSO_EXE)\n";
+                        $ret.="\tSET FIPS_LINK=\$(LINK)\n";
+                        $ret.="\tSET FIPS_CC=\$(CC)\n";
+                        $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
+                        $ret.="\tSET PREMAIN_DSO_EXE=\$(PREMAIN_DSO_EXE)\n";
+                        $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
+                        $ret.="\tSET FIPS_TARGET=$target\n";
+                        $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
+                        $ret.="\t\$(FIPSLINK) \$(MLFLAGS) $base_arg $efile$target ";
+                        $ret.="/def:ms/${Name}.def @<<\n  \$(SHLIB_EX_OBJ) $objs ";
+                        $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n";
+                        }
+                else
+                        {
+                        $ret.="$target: $objs\n";
+                        $ret.="\t\$(LINK) \$(MLFLAGS) $base_arg $efile$target /def:ms/${Name}.def @<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
+                        }
+                }
+        $ret.="\n";
+        return($ret);
+        }
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs,$standalone)=@_;
+        local($ret,$_);
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($targer);
+        $ret.="$target: $files $dep_libs\n";
+        if ($standalone)
+                {
+                $ret.="  \$(LINK) \$(LFLAGS) $efile$target @<<\n\t";
+                $ret.="\$(FIPSLIB_D)${o}_chkstk.o " if ($files =~ /O_FIPSCANISTER/);
+                $ret.="$files $libs\n<<\n";
+                }
+        elsif ($fips && !$shlib)
+                {
+                $ret.="\tSET FIPS_LINK=\$(LINK)\n";
+                $ret.="\tSET FIPS_CC=\$(CC)\n";
+                $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
+                $ret.="\tSET PREMAIN_DSO_EXE=\n";
+                $ret.="\tSET FIPS_TARGET=$target\n";
+                $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
+                $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
+                $ret.="  \$(FIPSLINK) \$(LFLAGS) $efile$target @<<\n";
+                $ret.="  \$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n";
+                }
+        else
+                {
+                $ret.="  \$(LINK) \$(LFLAGS) $efile$target @<<\n";
+                $ret.="  \$(APP_EX_OBJ) $files $libs\n<<\n";
+                }
+        $ret.="\n";
+        return($ret);
+        }
+sub do_rlink_rule
+        {
+        local($target,$files,$dep_libs,$libs)=@_;
+        local($ret,$_);
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($targer);
+        $ret.="$target: $files $dep_libs\n";
+        $ret.="  \$(MKCANISTER) $target <<\n";
+        $ret.="INPUT($files)\n<<\n";
+        $ret.="\n";
+        return($ret);
+        }
+1;
diff --git a/src/lib/libcrypto/util/pl/VC-CE.pl b/src/lib/libcrypto/util/pl/VC-CE.pl
new file mode 100644
index 0000000000..2fd0c4dd32
--- /dev/null
+++ b/src/lib/libcrypto/util/pl/VC-CE.pl
@@ -0,0 +1,116 @@
+#!/usr/local/bin/perl
+# VC-CE.pl - the file for eMbedded Visual C++ 3.0 for windows CE, static libraries
+#
+$ssl=   "ssleay32";
+$crypto="libeay32";
+$RSAref="RSAref32";
+$o='\\';
+$cp='copy nul+';        # Timestamps get stuffed otherwise
+$rm='del';
+# C compiler stuff
+$cc='$(CC)';
+$cflags=' /W3 /WX /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo $(WCETARGETDEFS) -DUNICODE -D_UNICODE -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -I$(WCECOMPAT)/include';
+$lflags='/nologo /subsystem:windowsce,$(WCELDVERSION) /machine:$(WCELDMACHINE) /opt:ref';
+$mlflags='';
+$out_def='out32_$(TARGETCPU)';
+$tmp_def='tmp32_$(TARGETCPU)';
+$inc_def="inc32";
+if ($debug)
+        {
+        $cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DWIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG -DDSO_WIN32";
+        $lflags.=" /debug";
+        $mlflags.=' /debug';
+        }
+$obj='.obj';
+$ofile="/Fo";
+# EXE linking stuff
+$link="link";
+$efile="/out:";
+$exep='.exe';
+if ($no_sock)
+        { $ex_libs=""; }
+else    { $ex_libs='winsock.lib $(WCECOMPAT)/lib/wcecompatex.lib $(WCELDFLAGS)'; }
+# static library stuff
+$mklib='lib';
+$ranlib='';
+$plib="";
+$libp=".lib";
+$shlibp=($shlib)?".dll":".lib";
+$lfile='/out:';
+$shlib_ex_obj="";
+$app_ex_obj="";
+$app_ex_obj="";
+$bn_asm_obj='';
+$bn_asm_src='';
+$des_enc_obj='';
+$des_enc_src='';
+$bf_enc_obj='';
+$bf_enc_src='';
+if ($shlib)
+        {
+        $mlflags.=" $lflags /dll";
+#       $cflags =~ s| /MD| /MT|;
+        $lib_cflag=" -D_WINDLL -D_DLL";
+        $out_def='out32dll_$(TARGETCPU)';
+        $tmp_def='tmp32dll_$(TARGETCPU)';
+        }
+$cflags.=" /Fd$out_def";
+sub do_lib_rule
+        {
+        local($objs,$target,$name,$shlib)=@_;
+        local($ret,$Name);
+        $taget =~ s/\//$o/g if $o ne '/';
+        ($Name=$name) =~ tr/a-z/A-Z/;
+#       $target="\$(LIB_D)$o$target";
+        $ret.="$target: $objs\n";
+        if (!$shlib)
+                {
+#               $ret.="\t\$(RM) \$(O_$Name)\n";
+                $ex =' ';
+                $ret.="\t\$(MKLIB) $lfile$target @<<\n  $objs $ex\n<<\n";
+                }
+        else
+                {
+                local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
+#               $ex.=' winsock.lib coredll.lib $(WCECOMPAT)/lib/wcecompatex.lib';
+                $ex.=' winsock.lib $(WCECOMPAT)/lib/wcecompatex.lib';
+                $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
+                }
+        $ret.="\n";
+        return($ret);
+        }
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs,$sha1file,$openssl)=@_;
+        local($ret,$_);
+        
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($targer);
+        $ret.="$target: $files $dep_libs\n";
+        $ret.="  \$(LINK) \$(LFLAGS) $efile$target @<<\n";
+        $ret.="  \$(APP_EX_OBJ) $files $libs\n<<\n";
+        if (defined $sha1file)
+                {
+                $ret.="  $openssl sha1 -hmac etaonrishdlcupfm -binary $target > $sha1file";
+                }
+        $ret.="\n";
+        return($ret);
+        }
+1;
diff --git a/src/lib/libcrypto/util/pl/linux.pl b/src/lib/libcrypto/util/pl/linux.pl
new file mode 100644
index 0000000000..df05c40526
--- /dev/null
+++ b/src/lib/libcrypto/util/pl/linux.pl
@@ -0,0 +1,109 @@
+#!/usr/local/bin/perl
+#
+# linux.pl - the standard unix makefile stuff.
+#
+$o='/';
+$cp='/bin/cp';
+$rm='/bin/rm -f';
+# C compiler stuff
+$cc='gcc';
+if ($debug)
+        { $cflags="-g2 -ggdb -DREF_CHECK -DCRYPTO_MDEBUG"; }
+elsif ($profile)
+        { $cflags="-pg -O3"; }
+else
+        { $cflags="-O3 -fomit-frame-pointer"; }
+if (!$no_asm)
+        {
+        $bn_asm_obj='$(OBJ_D)/bn86-elf.o';
+        $bn_asm_src='crypto/bn/asm/bn86unix.cpp';
+        $bnco_asm_obj='$(OBJ_D)/co86-elf.o';
+        $bnco_asm_src='crypto/bn/asm/co86unix.cpp';
+        $des_enc_obj='$(OBJ_D)/dx86-elf.o $(OBJ_D)/yx86-elf.o';
+        $des_enc_src='crypto/des/asm/dx86unix.cpp crypto/des/asm/yx86unix.cpp';
+        $bf_enc_obj='$(OBJ_D)/bx86-elf.o';
+        $bf_enc_src='crypto/bf/asm/bx86unix.cpp';
+        $cast_enc_obj='$(OBJ_D)/cx86-elf.o';
+        $cast_enc_src='crypto/cast/asm/cx86unix.cpp';
+        $rc4_enc_obj='$(OBJ_D)/rx86-elf.o';
+        $rc4_enc_src='crypto/rc4/asm/rx86unix.cpp';
+        $rc5_enc_obj='$(OBJ_D)/r586-elf.o';
+        $rc5_enc_src='crypto/rc5/asm/r586unix.cpp';
+        $md5_asm_obj='$(OBJ_D)/mx86-elf.o';
+        $md5_asm_src='crypto/md5/asm/mx86unix.cpp';
+        $rmd160_asm_obj='$(OBJ_D)/rm86-elf.o';
+        $rmd160_asm_src='crypto/ripemd/asm/rm86unix.cpp';
+        $sha1_asm_obj='$(OBJ_D)/sx86-elf.o';
+        $sha1_asm_src='crypto/sha/asm/sx86unix.cpp';
+        $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM";
+        }
+$cflags.=" -DTERMIO -DL_ENDIAN -m486 -Wall";
+if ($shlib)
+        {
+        $shl_cflag=" -DPIC -fpic";
+        $shlibp=".so.$ssl_version";
+        $so_shlibp=".so";
+        }
+sub do_shlib_rule
+        {
+        local($obj,$target,$name,$shlib,$so_name)=@_;
+        local($ret,$_,$Name);
+        $target =~ s/\//$o/g if $o ne '/';
+        ($Name=$name) =~ tr/a-z/A-Z/;
+        $ret.="$target: \$(${Name}OBJ)\n";
+        $ret.="\t\$(RM) target\n";
+        $ret.="\tgcc \${CFLAGS} -shared -Wl,-soname,$target -o $target \$(${Name}OBJ)\n";
+        ($t=$target) =~ s/(^.*)\/[^\/]*$/$1/;
+        if ($so_name ne "")
+                {
+                $ret.="\t\$(RM) \$(LIB_D)$o$so_name\n";
+                $ret.="\tln -s $target \$(LIB_D)$o$so_name\n\n";
+                }
+        }
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs,$sha1file,$openssl)=@_;
+        local($ret,$_);
+        
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($target);
+        $ret.="$target: $files $dep_libs\n";
+        $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n";
+        if (defined $sha1file)
+                {
+                $ret.="\t$openssl sha1 -hmac etaonrishdlcupfm -binary $target > $sha1file";
+                }
+        $ret.="\n";
+        return($ret);
+        }
+sub do_asm_rule
+        {
+        local($target,$src)=@_;
+        local($ret,@s,@t,$i);
+        $target =~ s/\//$o/g if $o ne "/";
+        $src =~ s/\//$o/g if $o ne "/";
+        @s=split(/\s+/,$src);
+        @t=split(/\s+/,$target);
+        for ($i=0; $i<=$#s; $i++)
+                {
+                $ret.="$t[$i]: $s[$i]\n";
+                $ret.="\tgcc -E -DELF \$(SRC_D)$o$s[$i]|\$(AS) $afile$t[$i]\n\n";
+                }
+        return($ret);
+        }
+1;
diff --git a/src/lib/libcrypto/util/pl/netware.pl b/src/lib/libcrypto/util/pl/netware.pl
new file mode 100644
index 0000000000..173c9919f2
--- /dev/null
+++ b/src/lib/libcrypto/util/pl/netware.pl
@@ -0,0 +1,526 @@
+# Metrowerks Codewarrior or gcc / nlmconv for NetWare
+#
+$version_header = "crypto/opensslv.h";
+open(IN, "$version_header") or die "Couldn't open $version_header: $!";
+while (<IN>) {
+  if (/^#define[\s\t]+OPENSSL_VERSION_NUMBER[\s\t]+0x(\d)(\d{2})(\d{2})(\d{2})/)
+  {
+    # die "OpenSSL version detected: $1.$2.$3.$4\n";
+    #$nlmvernum = "$1,$2,$3";
+    $nlmvernum = "$1,".($2*10+$3).",".($4*1);
+    #$nlmverstr = "$1.".($2*1).".".($3*1).($4?(chr(96+$4)):"");
+    break;
+  }
+}
+close(IN) or die "Couldn't close $version_header: $!";
+$readme_file = "README";
+open(IN, $readme_file) or die "Couldn't open $readme_file: $!";
+while (<IN>) {
+  if (/^[\s\t]+OpenSSL[\s\t]+(\d)\.(\d{1,2})\.(\d{1,2})([a-z])(.*)/)
+  {
+    #$nlmvernum = "$1,$2,$3";
+    #$nlmvernum = "$1,".($2*10+$3).",".($4*1);
+    $nlmverstr = "$1.$2.$3$4$5";
+  }
+  elsif (/^[\s\t]+(Copyright \(c\) \d{4}\-\d{4} The OpenSSL Project)$/)
+  {
+    $nlmcpystr = $1;
+  }
+  break if ($nlmvernum && $nlmcpystr);
+}
+close(IN) or die "Couldn't close $readme_file: $!";
+# Define stacksize here
+$nlmstack = "32768";
+# some default settings here in case we failed to find them in README
+$nlmvernum = "1,0,0" if (!$nlmvernum);
+$nlmverstr = "OpenSSL" if (!$nlmverstr);
+$nlmcpystr = "Copyright (c) 1998-now The OpenSSL Project" if (!$nlmcpystr);
+# die "OpenSSL copyright: $nlmcpystr\nOpenSSL verstring: $nlmverstr\nOpenSSL vernumber: $nlmvernum\n";
+# The import files and other misc imports needed to link
+@misc_imports = ("GetProcessSwitchCount", "RunningProcess",
+                 "GetSuperHighResolutionTimer");
+if ($LIBC)
+{
+   @import_files = ("libc.imp");
+   @module_files = ("libc");
+   $libarch = "LIBC";
+}
+else
+{
+   # clib build
+   @import_files = ("clib.imp");
+   push(@import_files, "socklib.imp") if ($BSDSOCK);
+   @module_files = ("clib");
+   # push(@misc_imports, "_rt_modu64%16", "_rt_divu64%16");
+   $libarch = "CLIB";
+}
+if ($BSDSOCK)
+{
+   $libarch .= "-BSD";
+}
+else
+{
+   $libarch .= "-WS2";
+   push(@import_files, "ws2nlm.imp");
+}
+# The "IMPORTS" environment variable must be set and point to the location
+# where import files (*.imp) can be found.
+# Example:  set IMPORTS=c:\ndk\nwsdk\imports
+$import_path = $ENV{"IMPORTS"} || die ("IMPORTS environment variable not set\n");
+# The "PRELUDE" environment variable must be set and point to the location
+# and name of the prelude source to link with ( nwpre.obj is recommended ).
+# Example: set PRELUDE=c:\codewar\novell support\metrowerks support\libraries\runtime\nwpre.obj
+$prelude = $ENV{"PRELUDE"} || die ("PRELUDE environment variable not set\n");
+# The "INCLUDES" environment variable must be set and point to the location
+# where import files (*.imp) can be found.
+$include_path = $ENV{"INCLUDE"} || die ("INCLUDES environment variable not set\n");
+$include_path =~ s/\\/\//g;
+$include_path = join(" -I", split(/;/, $include_path));
+# check for gcc compiler
+$gnuc = $ENV{"GNUC"};
+#$ssl=   "ssleay32";
+#$crypto="libeay32";
+if ($gnuc)
+{
+   # C compiler
+   $cc='gcc';
+   # Linker
+   $link='nlmconv';
+   # librarian
+   $mklib='ar';
+   $o='/';
+   # cp command
+   $cp='cp -af';
+   # rm command
+   $rm='rm -f';
+   # mv command
+   $mv='mv -f';
+   # mkdir command
+   $mkdir='gmkdir';
+   #$ranlib='ranlib';
+}
+else
+{
+   # C compiler
+   $cc='mwccnlm';
+   # Linker
+   $link='mwldnlm';
+   # librarian
+   $mklib='mwldnlm';
+   # Path separator
+   $o='\\';
+   # cp command
+   $cp='copy >nul:';
+   # rm command
+   $rm='del /f /q';
+}
+# assembler
+if ($nw_nasm)
+{
+   if ($gnuc)
+   {
+      $asm="nasmw -s -f elf";
+   }
+   else
+   {
+      $asm="nasmw -s -f coff";
+   }
+   $afile="-o ";
+   $asm.=" -g" if $debug;
+}
+elsif ($nw_mwasm)
+{
+   $asm="mwasmnlm -maxerrors 20";
+   $afile="-o ";
+   $asm.=" -g" if $debug;
+}
+elsif ($nw_masm)
+{
+# masm assembly settings - it should be possible to use masm but haven't
+# got it working.
+# $asm='ml /Cp /coff /c /Cx';
+# $asm.=" /Zi" if $debug;
+# $afile='/Fo';
+   die("Support for masm assembler not yet functional\n");
+}
+else
+{
+   $asm="";
+   $afile="";
+}
+if ($gnuc)
+{
+   # compile flags for GNUC
+   # additional flags based upon debug | non-debug
+   if ($debug)
+   {
+      $cflags="-g -DDEBUG";
+   }
+   else
+   {
+      $cflags="-O2";
+   }
+   $cflags.=" -nostdinc -I$include_path \\
+         -fno-builtin -fpcc-struct-return -fno-strict-aliasing \\
+         -funsigned-char -Wall -Wno-unused -Wno-uninitialized";
+   # link flags
+   $lflags="-T";
+}
+else
+{
+   # compile flags for CodeWarrior
+   # additional flags based upon debug | non-debug
+   if ($debug)
+   {
+      $cflags="-opt off -g -sym internal -DDEBUG";
+   }
+   else
+   {
+   # CodeWarrior compiler has a problem with optimizations for floating
+   # points - no optimizations until further investigation
+   #      $cflags="-opt all";
+   }
+   # NOTES: Several c files in the crypto subdirectory include headers from
+   #        their local directories.  Metrowerks wouldn't find these h files
+   #        without adding individual include directives as compile flags
+   #        or modifying the c files.  Instead of adding individual include
+   #        paths for each subdirectory a recursive include directive
+   #        is used ( -ir crypto ).
+   #
+   #        A similar issue exists for the engines and apps subdirectories.
+   #
+   #        Turned off the "possible" warnings ( -w nopossible ).  Metrowerks
+   #        complained a lot about various stuff.  May want to turn back
+   #        on for further development.
+   $cflags.=" -nostdinc -ir crypto -ir engines -ir apps -I$include_path \\
+         -msgstyle gcc -align 4 -processor pentium -char unsigned \\
+         -w on -w nolargeargs -w nopossible -w nounusedarg -w nounusedexpr \\
+         -w noimplicitconv -relax_pointers -nosyspath -maxerrors 20";
+   # link flags
+   $lflags="-msgstyle gcc -zerobss -nostdlib -sym internal -commandfile";
+}
+# common defines
+$cflags.=" -DL_ENDIAN -DOPENSSL_SYSNAME_NETWARE -U_WIN32";
+# If LibC build add in NKS_LIBC define and set the entry/exit
+# routines - The default entry/exit routines are for CLib and don't exist
+# in LibC
+if ($LIBC)
+{
+   $cflags.=" -DNETWARE_LIBC";
+   $nlmstart = "_LibCPrelude";
+   $nlmexit = "_LibCPostlude";
+   @nlm_flags = ("pseudopreemption", "flag_on 64");
+}
+else
+{
+   $cflags.=" -DNETWARE_CLIB";
+   $nlmstart = "_Prelude";
+   $nlmexit = "_Stop";
+}
+# If BSD Socket support is requested, set a define for the compiler
+if ($BSDSOCK)
+{
+   $cflags.=" -DNETWARE_BSDSOCK";
+   if (!$LIBC)
+   {
+      $cflags.=" -DNETDB_USE_INTERNET";
+   }
+}
+# linking stuff
+# for the output directories use the mk1mf.pl values with "_nw" appended
+if ($shlib)
+{
+   if ($LIBC)
+   {
+      $out_def.="_nw_libc_nlm";
+      $tmp_def.="_nw_libc_nlm";
+      $inc_def.="_nw_libc_nlm";
+   }
+   else  # NETWARE_CLIB
+   {
+      $out_def.="_nw_clib_nlm";
+      $tmp_def.="_nw_clib_nlm";
+      $inc_def.="_nw_clib_nlm";
+   }
+}
+else
+{
+   if ($gnuc) # GNUC Tools
+   {
+      $libp=".a";
+      $shlibp=".a";
+      $lib_flags="-cr";
+   }
+   else       # CodeWarrior
+   {
+      $libp=".lib";
+      $shlibp=".lib";
+      $lib_flags="-nodefaults -type library -o";
+   }
+   if ($LIBC)
+   {
+      $out_def.="_nw_libc";
+      $tmp_def.="_nw_libc";
+      $inc_def.="_nw_libc";
+   }
+   else  # NETWARE_CLIB
+   {
+      $out_def.="_nw_clib";
+      $tmp_def.="_nw_clib";
+      $inc_def.="_nw_clib";
+   }
+}
+# used by mk1mf.pl
+$obj='.o';
+$ofile='-o ';
+$efile='';
+$exep='.nlm';
+$ex_libs='';
+if (!$no_asm)
+{
+   $bn_asm_obj="\$(OBJ_D)${o}bn-nw${obj}";
+   $bn_asm_src="crypto${o}bn${o}asm${o}bn-nw.asm";
+   $bnco_asm_obj="\$(OBJ_D)${o}co-nw${obj}";
+   $bnco_asm_src="crypto${o}bn${o}asm${o}co-nw.asm";
+   $aes_asm_obj="\$(OBJ_D)${o}a-nw${obj}";
+   $aes_asm_src="crypto${o}aes${o}asm${o}a-nw.asm";
+   $des_enc_obj="\$(OBJ_D)${o}d-nw${obj} \$(OBJ_D)${o}y-nw${obj}";
+   $des_enc_src="crypto${o}des${o}asm${o}d-nw.asm crypto${o}des${o}asm${o}y-nw.asm";
+   $bf_enc_obj="\$(OBJ_D)${o}b-nw${obj}";
+   $bf_enc_src="crypto${o}bf${o}asm${o}b-nw.asm";
+   $cast_enc_obj="\$(OBJ_D)${o}c-nw${obj}";
+   $cast_enc_src="crypto${o}cast${o}asm${o}c-nw.asm";
+   $rc4_enc_obj="\$(OBJ_D)${o}r4-nw${obj}";
+   $rc4_enc_src="crypto${o}rc4${o}asm${o}r4-nw.asm";
+   $rc5_enc_obj="\$(OBJ_D)${o}r5-nw${obj}";
+   $rc5_enc_src="crypto${o}rc5${o}asm${o}r5-nw.asm";
+   $md5_asm_obj="\$(OBJ_D)${o}m5-nw${obj}";
+   $md5_asm_src="crypto${o}md5${o}asm${o}m5-nw.asm";
+   $sha1_asm_obj="\$(OBJ_D)${o}s1-nw${obj}";
+   $sha1_asm_src="crypto${o}sha${o}asm${o}s1-nw.asm";
+   $rmd160_asm_obj="\$(OBJ_D)${o}rm-nw${obj}";
+   $rmd160_asm_src="crypto${o}ripemd${o}asm${o}rm-nw.asm";
+   $cpuid_asm_obj="\$(OBJ_D)${o}x86cpuid-nw${obj}";
+   $cpuid_asm_src="crypto${o}x86cpuid-nw.asm";
+   $cflags.=" -DOPENSSL_CPUID_OBJ -DBN_ASM -DOPENSSL_BN_ASM_PART_WORDS -DMD5_ASM -DSHA1_ASM";
+   $cflags.=" -DAES_ASM -DRMD160_ASM";
+}
+else
+{
+   $bn_asm_obj='';
+   $bn_asm_src='';
+   $bnco_asm_obj='';
+   $bnco_asm_src='';
+   $aes_asm_obj='';
+   $aes_asm_src='';
+   $des_enc_obj='';
+   $des_enc_src='';
+   $bf_enc_obj='';
+   $bf_enc_src='';
+   $cast_enc_obj='';
+   $cast_enc_src='';
+   $rc4_enc_obj='';
+   $rc4_enc_src='';
+   $rc5_enc_obj='';
+   $rc5_enc_src='';
+   $md5_asm_obj='';
+   $md5_asm_src='';
+   $sha1_asm_obj='';
+   $sha1_asm_src='';
+   $rmd160_asm_obj='';
+   $rmd160_asm_src='';
+   $cpuid_asm_obj='';
+   $cpuid_asm_src='';
+}
+# create the *.def linker command files in \openssl\netware\ directory
+sub do_def_file
+{
+   # strip off the leading path
+   my($target) = bname(shift);
+   my($i);
+   if ($target =~ /(.*).nlm/)
+   {
+      $target = $1;
+   }
+   # special case for openssl - the mk1mf.pl defines E_EXE = openssl
+   if ($target =~ /E_EXE/)
+   {
+      $target =~ s/\$\(E_EXE\)/openssl/;
+   }
+   # Note: originally tried to use full path ( \openssl\netware\$target.def )
+   # Metrowerks linker choked on this with an assertion failure. bug???
+   #
+   my($def_file) = "netware${o}$target.def";
+   open(DEF_OUT, ">$def_file") || die("unable to open file $def_file\n");
+   print( DEF_OUT "# command file generated by netware.pl for NLM target.\n" );
+   print( DEF_OUT "# do not edit this file - all your changes will be lost!!\n" );
+   print( DEF_OUT "#\n");
+   print( DEF_OUT "DESCRIPTION \"$target ($libarch) - OpenSSL $nlmverstr\"\n");
+   print( DEF_OUT "COPYRIGHT \"$nlmcpystr\"\n");
+   print( DEF_OUT "VERSION $nlmvernum\n");
+   print( DEF_OUT "STACK $nlmstack\n");
+   print( DEF_OUT "START $nlmstart\n");
+   print( DEF_OUT "EXIT $nlmexit\n");
+   # special case for openssl
+   if ($target eq "openssl")
+   {
+      print( DEF_OUT "SCREENNAME \"OpenSSL $nlmverstr\"\n");
+   }
+   else
+   {
+      print( DEF_OUT "SCREENNAME \"DEFAULT\"\n");
+   }
+   foreach $i (@misc_imports)
+   {
+      print( DEF_OUT "IMPORT $i\n");
+   }
+   foreach $i (@import_files)
+   {
+      print( DEF_OUT "IMPORT \@$import_path${o}$i\n");
+   }
+   foreach $i (@module_files)
+   {
+      print( DEF_OUT "MODULE $i\n");
+   }
+   foreach $i (@nlm_flags)
+   {
+      print( DEF_OUT "$i\n");
+   }
+   if ($gnuc)
+   {
+      if ($target =~ /openssl/)
+      {
+         print( DEF_OUT "INPUT ${tmp_def}${o}openssl${obj}\n");
+         print( DEF_OUT "INPUT ${tmp_def}${o}openssl${libp}\n");
+      }
+      else
+      {
+         print( DEF_OUT "INPUT ${tmp_def}${o}${target}${obj}\n");
+      }
+      print( DEF_OUT "INPUT $prelude\n");
+      print( DEF_OUT "INPUT ${out_def}${o}${ssl}${libp} ${out_def}${o}${crypto}${libp}\n");
+      print( DEF_OUT "OUTPUT $target.nlm\n");
+   }
+   close(DEF_OUT);
+   return($def_file);
+}
+sub do_lib_rule
+{
+   my($objs,$target,$name,$shlib)=@_;
+   my($ret);
+   $ret.="$target: $objs\n";
+   if (!$shlib)
+   {
+      $ret.="\t\@echo Building Lib: $name\n";
+      $ret.="\t\$(MKLIB) $lib_flags $target $objs\n";
+      $ret.="\t\@echo .\n"
+   }
+   else
+   {
+      die( "Building as NLM not currently supported!" );
+   }
+   $ret.="\n";
+   return($ret);
+}
+sub do_link_rule
+{
+   my($target,$files,$dep_libs,$libs)=@_;
+   my($ret);
+   my($def_file) = do_def_file($target);
+   $ret.="$target: $files $dep_libs\n";
+   # NOTE:  When building the test nlms no screen name is given
+   #  which causes the console screen to be used.  By using the console
+   #  screen there is no "<press any key to continue>" message which
+   #  requires user interaction.  The test script ( do_tests.pl ) needs
+   #  to be able to run the tests without requiring user interaction.
+   #
+   #  However, the sample program "openssl.nlm" is used by the tests and is
+   #  a interactive sample so a screen is desired when not be run by the
+   #  tests.  To solve the problem, two versions of the program are built:
+   #    openssl2 - no screen used by tests
+   #    openssl - default screen - use for normal interactive modes
+   #
+   # special case for openssl - the mk1mf.pl defines E_EXE = openssl
+   if ($target =~ /E_EXE/)
+   {
+      my($target2) = $target;
+      $target2 =~ s/\(E_EXE\)/\(E_EXE\)2/;
+      # openssl2
+      my($def_file2) = do_def_file($target2);
+      if ($gnuc)
+      {
+         $ret.="\t\$(MKLIB) $lib_flags \$(TMP_D)${o}\$(E_EXE).a \$(filter-out \$(TMP_D)${o}\$(E_EXE)${obj},$files)\n";
+         $ret.="\t\$(LINK) \$(LFLAGS) $def_file2\n";
+         $ret.="\t\@$mv \$(E_EXE)2.nlm \$(TEST_D)\n";
+      }
+      else
+      {
+         $ret.="\t\$(LINK) \$(LFLAGS) $def_file2 $files \"$prelude\" $libs -o $target2\n";
+      }
+   }
+   if ($gnuc)
+   {
+      $ret.="\t\$(LINK) \$(LFLAGS) $def_file\n";
+      $ret.="\t\@$mv \$(\@F) \$(TEST_D)\n";
+   }
+   else
+   {
+      $ret.="\t\$(LINK) \$(LFLAGS) $def_file $files \"$prelude\" $libs -o $target\n";
+   }
+   $ret.="\n";
+   return($ret);
+}
+1;
diff --git a/src/lib/libcrypto/util/pl/ultrix.pl b/src/lib/libcrypto/util/pl/ultrix.pl
new file mode 100644
index 0000000000..447b854708
--- /dev/null
+++ b/src/lib/libcrypto/util/pl/ultrix.pl
@@ -0,0 +1,43 @@
+#!/usr/local/bin/perl
+#
+# linux.pl - the standard unix makefile stuff.
+#
+$o='/';
+$cp='/bin/cp';
+$rm='/bin/rm -f';
+# C compiler stuff
+$cc='cc';
+if ($debug)
+        { $cflags="-g -DREF_CHECK -DCRYPTO_MDEBUG"; }
+else
+        { $cflags="-O2"; }
+$cflags.=" -std1 -DL_ENDIAN";
+if (!$no_asm && !$fips)
+        {
+        $bn_asm_obj='$(OBJ_D)/mips1.o';
+        $bn_asm_src='crypto/bn/asm/mips1.s';
+        }
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs,$sha1file,$openssl)=@_;
+        local($ret,$_);
+        
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($target);
+        $ret.="$target: $files $dep_libs\n";
+        $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n";
+        if (defined $sha1file)
+                {
+                $ret.="\t$openssl sha1 -hmac etaonrishdlcupfm -binary $target > $sha1file";
+                }
+        $ret.="\n";
+        return($ret);
+        }
+1;
diff --git a/src/lib/libcrypto/util/pl/unix.pl b/src/lib/libcrypto/util/pl/unix.pl
new file mode 100644
index 0000000000..bbd1798a2e
--- /dev/null
+++ b/src/lib/libcrypto/util/pl/unix.pl
@@ -0,0 +1,101 @@
+#!/usr/local/bin/perl
+#
+# unix.pl - the standard unix makefile stuff.
+#
+$o='/';
+$cp='/bin/cp';
+$rm='/bin/rm -f';
+# C compiler stuff
+if ($gcc)
+        {
+        $cc='gcc';
+        if ($debug)
+                { $cflags="-g2 -ggdb"; }
+        else
+                { $cflags="-O3 -fomit-frame-pointer"; }
+        }
+else
+        {
+        $cc='cc';
+        if ($debug)
+                { $cflags="-g"; }
+        else
+                { $cflags="-O"; }
+        }
+$obj='.o';
+$ofile='-o ';
+# EXE linking stuff
+$link='${CC}';
+$lflags='${CFLAGS}';
+$efile='-o ';
+$exep='';
+$ex_libs="";
+# static library stuff
+$mklib='ar r';
+$mlflags='';
+$ranlib=&which("ranlib") or $ranlib="true";
+$plib='lib';
+$libp=".a";
+$shlibp=".a";
+$lfile='';
+$asm='as';
+$afile='-o ';
+$bn_asm_obj="";
+$bn_asm_src="";
+$des_enc_obj="";
+$des_enc_src="";
+$bf_enc_obj="";
+$bf_enc_src="";
+sub do_lib_rule
+        {
+        local($obj,$target,$name,$shlib)=@_;
+        local($ret,$_,$Name);
+        $target =~ s/\//$o/g if $o ne '/';
+        $target="$target";
+        ($Name=$name) =~ tr/a-z/A-Z/;
+        $ret.="$target: \$(${Name}OBJ)\n";
+        $ret.="\t\$(RM) $target\n";
+        $ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
+        $ret.="\t\$(RANLIB) $target\n\n";
+        }
+sub do_link_rule
+        {
+        local($target,$files,$dep_libs,$libs,$sha1file,$openssl)=@_;
+        local($ret,$_);
+        
+        $file =~ s/\//$o/g if $o ne '/';
+        $n=&bname($target);
+        $ret.="$target: $files $dep_libs\n";
+        $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n";
+        if (defined $sha1file)
+                {
+                $ret.="\t$openssl sha1 -hmac etaonrishdlcupfm -binary $target > $sha1file";
+                }
+        $ret.="\n";
+        return($ret);
+        }
+sub which
+        {
+        my ($name)=@_;
+        my $path;
+        foreach $path (split /:/, $ENV{PATH})
+                {
+                if (-x "$path/$name")
+                        {
+                        return "$path/$name";
+                        }
+                }
+        }
+1;
diff --git a/src/lib/libcrypto/util/pod2man.pl b/src/lib/libcrypto/util/pod2man.pl
new file mode 100644
index 0000000000..546d1ec186
--- /dev/null
+++ b/src/lib/libcrypto/util/pod2man.pl
@@ -0,0 +1,1184 @@
+: #!/usr/bin/perl-5.005
+    eval 'exec /usr/bin/perl -S $0 ${1+"$@"}'
+        if $running_under_some_shell;
+$DEF_PM_SECTION = '3pm' || '3';
+=head1 NAME
+pod2man - translate embedded Perl pod directives into man pages
+=head1 SYNOPSIS
+B<pod2man>
+[ B<--section=>I<manext> ]
+[ B<--release=>I<relpatch> ]
+[ B<--center=>I<string> ]
+[ B<--date=>I<string> ]
+[ B<--fixed=>I<font> ]
+[ B<--official> ]
+[ B<--lax> ]
+I<inputfile>
+=head1 DESCRIPTION
+B<pod2man> converts its input file containing embedded pod directives (see
+L<perlpod>) into nroff source suitable for viewing with nroff(1) or
+troff(1) using the man(7) macro set.
+Besides the obvious pod conversions, B<pod2man> also takes care of
+func(), func(n), and simple variable references like $foo or @bar so
+you don't have to use code escapes for them; complex expressions like
+C<$fred{'stuff'}> will still need to be escaped, though.  Other nagging
+little roffish things that it catches include translating the minus in
+something like foo-bar, making a long dash--like this--into a real em
+dash, fixing up "paired quotes", putting a little space after the
+parens in something like func(), making C++ and PI look right, making
+double underbars have a little tiny space between them, making ALLCAPS
+a teeny bit smaller in troff(1), and escaping backslashes so you don't
+have to.
+=head1 OPTIONS
+=over 8
+=item center
+Set the centered header to a specific string.  The default is
+"User Contributed Perl Documentation", unless the C<--official> flag is
+given, in which case the default is "Perl Programmers Reference Guide".
+=item date
+Set the left-hand footer string to this value.  By default,
+the modification date of the input file will be used.
+=item fixed
+The fixed font to use for code refs.  Defaults to CW.
+=item official
+Set the default header to indicate that this page is of
+the standard release in case C<--center> is not given.
+=item release
+Set the centered footer.  By default, this is the current
+perl release.
+=item section
+Set the section for the C<.TH> macro.  The standard conventions on
+sections are to use 1 for user commands,  2 for system calls, 3 for
+functions, 4 for devices, 5 for file formats, 6 for games, 7 for
+miscellaneous information, and 8 for administrator commands.  This works
+best if you put your Perl man pages in a separate tree, like
+F</usr/local/perl/man/>.  By default, section 1 will be used
+unless the file ends in F<.pm> in which case section 3 will be selected.
+=item lax
+Don't complain when required sections aren't present.
+=back
+=head1 Anatomy of a Proper Man Page
+For those not sure of the proper layout of a man page, here's
+an example of the skeleton of a proper man page.  Head of the
+major headers should be setout as a C<=head1> directive, and
+are historically written in the rather startling ALL UPPER CASE
+format, although this is not mandatory.
+Minor headers may be included using C<=head2>, and are
+typically in mixed case.
+=over 10
+=item NAME
+Mandatory section; should be a comma-separated list of programs or
+functions documented by this podpage, such as:
+    foo, bar - programs to do something
+=item SYNOPSIS
+A short usage summary for programs and functions, which
+may someday be deemed mandatory.
+=item DESCRIPTION
+Long drawn out discussion of the program.  It's a good idea to break this
+up into subsections using the C<=head2> directives, like
+    =head2 A Sample Subection
+    =head2 Yet Another Sample Subection
+=item OPTIONS
+Some people make this separate from the description.
+=item RETURN VALUE
+What the program or function returns if successful.
+=item ERRORS
+Exceptions, return codes, exit stati, and errno settings.
+=item EXAMPLES
+Give some example uses of the program.
+=item ENVIRONMENT
+Envariables this program might care about.
+=item FILES
+All files used by the program.  You should probably use the FE<lt>E<gt>
+for these.
+=item SEE ALSO
+Other man pages to check out, like man(1), man(7), makewhatis(8), or catman(8).
+=item NOTES
+Miscellaneous commentary.
+=item CAVEATS
+Things to take special care with; sometimes called WARNINGS.
+=item DIAGNOSTICS
+All possible messages the program can print out--and
+what they mean.
+=item BUGS
+Things that are broken or just don't work quite right.
+=item RESTRICTIONS
+Bugs you don't plan to fix :-)
+=item AUTHOR
+Who wrote it (or AUTHORS if multiple).
+=item HISTORY
+Programs derived from other sources sometimes have this, or
+you might keep a modification log here.
+=back
+=head1 EXAMPLES
+    pod2man program > program.1
+    pod2man some_module.pm > /usr/perl/man/man3/some_module.3
+    pod2man --section=7 note.pod > note.7
+=head1 DIAGNOSTICS
+The following diagnostics are generated by B<pod2man>.  Items
+marked "(W)" are non-fatal, whereas the "(F)" errors will cause
+B<pod2man> to immediately exit with a non-zero status.
+=over 4
+=item bad option in paragraph %d of %s: ``%s'' should be [%s]<%s>
+(W) If you start include an option, you should set it off
+as bold, italic, or code.
+=item can't open %s: %s
+(F) The input file wasn't available for the given reason.
+=item Improper man page - no dash in NAME header in paragraph %d of %s
+(W) The NAME header did not have an isolated dash in it.  This is
+considered important.
+=item Invalid man page - no NAME line in %s
+(F) You did not include a NAME header, which is essential.
+=item roff font should be 1 or 2 chars, not `%s'  (F)
+(F) The font specified with the C<--fixed> option was not
+a one- or two-digit roff font.
+=item %s is missing required section: %s
+(W) Required sections include NAME, DESCRIPTION, and if you're
+using a section starting with a 3, also a SYNOPSIS.  Actually,
+not having a NAME is a fatal.
+=item Unknown escape: %s in %s
+(W) An unknown HTML entity (probably for an 8-bit character) was given via
+a C<EE<lt>E<gt>> directive.  Besides amp, lt, gt, and quot, recognized
+entities are Aacute, aacute, Acirc, acirc, AElig, aelig, Agrave, agrave,
+Aring, aring, Atilde, atilde, Auml, auml, Ccedil, ccedil, Eacute, eacute,
+Ecirc, ecirc, Egrave, egrave, ETH, eth, Euml, euml, Iacute, iacute, Icirc,
+icirc, Igrave, igrave, Iuml, iuml, Ntilde, ntilde, Oacute, oacute, Ocirc,
+ocirc, Ograve, ograve, Oslash, oslash, Otilde, otilde, Ouml, ouml, szlig,
+THORN, thorn, Uacute, uacute, Ucirc, ucirc, Ugrave, ugrave, Uuml, uuml,
+Yacute, yacute, and yuml.
+=item Unmatched =back
+(W) You have a C<=back> without a corresponding C<=over>.
+=item Unrecognized pod directive: %s
+(W) You specified a pod directive that isn't in the known list of
+C<=head1>, C<=head2>, C<=item>, C<=over>, C<=back>, or C<=cut>.
+=back
+=head1 NOTES
+If you would like to print out a lot of man page continuously, you
+probably want to set the C and D registers to set contiguous page
+numbering and even/odd paging, at least on some versions of man(7).
+Settting the F register will get you some additional experimental
+indexing:
+    troff -man -rC1 -rD1 -rF1 perl.1 perldata.1 perlsyn.1 ...
+The indexing merely outputs messages via C<.tm> for each
+major page, section, subsection, item, and any C<XE<lt>E<gt>>
+directives.
+=head1 RESTRICTIONS
+None at this time.
+=head1 BUGS
+The =over and =back directives don't really work right.  They
+take absolute positions instead of offsets, don't nest well, and
+making people count is suboptimal in any event.
+=head1 AUTHORS
+Original prototype by Larry Wall, but so massively hacked over by
+Tom Christiansen such that Larry probably doesn't recognize it anymore.
+=cut
+$/ = "";
+$cutting = 1;
+@Indices = ();
+# We try first to get the version number from a local binary, in case we're
+# running an installed version of Perl to produce documentation from an
+# uninstalled newer version's pod files.
+if ($^O ne 'plan9' and $^O ne 'dos' and $^O ne 'os2' and $^O ne 'MSWin32') {
+  my $perl = (-x './perl' && -f './perl' ) ?
+                 './perl' :
+                 ((-x '../perl' && -f '../perl') ?
+                      '../perl' :
+                      '');
+  ($version,$patch) = `$perl -e 'print $]'` =~ /^(\d\.\d{3})(\d{2})?/ if $perl;
+}
+# No luck; we'll just go with the running Perl's version
+($version,$patch) = $] =~ /^(.{5})(\d{2})?/ unless $version;
+$DEF_RELEASE  = "perl $version";
+$DEF_RELEASE .= ", patch $patch" if $patch;
+sub makedate {
+    my $secs = shift;
+    my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($secs);
+    my $mname = (qw{Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec})[$mon];
+    $year += 1900;
+    return "$mday/$mname/$year";
+}
+use Getopt::Long;
+$DEF_SECTION = 1;
+$DEF_CENTER = "User Contributed Perl Documentation";
+$STD_CENTER = "Perl Programmers Reference Guide";
+$DEF_FIXED = 'CW';
+$DEF_LAX = 0;
+sub usage {
+    warn "$0: @_\n" if @_;
+    die <<EOF;
+usage: $0 [options] podpage
+Options are:
+        --section=manext      (default "$DEF_SECTION")
+        --release=relpatch    (default "$DEF_RELEASE")
+        --center=string       (default "$DEF_CENTER")
+        --date=string         (default "$DEF_DATE")
+        --fixed=font          (default "$DEF_FIXED")
+        --official            (default NOT)
+        --lax                 (default NOT)
+EOF
+}
+$uok = GetOptions( qw(
+        section=s
+        release=s
+        center=s
+        date=s
+        fixed=s
+        official
+        lax
+        help));
+$DEF_DATE = makedate((stat($ARGV[0]))[9] || time());
+usage("Usage error!") unless $uok;
+usage() if $opt_help;
+usage("Need one and only one podpage argument") unless @ARGV == 1;
+$section = $opt_section || ($ARGV[0] =~ /\.pm$/
+                                ? $DEF_PM_SECTION : $DEF_SECTION);
+$RP = $opt_release || $DEF_RELEASE;
+$center = $opt_center || ($opt_official ? $STD_CENTER : $DEF_CENTER);
+$lax = $opt_lax || $DEF_LAX;
+$CFont = $opt_fixed || $DEF_FIXED;
+if (length($CFont) == 2) {
+    $CFont_embed = "\\f($CFont";
+}
+elsif (length($CFont) == 1) {
+    $CFont_embed = "\\f$CFont";
+}
+else {
+    die "roff font should be 1 or 2 chars, not `$CFont_embed'";
+}
+$date = $opt_date || $DEF_DATE;
+for (qw{NAME DESCRIPTION}) {
+# for (qw{NAME DESCRIPTION AUTHOR}) {
+    $wanna_see{$_}++;
+}
+$wanna_see{SYNOPSIS}++ if $section =~ /^3/;
+$name = @ARGV ? $ARGV[0] : "<STDIN>";
+$Filename = $name;
+if ($section =~ /^1/) {
+    require File::Basename;
+    $name = uc File::Basename::basename($name);
+}
+$name =~ s/\.(pod|p[lm])$//i;
+# Lose everything up to the first of
+#     */lib/*perl*      standard or site_perl module
+#     */*perl*/lib      from -D prefix=/opt/perl
+#     */*perl*/         random module hierarchy
+# which works.
+$name =~ s-//+-/-g;
+if ($name =~ s-^.*?/lib/[^/]*perl[^/]*/--i
+        or $name =~ s-^.*?/[^/]*perl[^/]*/lib/--i
+        or $name =~ s-^.*?/[^/]*perl[^/]*/--i) {
+    # Lose ^site(_perl)?/.
+    $name =~ s-^site(_perl)?/--;
+    # Lose ^arch/.      (XXX should we use Config? Just for archname?)
+    $name =~ s~^(.*-$^O|$^O-.*)/~~o;
+    # Lose ^version/.
+    $name =~ s-^\d+\.\d+/--;
+}
+# Translate Getopt/Long to Getopt::Long, etc.
+$name =~ s(/)(::)g;
+if ($name ne 'something') {
+    FCHECK: {
+        open(F, "< $ARGV[0]") || die "can't open $ARGV[0]: $!";
+        while (<F>) {
+            next unless /^=\b/;
+            if (/^=head1\s+NAME\s*$/) {  # an /m would forgive mistakes
+                $_ = <F>;
+                unless (/\s*-+\s+/) {
+                    $oops++;
+                    warn "$0: Improper man page - no dash in NAME header in paragraph $. of $ARGV[0]\n"
+                } else {
+                    my @n = split /\s+-+\s+/;
+                    if (@n != 2) {
+                        $oops++;
+                        warn "$0: Improper man page - malformed NAME header in paragraph $. of $ARGV[0]\n"
+                    }
+                    else {
+                        $n[0] =~ s/\n/ /g;
+                        $n[1] =~ s/\n/ /g;
+                        %namedesc = @n;
+                    }
+                }
+                last FCHECK;
+            }
+            next if /^=cut\b/;  # DB_File and Net::Ping have =cut before NAME
+            next if /^=pod\b/;  # It is OK to have =pod before NAME
+            next if /^=for\s+comment\b/;  # It is OK to have =for comment before NAME
+            die "$0: Invalid man page - 1st pod line is not NAME in $ARGV[0]\n" unless $lax;
+        }
+        die "$0: Invalid man page - no documentation in $ARGV[0]\n" unless $lax;
+    }
+    close F;
+}
+print <<"END";
+.rn '' }`
+''' \$RCSfile\$\$Revision\$\$Date\$
+'''
+''' \$Log\$
+'''
+.de Sh
+.br
+.if t .Sp
+.ne 5
+.PP
+\\fB\\\\\$1\\fR
+.PP
+..
+.de Sp
+.if t .sp .5v
+.if n .sp
+..
+.de Ip
+.br
+.ie \\\\n(.\$>=3 .ne \\\\\$3
+.el .ne 3
+.IP "\\\\\$1" \\\\\$2
+..
+.de Vb
+.ft $CFont
+.nf
+.ne \\\\\$1
+..
+.de Ve
+.ft R
+.fi
+..
+'''
+'''
+'''     Set up \\*(-- to give an unbreakable dash;
+'''     string Tr holds user defined translation string.
+'''     Bell System Logo is used as a dummy character.
+'''
+.tr \\(*W-|\\(bv\\*(Tr
+.ie n \\{\\
+.ds -- \\(*W-
+.ds PI pi
+.if (\\n(.H=4u)&(1m=24u) .ds -- \\(*W\\h'-12u'\\(*W\\h'-12u'-\\" diablo 10 pitch
+.if (\\n(.H=4u)&(1m=20u) .ds -- \\(*W\\h'-12u'\\(*W\\h'-8u'-\\" diablo 12 pitch
+.ds L" ""
+.ds R" ""
+'''   \\*(M", \\*(S", \\*(N" and \\*(T" are the equivalent of
+'''   \\*(L" and \\*(R", except that they are used on ".xx" lines,
+'''   such as .IP and .SH, which do another additional levels of
+'''   double-quote interpretation
+.ds M" """
+.ds S" """
+.ds N" """""
+.ds T" """""
+.ds L' '
+.ds R' '
+.ds M' '
+.ds S' '
+.ds N' '
+.ds T' '
+'br\\}
+.el\\{\\
+.ds -- \\(em\\|
+.tr \\*(Tr
+.ds L" ``
+.ds R" ''
+.ds M" ``
+.ds S" ''
+.ds N" ``
+.ds T" ''
+.ds L' `
+.ds R' '
+.ds M' `
+.ds S' '
+.ds N' `
+.ds T' '
+.ds PI \\(*p
+'br\\}
+END
+print <<'END';
+.\"     If the F register is turned on, we'll generate
+.\"     index entries out stderr for the following things:
+.\"             TH      Title 
+.\"             SH      Header
+.\"             Sh      Subsection 
+.\"             Ip      Item
+.\"             X<>     Xref  (embedded
+.\"     Of course, you have to process the output yourself
+.\"     in some meaninful fashion.
+.if \nF \{
+.de IX
+.tm Index:\\$1\t\\n%\t"\\$2"
+..
+.nr % 0
+.rr F
+.\}
+END
+print <<"END";
+.TH $name $section "$RP" "$date" "$center"
+.UC
+END
+push(@Indices, qq{.IX Title "$name $section"});
+while (($name, $desc) = each %namedesc) {
+    for ($name, $desc) { s/^\s+//; s/\s+$//; }
+    push(@Indices, qq(.IX Name "$name - $desc"\n));
+}
+print <<'END';
+.if n .hy 0
+.if n .na
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.de CQ          \" put $1 in typewriter font
+END
+print ".ft $CFont\n";
+print <<'END';
+'if n "\c
+'if t \\&\\$1\c
+'if n \\&\\$1\c
+'if n \&"
+\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
+'.ft R
+..
+.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
+.       \" AM - accent mark definitions
+.bd B 3
+.       \" fudge factors for nroff and troff
+.if n \{\
+.       ds #H 0
+.       ds #V .8m
+.       ds #F .3m
+.       ds #[ \f1
+.       ds #] \fP
+.\}
+.if t \{\
+.       ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.       ds #V .6m
+.       ds #F 0
+.       ds #[ \&
+.       ds #] \&
+.\}
+.       \" simple accents for nroff and troff
+.if n \{\
+.       ds ' \&
+.       ds ` \&
+.       ds ^ \&
+.       ds , \&
+.       ds ~ ~
+.       ds ? ?
+.       ds ! !
+.       ds /
+.       ds q
+.\}
+.if t \{\
+.       ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.       ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.       ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.       ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.       ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.       ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
+.       ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
+.       ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.       ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
+.\}
+.       \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
+.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
+.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
+.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.ds oe o\h'-(\w'o'u*4/10)'e
+.ds Oe O\h'-(\w'O'u*4/10)'E
+.       \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.       \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.       ds : e
+.       ds 8 ss
+.       ds v \h'-1'\o'\(aa\(ga'
+.       ds _ \h'-1'^
+.       ds . \h'-1'.
+.       ds 3 3
+.       ds o a
+.       ds d- d\h'-1'\(ga
+.       ds D- D\h'-1'\(hy
+.       ds th \o'bp'
+.       ds Th \o'LP'
+.       ds ae ae
+.       ds Ae AE
+.       ds oe oe
+.       ds Oe OE
+.\}
+.rm #[ #] #H #V #F C
+END
+$indent = 0;
+$begun = "";
+# Unrolling [^A-Z>]|[A-Z](?!<) gives:    // MRE pp 165.
+my $nonest = '(?:[^A-Z>]*(?:[A-Z](?!<)[^A-Z>]*)*)';
+while (<>) {
+    if ($cutting) {
+        next unless /^=/;
+        $cutting = 0;
+    }
+    if ($begun) {
+        if (/^=end\s+$begun/) {
+            $begun = "";
+        }
+        elsif ($begun =~ /^(roff|man)$/) {
+            print STDOUT $_;
+        }
+        next;
+    }
+    chomp;
+    # Translate verbatim paragraph
+    if (/^\s/) {
+        @lines = split(/\n/);
+        for (@lines) {
+            1 while s
+                {^( [^\t]* ) \t ( \t* ) }
+                { $1 . ' ' x (8 - (length($1)%8) + 8 * (length($2))) }ex;
+            s/\\/\\e/g;
+            s/\A/\\&/s;
+        }
+        $lines = @lines;
+        makespace() unless $verbatim++;
+        print ".Vb $lines\n";
+        print join("\n", @lines), "\n";
+        print ".Ve\n";
+        $needspace = 0;
+        next;
+    }
+    $verbatim = 0;
+    if (/^=for\s+(\S+)\s*/s) {
+        if ($1 eq "man" or $1 eq "roff") {
+            print STDOUT $',"\n\n";
+        } else {
+            # ignore unknown for
+        }
+        next;
+    }
+    elsif (/^=begin\s+(\S+)\s*/s) {
+        $begun = $1;
+        if ($1 eq "man" or $1 eq "roff") {
+            print STDOUT $'."\n\n";
+        }
+        next;
+    }
+    # check for things that'll hosed our noremap scheme; affects $_
+    init_noremap();
+    if (!/^=item/) {
+        # trofficate backslashes; must do it before what happens below
+        s/\\/noremap('\\e')/ge;
+        # protect leading periods and quotes against *roff
+        # mistaking them for directives
+        s/^(?:[A-Z]<)?[.']/\\&$&/gm;
+        # first hide the escapes in case we need to
+        # intuit something and get it wrong due to fmting
+        1 while s/([A-Z]<$nonest>)/noremap($1)/ge;
+        # func() is a reference to a perl function
+        s{
+            \b
+            (
+                [:\w]+ \(\)
+            )
+        } {I<$1>}gx;
+        # func(n) is a reference to a perl function or a man page
+        s{
+            ([:\w]+)
+            (
+                \( [^\051]+ \)
+            )
+        } {I<$1>\\|$2}gx;
+        # convert simple variable references
+        s/(\s+)([\$\@%][\w:]+)(?!\()/${1}C<$2>/g;
+        if (m{ (
+                    [\-\w]+
+                    \(
+                        [^\051]*?
+                        [\@\$,]
+                        [^\051]*?
+                    \)
+                )
+            }x && $` !~ /([LCI]<[^<>]*|-)$/ && !/^=\w/)
+        {
+            warn "$0: bad option in paragraph $. of $ARGV: ``$1'' should be [LCI]<$1>\n";
+            $oops++;
+        }
+        while (/(-[a-zA-Z])\b/g && $` !~ /[\w\-]$/) {
+            warn "$0: bad option in paragraph $. of $ARGV: ``$1'' should be [CB]<$1>\n";
+            $oops++;
+        }
+        # put it back so we get the <> processed again;
+        clear_noremap(0); # 0 means leave the E's
+    } else {
+        # trofficate backslashes
+        s/\\/noremap('\\e')/ge;
+    }
+    # need to hide E<> first; they're processed in clear_noremap
+    s/(E<[^<>]+>)/noremap($1)/ge;
+    $maxnest = 10;
+    while ($maxnest-- && /[A-Z]</) {
+        # can't do C font here
+        s/([BI])<($nonest)>/font($1) . $2 . font('R')/eg;
+        # files and filelike refs in italics
+        s/F<($nonest)>/I<$1>/g;
+        # no break -- usually we want C<> for this
+        s/S<($nonest)>/nobreak($1)/eg;
+        # LREF: a la HREF L<show this text|man/section>
+        s:L<([^|>]+)\|[^>]+>:$1:g;
+        # LREF: a manpage(3f)
+        s:L<([a-zA-Z][^\s\/]+)(\([^\)]+\))?>:the I<$1>$2 manpage:g;
+        # LREF: an =item on another manpage
+        s{
+            L<
+                ([^/]+)
+                /
+                (
+                    [:\w]+
+                    (\(\))?
+                )
+            >
+        } {the C<$2> entry in the I<$1> manpage}gx;
+        # LREF: an =item on this manpage
+        s{
+           ((?:
+            L<
+                /
+                (
+                    [:\w]+
+                    (\(\))?
+                )
+            >
+            (,?\s+(and\s+)?)?
+          )+)
+        } { internal_lrefs($1) }gex;
+        # LREF: a =head2 (head1?), maybe on a manpage, maybe right here
+        # the "func" can disambiguate
+        s{
+            L<
+                (?:
+                    ([a-zA-Z]\S+?) /
+                )?
+                "?(.*?)"?
+            >
+        }{
+            do {
+                $1      # if no $1, assume it means on this page.
+                    ?  "the section on I<$2> in the I<$1> manpage"
+                    :  "the section on I<$2>"
+            }
+        }gesx; # s in case it goes over multiple lines, so . matches \n
+        s/Z<>/\\&/g;
+        # comes last because not subject to reprocessing
+        s/C<($nonest)>/noremap("${CFont_embed}${1}\\fR")/eg;
+    }
+    if (s/^=//) {
+        $needspace = 0;         # Assume this.
+        s/\n/ /g;
+        ($Cmd, $_) = split(' ', $_, 2);
+        $dotlevel = 1;
+        if ($Cmd eq 'head1') {
+           $dotlevel = 1;
+        }
+        elsif ($Cmd eq 'head2') {
+           $dotlevel = 1;
+        }
+        elsif ($Cmd eq 'item') {
+           $dotlevel = 2;
+        }
+        if (defined $_) {
+            &escapes($dotlevel);
+            s/"/""/g;
+        }
+        clear_noremap(1);
+        if ($Cmd eq 'cut') {
+            $cutting = 1;
+        }
+        elsif ($Cmd eq 'head1') {
+            s/\s+$//;
+            delete $wanna_see{$_} if exists $wanna_see{$_};
+            print qq{.SH "$_"\n};
+      push(@Indices, qq{.IX Header "$_"\n});
+        }
+        elsif ($Cmd eq 'head2') {
+            print qq{.Sh "$_"\n};
+      push(@Indices, qq{.IX Subsection "$_"\n});
+        }
+        elsif ($Cmd eq 'over') {
+            push(@indent,$indent);
+            $indent += ($_ + 0) || 5;
+        }
+        elsif ($Cmd eq 'back') {
+            $indent = pop(@indent);
+            warn "$0: Unmatched =back in paragraph $. of $ARGV\n" unless defined $indent;
+            $needspace = 1;
+        }
+        elsif ($Cmd eq 'item') {
+            s/^\*( |$)/\\(bu$1/g;
+            # if you know how to get ":s please do
+            s/\\\*\(L"([^"]+?)\\\*\(R"/'$1'/g;
+            s/\\\*\(L"([^"]+?)""/'$1'/g;
+            s/[^"]""([^"]+?)""[^"]/'$1'/g;
+            # here do something about the $" in perlvar?
+            print STDOUT qq{.Ip "$_" $indent\n};
+      push(@Indices, qq{.IX Item "$_"\n});
+        }
+        elsif ($Cmd eq 'pod') {
+            # this is just a comment
+        } 
+        else {
+            warn "$0: Unrecognized pod directive in paragraph $. of $ARGV: $Cmd\n";
+        }
+    }
+    else {
+        if ($needspace) {
+            &makespace;
+        }
+        &escapes(0);
+        clear_noremap(1);
+        print $_, "\n";
+        $needspace = 1;
+    }
+}
+print <<"END";
+.rn }` ''
+END
+if (%wanna_see && !$lax) {
+    @missing = keys %wanna_see;
+    warn "$0: $Filename is missing required section"
+        .  (@missing > 1 && "s")
+        .  ": @missing\n";
+    $oops++;
+}
+foreach (@Indices) { print "$_\n"; }
+exit;
+#exit ($oops != 0);
+#########################################################################
+sub nobreak {
+    my $string = shift;
+    $string =~ s/ /\\ /g;
+    $string;
+}
+sub escapes {
+    my $indot = shift;
+    s/X<(.*?)>/mkindex($1)/ge;
+    # translate the minus in foo-bar into foo\-bar for roff
+    s/([^0-9a-z-])-([^-])/$1\\-$2/g;
+    # make -- into the string version \*(-- (defined above)
+    s/\b--\b/\\*(--/g;
+    s/"--([^"])/"\\*(--$1/g;  # should be a better way
+    s/([^"])--"/$1\\*(--"/g;
+    # fix up quotes; this is somewhat tricky
+    my $dotmacroL = 'L';
+    my $dotmacroR = 'R';
+    if ( $indot == 1 ) {
+        $dotmacroL = 'M';
+        $dotmacroR = 'S';
+    }  
+    elsif ( $indot >= 2 ) {
+        $dotmacroL = 'N';
+        $dotmacroR = 'T';
+    }  
+    if (!/""/) {
+        s/(^|\s)(['"])/noremap("$1\\*($dotmacroL$2")/ge;
+        s/(['"])($|[\-\s,;\\!?.])/noremap("\\*($dotmacroR$1$2")/ge;
+    }
+    #s/(?!")(?:.)--(?!")(?:.)/\\*(--/g;
+    #s/(?:(?!")(?:.)--(?:"))|(?:(?:")--(?!")(?:.))/\\*(--/g;
+    # make sure that func() keeps a bit a space tween the parens
+    ### s/\b\(\)/\\|()/g;
+    ### s/\b\(\)/(\\|)/g;
+    # make C++ into \*C+, which is a squinched version (defined above)
+    s/\bC\+\+/\\*(C+/g;
+    # make double underbars have a little tiny space between them
+    s/__/_\\|_/g;
+    # PI goes to \*(PI (defined above)
+    s/\bPI\b/noremap('\\*(PI')/ge;
+    # make all caps a teeny bit smaller, but don't muck with embedded code literals
+    my $hidCFont = font('C');
+    if ($Cmd !~ /^head1/) { # SH already makes smaller
+        # /g isn't enough; 1 while or we'll be off
+#       1 while s{
+#           (?!$hidCFont)(..|^.|^)
+#           \b
+#           (
+#               [A-Z][\/A-Z+:\-\d_$.]+
+#           )
+#           (s?)                
+#           \b
+#       } {$1\\s-1$2\\s0}gmox;
+        1 while s{
+            (?!$hidCFont)(..|^.|^)
+            (
+                \b[A-Z]{2,}[\/A-Z+:\-\d_\$]*\b
+            )
+        } {
+            $1 . noremap( '\\s-1' .  $2 . '\\s0' )
+        }egmox;
+    }
+}
+# make troff just be normal, but make small nroff get quoted
+# decided to just put the quotes in the text; sigh;
+sub ccvt {
+    local($_,$prev) = @_;
+    noremap(qq{.CQ "$_" \n\\&});
+}
+sub makespace {
+    if ($indent) {
+        print ".Sp\n";
+    }
+    else {
+        print ".PP\n";
+    }
+}
+sub mkindex {
+    my ($entry) = @_;
+    my @entries = split m:\s*/\s*:, $entry;
+    push @Indices, ".IX Xref " . join ' ', map {qq("$_")} @entries;
+    return '';
+}
+sub font {
+    local($font) = shift;
+    return '\\f' . noremap($font);
+}
+sub noremap {
+    local($thing_to_hide) = shift;
+    $thing_to_hide =~ tr/\000-\177/\200-\377/;
+    return $thing_to_hide;
+}
+sub init_noremap {
+        # escape high bit characters in input stream
+        s/([\200-\377])/"E<".ord($1).">"/ge;
+}
+sub clear_noremap {
+    my $ready_to_print = $_[0];
+    tr/\200-\377/\000-\177/;
+    # trofficate backslashes
+    # s/(?!\\e)(?:..|^.|^)\\/\\e/g;
+    # now for the E<>s, which have been hidden until now
+    # otherwise the interative \w<> processing would have
+    # been hosed by the E<gt>
+    s {
+            E<
+            (
+                ( \d + ) 
+                | ( [A-Za-z]+ ) 
+            )
+            >   
+    } {
+         do {
+             defined $2
+                ? chr($2)
+                :       
+             exists $HTML_Escapes{$3}
+                ? do { $HTML_Escapes{$3} }
+                : do {
+                    warn "$0: Unknown escape in paragraph $. of $ARGV: ``$&''\n";
+                    "E<$1>";
+                }
+         }
+    }egx if $ready_to_print;
+}
+sub internal_lrefs {
+    local($_) = shift;
+    local $trailing_and = s/and\s+$// ? "and " : "";
+    s{L</([^>]+)>}{$1}g;
+    my(@items) = split( /(?:,?\s+(?:and\s+)?)/ );
+    my $retstr = "the ";
+    my $i;
+    for ($i = 0; $i <= $#items; $i++) {
+        $retstr .= "C<$items[$i]>";
+        $retstr .= ", " if @items > 2 && $i != $#items;
+        $retstr .= " and " if $i+2 == @items;
+    }
+    $retstr .= " entr" . ( @items > 1  ? "ies" : "y" )
+            .  " elsewhere in this document";
+    # terminal space to avoid words running together (pattern used
+    # strips terminal spaces)
+    $retstr .= " " if length $trailing_and;
+    $retstr .=  $trailing_and;
+    return $retstr;
+}
+BEGIN {
+%HTML_Escapes = (
+    'amp'       =>      '&',    #   ampersand
+    'lt'        =>      '<',    #   left chevron, less-than
+    'gt'        =>      '>',    #   right chevron, greater-than
+    'quot'      =>      '"',    #   double quote
+    "Aacute"    =>      "A\\*'",        #   capital A, acute accent
+    "aacute"    =>      "a\\*'",        #   small a, acute accent
+    "Acirc"     =>      "A\\*^",        #   capital A, circumflex accent
+    "acirc"     =>      "a\\*^",        #   small a, circumflex accent
+    "AElig"     =>      '\*(AE',        #   capital AE diphthong (ligature)
+    "aelig"     =>      '\*(ae',        #   small ae diphthong (ligature)
+    "Agrave"    =>      "A\\*`",        #   capital A, grave accent
+    "agrave"    =>      "A\\*`",        #   small a, grave accent
+    "Aring"     =>      'A\\*o',        #   capital A, ring
+    "aring"     =>      'a\\*o',        #   small a, ring
+    "Atilde"    =>      'A\\*~',        #   capital A, tilde
+    "atilde"    =>      'a\\*~',        #   small a, tilde
+    "Auml"      =>      'A\\*:',        #   capital A, dieresis or umlaut mark
+    "auml"      =>      'a\\*:',        #   small a, dieresis or umlaut mark
+    "Ccedil"    =>      'C\\*,',        #   capital C, cedilla
+    "ccedil"    =>      'c\\*,',        #   small c, cedilla
+    "Eacute"    =>      "E\\*'",        #   capital E, acute accent
+    "eacute"    =>      "e\\*'",        #   small e, acute accent
+    "Ecirc"     =>      "E\\*^",        #   capital E, circumflex accent
+    "ecirc"     =>      "e\\*^",        #   small e, circumflex accent
+    "Egrave"    =>      "E\\*`",        #   capital E, grave accent
+    "egrave"    =>      "e\\*`",        #   small e, grave accent
+    "ETH"       =>      '\\*(D-',       #   capital Eth, Icelandic
+    "eth"       =>      '\\*(d-',       #   small eth, Icelandic
+    "Euml"      =>      "E\\*:",        #   capital E, dieresis or umlaut mark
+    "euml"      =>      "e\\*:",        #   small e, dieresis or umlaut mark
+    "Iacute"    =>      "I\\*'",        #   capital I, acute accent
+    "iacute"    =>      "i\\*'",        #   small i, acute accent
+    "Icirc"     =>      "I\\*^",        #   capital I, circumflex accent
+    "icirc"     =>      "i\\*^",        #   small i, circumflex accent
+    "Igrave"    =>      "I\\*`",        #   capital I, grave accent
+    "igrave"    =>      "i\\*`",        #   small i, grave accent
+    "Iuml"      =>      "I\\*:",        #   capital I, dieresis or umlaut mark
+    "iuml"      =>      "i\\*:",        #   small i, dieresis or umlaut mark
+    "Ntilde"    =>      'N\*~',         #   capital N, tilde
+    "ntilde"    =>      'n\*~',         #   small n, tilde
+    "Oacute"    =>      "O\\*'",        #   capital O, acute accent
+    "oacute"    =>      "o\\*'",        #   small o, acute accent
+    "Ocirc"     =>      "O\\*^",        #   capital O, circumflex accent
+    "ocirc"     =>      "o\\*^",        #   small o, circumflex accent
+    "Ograve"    =>      "O\\*`",        #   capital O, grave accent
+    "ograve"    =>      "o\\*`",        #   small o, grave accent
+    "Oslash"    =>      "O\\*/",        #   capital O, slash
+    "oslash"    =>      "o\\*/",        #   small o, slash
+    "Otilde"    =>      "O\\*~",        #   capital O, tilde
+    "otilde"    =>      "o\\*~",        #   small o, tilde
+    "Ouml"      =>      "O\\*:",        #   capital O, dieresis or umlaut mark
+    "ouml"      =>      "o\\*:",        #   small o, dieresis or umlaut mark
+    "szlig"     =>      '\*8',          #   small sharp s, German (sz ligature)
+    "THORN"     =>      '\\*(Th',       #   capital THORN, Icelandic
+    "thorn"     =>      '\\*(th',,      #   small thorn, Icelandic
+    "Uacute"    =>      "U\\*'",        #   capital U, acute accent
+    "uacute"    =>      "u\\*'",        #   small u, acute accent
+    "Ucirc"     =>      "U\\*^",        #   capital U, circumflex accent
+    "ucirc"     =>      "u\\*^",        #   small u, circumflex accent
+    "Ugrave"    =>      "U\\*`",        #   capital U, grave accent
+    "ugrave"    =>      "u\\*`",        #   small u, grave accent
+    "Uuml"      =>      "U\\*:",        #   capital U, dieresis or umlaut mark
+    "uuml"      =>      "u\\*:",        #   small u, dieresis or umlaut mark
+    "Yacute"    =>      "Y\\*'",        #   capital Y, acute accent
+    "yacute"    =>      "y\\*'",        #   small y, acute accent
+    "yuml"      =>      "y\\*:",        #   small y, dieresis or umlaut mark
+);
+}
diff --git a/src/lib/libcrypto/util/pod2mantest b/src/lib/libcrypto/util/pod2mantest
new file mode 100644
index 0000000000..384e683df4
--- /dev/null
+++ b/src/lib/libcrypto/util/pod2mantest
@@ -0,0 +1,58 @@
+#!/bin/sh
+# This script is used by test/Makefile to check whether a sane 'pod2man'
+# is installed.
+# ('make install' should not try to run 'pod2man' if it does not exist or if
+# it is a broken 'pod2man' version that is known to cause trouble. if we find
+# the system 'pod2man' to be broken, we use our own copy instead)
+#
+# In any case, output an appropriate command line for running (or not
+# running) pod2man.
+IFS=:
+if test "$OSTYPE" = "msdosdjgpp"; then IFS=";"; fi
+try_without_dir=true
+# First we try "pod2man", then "$dir/pod2man" for each item in $PATH.
+for dir in dummy${IFS}$PATH; do
+    if [ "$try_without_dir" = true ]; then
+      # first iteration
+      pod2man=pod2man
+      try_without_dir=false
+    else
+      # second and later iterations
+      pod2man="$dir/pod2man"
+      if [ ! -f "$pod2man" ]; then  # '-x' is not available on Ultrix
+        pod2man=''
+      fi
+    fi
+    if [ ! "$pod2man" = '' ]; then
+        failure=none
+        if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | fgrep OpenSSL >/dev/null; then
+            :
+        else
+            failure=BasicTest
+        fi
+        if [ "$failure" = none ]; then
+            if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null; then
+                failure=MultilineTest
+            fi
+        fi
+        if [ "$failure" = none ]; then
+            echo "$pod2man"
+            exit 0
+        fi
+        echo "$pod2man does not work properly ('$failure' failed).  Looking for another pod2man ..." >&2
+    fi
+done
+echo "No working pod2man found.  Consider installing a new version." >&2
+echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2
+echo "$1 ../../util/pod2man.pl"
diff --git a/src/lib/libcrypto/util/pod2mantest.pod b/src/lib/libcrypto/util/pod2mantest.pod
new file mode 100644
index 0000000000..5d2539a17f
--- /dev/null
+++ b/src/lib/libcrypto/util/pod2mantest.pod
@@ -0,0 +1,15 @@
+=pod
+=head1 NAME
+foo, bar,
+MARKER - test of multiline name section
+=head1 DESCRIPTION
+This is a test .pod file to see if we have a buggy pod2man or not.
+If we have a buggy implementation, we will get a line matching the
+regular expression "^ +MARKER - test of multiline name section *$"
+at the end of the resulting document.
+=cut
diff --git a/src/lib/libcrypto/util/point.sh b/src/lib/libcrypto/util/point.sh
new file mode 100644
index 0000000000..4790e08f8a
--- /dev/null
+++ b/src/lib/libcrypto/util/point.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+rm -f "$2"
+if test "$OSTYPE" = msdosdjgpp; then
+    cp "$1" "$2"
+else
+    ln -s "$1" "$2"
+fi
+echo "$2 => $1"
diff --git a/src/lib/libcrypto/util/selftest.pl b/src/lib/libcrypto/util/selftest.pl
new file mode 100644
index 0000000000..4778c5ab01
--- /dev/null
+++ b/src/lib/libcrypto/util/selftest.pl
@@ -0,0 +1,201 @@
+#!/usr/local/bin/perl -w
+#
+# Run the test suite and generate a report
+#
+if (! -f "Configure") {
+    print "Please run perl util/selftest.pl in the OpenSSL directory.\n";
+    exit 1;
+}
+my $report="testlog";
+my $os="??";
+my $version="??";
+my $platform0="??";
+my $platform="??";
+my $options="??";
+my $last="??";
+my $ok=0;
+my $cc="cc";
+my $cversion="??";
+my $sep="-----------------------------------------------------------------------------\n";
+my $not_our_fault="\nPlease ask your system administrator/vendor for more information.\n[Problems with your operating system setup should not be reported\nto the OpenSSL project.]\n";
+open(OUT,">$report") or die;
+print OUT "OpenSSL self-test report:\n\n";
+$uname=`uname -a`;
+$uname="??\n" if $uname eq "";
+$c=`sh config -t`;
+foreach $_ (split("\n",$c)) {
+    $os=$1 if (/Operating system: (.*)$/);
+    $platform0=$1 if (/Configuring for (.*)$/);
+}
+system "sh config" if (! -f "Makefile");
+if (open(IN,"<Makefile")) {
+    while (<IN>) {
+        $version=$1 if (/^VERSION=(.*)$/);
+        $platform=$1 if (/^PLATFORM=(.*)$/);
+        $options=$1 if (/^OPTIONS=(.*)$/);
+        $cc=$1 if (/^CC= *(.*)$/);
+    }
+    close(IN);
+} else {
+    print OUT "Error running config!\n";
+}
+$cversion=`$cc -v 2>&1`;
+$cversion=`$cc -V 2>&1` if $cversion =~ "[Uu]sage";
+$cversion=`$cc -V |head -1` if $cversion =~ "Error";
+$cversion=`$cc --version` if $cversion eq "";
+$cversion =~ s/Reading specs.*\n//;
+$cversion =~ s/usage.*\n//;
+chomp $cversion;
+if (open(IN,"<CHANGES")) {
+    while(<IN>) {
+        if (/\*\) (.{0,55})/ && !/applies to/) {
+            $last=$1;
+            last;
+        }
+    }
+    close(IN);
+}
+print OUT "OpenSSL version:  $version\n";
+print OUT "Last change:      $last...\n";
+print OUT "Options:          $options\n" if $options ne "";
+print OUT "OS (uname):       $uname";
+print OUT "OS (config):      $os\n";
+print OUT "Target (default): $platform0\n";
+print OUT "Target:           $platform\n";
+print OUT "Compiler:         $cversion\n";
+print OUT "\n";
+print "Checking compiler...\n";
+if (open(TEST,">cctest.c")) {
+    print TEST "#include <stdio.h>\n#include <errno.h>\nmain(){printf(\"Hello world\\n\");}\n";
+    close(TEST);
+    system("$cc -o cctest cctest.c");
+    if (`./cctest` !~ /Hello world/) {
+        print OUT "Compiler doesn't work.\n";
+        print OUT $not_our_fault;
+        goto err;
+    }
+    system("ar r cctest.a /dev/null");
+    if (not -f "cctest.a") {
+        print OUT "Check your archive tool (ar).\n";
+        print OUT $not_our_fault;
+        goto err;
+    }
+} else {
+    print OUT "Can't create cctest.c\n";
+}
+if (open(TEST,">cctest.c")) {
+    print TEST "#include <openssl/opensslv.h>\nmain(){printf(OPENSSL_VERSION_TEXT);}\n";
+    close(TEST);
+    system("$cc -o cctest -Iinclude cctest.c");
+    $cctest = `./cctest`;
+    if ($cctest !~ /OpenSSL $version/) {
+        if ($cctest =~ /OpenSSL/) {
+            print OUT "#include uses headers from different OpenSSL version!\n";
+        } else {
+            print OUT "Can't compile test program!\n";
+        }
+        print OUT $not_our_fault;
+        goto err;
+    }
+} else {
+    print OUT "Can't create cctest.c\n";
+}
+print "Running make...\n";
+if (system("make 2>&1 | tee make.log") > 255) {
+    print OUT "make failed!\n";
+    if (open(IN,"<make.log")) {
+        print OUT $sep;
+        while (<IN>) {
+            print OUT;
+        }
+        close(IN);
+        print OUT $sep;
+    } else {
+        print OUT "make.log not found!\n";
+    }
+    goto err;
+}
+# Not sure why this is here.  The tests themselves can detect if their
+# particular feature isn't included, and should therefore skip themselves.
+# To skip *all* tests just because one algorithm isn't included is like
+# shooting mosquito with an elephant gun...
+#                   -- Richard Levitte, inspired by problem report 1089
+#
+#$_=$options;
+#s/no-asm//;
+#s/no-shared//;
+#s/no-krb5//;
+#if (/no-/)
+#{
+#    print OUT "Test skipped.\n";
+#    goto err;
+#}
+print "Running make test...\n";
+if (system("make test 2>&1 | tee maketest.log") > 255)
+ {
+    print OUT "make test failed!\n";
+} else {
+    $ok=1;
+}
+if ($ok and open(IN,"<maketest.log")) {
+    while (<IN>) {
+        $ok=2 if /^platform: $platform/;
+    }
+    close(IN);
+}
+if ($ok != 2) {
+    print OUT "Failure!\n";
+    if (open(IN,"<make.log")) {
+        print OUT $sep;
+        while (<IN>) {
+            print OUT;
+        }
+        close(IN);
+        print OUT $sep;
+    } else {
+        print OUT "make.log not found!\n";
+    }
+    if (open(IN,"<maketest.log")) {
+        while (<IN>) {
+            print OUT;
+        }
+        close(IN);
+        print OUT $sep;
+    } else {
+        print OUT "maketest.log not found!\n";
+    }
+} else {
+    print OUT "Test passed.\n";
+}
+err:
+close(OUT);
+print "\n";
+open(IN,"<$report") or die;
+while (<IN>) {
+    if (/$sep/) {
+        print "[...]\n";
+        last;
+    }
+    print;
+}
+print "\nTest report in file $report\n";
diff --git a/src/lib/libcrypto/util/shlib_wrap.sh b/src/lib/libcrypto/util/shlib_wrap.sh
new file mode 100755
index 0000000000..a2f62d696f
--- /dev/null
+++ b/src/lib/libcrypto/util/shlib_wrap.sh
@@ -0,0 +1,91 @@
+#!/bin/sh
+[ $# -ne 0 ] || set -x          # debug mode without arguments:-)
+THERE="`echo $0 | sed -e 's|[^/]*$||' 2>/dev/null`.."
+[ -d "${THERE}" ] || exec "$@"  # should never happen...
+# Alternative to this is to parse ${THERE}/Makefile...
+LIBCRYPTOSO="${THERE}/libcrypto.so"
+if [ -f "$LIBCRYPTOSO" ]; then
+    while [ -h "$LIBCRYPTOSO" ]; do
+        LIBCRYPTOSO="${THERE}/`ls -l "$LIBCRYPTOSO" | sed -e 's|.*\-> ||'`"
+    done
+    SOSUFFIX=`echo ${LIBCRYPTOSO} | sed -e 's|.*\.so||' 2>/dev/null`
+    LIBSSLSO="${THERE}/libssl.so${SOSUFFIX}"
+fi
+SYSNAME=`(uname -s) 2>/dev/null`;
+case "$SYSNAME" in
+SunOS|IRIX*)
+        # SunOS and IRIX run-time linkers evaluate alternative
+        # variables depending on target ABI...
+        rld_var=LD_LIBRARY_PATH
+        case "`(/usr/bin/file "$LIBCRYPTOSO") 2>/dev/null`" in
+        *ELF\ 64*SPARC*|*ELF\ 64*AMD64*)
+                [ -n "$LD_LIBRARY_PATH_64" ] && rld_var=LD_LIBRARY_PATH_64
+                LD_PRELOAD_64="$LIBCRYPTOSO $LIBSSLSO"; export LD_PRELOAD_64
+                preload_var=LD_PRELOAD_64
+                ;;
+        # Why are newly built .so's preloaded anyway? Because run-time
+        # .so lookup path embedded into application takes precedence
+        # over LD_LIBRARY_PATH and as result application ends up linking
+        # to previously installed .so's. On IRIX instead of preloading
+        # newly built .so's we trick run-time linker to fail to find
+        # the installed .so by setting _RLD_ROOT variable.
+        *ELF\ 32*MIPS*)
+                #_RLD_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLD_LIST
+                _RLD_ROOT=/no/such/dir; export _RLD_ROOT
+                eval $rld_var=\"/usr/lib'${'$rld_var':+:$'$rld_var'}'\"
+                preload_var=_RLD_LIST
+                ;;
+        *ELF\ N32*MIPS*)
+                [ -n "$LD_LIBRARYN32_PATH" ] && rld_var=LD_LIBRARYN32_PATH
+                #_RLDN32_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLDN32_LIST
+                _RLDN32_ROOT=/no/such/dir; export _RLDN32_ROOT
+                eval $rld_var=\"/usr/lib32'${'$rld_var':+:$'$rld_var'}'\"
+                preload_var=_RLDN32_LIST
+                ;;
+        *ELF\ 64*MIPS*)
+                [ -n "$LD_LIBRARY64_PATH"  ] && rld_var=LD_LIBRARY64_PATH
+                #_RLD64_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLD64_LIST
+                _RLD64_ROOT=/no/such/dir; export _RLD64_ROOT
+                eval $rld_var=\"/usr/lib64'${'$rld_var':+:$'$rld_var'}'\"
+                preload_var=_RLD64_LIST
+                ;;
+        esac
+        eval $rld_var=\"${THERE}'${'$rld_var':+:$'$rld_var'}'\"; export $rld_var
+        unset rld_var
+        ;;
+*)      LD_LIBRARY_PATH="${THERE}:$LD_LIBRARY_PATH"     # Linux, ELF HP-UX
+        DYLD_LIBRARY_PATH="${THERE}:$DYLD_LIBRARY_PATH" # MacOS X
+        SHLIB_PATH="${THERE}:$SHLIB_PATH"               # legacy HP-UX
+        LIBPATH="${THERE}:$LIBPATH"                     # AIX, OS/2
+        export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH
+        # Even though $PATH is adjusted [for Windows sake], it doesn't
+        # necessarily does the trick. Trouble is that with introduction
+        # of SafeDllSearchMode in XP/2003 it's more appropriate to copy
+        # .DLLs in vicinity of executable, which is done elsewhere...
+        if [ "$OSTYPE" != msdosdjgpp ]; then
+                PATH="${THERE}:$PATH"; export PATH
+        fi
+        ;;
+esac
+if [ -f "$LIBCRYPTOSO" -a -z "$preload_var" ]; then
+        # Following three lines are major excuse for isolating them into
+        # this wrapper script. Original reason for setting LD_PRELOAD
+        # was to make it possible to pass 'make test' when user linked
+        # with -rpath pointing to previous version installation. Wrapping
+        # it into a script makes it possible to do so on multi-ABI
+        # platforms.
+        case "$SYSNAME" in
+        *BSD)   LD_PRELOAD="$LIBCRYPTOSO:$LIBSSLSO" ;;  # *BSD
+        *)      LD_PRELOAD="$LIBCRYPTOSO $LIBSSLSO" ;;  # SunOS, Linux, ELF HP-UX
+        esac
+        _RLD_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"      # Tru64, o32 IRIX
+        DYLD_INSERT_LIBRARIES="$LIBCRYPTOSO:$LIBSSLSO"  # MacOS X
+        export LD_PRELOAD _RLD_LIST DYLD_INSERT_LIBRARIES
+fi
+exec "$@"
diff --git a/src/lib/libcrypto/util/sp-diff.pl b/src/lib/libcrypto/util/sp-diff.pl
new file mode 100644
index 0000000000..9d6c60387f
--- /dev/null
+++ b/src/lib/libcrypto/util/sp-diff.pl
@@ -0,0 +1,80 @@
+#!/usr/local/bin/perl
+#
+# This file takes as input, the files that have been output from
+# ssleay speed.
+# It prints a table of the relative differences with %100 being 'no difference'
+#
+($#ARGV == 1) || die "$0 speedout1 speedout2\n";
+%one=&loadfile($ARGV[0]);
+%two=&loadfile($ARGV[1]);
+$line=0;
+foreach $a ("md2","md4","md5","sha","sha1","rc4","des cfb","des cbc","des ede3",
+        "idea cfb","idea cbc","rc2 cfb","rc2 cbc","blowfish cbc","cast cbc")
+        {
+        if (defined($one{$a,8}) && defined($two{$a,8}))
+                {
+                print "type              8 byte%    64 byte%   256 byte%  1024 byte%  8192 byte%\n"
+                        unless $line;
+                $line++;
+                printf "%-12s ",$a;
+                foreach $b (8,64,256,1024,8192)
+                        {
+                        $r=$two{$a,$b}/$one{$a,$b}*100;
+                        printf "%12.2f",$r;
+                        }
+                print "\n";
+                }
+        }
+foreach $a      (
+                "rsa  512","rsa 1024","rsa 2048","rsa 4096",
+                "dsa  512","dsa 1024","dsa 2048",
+                )
+        {
+        if (defined($one{$a,1}) && defined($two{$a,1}))
+                {
+                $r1=($one{$a,1}/$two{$a,1})*100;
+                $r2=($one{$a,2}/$two{$a,2})*100;
+                printf "$a bits %%    %6.2f %%    %6.2f\n",$r1,$r2;
+                }
+        }
+sub loadfile
+        {
+        local($file)=@_;
+        local($_,%ret);
+        open(IN,"<$file") || die "unable to open '$file' for input\n";
+        $header=1;
+        while (<IN>)
+                {
+                $header=0 if /^[dr]sa/;
+                if (/^type/) { $header=0; next; }
+                next if $header;
+                chop;
+                @a=split;
+                if ($a[0] =~ /^[dr]sa$/)
+                        {
+                        ($n,$t1,$t2)=($_ =~ /^([dr]sa\s+\d+)\s+bits\s+([.\d]+)s\s+([.\d]+)/);
+                        $ret{$n,1}=$t1;
+                        $ret{$n,2}=$t2;
+                        }
+                else
+                        {
+                        $n=join(' ',grep(/[^k]$/,@a));
+                        @k=grep(s/k$//,@a);
+                        
+                        $ret{$n,   8}=$k[0];
+                        $ret{$n,  64}=$k[1];
+                        $ret{$n, 256}=$k[2];
+                        $ret{$n,1024}=$k[3];
+                        $ret{$n,8192}=$k[4];
+                        }
+                }
+        close(IN);
+        return(%ret);
+        }
diff --git a/src/lib/libcrypto/util/speed.sh b/src/lib/libcrypto/util/speed.sh
new file mode 100644
index 0000000000..f489706197
--- /dev/null
+++ b/src/lib/libcrypto/util/speed.sh
@@ -0,0 +1,39 @@
+#!/bin/sh
+#
+# This is a ugly script use, in conjuction with editing the 'b'
+# configuration in the $(TOP)/Configure script which will
+# output when finished a file called speed.log which is the
+# timings of SSLeay with various options turned on or off.
+#
+# from the $(TOP) directory
+# Edit Configure, modifying things to do with the b/bl-4c-2c etc
+# configurations.
+#
+make clean
+perl Configure b
+make
+apps/ssleay version -v -b -f >speed.1
+apps/ssleay speed >speed.1l
+perl Configure bl-4c-2c
+/bin/rm -f crypto/rc4/*.o crypto/bn/bn*.o crypto/md2/md2_dgst.o
+make
+apps/ssleay speed rc4 rsa md2 >speed.2l
+perl Configure bl-4c-ri
+/bin/rm -f crypto/rc4/rc4*.o
+make
+apps/ssleay speed rc4 >speed.3l
+perl Configure b2-is-ri-dp
+/bin/rm -f crypto/idea/i_*.o crypto/rc4/*.o crypto/des/ecb_enc.o crypto/bn/bn*.o
+apps/ssleay speed rsa rc4 idea des >speed.4l
+cat speed.1 >speed.log
+cat speed.1l >>speed.log
+perl util/sp-diff.pl speed.1l speed.2l >>speed.log
+perl util/sp-diff.pl speed.1l speed.3l >>speed.log
+perl util/sp-diff.pl speed.1l speed.4l >>speed.log
diff --git a/src/lib/libcrypto/util/src-dep.pl b/src/lib/libcrypto/util/src-dep.pl
new file mode 100644
index 0000000000..ad997e4746
--- /dev/null
+++ b/src/lib/libcrypto/util/src-dep.pl
@@ -0,0 +1,147 @@
+#!/usr/local/bin/perl
+# we make up an array of
+# $file{function_name}=filename;
+# $unres{filename}="func1 func2 ...."
+$debug=1;
+#$nm_func="parse_linux";
+$nm_func="parse_solaris";
+foreach (@ARGV)
+        {
+        &$nm_func($_);
+        }
+foreach $file (sort keys %unres)
+        {
+        @a=split(/\s+/,$unres{$file});
+        %ff=();
+        foreach $func (@a)
+                {
+                $f=$file{$func};
+                $ff{$f}=1 if $f ne "";
+                }
+        foreach $a (keys %ff)
+                { $we_need{$file}.="$a "; }
+        }
+foreach $file (sort keys %we_need)
+        {
+#       print " $file $we_need{$file}\n";
+        foreach $bit (split(/\s+/,$we_need{$file}))
+                { push(@final,&walk($bit)); }
+        foreach (@final) { $fin{$_}=1; }
+        @final="";
+        foreach (sort keys %fin)
+                { push(@final,$_); }
+        print "$file: @final\n";
+        }
+sub walk
+        {
+        local($f)=@_;
+        local(@a,%seen,@ret,$r);
+        @ret="";
+        $f =~ s/^\s+//;
+        $f =~ s/\s+$//;
+        return "" if ($f =~ "^\s*$");
+        return(split(/\s/,$done{$f})) if defined ($done{$f});
+        return if $in{$f} > 0;
+        $in{$f}++;
+        push(@ret,$f);
+        foreach $r (split(/\s+/,$we_need{$f}))
+                {
+                push(@ret,&walk($r));
+                }
+        $in{$f}--;
+        $done{$f}=join(" ",@ret);
+        return(@ret);
+        }
+sub parse_linux
+        {
+        local($name)=@_;
+        open(IN,"nm $name|") || die "unable to run 'nn $name':$!\n";
+        while (<IN>)
+                {
+                chop;
+                next if /^\s*$/;
+                if (/^[^[](.*):$/)
+                        {
+                        $file=$1;
+                        $file="$1.c" if /\[(.*).o\]/;
+                        print STDERR "$file\n";
+                        $we_need{$file}=" ";
+                        next;
+                        }
+                @a=split(/\s*\|\s*/);
+                next unless $#a == 7;
+                next unless $a[4] eq "GLOB";
+                if ($a[6] eq "UNDEF")
+                        {
+                        $unres{$file}.=$a[7]." ";
+                        }
+                else
+                        {
+                        if ($file{$a[7]} ne "")
+                                {
+                                print STDERR "duplicate definition of $a[7],\n$file{$a[7]} and $file \n";
+                                }
+                        else
+                                {
+                                $file{$a[7]}=$file;
+                                }
+                        }
+                }
+        close(IN);
+        }
+sub parse_solaris
+        {
+        local($name)=@_;
+        open(IN,"nm $name|") || die "unable to run 'nn $name':$!\n";
+        while (<IN>)
+                {
+                chop;
+                next if /^\s*$/;
+                if (/^(\S+):$/)
+                        {
+                        $file=$1;
+                        #$file="$1.c" if $file =~ /^(.*).o$/;
+                        print STDERR "$file\n";
+                        $we_need{$file}=" ";
+                        next;
+                        }
+                @a=split(/\s*\|\s*/);
+                next unless $#a == 7;
+                next unless $a[4] eq "GLOB";
+                if ($a[6] eq "UNDEF")
+                        {
+                        $unres{$file}.=$a[7]." ";
+                        print STDERR "$file needs $a[7]\n" if $debug;
+                        }
+                else
+                        {
+                        if ($file{$a[7]} ne "")
+                                {
+                                print STDERR "duplicate definition of $a[7],\n$file{$a[7]} and $file \n";
+                                }
+                        else
+                                {
+                                $file{$a[7]}=$file;
+                                print STDERR "$file has $a[7]\n" if $debug;
+                                }
+                        }
+                }
+        close(IN);
+        }
diff --git a/src/lib/libcrypto/util/ssleay.num b/src/lib/libcrypto/util/ssleay.num
new file mode 100644
index 0000000000..46e38a131f
--- /dev/null
+++ b/src/lib/libcrypto/util/ssleay.num
@@ -0,0 +1,217 @@
+ERR_load_SSL_strings                    1       EXIST::FUNCTION:
+SSL_CIPHER_description                  2       EXIST::FUNCTION:
+SSL_CTX_add_client_CA                   3       EXIST::FUNCTION:
+SSL_CTX_add_session                     4       EXIST::FUNCTION:
+SSL_CTX_check_private_key               5       EXIST::FUNCTION:
+SSL_CTX_ctrl                            6       EXIST::FUNCTION:
+SSL_CTX_flush_sessions                  7       EXIST::FUNCTION:
+SSL_CTX_free                            8       EXIST::FUNCTION:
+SSL_CTX_get_client_CA_list              9       EXIST::FUNCTION:
+SSL_CTX_get_verify_callback             10      EXIST::FUNCTION:
+SSL_CTX_get_verify_mode                 11      EXIST::FUNCTION:
+SSL_CTX_new                             12      EXIST::FUNCTION:
+SSL_CTX_remove_session                  13      EXIST::FUNCTION:
+SSL_CTX_set_cipher_list                 15      EXIST::FUNCTION:
+SSL_CTX_set_client_CA_list              16      EXIST::FUNCTION:
+SSL_CTX_set_default_passwd_cb           17      EXIST::FUNCTION:
+SSL_CTX_set_ssl_version                 19      EXIST::FUNCTION:
+SSL_CTX_set_verify                      21      EXIST::FUNCTION:
+SSL_CTX_use_PrivateKey                  22      EXIST::FUNCTION:
+SSL_CTX_use_PrivateKey_ASN1             23      EXIST::FUNCTION:
+SSL_CTX_use_PrivateKey_file             24      EXIST::FUNCTION:STDIO
+SSL_CTX_use_RSAPrivateKey               25      EXIST::FUNCTION:RSA
+SSL_CTX_use_RSAPrivateKey_ASN1          26      EXIST::FUNCTION:RSA
+SSL_CTX_use_RSAPrivateKey_file          27      EXIST::FUNCTION:RSA,STDIO
+SSL_CTX_use_certificate                 28      EXIST::FUNCTION:
+SSL_CTX_use_certificate_ASN1            29      EXIST::FUNCTION:
+SSL_CTX_use_certificate_file            30      EXIST::FUNCTION:STDIO
+SSL_SESSION_free                        31      EXIST::FUNCTION:
+SSL_SESSION_new                         32      EXIST::FUNCTION:
+SSL_SESSION_print                       33      EXIST::FUNCTION:BIO
+SSL_SESSION_print_fp                    34      EXIST::FUNCTION:FP_API
+SSL_accept                              35      EXIST::FUNCTION:
+SSL_add_client_CA                       36      EXIST::FUNCTION:
+SSL_alert_desc_string                   37      EXIST::FUNCTION:
+SSL_alert_desc_string_long              38      EXIST::FUNCTION:
+SSL_alert_type_string                   39      EXIST::FUNCTION:
+SSL_alert_type_string_long              40      EXIST::FUNCTION:
+SSL_check_private_key                   41      EXIST::FUNCTION:
+SSL_clear                               42      EXIST::FUNCTION:
+SSL_connect                             43      EXIST::FUNCTION:
+SSL_copy_session_id                     44      EXIST::FUNCTION:
+SSL_ctrl                                45      EXIST::FUNCTION:
+SSL_dup                                 46      EXIST::FUNCTION:
+SSL_dup_CA_list                         47      EXIST::FUNCTION:
+SSL_free                                48      EXIST::FUNCTION:
+SSL_get_certificate                     49      EXIST::FUNCTION:
+SSL_get_cipher_list                     52      EXIST::FUNCTION:
+SSL_get_ciphers                         55      EXIST::FUNCTION:
+SSL_get_client_CA_list                  56      EXIST::FUNCTION:
+SSL_get_default_timeout                 57      EXIST::FUNCTION:
+SSL_get_error                           58      EXIST::FUNCTION:
+SSL_get_fd                              59      EXIST::FUNCTION:
+SSL_get_peer_cert_chain                 60      EXIST::FUNCTION:
+SSL_get_peer_certificate                61      EXIST::FUNCTION:
+SSL_get_rbio                            63      EXIST::FUNCTION:BIO
+SSL_get_read_ahead                      64      EXIST::FUNCTION:
+SSL_get_shared_ciphers                  65      EXIST::FUNCTION:
+SSL_get_ssl_method                      66      EXIST::FUNCTION:
+SSL_get_verify_callback                 69      EXIST::FUNCTION:
+SSL_get_verify_mode                     70      EXIST::FUNCTION:
+SSL_get_version                         71      EXIST::FUNCTION:
+SSL_get_wbio                            72      EXIST::FUNCTION:BIO
+SSL_load_client_CA_file                 73      EXIST::FUNCTION:STDIO
+SSL_load_error_strings                  74      EXIST::FUNCTION:
+SSL_new                                 75      EXIST::FUNCTION:
+SSL_peek                                76      EXIST::FUNCTION:
+SSL_pending                             77      EXIST::FUNCTION:
+SSL_read                                78      EXIST::FUNCTION:
+SSL_renegotiate                         79      EXIST::FUNCTION:
+SSL_rstate_string                       80      EXIST::FUNCTION:
+SSL_rstate_string_long                  81      EXIST::FUNCTION:
+SSL_set_accept_state                    82      EXIST::FUNCTION:
+SSL_set_bio                             83      EXIST::FUNCTION:BIO
+SSL_set_cipher_list                     84      EXIST::FUNCTION:
+SSL_set_client_CA_list                  85      EXIST::FUNCTION:
+SSL_set_connect_state                   86      EXIST::FUNCTION:
+SSL_set_fd                              87      EXIST::FUNCTION:SOCK
+SSL_set_read_ahead                      88      EXIST::FUNCTION:
+SSL_set_rfd                             89      EXIST::FUNCTION:SOCK
+SSL_set_session                         90      EXIST::FUNCTION:
+SSL_set_ssl_method                      91      EXIST::FUNCTION:
+SSL_set_verify                          94      EXIST::FUNCTION:
+SSL_set_wfd                             95      EXIST::FUNCTION:SOCK
+SSL_shutdown                            96      EXIST::FUNCTION:
+SSL_state_string                        97      EXIST::FUNCTION:
+SSL_state_string_long                   98      EXIST::FUNCTION:
+SSL_use_PrivateKey                      99      EXIST::FUNCTION:
+SSL_use_PrivateKey_ASN1                 100     EXIST::FUNCTION:
+SSL_use_PrivateKey_file                 101     EXIST::FUNCTION:STDIO
+SSL_use_RSAPrivateKey                   102     EXIST::FUNCTION:RSA
+SSL_use_RSAPrivateKey_ASN1              103     EXIST::FUNCTION:RSA
+SSL_use_RSAPrivateKey_file              104     EXIST::FUNCTION:RSA,STDIO
+SSL_use_certificate                     105     EXIST::FUNCTION:
+SSL_use_certificate_ASN1                106     EXIST::FUNCTION:
+SSL_use_certificate_file                107     EXIST::FUNCTION:STDIO
+SSL_write                               108     EXIST::FUNCTION:
+SSLeay_add_ssl_algorithms               109     NOEXIST::FUNCTION:
+SSLv23_client_method                    110     EXIST::FUNCTION:RSA
+SSLv23_method                           111     EXIST::FUNCTION:RSA
+SSLv23_server_method                    112     EXIST::FUNCTION:RSA
+SSLv2_client_method                     113     EXIST::FUNCTION:RSA
+SSLv2_method                            114     EXIST::FUNCTION:RSA
+SSLv2_server_method                     115     EXIST::FUNCTION:RSA
+SSLv3_client_method                     116     EXIST::FUNCTION:
+SSLv3_method                            117     EXIST::FUNCTION:
+SSLv3_server_method                     118     EXIST::FUNCTION:
+d2i_SSL_SESSION                         119     EXIST::FUNCTION:
+i2d_SSL_SESSION                         120     EXIST::FUNCTION:
+BIO_f_ssl                               121     EXIST::FUNCTION:BIO
+BIO_new_ssl                             122     EXIST::FUNCTION:BIO
+BIO_proxy_ssl_copy_session_id           123     NOEXIST::FUNCTION:
+BIO_ssl_copy_session_id                 124     EXIST::FUNCTION:BIO
+SSL_do_handshake                        125     EXIST::FUNCTION:
+SSL_get_privatekey                      126     EXIST::FUNCTION:
+SSL_get_current_cipher                  127     EXIST::FUNCTION:
+SSL_CIPHER_get_bits                     128     EXIST::FUNCTION:
+SSL_CIPHER_get_version                  129     EXIST::FUNCTION:
+SSL_CIPHER_get_name                     130     EXIST::FUNCTION:
+BIO_ssl_shutdown                        131     EXIST::FUNCTION:BIO
+SSL_SESSION_cmp                         132     EXIST::FUNCTION:
+SSL_SESSION_hash                        133     EXIST::FUNCTION:
+SSL_SESSION_get_time                    134     EXIST::FUNCTION:
+SSL_SESSION_set_time                    135     EXIST::FUNCTION:
+SSL_SESSION_get_timeout                 136     EXIST::FUNCTION:
+SSL_SESSION_set_timeout                 137     EXIST::FUNCTION:
+SSL_CTX_get_ex_data                     138     EXIST::FUNCTION:
+SSL_CTX_get_quiet_shutdown              140     EXIST::FUNCTION:
+SSL_CTX_load_verify_locations           141     EXIST::FUNCTION:
+SSL_CTX_set_default_verify_paths        142     EXIST:!VMS:FUNCTION:
+SSL_CTX_set_def_verify_paths            142     EXIST:VMS:FUNCTION:
+SSL_CTX_set_ex_data                     143     EXIST::FUNCTION:
+SSL_CTX_set_quiet_shutdown              145     EXIST::FUNCTION:
+SSL_SESSION_get_ex_data                 146     EXIST::FUNCTION:
+SSL_SESSION_set_ex_data                 148     EXIST::FUNCTION:
+SSL_get_SSL_CTX                         150     EXIST::FUNCTION:
+SSL_get_ex_data                         151     EXIST::FUNCTION:
+SSL_get_quiet_shutdown                  153     EXIST::FUNCTION:
+SSL_get_session                         154     EXIST::FUNCTION:
+SSL_get_shutdown                        155     EXIST::FUNCTION:
+SSL_get_verify_result                   157     EXIST::FUNCTION:
+SSL_set_ex_data                         158     EXIST::FUNCTION:
+SSL_set_info_callback                   160     EXIST::FUNCTION:
+SSL_set_quiet_shutdown                  161     EXIST::FUNCTION:
+SSL_set_shutdown                        162     EXIST::FUNCTION:
+SSL_set_verify_result                   163     EXIST::FUNCTION:
+SSL_version                             164     EXIST::FUNCTION:
+SSL_get_info_callback                   165     EXIST::FUNCTION:
+SSL_state                               166     EXIST::FUNCTION:
+SSL_CTX_get_ex_new_index                167     EXIST::FUNCTION:
+SSL_SESSION_get_ex_new_index            168     EXIST::FUNCTION:
+SSL_get_ex_new_index                    169     EXIST::FUNCTION:
+TLSv1_method                            170     EXIST::FUNCTION:
+TLSv1_server_method                     171     EXIST::FUNCTION:
+TLSv1_client_method                     172     EXIST::FUNCTION:
+BIO_new_buffer_ssl_connect              173     EXIST::FUNCTION:BIO
+BIO_new_ssl_connect                     174     EXIST::FUNCTION:BIO
+SSL_get_ex_data_X509_STORE_CTX_idx      175     EXIST:!VMS:FUNCTION:
+SSL_get_ex_d_X509_STORE_CTX_idx         175     EXIST:VMS:FUNCTION:
+SSL_CTX_set_tmp_dh_callback             176     EXIST::FUNCTION:DH
+SSL_CTX_set_tmp_rsa_callback            177     EXIST::FUNCTION:RSA
+SSL_CTX_set_timeout                     178     EXIST::FUNCTION:
+SSL_CTX_get_timeout                     179     EXIST::FUNCTION:
+SSL_CTX_get_cert_store                  180     EXIST::FUNCTION:
+SSL_CTX_set_cert_store                  181     EXIST::FUNCTION:
+SSL_want                                182     EXIST::FUNCTION:
+SSL_library_init                        183     EXIST::FUNCTION:
+SSL_COMP_add_compression_method         184     EXIST::FUNCTION:COMP
+SSL_add_file_cert_subjects_to_stack     185     EXIST:!VMS:FUNCTION:STDIO
+SSL_add_file_cert_subjs_to_stk          185     EXIST:VMS:FUNCTION:STDIO
+SSL_set_tmp_rsa_callback                186     EXIST::FUNCTION:RSA
+SSL_set_tmp_dh_callback                 187     EXIST::FUNCTION:DH
+SSL_add_dir_cert_subjects_to_stack      188     EXIST:!VMS:FUNCTION:STDIO
+SSL_add_dir_cert_subjs_to_stk           188     NOEXIST::FUNCTION:
+SSL_set_session_id_context              189     EXIST::FUNCTION:
+SSL_CTX_use_certificate_chain_file      222     EXIST:!VMS:FUNCTION:STDIO
+SSL_CTX_use_cert_chain_file             222     EXIST:VMS:FUNCTION:STDIO
+SSL_CTX_set_verify_depth                225     EXIST::FUNCTION:
+SSL_set_verify_depth                    226     EXIST::FUNCTION:
+SSL_CTX_get_verify_depth                228     EXIST::FUNCTION:
+SSL_get_verify_depth                    229     EXIST::FUNCTION:
+SSL_CTX_set_session_id_context          231     EXIST::FUNCTION:
+SSL_CTX_set_cert_verify_callback        232     EXIST:!VMS:FUNCTION:
+SSL_CTX_set_cert_verify_cb              232     EXIST:VMS:FUNCTION:
+SSL_CTX_set_default_passwd_cb_userdata  235     EXIST:!VMS:FUNCTION:
+SSL_CTX_set_def_passwd_cb_ud            235     EXIST:VMS:FUNCTION:
+SSL_set_purpose                         236     EXIST::FUNCTION:
+SSL_CTX_set_trust                       237     EXIST::FUNCTION:
+SSL_CTX_set_purpose                     238     EXIST::FUNCTION:
+SSL_set_trust                           239     EXIST::FUNCTION:
+SSL_get_finished                        240     EXIST::FUNCTION:
+SSL_get_peer_finished                   241     EXIST::FUNCTION:
+SSL_get1_session                        242     EXIST::FUNCTION:
+SSL_CTX_callback_ctrl                   243     EXIST::FUNCTION:
+SSL_callback_ctrl                       244     EXIST::FUNCTION:
+SSL_CTX_sessions                        245     EXIST::FUNCTION:
+SSL_get_rfd                             246     EXIST::FUNCTION:
+SSL_get_wfd                             247     EXIST::FUNCTION:
+kssl_cget_tkt                           248     EXIST::FUNCTION:KRB5
+SSL_has_matching_session_id             249     EXIST::FUNCTION:
+kssl_err_set                            250     EXIST::FUNCTION:KRB5
+kssl_ctx_show                           251     EXIST::FUNCTION:KRB5
+kssl_validate_times                     252     EXIST::FUNCTION:KRB5
+kssl_check_authent                      253     EXIST::FUNCTION:KRB5
+kssl_ctx_new                            254     EXIST::FUNCTION:KRB5
+kssl_build_principal_2                  255     EXIST::FUNCTION:KRB5
+kssl_skip_confound                      256     EXIST::FUNCTION:KRB5
+kssl_sget_tkt                           257     EXIST::FUNCTION:KRB5
+SSL_set_generate_session_id             258     EXIST::FUNCTION:
+kssl_ctx_setkey                         259     EXIST::FUNCTION:KRB5
+kssl_ctx_setprinc                       260     EXIST::FUNCTION:KRB5
+kssl_ctx_free                           261     EXIST::FUNCTION:KRB5
+kssl_krb5_free_data_contents            262     EXIST::FUNCTION:KRB5
+kssl_ctx_setstring                      263     EXIST::FUNCTION:KRB5
+SSL_CTX_set_generate_session_id         264     EXIST::FUNCTION:
+SSL_renegotiate_pending                 265     EXIST::FUNCTION:
+SSL_CTX_set_msg_callback                266     EXIST::FUNCTION:
+SSL_set_msg_callback                    267     EXIST::FUNCTION:
diff --git a/src/lib/libcrypto/util/tab_num.pl b/src/lib/libcrypto/util/tab_num.pl
new file mode 100644
index 0000000000..a81ed0edc2
--- /dev/null
+++ b/src/lib/libcrypto/util/tab_num.pl
@@ -0,0 +1,17 @@
+#!/usr/local/bin/perl
+$num=1;
+$width=40;
+while (<>)
+        {
+        chop;
+        $i=length($_);
+        $n=$width-$i;
+        $i=int(($n+7)/8);
+        print $_.("\t" x $i).$num."\n";
+        $num++;
+        }
diff --git a/src/lib/libcrypto/util/x86asm.sh b/src/lib/libcrypto/util/x86asm.sh
new file mode 100644
index 0000000000..d2090a9849
--- /dev/null
+++ b/src/lib/libcrypto/util/x86asm.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+echo Generating x86 assember
+echo Bignum
+(cd crypto/bn/asm; perl x86.pl cpp > bn86unix.cpp)
+(cd crypto/bn/asm; perl x86.pl win32 > bn-win32.asm)
+echo DES
+(cd crypto/des/asm; perl des-586.pl cpp > dx86unix.cpp)
+(cd crypto/des/asm; perl des-586.pl win32 > d-win32.asm)
+echo "crypt(3)"
+(cd crypto/des/asm; perl crypt586.pl cpp > yx86unix.cpp)
+(cd crypto/des/asm; perl crypt586.pl win32 > y-win32.asm)
+echo Blowfish
+(cd crypto/bf/asm; perl bf-586.pl cpp > bx86unix.cpp)
+(cd crypto/bf/asm; perl bf-586.pl win32 > b-win32.asm)
+echo CAST5
+(cd crypto/cast/asm; perl cast-586.pl cpp > cx86unix.cpp)
+(cd crypto/cast/asm; perl cast-586.pl win32 > c-win32.asm)
+echo RC4
+(cd crypto/rc4/asm; perl rc4-586.pl cpp > rx86unix.cpp)
+(cd crypto/rc4/asm; perl rc4-586.pl win32 > r4-win32.asm)
+echo MD5
+(cd crypto/md5/asm; perl md5-586.pl cpp > mx86unix.cpp)
+(cd crypto/md5/asm; perl md5-586.pl win32 > m5-win32.asm)
+echo SHA1
+(cd crypto/sha/asm; perl sha1-586.pl cpp > sx86unix.cpp)
+(cd crypto/sha/asm; perl sha1-586.pl win32 > s1-win32.asm)
+echo RIPEMD160
+(cd crypto/ripemd/asm; perl rmd-586.pl cpp > rm86unix.cpp)
+(cd crypto/ripemd/asm; perl rmd-586.pl win32 > rm-win32.asm)
+echo RC5/32
+(cd crypto/rc5/asm; perl rc5-586.pl cpp > r586unix.cpp)
+(cd crypto/rc5/asm; perl rc5-586.pl win32 > r5-win32.asm)
diff --git a/src/lib/libcrypto/x509/Makefile b/src/lib/libcrypto/x509/Makefile
new file mode 100644
index 0000000000..ddcc3124a7
--- /dev/null
+++ b/src/lib/libcrypto/x509/Makefile
@@ -0,0 +1,406 @@
+#
+# OpenSSL/crypto/x509/Makefile
+#
+DIR=    x509
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile README
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \
+        x509_obj.c x509_req.c x509spki.c x509_vfy.c \
+        x509_set.c x509cset.c x509rset.c x509_err.c \
+        x509name.c x509_v3.c x509_ext.c x509_att.c \
+        x509type.c x509_lu.c x_all.c x509_txt.c \
+        x509_trs.c by_file.c by_dir.c x509_vpm.c
+LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \
+        x509_obj.o x509_req.o x509spki.o x509_vfy.o \
+        x509_set.o x509cset.o x509rset.o x509_err.o \
+        x509name.o x509_v3.o x509_ext.o x509_att.o \
+        x509type.o x509_lu.o x_all.o x509_txt.o \
+        x509_trs.o by_file.o by_dir.o x509_vpm.o
+SRC= $(LIBSRC)
+EXHEADER= x509.h x509_vfy.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+by_dir.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+by_dir.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+by_dir.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+by_dir.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+by_dir.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+by_dir.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+by_dir.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+by_dir.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+by_dir.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+by_dir.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+by_dir.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+by_dir.o: ../../include/openssl/x509_vfy.h ../cryptlib.h by_dir.c
+by_file.o: ../../e_os.h ../../include/openssl/asn1.h
+by_file.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+by_file.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+by_file.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+by_file.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+by_file.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+by_file.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+by_file.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+by_file.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+by_file.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+by_file.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+by_file.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+by_file.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+by_file.o: ../cryptlib.h by_file.c
+x509_att.o: ../../e_os.h ../../include/openssl/asn1.h
+x509_att.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_att.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_att.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_att.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_att.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_att.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509_att.o: ../cryptlib.h x509_att.c
+x509_cmp.o: ../../e_os.h ../../include/openssl/asn1.h
+x509_cmp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509_cmp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_cmp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_cmp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_cmp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_cmp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_cmp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_cmp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_cmp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_cmp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509_cmp.o: ../cryptlib.h x509_cmp.c
+x509_d2.o: ../../e_os.h ../../include/openssl/asn1.h
+x509_d2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509_d2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x509_d2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509_d2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509_d2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x509_d2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_d2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x509_d2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x509_d2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_d2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_d2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_d2.o: ../cryptlib.h x509_d2.c
+x509_def.o: ../../e_os.h ../../include/openssl/asn1.h
+x509_def.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509_def.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x509_def.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509_def.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509_def.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x509_def.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_def.o: ../../include/openssl/opensslconf.h
+x509_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_def.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_def.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_def.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_def.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_def.c
+x509_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x509_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_err.o: ../../include/openssl/x509_vfy.h x509_err.c
+x509_ext.o: ../../e_os.h ../../include/openssl/asn1.h
+x509_ext.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_ext.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_ext.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_ext.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_ext.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509_ext.o: ../cryptlib.h x509_ext.c
+x509_lu.o: ../../e_os.h ../../include/openssl/asn1.h
+x509_lu.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509_lu.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_lu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_lu.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_lu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_lu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_lu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_lu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_lu.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_lu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_lu.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_lu.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509_lu.o: ../cryptlib.h x509_lu.c
+x509_obj.o: ../../e_os.h ../../include/openssl/asn1.h
+x509_obj.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509_obj.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x509_obj.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509_obj.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509_obj.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x509_obj.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_obj.o: ../../include/openssl/opensslconf.h
+x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_obj.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_obj.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_obj.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_obj.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_obj.c
+x509_r2x.o: ../../e_os.h ../../include/openssl/asn1.h
+x509_r2x.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+x509_r2x.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x509_r2x.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_r2x.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_r2x.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_r2x.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_r2x.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_r2x.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_r2x.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_r2x.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_r2x.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_r2x.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_r2x.c
+x509_req.o: ../../e_os.h ../../include/openssl/asn1.h
+x509_req.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+x509_req.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x509_req.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_req.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_req.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+x509_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_req.c
+x509_set.o: ../../e_os.h ../../include/openssl/asn1.h
+x509_set.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509_set.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x509_set.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509_set.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509_set.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x509_set.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_set.o: ../../include/openssl/opensslconf.h
+x509_set.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_set.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_set.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_set.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_set.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_set.c
+x509_trs.o: ../../e_os.h ../../include/openssl/asn1.h
+x509_trs.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509_trs.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_trs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_trs.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_trs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_trs.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_trs.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_trs.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_trs.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_trs.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_trs.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509_trs.o: ../cryptlib.h x509_trs.c
+x509_txt.o: ../../e_os.h ../../include/openssl/asn1.h
+x509_txt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509_txt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x509_txt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509_txt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509_txt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x509_txt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_txt.o: ../../include/openssl/opensslconf.h
+x509_txt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_txt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_txt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_txt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_txt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_txt.c
+x509_v3.o: ../../e_os.h ../../include/openssl/asn1.h
+x509_v3.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509_v3.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_v3.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_v3.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_v3.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_v3.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_v3.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_v3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_v3.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_v3.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509_v3.o: ../cryptlib.h x509_v3.c
+x509_vfy.o: ../../e_os.h ../../include/openssl/asn1.h
+x509_vfy.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_vfy.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_vfy.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_vfy.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_vfy.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_vfy.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509_vfy.o: ../cryptlib.h x509_vfy.c
+x509_vpm.o: ../../e_os.h ../../include/openssl/asn1.h
+x509_vpm.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509_vpm.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_vpm.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_vpm.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_vpm.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_vpm.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+x509_vpm.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_vpm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_vpm.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509_vpm.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_vpm.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509_vpm.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509_vpm.o: ../cryptlib.h x509_vpm.c
+x509cset.o: ../../e_os.h ../../include/openssl/asn1.h
+x509cset.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509cset.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x509cset.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509cset.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509cset.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x509cset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509cset.o: ../../include/openssl/opensslconf.h
+x509cset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509cset.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509cset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509cset.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509cset.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509cset.c
+x509name.o: ../../e_os.h ../../include/openssl/asn1.h
+x509name.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509name.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x509name.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509name.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509name.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x509name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509name.o: ../../include/openssl/opensslconf.h
+x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509name.c
+x509rset.o: ../../e_os.h ../../include/openssl/asn1.h
+x509rset.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509rset.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x509rset.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509rset.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509rset.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x509rset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509rset.o: ../../include/openssl/opensslconf.h
+x509rset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509rset.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509rset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509rset.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509rset.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509rset.c
+x509spki.o: ../../e_os.h ../../include/openssl/asn1.h
+x509spki.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509spki.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x509spki.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509spki.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509spki.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x509spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509spki.o: ../../include/openssl/opensslconf.h
+x509spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509spki.c
+x509type.o: ../../e_os.h ../../include/openssl/asn1.h
+x509type.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+x509type.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x509type.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509type.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509type.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x509type.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509type.o: ../../include/openssl/opensslconf.h
+x509type.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509type.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+x509type.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509type.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x509type.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509type.c
+x_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+x_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+x_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+x_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_all.c
diff --git a/src/lib/libcrypto/x509/Makefile.ssl b/src/lib/libcrypto/x509/Makefile.ssl
new file mode 100644
index 0000000000..3a3452536c
--- /dev/null
+++ b/src/lib/libcrypto/x509/Makefile.ssl
@@ -0,0 +1,594 @@
+#
+# SSLeay/crypto/x509/Makefile
+#
+DIR=    x509
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile README
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \
+        x509_obj.c x509_req.c x509spki.c x509_vfy.c \
+        x509_set.c x509cset.c x509rset.c x509_err.c \
+        x509name.c x509_v3.c x509_ext.c x509_att.c \
+        x509type.c x509_lu.c x_all.c x509_txt.c \
+        x509_trs.c by_file.c by_dir.c 
+LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \
+        x509_obj.o x509_req.o x509spki.o x509_vfy.o \
+        x509_set.o x509cset.o x509rset.o x509_err.o \
+        x509name.o x509_v3.o x509_ext.o x509_att.o \
+        x509type.o x509_lu.o x_all.o x509_txt.o \
+        x509_trs.o by_file.o by_dir.o
+SRC= $(LIBSRC)
+EXHEADER= x509.h x509_vfy.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+by_dir.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+by_dir.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+by_dir.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+by_dir.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+by_dir.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+by_dir.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+by_dir.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+by_dir.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+by_dir.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+by_dir.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+by_dir.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+by_dir.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+by_dir.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+by_dir.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+by_dir.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+by_dir.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+by_dir.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+by_dir.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+by_dir.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+by_dir.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+by_dir.o: ../cryptlib.h by_dir.c
+by_file.o: ../../e_os.h ../../include/openssl/aes.h
+by_file.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+by_file.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+by_file.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+by_file.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+by_file.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+by_file.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+by_file.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+by_file.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+by_file.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+by_file.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+by_file.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+by_file.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+by_file.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+by_file.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+by_file.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+by_file.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+by_file.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+by_file.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+by_file.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+by_file.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+by_file.o: ../../include/openssl/x509_vfy.h ../cryptlib.h by_file.c
+x509_att.o: ../../e_os.h ../../include/openssl/aes.h
+x509_att.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_att.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_att.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_att.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_att.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_att.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x509_att.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_att.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_att.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_att.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_att.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_att.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_att.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_att.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_att.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_att.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_att.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_att.c
+x509_cmp.o: ../../e_os.h ../../include/openssl/aes.h
+x509_cmp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_cmp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_cmp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_cmp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_cmp.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_cmp.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_cmp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x509_cmp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_cmp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_cmp.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_cmp.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_cmp.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_cmp.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_cmp.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_cmp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_cmp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_cmp.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_cmp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_cmp.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_cmp.c
+x509_d2.o: ../../e_os.h ../../include/openssl/aes.h
+x509_d2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_d2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_d2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_d2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_d2.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_d2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509_d2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_d2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_d2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_d2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_d2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_d2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x509_d2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x509_d2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_d2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_d2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_d2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_d2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x509_d2.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x509_d2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_d2.c
+x509_def.o: ../../e_os.h ../../include/openssl/aes.h
+x509_def.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_def.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_def.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_def.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_def.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_def.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509_def.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_def.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_def.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_def.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_def.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_def.o: ../../include/openssl/opensslconf.h
+x509_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_def.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_def.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_def.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_def.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_def.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_def.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_def.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_def.o: ../cryptlib.h x509_def.c
+x509_err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x509_err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x509_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x509_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x509_err.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x509_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_err.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_err.o: x509_err.c
+x509_ext.o: ../../e_os.h ../../include/openssl/aes.h
+x509_ext.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_ext.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_ext.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_ext.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_ext.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x509_ext.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_ext.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_ext.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_ext.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_ext.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_ext.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_ext.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_ext.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_ext.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_ext.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_ext.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_ext.c
+x509_lu.o: ../../e_os.h ../../include/openssl/aes.h
+x509_lu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_lu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_lu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_lu.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_lu.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_lu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_lu.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x509_lu.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_lu.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_lu.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_lu.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_lu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_lu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_lu.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_lu.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_lu.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_lu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_lu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_lu.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_lu.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_lu.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_lu.c
+x509_obj.o: ../../e_os.h ../../include/openssl/aes.h
+x509_obj.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_obj.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_obj.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_obj.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_obj.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_obj.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509_obj.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_obj.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_obj.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_obj.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_obj.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_obj.o: ../../include/openssl/opensslconf.h
+x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_obj.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_obj.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_obj.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_obj.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_obj.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_obj.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_obj.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_obj.o: ../cryptlib.h x509_obj.c
+x509_r2x.o: ../../e_os.h ../../include/openssl/aes.h
+x509_r2x.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_r2x.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_r2x.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_r2x.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_r2x.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_r2x.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509_r2x.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_r2x.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_r2x.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_r2x.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_r2x.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_r2x.o: ../../include/openssl/opensslconf.h
+x509_r2x.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_r2x.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_r2x.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_r2x.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_r2x.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_r2x.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_r2x.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_r2x.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_r2x.o: ../cryptlib.h x509_r2x.c
+x509_req.o: ../../e_os.h ../../include/openssl/aes.h
+x509_req.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_req.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_req.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_req.o: ../../include/openssl/opensslconf.h
+x509_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_req.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+x509_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_req.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_req.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_req.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_req.o: ../cryptlib.h x509_req.c
+x509_set.o: ../../e_os.h ../../include/openssl/aes.h
+x509_set.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_set.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_set.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_set.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_set.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_set.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509_set.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_set.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_set.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_set.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_set.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_set.o: ../../include/openssl/opensslconf.h
+x509_set.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_set.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_set.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_set.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_set.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_set.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_set.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_set.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_set.o: ../cryptlib.h x509_set.c
+x509_trs.o: ../../e_os.h ../../include/openssl/aes.h
+x509_trs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_trs.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_trs.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_trs.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_trs.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_trs.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_trs.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x509_trs.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_trs.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_trs.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_trs.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_trs.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_trs.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_trs.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_trs.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_trs.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_trs.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_trs.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_trs.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_trs.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_trs.c
+x509_txt.o: ../../e_os.h ../../include/openssl/aes.h
+x509_txt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_txt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_txt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_txt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_txt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_txt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509_txt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_txt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_txt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_txt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_txt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_txt.o: ../../include/openssl/opensslconf.h
+x509_txt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_txt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_txt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_txt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_txt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_txt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_txt.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_txt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_txt.o: ../cryptlib.h x509_txt.c
+x509_v3.o: ../../e_os.h ../../include/openssl/aes.h
+x509_v3.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_v3.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_v3.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_v3.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_v3.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_v3.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_v3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x509_v3.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_v3.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_v3.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_v3.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_v3.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_v3.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_v3.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_v3.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_v3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_v3.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_v3.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_v3.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_v3.c
+x509_vfy.o: ../../e_os.h ../../include/openssl/aes.h
+x509_vfy.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_vfy.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_vfy.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_vfy.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x509_vfy.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_vfy.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_vfy.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_vfy.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_vfy.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_vfy.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_vfy.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_vfy.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_vfy.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_vfy.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_vfy.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_vfy.c
+x509cset.o: ../../e_os.h ../../include/openssl/aes.h
+x509cset.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509cset.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509cset.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509cset.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509cset.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509cset.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509cset.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509cset.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509cset.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509cset.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509cset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509cset.o: ../../include/openssl/opensslconf.h
+x509cset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509cset.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509cset.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509cset.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509cset.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509cset.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509cset.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509cset.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509cset.o: ../cryptlib.h x509cset.c
+x509name.o: ../../e_os.h ../../include/openssl/aes.h
+x509name.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509name.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509name.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509name.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509name.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509name.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509name.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509name.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509name.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509name.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509name.o: ../../include/openssl/opensslconf.h
+x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509name.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509name.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509name.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509name.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509name.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509name.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509name.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509name.o: ../cryptlib.h x509name.c
+x509rset.o: ../../e_os.h ../../include/openssl/aes.h
+x509rset.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509rset.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509rset.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509rset.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509rset.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509rset.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509rset.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509rset.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509rset.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509rset.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509rset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509rset.o: ../../include/openssl/opensslconf.h
+x509rset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509rset.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509rset.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509rset.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509rset.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509rset.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509rset.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509rset.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509rset.o: ../cryptlib.h x509rset.c
+x509spki.o: ../../e_os.h ../../include/openssl/aes.h
+x509spki.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509spki.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509spki.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509spki.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509spki.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509spki.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509spki.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509spki.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509spki.o: ../../include/openssl/opensslconf.h
+x509spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509spki.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509spki.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509spki.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509spki.o: ../cryptlib.h x509spki.c
+x509type.o: ../../e_os.h ../../include/openssl/aes.h
+x509type.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509type.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509type.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509type.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509type.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509type.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509type.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509type.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509type.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509type.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509type.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509type.o: ../../include/openssl/opensslconf.h
+x509type.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509type.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509type.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509type.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509type.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509type.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509type.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509type.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509type.o: ../cryptlib.h x509type.c
+x_all.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_all.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_all.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_all.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x_all.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+x_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_all.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_all.o: ../cryptlib.h x_all.c
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c
index 37f9a48206..ea689aed1a 100644
--- a/src/lib/libcrypto/x509/by_dir.c
+++ b/src/lib/libcrypto/x509/by_dir.c
@@ -189,7 +189,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
        s=dir;
        p=s;
-        for (;;p++)
+        for (;;)
                {
                if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
                        {
@@ -198,11 +198,8 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
                        len=(int)(p-ss);
                        if (len == 0) continue;
                        for (j=0; j<ctx->num_dirs; j++)
-                                if (strlen(ctx->dirs[j]) == (size_t)len &&
+                                if (strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0)
-                                    strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0)
+                                        continue;
-                                        break;
-                        if (j<ctx->num_dirs)
-                                continue;
                        if (ctx->num_dirs_alloced < (ctx->num_dirs+1))
                                {
                                ctx->num_dirs_alloced+=10;
@@ -234,6 +231,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
                        ctx->num_dirs++;
                        }
                if (*p == '\0') break;
+                p++;
                }
        return(1);
        }
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
index e71b5257e5..e8c1a59cf2 100644
--- a/src/lib/libcrypto/x509/x509.h
+++ b/src/lib/libcrypto/x509/x509.h
@@ -55,16 +55,10 @@
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by 
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
 #ifndef HEADER_X509_H
 #define HEADER_X509_H
-#include <openssl/e_os2.h>
 #include <openssl/symhacks.h>
 #ifndef OPENSSL_NO_BUFFER
 #include <openssl/buffer.h>
@@ -79,33 +73,21 @@
 #include <openssl/asn1.h>
 #include <openssl/safestack.h>
-#ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
-#endif
-#ifndef OPENSSL_NO_ECDSA
-#include <openssl/ecdsa.h>
-#endif
-#ifndef OPENSSL_NO_ECDH
-#include <openssl/ecdh.h>
-#endif
-#ifndef OPENSSL_NO_DEPRECATED
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
-#endif
 #ifndef OPENSSL_NO_SHA
 #include <openssl/sha.h>
 #endif
+#include <openssl/e_os2.h>
 #include <openssl/ossl_typ.h>
 #ifdef  __cplusplus
@@ -113,9 +95,8 @@ extern "C" {
 #endif
 #ifdef OPENSSL_SYS_WIN32
-/* Under Win32 these are defined in wincrypt.h */
+/* Under Win32 this is defined in wincrypt.h */
 #undef X509_NAME
-#undef X509_CERT_PAIR
 #endif
 #define X509_FILETYPE_PEM       1
@@ -136,8 +117,8 @@ extern "C" {
 typedef struct X509_objects_st
        {
        int nid;
-        int (*a2i)(void);
+        int (*a2i)();
-        int (*i2a)(void);
+        int (*i2a)();
        } X509_OBJECTS;
 struct X509_algor_st
@@ -146,10 +127,9 @@ struct X509_algor_st
        ASN1_TYPE *parameter;
        } /* X509_ALGOR */;
+DECLARE_STACK_OF(X509_ALGOR)
 DECLARE_ASN1_SET_OF(X509_ALGOR)
-typedef STACK_OF(X509_ALGOR) X509_ALGORS;
 typedef struct X509_val_st
        {
        ASN1_TIME *notBefore;
@@ -204,8 +184,6 @@ typedef struct X509_extension_st
        ASN1_OCTET_STRING *value;
        } X509_EXTENSION;
-typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
 DECLARE_STACK_OF(X509_EXTENSION)
 DECLARE_ASN1_SET_OF(X509_EXTENSION)
@@ -283,18 +261,12 @@ struct x509_st
        CRYPTO_EX_DATA ex_data;
        /* These contain copies of various extension values */
        long ex_pathlen;
-        long ex_pcpathlen;
        unsigned long ex_flags;
        unsigned long ex_kusage;
        unsigned long ex_xkusage;
        unsigned long ex_nscert;
        ASN1_OCTET_STRING *skid;
        struct AUTHORITY_KEYID_st *akid;
-        X509_POLICY_CACHE *policy_cache;
-#ifndef OPENSSL_NO_RFC3779
-        STACK_OF(IPAddressFamily) *rfc3779_addr;
-        struct ASIdentifiers_st *rfc3779_asid;
-#endif
 #ifndef OPENSSL_NO_SHA
        unsigned char sha1_hash[SHA_DIGEST_LENGTH];
 #endif
@@ -317,11 +289,6 @@ typedef struct x509_trust_st {
 DECLARE_STACK_OF(X509_TRUST)
-typedef struct x509_cert_pair_st {
-        X509 *forward;
-        X509 *reverse;
-} X509_CERT_PAIR;
 /* standard trust ids */
 #define X509_TRUST_DEFAULT      -1      /* Only valid in purpose settings */
@@ -688,17 +655,6 @@ extern "C" {
 #define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \
                (unsigned char *)dsa)
-#define d2i_ECPrivateKey_fp(fp,ecdsa) (EC_KEY *)ASN1_d2i_fp((char *(*)())\
-                EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (fp), \
-                (unsigned char **)(ecdsa))
-#define i2d_ECPrivateKey_fp(fp,ecdsa) ASN1_i2d_fp(i2d_ECPrivateKey,fp, \
-                (unsigned char *)ecdsa)
-#define d2i_ECPrivateKey_bio(bp,ecdsa) (EC_KEY *)ASN1_d2i_bio((char *(*)())\
-                EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (bp), \
-                (unsigned char **)(ecdsa))
-#define i2d_ECPrivateKey_bio(bp,ecdsa) ASN1_i2d_bio(i2d_ECPrivateKey,bp, \
-                (unsigned char *)ecdsa)
 #define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\
                (char *(*)())d2i_X509_ALGOR,(char *)xn)
@@ -802,12 +758,6 @@ int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
 DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
 int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
 #endif
-#ifndef OPENSSL_NO_EC
-EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey);
-int   i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey);
-EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey);
-int   i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey);
-#endif
 X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8);
 int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8);
 PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
@@ -841,12 +791,6 @@ int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
 DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
 int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
 #endif
-#ifndef OPENSSL_NO_EC
-EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey);
-int   i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey);
-EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey);
-int   i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey);
-#endif
 X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8);
 int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8);
 PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
@@ -865,10 +809,6 @@ X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);
 X509_CRL *X509_CRL_dup(X509_CRL *crl);
 X509_REQ *X509_REQ_dup(X509_REQ *req);
 X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
-int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);
-void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
-                                                X509_ALGOR *algor);
 X509_NAME *X509_NAME_dup(X509_NAME *xn);
 X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
@@ -890,7 +830,6 @@ X509_REQ *	X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
 X509 *          X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);
 DECLARE_ASN1_FUNCTIONS(X509_ALGOR)
-DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS)
 DECLARE_ASN1_FUNCTIONS(X509_VAL)
 DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)
@@ -900,21 +839,16 @@ EVP_PKEY *	X509_PUBKEY_get(X509_PUBKEY *key);
 int             X509_get_pubkey_parameters(EVP_PKEY *pkey,
                                           STACK_OF(X509) *chain);
 int             i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp);
-EVP_PKEY *      d2i_PUBKEY(EVP_PKEY **a,const unsigned char **pp,
+EVP_PKEY *      d2i_PUBKEY(EVP_PKEY **a,unsigned char **pp,
                        long length);
 #ifndef OPENSSL_NO_RSA
 int             i2d_RSA_PUBKEY(RSA *a,unsigned char **pp);
-RSA *           d2i_RSA_PUBKEY(RSA **a,const unsigned char **pp,
+RSA *           d2i_RSA_PUBKEY(RSA **a,unsigned char **pp,
                        long length);
 #endif
 #ifndef OPENSSL_NO_DSA
 int             i2d_DSA_PUBKEY(DSA *a,unsigned char **pp);
-DSA *           d2i_DSA_PUBKEY(DSA **a,const unsigned char **pp,
+DSA *           d2i_DSA_PUBKEY(DSA **a,unsigned char **pp,
-                        long length);
-#endif
-#ifndef OPENSSL_NO_EC
-int             i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp);
-EC_KEY          *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp,
                        long length);
 #endif
@@ -926,7 +860,6 @@ DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE)
 X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
 DECLARE_ASN1_FUNCTIONS(X509_EXTENSION)
-DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)
 DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY)
@@ -939,19 +872,16 @@ DECLARE_ASN1_FUNCTIONS(X509_CINF)
 DECLARE_ASN1_FUNCTIONS(X509)
 DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
-DECLARE_ASN1_FUNCTIONS(X509_CERT_PAIR)
 int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 int X509_set_ex_data(X509 *r, int idx, void *arg);
 void *X509_get_ex_data(X509 *r, int idx);
 int             i2d_X509_AUX(X509 *a,unsigned char **pp);
-X509 *          d2i_X509_AUX(X509 **a,const unsigned char **pp,long length);
+X509 *          d2i_X509_AUX(X509 **a,unsigned char **pp,long length);
 int X509_alias_set1(X509 *x, unsigned char *name, int len);
 int X509_keyid_set1(X509 *x, unsigned char *id, int len);
 unsigned char * X509_alias_get0(X509 *x, int *len);
-unsigned char * X509_keyid_get0(X509 *x, int *len);
 int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);
 int X509_TRUST_set(int *t, int trust);
 int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
@@ -968,7 +898,7 @@ int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
 X509_PKEY *     X509_PKEY_new(void );
 void            X509_PKEY_free(X509_PKEY *a);
 int             i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp);
-X509_PKEY *     d2i_X509_PKEY(X509_PKEY **a,const unsigned char **pp,long length);
+X509_PKEY *     d2i_X509_PKEY(X509_PKEY **a,unsigned char **pp,long length);
 DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)
 DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
@@ -979,15 +909,15 @@ X509_INFO *	X509_INFO_new(void);
 void            X509_INFO_free(X509_INFO *a);
 char *          X509_NAME_oneline(X509_NAME *a,char *buf,int size);
-int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1,
+int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1,
-                ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey);
+        ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey);
-int ASN1_digest(i2d_of_void *i2d,const EVP_MD *type,char *data,
+int ASN1_digest(int (*i2d)(),const EVP_MD *type,char *data,
-                unsigned char *md,unsigned int *len);
+        unsigned char *md,unsigned int *len);
-int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1,
+int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
-              X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
+        ASN1_BIT_STRING *signature,
-              char *data,EVP_PKEY *pkey, const EVP_MD *type);
+        char *data,EVP_PKEY *pkey, const EVP_MD *type);
 int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data,
        unsigned char *md,unsigned int *len);
@@ -1052,8 +982,6 @@ int X509_CRL_sort(X509_CRL *crl);
 int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
 int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
-int             X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey);
 int             X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
 int             X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
@@ -1200,8 +1128,6 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
                        const char *attrname, int type,
                        const unsigned char *bytes, int len);
-void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
-                                ASN1_OBJECT *obj, int lastpos, int type);
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
             int atrtype, const void *data, int len);
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
@@ -1216,24 +1142,6 @@ int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);
 ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
 ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
-int EVP_PKEY_get_attr_count(const EVP_PKEY *key);
-int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid,
-                          int lastpos);
-int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj,
-                          int lastpos);
-X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc);
-X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc);
-int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr);
-int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
-                        const ASN1_OBJECT *obj, int type,
-                        const unsigned char *bytes, int len);
-int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
-                        int nid, int type,
-                        const unsigned char *bytes, int len);
-int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
-                        const char *attrname, int type,
-                        const unsigned char *bytes, int len);
 int             X509_verify_cert(X509_STORE_CTX *ctx);
 /* lookup a cert from a X509 STACK */
@@ -1280,20 +1188,18 @@ void ERR_load_X509_strings(void);
 /* Function codes. */
 #define X509_F_ADD_CERT_DIR                              100
 #define X509_F_BY_FILE_CTRL                              101
-#define X509_F_CHECK_POLICY                              145
 #define X509_F_DIR_CTRL                                  102
 #define X509_F_GET_CERT_BY_SUBJECT                       103
 #define X509_F_NETSCAPE_SPKI_B64_DECODE                  129
 #define X509_F_NETSCAPE_SPKI_B64_ENCODE                  130
-#define X509_F_X509AT_ADD1_ATTR                          135
 #define X509_F_X509V3_ADD_EXT                            104
+#define X509_F_X509_ADD_ATTR                             135
 #define X509_F_X509_ATTRIBUTE_CREATE_BY_NID              136
 #define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ              137
 #define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT              140
 #define X509_F_X509_ATTRIBUTE_GET0_DATA                  139
 #define X509_F_X509_ATTRIBUTE_SET1_DATA                  138
 #define X509_F_X509_CHECK_PRIVATE_KEY                    128
-#define X509_F_X509_CRL_PRINT_FP                         147
 #define X509_F_X509_EXTENSION_CREATE_BY_NID              108
 #define X509_F_X509_EXTENSION_CREATE_BY_OBJ              109
 #define X509_F_X509_GET_PUBKEY_PARAMETERS                110
@@ -1306,16 +1212,14 @@ void ERR_load_X509_strings(void);
 #define X509_F_X509_NAME_ENTRY_SET_OBJECT                115
 #define X509_F_X509_NAME_ONELINE                         116
 #define X509_F_X509_NAME_PRINT                           117
-#define X509_F_X509_PRINT_EX_FP                          118
+#define X509_F_X509_PRINT_FP                             118
 #define X509_F_X509_PUBKEY_GET                           119
 #define X509_F_X509_PUBKEY_SET                           120
-#define X509_F_X509_REQ_CHECK_PRIVATE_KEY                144
+#define X509_F_X509_REQ_PRINT                            121
-#define X509_F_X509_REQ_PRINT_EX                         121
 #define X509_F_X509_REQ_PRINT_FP                         122
 #define X509_F_X509_REQ_TO_X509                          123
 #define X509_F_X509_STORE_ADD_CERT                       124
 #define X509_F_X509_STORE_ADD_CRL                        125
-#define X509_F_X509_STORE_CTX_GET1_ISSUER                146
 #define X509_F_X509_STORE_CTX_INIT                       143
 #define X509_F_X509_STORE_CTX_NEW                        142
 #define X509_F_X509_STORE_CTX_PURPOSE_INHERIT            134
diff --git a/src/lib/libcrypto/x509/x509_att.c b/src/lib/libcrypto/x509/x509_att.c
index 511b49d589..0bae3d32a1 100644
--- a/src/lib/libcrypto/x509/x509_att.c
+++ b/src/lib/libcrypto/x509/x509_att.c
@@ -67,7 +67,8 @@
 int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
 {
-        return sk_X509_ATTRIBUTE_num(x);
+        if (!x) return 0;
+        return(sk_X509_ATTRIBUTE_num(x));
 }
 int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
@@ -124,13 +125,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
        X509_ATTRIBUTE *new_attr=NULL;
        STACK_OF(X509_ATTRIBUTE) *sk=NULL;
-        if (x == NULL)
+        if ((x != NULL) && (*x == NULL))
-                {
-                X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_PASSED_NULL_PARAMETER);
-                goto err2;
-                } 
-        if (*x == NULL)
                {
                if ((sk=sk_X509_ATTRIBUTE_new_null()) == NULL)
                        goto err;
@@ -142,11 +137,11 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
                goto err2;
        if (!sk_X509_ATTRIBUTE_push(sk,new_attr))
                goto err;
-        if (*x == NULL)
+        if ((x != NULL) && (*x == NULL))
                *x=sk;
        return(sk);
 err:
-        X509err(X509_F_X509AT_ADD1_ATTR,ERR_R_MALLOC_FAILURE);
+        X509err(X509_F_X509_ADD_ATTR,ERR_R_MALLOC_FAILURE);
 err2:
        if (new_attr != NULL) X509_ATTRIBUTE_free(new_attr);
        if (sk != NULL) sk_X509_ATTRIBUTE_free(sk);
@@ -192,22 +187,6 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
        return ret;
 }
-void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
-                                ASN1_OBJECT *obj, int lastpos, int type)
-{
-        int i;
-        X509_ATTRIBUTE *at;
-        i = X509at_get_attr_by_OBJ(x, obj, lastpos);
-        if (i == -1)
-                return NULL;
-        if ((lastpos <= -2) && (X509at_get_attr_by_OBJ(x, obj, i) != -1))
-                return NULL;
-        at = X509at_get_attr(x, i);
-        if (lastpos <= -3 && (X509_ATTRIBUTE_count(at) != 1))
-                return NULL;
-        return X509_ATTRIBUTE_get0_data(at, 0, type, NULL);
-}
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
             int atrtype, const void *data, int len)
 {
@@ -285,8 +264,8 @@ int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
 int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len)
 {
        ASN1_TYPE *ttmp;
-        ASN1_STRING *stmp = NULL;
+        ASN1_STRING *stmp;
-        int atype = 0;
+        int atype;
        if (!attr) return 0;
        if(attrtype & MBSTRING_FLAG) {
                stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
@@ -296,22 +275,16 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *dat
                        return 0;
                }
                atype = stmp->type;
-        } else if (len != -1){
+        } else {
                if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err;
                if(!ASN1_STRING_set(stmp, data, len)) goto err;
                atype = attrtype;
        }
        if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
        if(!(ttmp = ASN1_TYPE_new())) goto err;
-        if (len == -1)
-                {
-                if (!ASN1_TYPE_set1(ttmp, attrtype, data))
-                        goto err;
-                }
-        else
-                ASN1_TYPE_set(ttmp, atype, stmp);
        if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err;
        attr->single = 0;
+        ASN1_TYPE_set(ttmp, atype, stmp);
        return 1;
        err:
        X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
index 0d6bc653b2..030d0966fc 100644
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -322,10 +322,16 @@ unsigned long X509_NAME_hash(X509_NAME *x)
        {
        unsigned long ret=0;
        unsigned char md[16];
+        EVP_MD_CTX md_ctx;
        /* Make sure X509_NAME structure contains valid cached encoding */
        i2d_X509_NAME(x,NULL);
-        EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL);
+        EVP_MD_CTX_init(&md_ctx);
+        EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+        EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL);
+        EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length);
+        EVP_DigestFinal_ex(&md_ctx,md,NULL);
+        EVP_MD_CTX_cleanup(&md_ctx);
        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
@@ -390,36 +396,45 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k)
        int ok=0;
        xk=X509_get_pubkey(x);
-        switch (EVP_PKEY_cmp(xk, k))
+        if (xk->type != k->type)
+            {
+            X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
+            goto err;
+            }
+        switch (k->type)
                {
-        case 1:
+#ifndef OPENSSL_NO_RSA
-                ok=1;
+        case EVP_PKEY_RSA:
+                if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0
+                    || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0)
+                    {
+                    X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
+                    goto err;
+                    }
                break;
-        case 0:
+#endif
-                X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
+#ifndef OPENSSL_NO_DSA
-                break;
+        case EVP_PKEY_DSA:
-        case -1:
+                if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0)
-                X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
+                    {
+                    X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
+                    goto err;
+                    }
                break;
-        case -2:
-#ifndef OPENSSL_NO_EC
-                if (k->type == EVP_PKEY_EC)
-                        {
-                        X509err(X509_F_X509_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);
-                        break;
-                        }
 #endif
 #ifndef OPENSSL_NO_DH
-                if (k->type == EVP_PKEY_DH)
+        case EVP_PKEY_DH:
-                        {
+                /* No idea */
-                        /* No idea */
+                X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
-                        X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
+                goto err;
-                        break;
-                        }
 #endif
+        default:
                X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
+                goto err;
                }
+        ok=1;
+err:
        EVP_PKEY_free(xk);
        return(ok);
        }
diff --git a/src/lib/libcrypto/x509/x509_err.c b/src/lib/libcrypto/x509/x509_err.c
index fb377292da..d44d046027 100644
--- a/src/lib/libcrypto/x509/x509_err.c
+++ b/src/lib/libcrypto/x509/x509_err.c
@@ -72,20 +72,18 @@ static ERR_STRING_DATA X509_str_functs[]=
        {
 {ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"},
 {ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"},
-{ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"},
 {ERR_FUNC(X509_F_DIR_CTRL),     "DIR_CTRL"},
 {ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT),  "GET_CERT_BY_SUBJECT"},
 {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE),     "NETSCAPE_SPKI_b64_decode"},
 {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE),     "NETSCAPE_SPKI_b64_encode"},
-{ERR_FUNC(X509_F_X509AT_ADD1_ATTR),     "X509at_add1_attr"},
 {ERR_FUNC(X509_F_X509V3_ADD_EXT),       "X509v3_add_ext"},
+{ERR_FUNC(X509_F_X509_ADD_ATTR),        "X509_ADD_ATTR"},
 {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID), "X509_ATTRIBUTE_create_by_NID"},
 {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ), "X509_ATTRIBUTE_create_by_OBJ"},
 {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT), "X509_ATTRIBUTE_create_by_txt"},
 {ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA),     "X509_ATTRIBUTE_get0_data"},
 {ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA),     "X509_ATTRIBUTE_set1_data"},
 {ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY),       "X509_check_private_key"},
-{ERR_FUNC(X509_F_X509_CRL_PRINT_FP),    "X509_CRL_print_fp"},
 {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID), "X509_EXTENSION_create_by_NID"},
 {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ), "X509_EXTENSION_create_by_OBJ"},
 {ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS),   "X509_get_pubkey_parameters"},
@@ -98,16 +96,14 @@ static ERR_STRING_DATA X509_str_functs[]=
 {ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT),   "X509_NAME_ENTRY_set_object"},
 {ERR_FUNC(X509_F_X509_NAME_ONELINE),    "X509_NAME_oneline"},
 {ERR_FUNC(X509_F_X509_NAME_PRINT),      "X509_NAME_print"},
-{ERR_FUNC(X509_F_X509_PRINT_EX_FP),     "X509_print_ex_fp"},
+{ERR_FUNC(X509_F_X509_PRINT_FP),        "X509_print_fp"},
 {ERR_FUNC(X509_F_X509_PUBKEY_GET),      "X509_PUBKEY_get"},
 {ERR_FUNC(X509_F_X509_PUBKEY_SET),      "X509_PUBKEY_set"},
-{ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY),   "X509_REQ_check_private_key"},
+{ERR_FUNC(X509_F_X509_REQ_PRINT),       "X509_REQ_print"},
-{ERR_FUNC(X509_F_X509_REQ_PRINT_EX),    "X509_REQ_print_ex"},
 {ERR_FUNC(X509_F_X509_REQ_PRINT_FP),    "X509_REQ_print_fp"},
 {ERR_FUNC(X509_F_X509_REQ_TO_X509),     "X509_REQ_to_X509"},
 {ERR_FUNC(X509_F_X509_STORE_ADD_CERT),  "X509_STORE_add_cert"},
 {ERR_FUNC(X509_F_X509_STORE_ADD_CRL),   "X509_STORE_add_crl"},
-{ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER),   "X509_STORE_CTX_get1_issuer"},
 {ERR_FUNC(X509_F_X509_STORE_CTX_INIT),  "X509_STORE_CTX_init"},
 {ERR_FUNC(X509_F_X509_STORE_CTX_NEW),   "X509_STORE_CTX_new"},
 {ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT),       "X509_STORE_CTX_purpose_inherit"},
@@ -150,12 +146,15 @@ static ERR_STRING_DATA X509_str_reasons[]=
 void ERR_load_X509_strings(void)
        {
-#ifndef OPENSSL_NO_ERR
+        static int init=1;
-        if (ERR_func_error_string(X509_str_functs[0].error) == NULL)
+        if (init)
                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
                ERR_load_strings(0,X509_str_functs);
                ERR_load_strings(0,X509_str_reasons);
-                }
 #endif
+                }
        }
diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c
index cd2cfb6d85..b780dae5e2 100644
--- a/src/lib/libcrypto/x509/x509_lu.c
+++ b/src/lib/libcrypto/x509/x509_lu.c
@@ -187,8 +187,10 @@ X509_STORE *X509_STORE_new(void)
        ret->verify=0;
        ret->verify_cb=0;
-        if ((ret->param = X509_VERIFY_PARAM_new()) == NULL)
+        ret->purpose = 0;
-                return NULL;
+        ret->trust = 0;
+        ret->flags = 0;
        ret->get_issuer = 0;
        ret->check_issued = 0;
@@ -200,6 +202,7 @@ X509_STORE *X509_STORE_new(void)
        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data);
        ret->references=1;
+        ret->depth=0;
        return ret;
        }
@@ -241,8 +244,6 @@ void X509_STORE_free(X509_STORE *vfy)
        sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
-        if (vfy->param)
-                X509_VERIFY_PARAM_free(vfy->param);
        OPENSSL_free(vfy);
        }
@@ -497,7 +498,7 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
                if (ok == X509_LU_RETRY)
                        {
                        X509_OBJECT_free_contents(&obj);
-                        X509err(X509_F_X509_STORE_CTX_GET1_ISSUER,X509_R_SHOULD_RETRY);
+                        X509err(X509_F_X509_VERIFY_CERT,X509_R_SHOULD_RETRY);
                        return -1;
                        }
                else if (ok != X509_LU_FAIL)
@@ -537,30 +538,19 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
        return 0;
 }
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags)
+void X509_STORE_set_flags(X509_STORE *ctx, long flags)
        {
-        return X509_VERIFY_PARAM_set_flags(ctx->param, flags);
+        ctx->flags |= flags;
-        }
-int X509_STORE_set_depth(X509_STORE *ctx, int depth)
-        {
-        X509_VERIFY_PARAM_set_depth(ctx->param, depth);
-        return 1;
        }
 int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)
        {
-        return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);
+        return X509_PURPOSE_set(&ctx->purpose, purpose);
        }
 int X509_STORE_set_trust(X509_STORE *ctx, int trust)
        {
-        return X509_VERIFY_PARAM_set_trust(ctx->param, trust);
+        return X509_TRUST_set(&ctx->trust, trust);
-        }
-int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param)
-        {
-        return X509_VERIFY_PARAM_set1(ctx->param, param);
        }
 IMPLEMENT_STACK_OF(X509_LOOKUP)
diff --git a/src/lib/libcrypto/x509/x509_r2x.c b/src/lib/libcrypto/x509/x509_r2x.c
index 254a14693d..fb8a78dabe 100644
--- a/src/lib/libcrypto/x509/x509_r2x.c
+++ b/src/lib/libcrypto/x509/x509_r2x.c
@@ -89,10 +89,8 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
                }
        xn=X509_REQ_get_subject_name(r);
-        if (X509_set_subject_name(ret,X509_NAME_dup(xn)) == 0)
+        X509_set_subject_name(ret,X509_NAME_dup(xn));
-                goto err;
+        X509_set_issuer_name(ret,X509_NAME_dup(xn));
-        if (X509_set_issuer_name(ret,X509_NAME_dup(xn)) == 0)
-                goto err;
        if (X509_gmtime_adj(xi->validity->notBefore,0) == NULL)
                goto err;
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c
index 3872e1fb64..59fc6ca548 100644
--- a/src/lib/libcrypto/x509/x509_req.c
+++ b/src/lib/libcrypto/x509/x509_req.c
@@ -113,46 +113,6 @@ EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
        return(X509_PUBKEY_get(req->req_info->pubkey));
        }
-int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
-        {
-        EVP_PKEY *xk=NULL;
-        int ok=0;
-        xk=X509_REQ_get_pubkey(x);
-        switch (EVP_PKEY_cmp(xk, k))
-                {
-        case 1:
-                ok=1;
-                break;
-        case 0:
-                X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
-                break;
-        case -1:
-                X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
-                break;
-        case -2:
-#ifndef OPENSSL_NO_EC
-                if (k->type == EVP_PKEY_EC)
-                        {
-                        X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);
-                        break;
-                        }
-#endif
-#ifndef OPENSSL_NO_DH
-                if (k->type == EVP_PKEY_DH)
-                        {
-                        /* No idea */
-                        X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
-                        break;
-                        }
-#endif
-                X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
-                }
-        EVP_PKEY_free(xk);
-        return(ok);
-        }
 /* It seems several organisations had the same idea of including a list of
 * extensions in a certificate request. There are at least two OIDs that are
 * used and there may be more: so the list is configurable.
@@ -187,7 +147,7 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
        X509_ATTRIBUTE *attr;
        ASN1_TYPE *ext = NULL;
        int idx, *pnid;
-        const unsigned char *p;
+        unsigned char *p;
        if ((req == NULL) || (req->req_info == NULL) || !ext_nids)
                return(NULL);
@@ -209,7 +169,7 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
                        ext->value.sequence->length,
                        d2i_X509_EXTENSION, X509_EXTENSION_free,
                        V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
-}
+        }
 /* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
 * in case we want to create a non standard one.
@@ -242,11 +202,6 @@ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
        at = NULL;
        attr->single = 0;
        attr->object = OBJ_nid2obj(nid);
-        if (!req->req_info->attributes)
-                {
-                if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null()))
-                        goto err;
-                }
        if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
        return 1;
        err:
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
index 9c84a59d52..881252608d 100644
--- a/src/lib/libcrypto/x509/x509_trs.c
+++ b/src/lib/libcrypto/x509/x509_trs.c
@@ -128,7 +128,7 @@ int X509_TRUST_get_count(void)
 X509_TRUST * X509_TRUST_get0(int idx)
 {
        if(idx < 0) return NULL;
-        if(idx < (int)X509_TRUST_COUNT) return trstandard + idx;
+        if(idx < X509_TRUST_COUNT) return trstandard + idx;
        return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
 }
@@ -219,7 +219,7 @@ static void trtable_free(X509_TRUST *p)
 void X509_TRUST_cleanup(void)
 {
-        unsigned int i;
+        int i;
        for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i);
        sk_X509_TRUST_pop_free(trtable, trtable_free);
        trtable = NULL;
diff --git a/src/lib/libcrypto/x509/x509_txt.c b/src/lib/libcrypto/x509/x509_txt.c
index 73a8ec726f..f19e66a238 100644
--- a/src/lib/libcrypto/x509/x509_txt.c
+++ b/src/lib/libcrypto/x509/x509_txt.c
@@ -129,7 +129,7 @@ const char *X509_verify_cert_error_string(long n)
        case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED:
                return("proxy path length constraint exceeded");
        case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED:
-                return("proxy certificates not allowed, please set the appropriate flag");
+                return("proxy cerificates not allowed, please set the appropriate flag");
        case X509_V_ERR_INVALID_PURPOSE:
                return ("unsupported certificate purpose");
        case X509_V_ERR_CERT_UNTRUSTED:
@@ -156,14 +156,6 @@ const char *X509_verify_cert_error_string(long n)
                return("key usage does not include digital signature");
        case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
                return("unhandled critical CRL extension");
-        case X509_V_ERR_INVALID_EXTENSION:
-                return("invalid or inconsistent certificate extension");
-        case X509_V_ERR_INVALID_POLICY_EXTENSION:
-                return("invalid or inconsistent certificate policy extension");
-        case X509_V_ERR_NO_EXPLICIT_POLICY:
-                return("no explicit policy");
-        case X509_V_ERR_UNNESTED_RESOURCE:
-                return("RFC 3779 resource not subset of parent's resources");
        default:
                BIO_snprintf(buf,sizeof buf,"error number %ld",n);
                return(buf);
diff --git a/src/lib/libcrypto/x509/x509_v3.c b/src/lib/libcrypto/x509/x509_v3.c
index 42e6f0ab05..67b1796a92 100644
--- a/src/lib/libcrypto/x509/x509_v3.c
+++ b/src/lib/libcrypto/x509/x509_v3.c
@@ -147,13 +147,7 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
        int n;
        STACK_OF(X509_EXTENSION) *sk=NULL;
-        if (x == NULL)
+        if ((x != NULL) && (*x == NULL))
-                {
-                X509err(X509_F_X509V3_ADD_EXT,ERR_R_PASSED_NULL_PARAMETER);
-                goto err2;
-                }
-        if (*x == NULL)
                {
                if ((sk=sk_X509_EXTENSION_new_null()) == NULL)
                        goto err;
@@ -169,7 +163,7 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
                goto err2;
        if (!sk_X509_EXTENSION_insert(sk,new_ex,loc))
                goto err;
-        if (*x == NULL)
+        if ((x != NULL) && (*x == NULL))
                *x=sk;
        return(sk);
 err:
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index 9a62ebcf67..383e082aba 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -77,9 +77,8 @@ static int check_chain_extensions(X509_STORE_CTX *ctx);
 static int check_trust(X509_STORE_CTX *ctx);
 static int check_revocation(X509_STORE_CTX *ctx);
 static int check_cert(X509_STORE_CTX *ctx);
-static int check_policy(X509_STORE_CTX *ctx);
 static int internal_verify(X509_STORE_CTX *ctx);
-const char X509_version[]="X.509" OPENSSL_VERSION_PTEXT;
+const char *X509_version="X.509" OPENSSL_VERSION_PTEXT;
 static int null_callback(int ok, X509_STORE_CTX *e)
@@ -98,12 +97,11 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
        {
        X509 *x,*xtmp,*chain_ss=NULL;
        X509_NAME *xn;
-        int bad_chain = 0;
-        X509_VERIFY_PARAM *param = ctx->param;
        int depth,i,ok=0;
        int num;
-        int (*cb)(int xok,X509_STORE_CTX *xctx);
+        int (*cb)();
        STACK_OF(X509) *sktmp=NULL;
        if (ctx->cert == NULL)
                {
                X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
@@ -136,7 +134,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
        num=sk_X509_num(ctx->chain);
        x=sk_X509_value(ctx->chain,num-1);
-        depth=param->depth;
+        depth=ctx->depth;
        for (;;)
@@ -164,7 +162,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
                                        goto end;
                                        }
                                CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509);
-                                (void)sk_X509_delete_ptr(sktmp,xtmp);
+                                sk_X509_delete_ptr(sktmp,xtmp);
                                ctx->last_untrusted++;
                                x=xtmp;
                                num++;
@@ -203,7 +201,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
                                ctx->current_cert=x;
                                ctx->error_depth=i-1;
                                if (ok == 1) X509_free(xtmp);
-                                bad_chain = 1;
                                ok=cb(0,ctx);
                                if (!ok) goto end;
                                }
@@ -214,7 +211,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
                                 */
                                X509_free(x);
                                x = xtmp;
-                                (void)sk_X509_set(ctx->chain, i - 1, x);
+                                sk_X509_set(ctx->chain, i - 1, x);
                                ctx->last_untrusted=0;
                                }
                        }
@@ -279,7 +276,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
                        }
                ctx->error_depth=num-1;
-                bad_chain = 1;
                ok=cb(0,ctx);
                if (!ok) goto end;
                }
@@ -291,7 +287,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
        /* The chain extensions are OK: check trust */
-        if (param->trust > 0) ok = check_trust(ctx);
+        if (ctx->trust > 0) ok = check_trust(ctx);
        if (!ok) goto end;
@@ -305,25 +301,11 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
        ok = ctx->check_revocation(ctx);
        if(!ok) goto end;
-        /* At this point, we have a chain and need to verify it */
+        /* At this point, we have a chain and just need to verify it */
        if (ctx->verify != NULL)
                ok=ctx->verify(ctx);
        else
                ok=internal_verify(ctx);
-        if(!ok) goto end;
-#ifndef OPENSSL_NO_RFC3779
-        /* RFC 3779 path validation, now that CRL check has been done */
-        ok = v3_asid_validate_path(ctx);
-        if (!ok) goto end;
-        ok = v3_addr_validate_path(ctx);
-        if (!ok) goto end;
-#endif
-        /* If we get this far evaluate policies */
-        if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
-                ok = ctx->check_policy(ctx);
-        if(!ok) goto end;
        if (0)
                {
 end:
@@ -360,7 +342,7 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
        if (ret == X509_V_OK)
                return 1;
        /* If we haven't asked for issuer errors don't set ctx */
-        if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK))
+        if (!(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK))
                return 0;
        ctx->error = ret;
@@ -383,7 +365,7 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
        else
                return 0;
 }
-        
 /* Check a certificate chains extensions for consistency
 * with the supplied purpose
@@ -396,10 +378,9 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
 #else
        int i, ok=0, must_be_ca;
        X509 *x;
-        int (*cb)(int xok,X509_STORE_CTX *xctx);
+        int (*cb)();
        int proxy_path_length = 0;
-        int allow_proxy_certs =
+        int allow_proxy_certs = !!(ctx->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
-                !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
        cb=ctx->verify_cb;
        /* must_be_ca can have 1 of 3 values:
@@ -422,7 +403,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
                {
                int ret;
                x = sk_X509_value(ctx->chain, i);
-                if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
+                if (!(ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
                        && (x->ex_flags & EXFLAG_CRITICAL))
                        {
                        ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
@@ -443,7 +424,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
                switch(must_be_ca)
                        {
                case -1:
-                        if ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
+                        if ((ctx->flags & X509_V_FLAG_X509_STRICT)
                                && (ret != 1) && (ret != 0))
                                {
                                ret = 0;
@@ -463,7 +444,7 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
                        break;
                default:
                        if ((ret == 0)
-                                || ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
+                                || ((ctx->flags & X509_V_FLAG_X509_STRICT)
                                        && (ret != 1)))
                                {
                                ret = 0;
@@ -480,12 +461,12 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
                        ok=cb(0,ctx);
                        if (!ok) goto end;
                        }
-                if (ctx->param->purpose > 0)
+                if (ctx->purpose > 0)
                        {
-                        ret = X509_check_purpose(x, ctx->param->purpose,
+                        ret = X509_check_purpose(x, ctx->purpose,
                                must_be_ca > 0);
                        if ((ret == 0)
-                                || ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
+                                || ((ctx->flags & X509_V_FLAG_X509_STRICT)
                                        && (ret != 1)))
                                {
                                ctx->error = X509_V_ERR_INVALID_PURPOSE;
@@ -511,15 +492,21 @@ static int check_chain_extensions(X509_STORE_CTX *ctx)
                   CA certificate.  */
                if (x->ex_flags & EXFLAG_PROXY)
                        {
-                        if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen)
+                        PROXY_CERT_INFO_EXTENSION *pci =
+                                X509_get_ext_d2i(x, NID_proxyCertInfo,
+                                        NULL, NULL);
+                        if (pci->pcPathLengthConstraint &&
+                                ASN1_INTEGER_get(pci->pcPathLengthConstraint)
+                                < i)
                                {
-                                ctx->error =
+                                PROXY_CERT_INFO_EXTENSION_free(pci);
-                                        X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
+                                ctx->error = X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
                                ctx->error_depth = i;
                                ctx->current_cert = x;
                                ok=cb(0,ctx);
                                if (!ok) goto end;
                                }
+                        PROXY_CERT_INFO_EXTENSION_free(pci);
                        proxy_path_length++;
                        must_be_ca = 0;
                        }
@@ -539,12 +526,12 @@ static int check_trust(X509_STORE_CTX *ctx)
 #else
        int i, ok;
        X509 *x;
-        int (*cb)(int xok,X509_STORE_CTX *xctx);
+        int (*cb)();
        cb=ctx->verify_cb;
 /* For now just check the last certificate in the chain */
        i = sk_X509_num(ctx->chain) - 1;
        x = sk_X509_value(ctx->chain, i);
-        ok = X509_check_trust(x, ctx->param->trust, 0);
+        ok = X509_check_trust(x, ctx->trust, 0);
        if (ok == X509_TRUST_TRUSTED)
                return 1;
        ctx->error_depth = i;
@@ -561,9 +548,9 @@ static int check_trust(X509_STORE_CTX *ctx)
 static int check_revocation(X509_STORE_CTX *ctx)
        {
        int i, last, ok;
-        if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK))
+        if (!(ctx->flags & X509_V_FLAG_CRL_CHECK))
                return 1;
-        if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL)
+        if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL)
                last = sk_X509_num(ctx->chain) - 1;
        else
                last = 0;
@@ -606,124 +593,17 @@ static int check_cert(X509_STORE_CTX *ctx)
        }
-/* Check CRL times against values in X509_STORE_CTX */
-static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
-        {
-        time_t *ptime;
-        int i;
-        ctx->current_crl = crl;
-        if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
-                ptime = &ctx->param->check_time;
-        else
-                ptime = NULL;
-        i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
-        if (i == 0)
-                {
-                ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
-                if (!notify || !ctx->verify_cb(0, ctx))
-                        return 0;
-                }
-        if (i > 0)
-                {
-                ctx->error=X509_V_ERR_CRL_NOT_YET_VALID;
-                if (!notify || !ctx->verify_cb(0, ctx))
-                        return 0;
-                }
-        if(X509_CRL_get_nextUpdate(crl))
-                {
-                i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
-                if (i == 0)
-                        {
-                        ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
-                        if (!notify || !ctx->verify_cb(0, ctx))
-                                return 0;
-                        }
-                if (i < 0)
-                        {
-                        ctx->error=X509_V_ERR_CRL_HAS_EXPIRED;
-                        if (!notify || !ctx->verify_cb(0, ctx))
-                                return 0;
-                        }
-                }
-        ctx->current_crl = NULL;
-        return 1;
-        }
-/* Lookup CRLs from the supplied list. Look for matching isser name
- * and validity. If we can't find a valid CRL return the last one
- * with matching name. This gives more meaningful error codes. Otherwise
- * we'd get a CRL not found error if a CRL existed with matching name but
- * was invalid.
- */
-static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl,
-                        X509_NAME *nm, STACK_OF(X509_CRL) *crls)
-        {
-        int i;
-        X509_CRL *crl, *best_crl = NULL;
-        for (i = 0; i < sk_X509_CRL_num(crls); i++)
-                {
-                crl = sk_X509_CRL_value(crls, i);
-                if (X509_NAME_cmp(nm, X509_CRL_get_issuer(crl)))
-                        continue;
-                if (check_crl_time(ctx, crl, 0))
-                        {
-                        *pcrl = crl;
-                        CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509);
-                        return 1;
-                        }
-                best_crl = crl;
-                }
-        if (best_crl)
-                {
-                *pcrl = best_crl;
-                CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509);
-                }
-                
-        return 0;
-        }
 /* Retrieve CRL corresponding to certificate: currently just a
 * subject lookup: maybe use AKID later...
+ * Also might look up any included CRLs too (e.g PKCS#7 signedData).
 */
-static int get_crl(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509 *x)
+static int get_crl(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x)
        {
        int ok;
-        X509_CRL *crl = NULL;
        X509_OBJECT xobj;
-        X509_NAME *nm;
+        ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, X509_get_issuer_name(x), &xobj);
-        nm = X509_get_issuer_name(x);
+        if (!ok) return 0;
-        ok = get_crl_sk(ctx, &crl, nm, ctx->crls);
+        *crl = xobj.data.crl;
-        if (ok)
-                {
-                *pcrl = crl;
-                return 1;
-                }
-        ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj);
-        if (!ok)
-                {
-                /* If we got a near match from get_crl_sk use that */
-                if (crl)
-                        {
-                        *pcrl = crl;
-                        return 1;
-                        }
-                return 0;
-                }
-        *pcrl = xobj.data.crl;
-        if (crl)
-                X509_CRL_free(crl);
        return 1;
        }
@@ -732,7 +612,8 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
        {
        X509 *issuer = NULL;
        EVP_PKEY *ikey = NULL;
-        int ok = 0, chnum, cnum;
+        int ok = 0, chnum, cnum, i;
+        time_t *ptime;
        cnum = ctx->error_depth;
        chnum = sk_X509_num(ctx->chain) - 1;
        /* Find CRL issuer: if not last certificate then issuer
@@ -784,9 +665,45 @@ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
                        }
                }
-        ok = check_crl_time(ctx, crl, 1);
+        /* OK, CRL signature valid check times */
-        if (!ok)
+        if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME)
-                goto err;
+                ptime = &ctx->check_time;
+        else
+                ptime = NULL;
+        i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
+        if (i == 0)
+                {
+                ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
+                ok = ctx->verify_cb(0, ctx);
+                if (!ok) goto err;
+                }
+        if (i > 0)
+                {
+                ctx->error=X509_V_ERR_CRL_NOT_YET_VALID;
+                ok = ctx->verify_cb(0, ctx);
+                if (!ok) goto err;
+                }
+        if(X509_CRL_get_nextUpdate(crl))
+                {
+                i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
+                if (i == 0)
+                        {
+                        ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
+                        ok = ctx->verify_cb(0, ctx);
+                        if (!ok) goto err;
+                        }
+                if (i < 0)
+                        {
+                        ctx->error=X509_V_ERR_CRL_HAS_EXPIRED;
+                        ok = ctx->verify_cb(0, ctx);
+                        if (!ok) goto err;
+                        }
+                }
        ok = 1;
@@ -824,7 +741,7 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
                if (!ok) return 0;
                }
-        if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
+        if (ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
                return 1;
        /* See if we have any critical CRL extensions: since we
@@ -851,106 +768,13 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
        return 1;
        }
-static int check_policy(X509_STORE_CTX *ctx)
-        {
-        int ret;
-        ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
-                                ctx->param->policies, ctx->param->flags);
-        if (ret == 0)
-                {
-                X509err(X509_F_CHECK_POLICY,ERR_R_MALLOC_FAILURE);
-                return 0;
-                }
-        /* Invalid or inconsistent extensions */
-        if (ret == -1)
-                {
-                /* Locate certificates with bad extensions and notify
-                 * callback.
-                 */
-                X509 *x;
-                int i;
-                for (i = 1; i < sk_X509_num(ctx->chain); i++)
-                        {
-                        x = sk_X509_value(ctx->chain, i);
-                        if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
-                                continue;
-                        ctx->current_cert = x;
-                        ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
-                        ret = ctx->verify_cb(0, ctx);
-                        }
-                return 1;
-                }
-        if (ret == -2)
-                {
-                ctx->current_cert = NULL;
-                ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY;
-                return ctx->verify_cb(0, ctx);
-                }
-        if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY)
-                {
-                ctx->current_cert = NULL;
-                ctx->error = X509_V_OK;
-                if (!ctx->verify_cb(2, ctx))
-                        return 0;
-                }
-        return 1;
-        }
-static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
-        {
-        time_t *ptime;
-        int i;
-        if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
-                ptime = &ctx->param->check_time;
-        else
-                ptime = NULL;
-        i=X509_cmp_time(X509_get_notBefore(x), ptime);
-        if (i == 0)
-                {
-                ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
-                ctx->current_cert=x;
-                if (!ctx->verify_cb(0, ctx))
-                        return 0;
-                }
-        if (i > 0)
-                {
-                ctx->error=X509_V_ERR_CERT_NOT_YET_VALID;
-                ctx->current_cert=x;
-                if (!ctx->verify_cb(0, ctx))
-                        return 0;
-                }
-        i=X509_cmp_time(X509_get_notAfter(x), ptime);
-        if (i == 0)
-                {
-                ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
-                ctx->current_cert=x;
-                if (!ctx->verify_cb(0, ctx))
-                        return 0;
-                }
-        if (i < 0)
-                {
-                ctx->error=X509_V_ERR_CERT_HAS_EXPIRED;
-                ctx->current_cert=x;
-                if (!ctx->verify_cb(0, ctx))
-                        return 0;
-                }
-        return 1;
-        }
 static int internal_verify(X509_STORE_CTX *ctx)
        {
-        int ok=0,n;
+        int i,ok=0,n;
        X509 *xs,*xi;
        EVP_PKEY *pkey=NULL;
-        int (*cb)(int xok,X509_STORE_CTX *xctx);
+        time_t *ptime;
+        int (*cb)();
        cb=ctx->verify_cb;
@@ -958,7 +782,10 @@ static int internal_verify(X509_STORE_CTX *ctx)
        ctx->error_depth=n-1;
        n--;
        xi=sk_X509_value(ctx->chain,n);
+        if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME)
+                ptime = &ctx->check_time;
+        else
+                ptime = NULL;
        if (ctx->check_issued(ctx, xi, xi))
                xs=xi;
        else
@@ -1011,13 +838,41 @@ static int internal_verify(X509_STORE_CTX *ctx)
                                }
                        EVP_PKEY_free(pkey);
                        pkey=NULL;
+                        i=X509_cmp_time(X509_get_notBefore(xs), ptime);
+                        if (i == 0)
+                                {
+                                ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
+                                ctx->current_cert=xs;
+                                ok=(*cb)(0,ctx);
+                                if (!ok) goto end;
+                                }
+                        if (i > 0)
+                                {
+                                ctx->error=X509_V_ERR_CERT_NOT_YET_VALID;
+                                ctx->current_cert=xs;
+                                ok=(*cb)(0,ctx);
+                                if (!ok) goto end;
+                                }
+                        xs->valid=1;
                        }
-                xs->valid = 1;
+                i=X509_cmp_time(X509_get_notAfter(xs), ptime);
+                if (i == 0)
+                        {
+                        ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
+                        ctx->current_cert=xs;
+                        ok=(*cb)(0,ctx);
+                        if (!ok) goto end;
+                        }
-                ok = check_cert_time(ctx, xs);
+                if (i < 0)
-                if (!ok)
+                        {
-                        goto end;
+                        ctx->error=X509_V_ERR_CERT_HAS_EXPIRED;
+                        ctx->current_cert=xs;
+                        ok=(*cb)(0,ctx);
+                        if (!ok) goto end;
+                        }
                /* The last error (if any) is still in the error value */
                ctx->current_issuer=xi;
@@ -1250,11 +1105,6 @@ void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
        ctx->untrusted=sk;
        }
-void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk)
-        {
-        ctx->crls=sk;
-        }
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
        {
        return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
@@ -1318,8 +1168,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
                        }
                }
-        if (purpose && !ctx->param->purpose) ctx->param->purpose = purpose;
+        if (purpose && !ctx->purpose) ctx->purpose = purpose;
-        if (trust && !ctx->param->trust) ctx->param->trust = trust;
+        if (trust && !ctx->trust) ctx->trust = trust;
        return 1;
 }
@@ -1345,30 +1195,20 @@ void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
             STACK_OF(X509) *chain)
        {
-        int ret = 1;
        ctx->ctx=store;
        ctx->current_method=0;
        ctx->cert=x509;
        ctx->untrusted=chain;
-        ctx->crls = NULL;
        ctx->last_untrusted=0;
+        ctx->check_time=0;
        ctx->other_ctx=NULL;
        ctx->valid=0;
        ctx->chain=NULL;
+        ctx->depth=9;
        ctx->error=0;
-        ctx->explicit_policy=0;
        ctx->error_depth=0;
        ctx->current_cert=NULL;
        ctx->current_issuer=NULL;
-        ctx->tree = NULL;
-        ctx->param = X509_VERIFY_PARAM_new();
-        if (!ctx->param)
-                {
-                X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE);
-                return 0;
-                }
        /* Inherit callbacks and flags from X509_STORE if not set
         * use defaults.
@@ -1376,26 +1216,18 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
        if (store)
-                ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
-        else
-                ctx->param->flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE;
-        if (store)
                {
-                ctx->verify_cb = store->verify_cb;
+                ctx->purpose=store->purpose;
+                ctx->trust=store->trust;
+                ctx->flags = store->flags;
                ctx->cleanup = store->cleanup;
                }
        else
-                ctx->cleanup = 0;
-        if (ret)
-                ret = X509_VERIFY_PARAM_inherit(ctx->param,
-                                        X509_VERIFY_PARAM_lookup("default"));
-        if (ret == 0)
                {
-                X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE);
+                ctx->purpose = 0;
-                return 0;
+                ctx->trust = 0;
+                ctx->flags = 0;
+                ctx->cleanup = 0;
                }
        if (store && store->check_issued)
@@ -1438,8 +1270,6 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
        else
                ctx->cert_crl = cert_crl;
-        ctx->check_policy = check_policy;
        /* This memset() can't make any sense anyway, so it's removed. As
         * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a
@@ -1468,16 +1298,6 @@ void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
        {
        if (ctx->cleanup) ctx->cleanup(ctx);
-        if (ctx->param != NULL)
-                {
-                X509_VERIFY_PARAM_free(ctx->param);
-                ctx->param=NULL;
-                }
-        if (ctx->tree != NULL)
-                {
-                X509_policy_tree_free(ctx->tree);
-                ctx->tree=NULL;
-                }
        if (ctx->chain != NULL)
                {
                sk_X509_pop_free(ctx->chain,X509_free);
@@ -1487,19 +1307,15 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
        memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
        }
-void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth)
+void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags)
        {
-        X509_VERIFY_PARAM_set_depth(ctx->param, depth);
+        ctx->flags |= flags;
        }
-void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags)
+void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t)
        {
-        X509_VERIFY_PARAM_set_flags(ctx->param, flags);
+        ctx->check_time = t;
-        }
+        ctx->flags |= X509_V_FLAG_USE_CHECK_TIME;
-void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t)
-        {
-        X509_VERIFY_PARAM_set_time(ctx->param, t);
        }
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
@@ -1508,37 +1324,6 @@ void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
        ctx->verify_cb=verify_cb;
        }
-X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx)
-        {
-        return ctx->tree;
-        }
-int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx)
-        {
-        return ctx->explicit_policy;
-        }
-int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name)
-        {
-        const X509_VERIFY_PARAM *param;
-        param = X509_VERIFY_PARAM_lookup(name);
-        if (!param)
-                return 0;
-        return X509_VERIFY_PARAM_inherit(ctx->param, param);
-        }
-X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx)
-        {
-        return ctx->param;
-        }
-void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param)
-        {
-        if (ctx->param)
-                X509_VERIFY_PARAM_free(ctx->param);
-        ctx->param = param;
-        }
 IMPLEMENT_STACK_OF(X509)
 IMPLEMENT_ASN1_SET_OF(X509)
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h
index 76c76e1719..7fd1f0bc4d 100644
--- a/src/lib/libcrypto/x509/x509_vfy.h
+++ b/src/lib/libcrypto/x509/x509_vfy.h
@@ -65,7 +65,6 @@
 #ifndef HEADER_X509_VFY_H
 #define HEADER_X509_VFY_H
-#include <openssl/opensslconf.h>
 #ifndef OPENSSL_NO_LHASH
 #include <openssl/lhash.h>
 #endif
@@ -156,25 +155,6 @@ typedef struct x509_lookup_method_st
                            X509_OBJECT *ret);
        } X509_LOOKUP_METHOD;
-/* This structure hold all parameters associated with a verify operation
- * by including an X509_VERIFY_PARAM structure in related structures the
- * parameters used can be customized
- */
-typedef struct X509_VERIFY_PARAM_st
-        {
-        char *name;
-        time_t check_time;      /* Time to use */
-        unsigned long inh_flags; /* Inheritance flags */
-        unsigned long flags;    /* Various verify flags */
-        int purpose;            /* purpose to check untrusted certificates */
-        int trust;              /* trust setting to check */
-        int depth;              /* Verify depth */
-        STACK_OF(ASN1_OBJECT) *policies;        /* Permissible policies */
-        } X509_VERIFY_PARAM;
-DECLARE_STACK_OF(X509_VERIFY_PARAM)
 /* This is used to hold everything.  It is used for all certificate
 * validation.  Once we have a certificate chain, the 'verify'
 * function is then called to actually check the cert chain. */
@@ -187,8 +167,13 @@ struct x509_store_st
        /* These are external lookup methods */
        STACK_OF(X509_LOOKUP) *get_cert_methods;
-        X509_VERIFY_PARAM *param;
+        /* The following fields are not used by X509_STORE but are
+         * inherited by X509_STORE_CTX when it is initialised.
+         */
+        unsigned long flags;    /* Various verify flags */
+        int purpose;
+        int trust;
        /* Callbacks for various operations */
        int (*verify)(X509_STORE_CTX *ctx);     /* called to verify a certificate */
        int (*verify_cb)(int ok,X509_STORE_CTX *ctx);   /* error callback */
@@ -202,9 +187,10 @@ struct x509_store_st
        CRYPTO_EX_DATA ex_data;
        int references;
+        int depth;              /* how deep to look (still unused -- X509_STORE_CTX's depth is used) */
        } /* X509_STORE */;
-int X509_STORE_set_depth(X509_STORE *store, int depth);
+#define X509_STORE_set_depth(ctx,d)       ((ctx)->depth=(d))
 #define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
 #define X509_STORE_set_verify_func(ctx,func)    ((ctx)->verify=(func))
@@ -231,9 +217,10 @@ struct x509_store_ctx_st      /* X509_STORE_CTX */
        /* The following are set by the caller */
        X509 *cert;             /* The cert to check */
        STACK_OF(X509) *untrusted;      /* chain of X509s - untrusted - passed in */
-        STACK_OF(X509_CRL) *crls;       /* set of CRLs passed in */
+        int purpose;            /* purpose to check untrusted certificates */
+        int trust;              /* trust setting to check */
-        X509_VERIFY_PARAM *param;
+        time_t  check_time;     /* time to make verify at */
+        unsigned long flags;    /* Various verify flags */
        void *other_ctx;        /* Other info for use with get_issuer() */
        /* Callbacks for various operations */
@@ -245,16 +232,13 @@ struct x509_store_ctx_st      /* X509_STORE_CTX */
        int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
        int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
        int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
-        int (*check_policy)(X509_STORE_CTX *ctx);
        int (*cleanup)(X509_STORE_CTX *ctx);
        /* The following is built up */
+        int depth;              /* how far to go looking up certs */
        int valid;              /* if 0, rebuild chain */
        int last_untrusted;     /* index of last untrusted cert */
        STACK_OF(X509) *chain;          /* chain of X509s - built up and trusted */
-        X509_POLICY_TREE *tree; /* Valid policy tree */
-        int explicit_policy;    /* Require explicit policy value */
        /* When something goes wrong, this is why */
        int error_depth;
@@ -266,7 +250,7 @@ struct x509_store_ctx_st      /* X509_STORE_CTX */
        CRYPTO_EX_DATA ex_data;
        } /* X509_STORE_CTX */;
-void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
+#define X509_STORE_CTX_set_depth(ctx,d)       ((ctx)->depth=(d))
 #define X509_STORE_CTX_set_app_data(ctx,data) \
        X509_STORE_CTX_set_ex_data(ctx,0,data)
@@ -327,12 +311,6 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 #define         X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE        39
 #define         X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED       40
-#define         X509_V_ERR_INVALID_EXTENSION                    41
-#define         X509_V_ERR_INVALID_POLICY_EXTENSION             42
-#define         X509_V_ERR_NO_EXPLICIT_POLICY                   43
-#define         X509_V_ERR_UNNESTED_RESOURCE                    44
 /* The application is not happy */
 #define         X509_V_ERR_APPLICATION_VERIFICATION             50
@@ -352,28 +330,6 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 #define X509_V_FLAG_X509_STRICT                 0x20
 /* Enable proxy certificate validation */
 #define X509_V_FLAG_ALLOW_PROXY_CERTS           0x40
-/* Enable policy checking */
-#define X509_V_FLAG_POLICY_CHECK                0x80
-/* Policy variable require-explicit-policy */
-#define X509_V_FLAG_EXPLICIT_POLICY             0x100
-/* Policy variable inhibit-any-policy */
-#define X509_V_FLAG_INHIBIT_ANY                 0x200
-/* Policy variable inhibit-policy-mapping */
-#define X509_V_FLAG_INHIBIT_MAP                 0x400
-/* Notify callback that policy is OK */
-#define X509_V_FLAG_NOTIFY_POLICY               0x800
-#define X509_VP_FLAG_DEFAULT                    0x1
-#define X509_VP_FLAG_OVERWRITE                  0x2
-#define X509_VP_FLAG_RESET_FLAGS                0x4
-#define X509_VP_FLAG_LOCKED                     0x8
-#define X509_VP_FLAG_ONCE                       0x10
-/* Internal use: mask of policy related options */
-#define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \
-                                | X509_V_FLAG_EXPLICIT_POLICY \
-                                | X509_V_FLAG_INHIBIT_ANY \
-                                | X509_V_FLAG_INHIBIT_MAP)
 int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
             X509_NAME *name);
@@ -384,10 +340,9 @@ void X509_OBJECT_free_contents(X509_OBJECT *a);
 X509_STORE *X509_STORE_new(void );
 void X509_STORE_free(X509_STORE *v);
-int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
+void X509_STORE_set_flags(X509_STORE *ctx, long flags);
 int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
 int X509_STORE_set_trust(X509_STORE *ctx, int trust);
-int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
 X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -451,78 +406,14 @@ STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
 void    X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
 void    X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk);
-void    X509_STORE_CTX_set0_crls(X509_STORE_CTX *c,STACK_OF(X509_CRL) *sk);
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
 int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
 int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
                                int purpose, int trust);
-void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
+void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags);
-void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
+void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t);
-                                                                time_t t);
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
                                  int (*verify_cb)(int, X509_STORE_CTX *));
-  
-X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx);
-int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx);
-X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
-void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
-int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
-/* X509_VERIFY_PARAM functions */
-X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void);
-void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param);
-int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to,
-                                                const X509_VERIFY_PARAM *from);
-int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, 
-                                                const X509_VERIFY_PARAM *from);
-int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name);
-int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags);
-int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
-                                                        unsigned long flags);
-unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
-int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
-int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
-void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
-void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
-int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
-                                                ASN1_OBJECT *policy);
-int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, 
-                                        STACK_OF(ASN1_OBJECT) *policies);
-int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
-int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param);
-const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name);
-void X509_VERIFY_PARAM_table_cleanup(void);
-int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
-                        STACK_OF(X509) *certs,
-                        STACK_OF(ASN1_OBJECT) *policy_oids,
-                        unsigned int flags);
-void X509_policy_tree_free(X509_POLICY_TREE *tree);
-int X509_policy_tree_level_count(const X509_POLICY_TREE *tree);
-X509_POLICY_LEVEL *
-        X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i);
-STACK_OF(X509_POLICY_NODE) *
-        X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree);
-STACK_OF(X509_POLICY_NODE) *
-        X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree);
-int X509_policy_level_node_count(X509_POLICY_LEVEL *level);
-X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i);
-const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node);
-STACK_OF(POLICYQUALINFO) *
-        X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node);
-const X509_POLICY_NODE *
-        X509_policy_node_get0_parent(const X509_POLICY_NODE *node);
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libcrypto/x509/x509spki.c b/src/lib/libcrypto/x509/x509spki.c
index ed868b838e..4c3af946ec 100644
--- a/src/lib/libcrypto/x509/x509spki.c
+++ b/src/lib/libcrypto/x509/x509spki.c
@@ -77,8 +77,7 @@ EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x)
 NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len)
 {
-        unsigned char *spki_der;
+        unsigned char *spki_der, *p;
-        const unsigned char *p;
        int spki_len;
        NETSCAPE_SPKI *spki;
        if(len <= 0) len = strlen(str);
diff --git a/src/lib/libcrypto/x509/x509type.c b/src/lib/libcrypto/x509/x509type.c
index 2cd994c5b0..c25959a742 100644
--- a/src/lib/libcrypto/x509/x509type.c
+++ b/src/lib/libcrypto/x509/x509type.c
@@ -86,9 +86,6 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
        case EVP_PKEY_DSA:
                ret=EVP_PK_DSA|EVP_PKT_SIGN;
                break;
-        case EVP_PKEY_EC:
-                ret=EVP_PK_EC|EVP_PKT_SIGN|EVP_PKT_EXCH;
-                break;
        case EVP_PKEY_DH:
                ret=EVP_PK_DH|EVP_PKT_EXCH;
                break;
@@ -105,9 +102,6 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
        case EVP_PKEY_DSA:
                ret|=EVP_PKS_DSA;
                break;
-        case EVP_PKEY_EC:
-                ret|=EVP_PKS_EC;
-                break;
        default:
                break;
                }
diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c
index 9039caad60..ac6dea493a 100644
--- a/src/lib/libcrypto/x509/x_all.c
+++ b/src/lib/libcrypto/x509/x_all.c
@@ -64,12 +64,6 @@
 #include <openssl/asn1.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
 int X509_verify(X509 *a, EVP_PKEY *r)
        {
@@ -229,9 +223,9 @@ RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
 RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
        {
-        return ASN1_d2i_fp((void *(*)(void))
+        return((RSA *)ASN1_d2i_fp((char *(*)())
-                           RSA_new,(D2I_OF(void))d2i_RSA_PUBKEY, fp,
+                RSA_new,(char *(*)())d2i_RSA_PUBKEY, (fp),
-                           (void **)rsa);
+                (unsigned char **)(rsa)));
        }
 int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
@@ -241,7 +235,7 @@ int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
 int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
        {
-        return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY,fp,rsa);
+        return(ASN1_i2d_fp(i2d_RSA_PUBKEY,fp,(unsigned char *)rsa));
        }
 #endif
@@ -263,7 +257,9 @@ RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
 RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
        {
-        return ASN1_d2i_bio_of(RSA,RSA_new,d2i_RSA_PUBKEY,bp,rsa);
+        return((RSA *)ASN1_d2i_bio((char *(*)())
+                RSA_new,(char *(*)())d2i_RSA_PUBKEY, (bp),
+                (unsigned char **)(rsa)));
        }
 int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
@@ -273,7 +269,7 @@ int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
 int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
        {
-        return ASN1_i2d_bio_of(RSA,i2d_RSA_PUBKEY,bp,rsa);
+        return(ASN1_i2d_bio(i2d_RSA_PUBKEY,bp,(unsigned char *)rsa));
        }
 #endif
@@ -281,92 +277,55 @@ int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
 #ifndef OPENSSL_NO_FP_API
 DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
        {
-        return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSAPrivateKey,fp,dsa);
+        return((DSA *)ASN1_d2i_fp((char *(*)())
+                DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp),
+                (unsigned char **)(dsa)));
        }
 int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
        {
-        return ASN1_i2d_fp_of_const(DSA,i2d_DSAPrivateKey,fp,dsa);
+        return(ASN1_i2d_fp(i2d_DSAPrivateKey,fp,(unsigned char *)dsa));
        }
 DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
        {
-        return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSA_PUBKEY,fp,dsa);
+        return((DSA *)ASN1_d2i_fp((char *(*)())
+                DSA_new,(char *(*)())d2i_DSA_PUBKEY, (fp),
+                (unsigned char **)(dsa)));
        }
 int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa)
        {
-        return ASN1_i2d_fp_of(DSA,i2d_DSA_PUBKEY,fp,dsa);
+        return(ASN1_i2d_fp(i2d_DSA_PUBKEY,fp,(unsigned char *)dsa));
        }
 #endif
 DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
        {
-        return ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAPrivateKey,bp,dsa
+        return((DSA *)ASN1_d2i_bio((char *(*)())
-);
+                DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp),
+                (unsigned char **)(dsa)));
        }
 int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
        {
-        return ASN1_i2d_bio_of_const(DSA,i2d_DSAPrivateKey,bp,dsa);
+        return(ASN1_i2d_bio(i2d_DSAPrivateKey,bp,(unsigned char *)dsa));
        }
 DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
        {
-        return ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSA_PUBKEY,bp,dsa);
+        return((DSA *)ASN1_d2i_bio((char *(*)())
+                DSA_new,(char *(*)())d2i_DSA_PUBKEY, (bp),
+                (unsigned char **)(dsa)));
        }
 int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
        {
-        return ASN1_i2d_bio_of(DSA,i2d_DSA_PUBKEY,bp,dsa);
+        return(ASN1_i2d_bio(i2d_DSA_PUBKEY,bp,(unsigned char *)dsa));
        }
 #endif
-#ifndef OPENSSL_NO_EC
-#ifndef OPENSSL_NO_FP_API
-EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey)
-        {
-        return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,fp,eckey);
-        }
-  
-int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey)
-        {
-        return ASN1_i2d_fp_of(EC_KEY,i2d_EC_PUBKEY,fp,eckey);
-        }
-EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey)
-        {
-        return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_ECPrivateKey,fp,eckey);
-        }
-  
-int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey)
-        {
-        return ASN1_i2d_fp_of(EC_KEY,i2d_ECPrivateKey,fp,eckey);
-        }
-#endif
-EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey)
-        {
-        return ASN1_d2i_bio_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,bp,eckey);
-        }
-  
-int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ecdsa)
-        {
-        return ASN1_i2d_bio_of(EC_KEY,i2d_EC_PUBKEY,bp,ecdsa);
-        }
-EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey)
-        {
-        return ASN1_d2i_bio_of(EC_KEY,EC_KEY_new,d2i_ECPrivateKey,bp,eckey);
-        }
-  
-int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey)
-        {
-        return ASN1_i2d_bio_of(EC_KEY,i2d_ECPrivateKey,bp,eckey);
-        }
-#endif
 int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
             unsigned int *len)
        {
@@ -411,37 +370,40 @@ int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *
 #ifndef OPENSSL_NO_FP_API
 X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
        {
-        return ASN1_d2i_fp_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,fp,p8);
+        return((X509_SIG *)ASN1_d2i_fp((char *(*)())X509_SIG_new,
+                (char *(*)())d2i_X509_SIG, (fp),(unsigned char **)(p8)));
        }
 int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8)
        {
-        return ASN1_i2d_fp_of(X509_SIG,i2d_X509_SIG,fp,p8);
+        return(ASN1_i2d_fp(i2d_X509_SIG,fp,(unsigned char *)p8));
        }
 #endif
 X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)
        {
-        return ASN1_d2i_bio_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,bp,p8);
+        return((X509_SIG *)ASN1_d2i_bio((char *(*)())X509_SIG_new,
+                (char *(*)())d2i_X509_SIG, (bp),(unsigned char **)(p8)));
        }
 int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)
        {
-        return ASN1_i2d_bio_of(X509_SIG,i2d_X509_SIG,bp,p8);
+        return(ASN1_i2d_bio(i2d_X509_SIG,bp,(unsigned char *)p8));
        }
 #ifndef OPENSSL_NO_FP_API
 PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
                                                 PKCS8_PRIV_KEY_INFO **p8inf)
        {
-        return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO,PKCS8_PRIV_KEY_INFO_new,
+        return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_fp(
-                              d2i_PKCS8_PRIV_KEY_INFO,fp,p8inf);
+                (char *(*)())PKCS8_PRIV_KEY_INFO_new,
+                (char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (fp),
+                                (unsigned char **)(p8inf)));
        }
 int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)
        {
-        return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO,i2d_PKCS8_PRIV_KEY_INFO,fp,
+        return(ASN1_i2d_fp(i2d_PKCS8_PRIV_KEY_INFO,fp,(unsigned char *)p8inf));
-                              p8inf);
        }
 int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key)
@@ -457,22 +419,24 @@ int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key)
 int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey)
        {
-        return ASN1_i2d_fp_of(EVP_PKEY,i2d_PrivateKey,fp,pkey);
+        return(ASN1_i2d_fp(i2d_PrivateKey,fp,(unsigned char *)pkey));
        }
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
 {
-        return ASN1_d2i_fp_of(EVP_PKEY,EVP_PKEY_new,d2i_AutoPrivateKey,fp,a);
+        return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new,
+                (char *(*)())d2i_AutoPrivateKey, (fp),(unsigned char **)(a)));
 }
 int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey)
        {
-        return ASN1_i2d_fp_of(EVP_PKEY,i2d_PUBKEY,fp,pkey);
+        return(ASN1_i2d_fp(i2d_PUBKEY,fp,(unsigned char *)pkey));
        }
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a)
 {
-        return ASN1_d2i_fp_of(EVP_PKEY,EVP_PKEY_new,d2i_PUBKEY,fp,a);
+        return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new,
+                (char *(*)())d2i_PUBKEY, (fp),(unsigned char **)(a)));
 }
 #endif
@@ -480,14 +444,15 @@ EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a)
 PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
                                                 PKCS8_PRIV_KEY_INFO **p8inf)
        {
-        return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO,PKCS8_PRIV_KEY_INFO_new,
+        return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_bio(
-                            d2i_PKCS8_PRIV_KEY_INFO,bp,p8inf);
+                (char *(*)())PKCS8_PRIV_KEY_INFO_new,
+                (char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (bp),
+                                (unsigned char **)(p8inf)));
        }
 int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)
        {
-        return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO,i2d_PKCS8_PRIV_KEY_INFO,bp,
+        return(ASN1_i2d_bio(i2d_PKCS8_PRIV_KEY_INFO,bp,(unsigned char *)p8inf));
-                               p8inf);
        }
 int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key)
@@ -503,20 +468,22 @@ int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key)
 int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey)
        {
-        return ASN1_i2d_bio_of(EVP_PKEY,i2d_PrivateKey,bp,pkey);
+        return(ASN1_i2d_bio(i2d_PrivateKey,bp,(unsigned char *)pkey));
        }
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
        {
-        return ASN1_d2i_bio_of(EVP_PKEY,EVP_PKEY_new,d2i_AutoPrivateKey,bp,a);
+        return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new,
+                (char *(*)())d2i_AutoPrivateKey, (bp),(unsigned char **)(a)));
        }
 int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey)
        {
-        return ASN1_i2d_bio_of(EVP_PKEY,i2d_PUBKEY,bp,pkey);
+        return(ASN1_i2d_bio(i2d_PUBKEY,bp,(unsigned char *)pkey));
        }
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a)
        {
-        return ASN1_d2i_bio_of(EVP_PKEY,EVP_PKEY_new,d2i_PUBKEY,bp,a);
+        return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new,
+                (char *(*)())d2i_PUBKEY, (bp),(unsigned char **)(a)));
        }
diff --git a/src/lib/libcrypto/x509v3/Makefile b/src/lib/libcrypto/x509v3/Makefile
new file mode 100644
index 0000000000..556ef351bf
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/Makefile
@@ -0,0 +1,591 @@
+#
+# OpenSSL/crypto/x509v3/Makefile
+#
+DIR=    x509v3
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+MAKEFILE=       Makefile
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile README
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c \
+v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c \
+v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \
+v3_ocsp.c v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c v3_pcia.c v3_pci.c \
+pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c \
+v3_asid.c v3_addr.c
+LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
+v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \
+v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o \
+v3_ocsp.o v3_akeya.o v3_pmaps.o v3_pcons.o v3_ncons.o v3_pcia.o v3_pci.o \
+pcy_cache.o pcy_node.o pcy_data.o pcy_map.o pcy_tree.o pcy_lib.o \
+v3_asid.o v3_addr.o
+SRC= $(LIBSRC)
+EXHEADER= x509v3.h
+HEADER= $(EXHEADER) pcy_int.h
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+links:
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+        @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+pcy_cache.o: ../../e_os.h ../../include/openssl/asn1.h
+pcy_cache.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pcy_cache.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+pcy_cache.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pcy_cache.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pcy_cache.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pcy_cache.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pcy_cache.o: ../../include/openssl/objects.h
+pcy_cache.o: ../../include/openssl/opensslconf.h
+pcy_cache.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pcy_cache.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pcy_cache.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pcy_cache.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pcy_cache.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+pcy_cache.o: ../cryptlib.h pcy_cache.c pcy_int.h
+pcy_data.o: ../../e_os.h ../../include/openssl/asn1.h
+pcy_data.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pcy_data.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+pcy_data.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pcy_data.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pcy_data.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pcy_data.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pcy_data.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pcy_data.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pcy_data.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pcy_data.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pcy_data.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pcy_data.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+pcy_data.o: ../cryptlib.h pcy_data.c pcy_int.h
+pcy_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+pcy_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pcy_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+pcy_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pcy_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pcy_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pcy_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pcy_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pcy_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pcy_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pcy_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pcy_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pcy_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+pcy_lib.o: ../cryptlib.h pcy_int.h pcy_lib.c
+pcy_map.o: ../../e_os.h ../../include/openssl/asn1.h
+pcy_map.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pcy_map.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+pcy_map.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pcy_map.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pcy_map.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pcy_map.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pcy_map.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pcy_map.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pcy_map.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pcy_map.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pcy_map.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pcy_map.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+pcy_map.o: ../cryptlib.h pcy_int.h pcy_map.c
+pcy_node.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pcy_node.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+pcy_node.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+pcy_node.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pcy_node.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
+pcy_node.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pcy_node.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pcy_node.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pcy_node.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pcy_node.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pcy_node.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pcy_node.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+pcy_node.o: pcy_int.h pcy_node.c
+pcy_tree.o: ../../e_os.h ../../include/openssl/asn1.h
+pcy_tree.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+pcy_tree.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+pcy_tree.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pcy_tree.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pcy_tree.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pcy_tree.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+pcy_tree.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pcy_tree.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pcy_tree.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pcy_tree.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pcy_tree.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+pcy_tree.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+pcy_tree.o: ../cryptlib.h pcy_int.h pcy_tree.c
+v3_addr.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_addr.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_addr.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_addr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_addr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_addr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_addr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_addr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_addr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_addr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_addr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_addr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_addr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_addr.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_addr.c
+v3_akey.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_akey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_akey.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_akey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_akey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_akey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_akey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_akey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_akey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_akey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_akey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_akey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_akey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_akey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_akey.c
+v3_akeya.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_akeya.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_akeya.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_akeya.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_akeya.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_akeya.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_akeya.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_akeya.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_akeya.o: ../../include/openssl/opensslconf.h
+v3_akeya.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_akeya.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_akeya.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_akeya.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_akeya.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_akeya.o: ../cryptlib.h v3_akeya.c
+v3_alt.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_alt.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_alt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_alt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_alt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_alt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_alt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_alt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_alt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_alt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_alt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_alt.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_alt.c
+v3_asid.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_asid.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_asid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_asid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_asid.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+v3_asid.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+v3_asid.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_asid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_asid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_asid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_asid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_asid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_asid.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_asid.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_asid.o: ../cryptlib.h v3_asid.c
+v3_bcons.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_bcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_bcons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_bcons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_bcons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_bcons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_bcons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_bcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_bcons.o: ../../include/openssl/opensslconf.h
+v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_bcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_bcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_bcons.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_bcons.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_bcons.o: ../cryptlib.h v3_bcons.c
+v3_bitst.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_bitst.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+v3_bitst.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+v3_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_bitst.o: ../cryptlib.h v3_bitst.c
+v3_conf.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_conf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+v3_conf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+v3_conf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_conf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_conf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_conf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_conf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_conf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_conf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_conf.o: ../cryptlib.h v3_conf.c
+v3_cpols.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_cpols.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_cpols.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_cpols.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_cpols.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_cpols.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_cpols.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_cpols.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_cpols.o: ../../include/openssl/opensslconf.h
+v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_cpols.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_cpols.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_cpols.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_cpols.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_cpols.o: ../cryptlib.h pcy_int.h v3_cpols.c
+v3_crld.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_crld.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_crld.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_crld.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_crld.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_crld.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_crld.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_crld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_crld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_crld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_crld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_crld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_crld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_crld.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_crld.c
+v3_enum.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_enum.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+v3_enum.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+v3_enum.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_enum.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_enum.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_enum.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_enum.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_enum.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_enum.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_enum.o: ../cryptlib.h v3_enum.c
+v3_extku.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_extku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_extku.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_extku.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_extku.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_extku.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_extku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_extku.o: ../../include/openssl/opensslconf.h
+v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_extku.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_extku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_extku.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_extku.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_extku.o: ../cryptlib.h v3_extku.c
+v3_genn.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_genn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_genn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_genn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_genn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_genn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_genn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_genn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_genn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_genn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_genn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_genn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_genn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_genn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_genn.c
+v3_ia5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_ia5.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_ia5.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_ia5.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_ia5.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_ia5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_ia5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_ia5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_ia5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_ia5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ia5.c
+v3_info.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_info.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_info.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_info.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_info.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_info.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_info.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_info.c
+v3_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_int.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_int.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_int.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_int.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_int.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_int.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_int.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_int.c
+v3_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_lib.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h v3_lib.c
+v3_ncons.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_ncons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_ncons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_ncons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_ncons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_ncons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_ncons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_ncons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_ncons.o: ../../include/openssl/opensslconf.h
+v3_ncons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_ncons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_ncons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_ncons.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_ncons.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_ncons.o: ../cryptlib.h v3_ncons.c
+v3_ocsp.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_ocsp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+v3_ocsp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_ocsp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+v3_ocsp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+v3_ocsp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_ocsp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_ocsp.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+v3_ocsp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_ocsp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_ocsp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_ocsp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_ocsp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_ocsp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ocsp.c
+v3_pci.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_pci.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_pci.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_pci.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_pci.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_pci.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_pci.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_pci.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_pci.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_pci.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_pci.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_pci.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_pci.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pci.c
+v3_pcia.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_pcia.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+v3_pcia.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_pcia.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+v3_pcia.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+v3_pcia.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_pcia.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_pcia.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_pcia.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_pcia.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_pcia.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_pcia.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_pcia.o: ../../include/openssl/x509v3.h v3_pcia.c
+v3_pcons.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_pcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_pcons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_pcons.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_pcons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_pcons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_pcons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_pcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_pcons.o: ../../include/openssl/opensslconf.h
+v3_pcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_pcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_pcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_pcons.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_pcons.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_pcons.o: ../cryptlib.h v3_pcons.c
+v3_pku.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_pku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_pku.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_pku.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_pku.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_pku.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_pku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_pku.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_pku.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_pku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_pku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_pku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_pku.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pku.c
+v3_pmaps.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_pmaps.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_pmaps.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_pmaps.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_pmaps.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_pmaps.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_pmaps.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_pmaps.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_pmaps.o: ../../include/openssl/opensslconf.h
+v3_pmaps.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_pmaps.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_pmaps.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_pmaps.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_pmaps.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_pmaps.o: ../cryptlib.h v3_pmaps.c
+v3_prn.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_prn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_prn.c
+v3_purp.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_purp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_purp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+v3_purp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+v3_purp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_purp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_purp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_purp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_purp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_purp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_purp.o: ../cryptlib.h v3_purp.c
+v3_skey.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_skey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+v3_skey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+v3_skey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_skey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_skey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_skey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_skey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_skey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_skey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_skey.o: ../cryptlib.h v3_skey.c
+v3_sxnet.o: ../../e_os.h ../../include/openssl/asn1.h
+v3_sxnet.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_sxnet.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3_sxnet.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3_sxnet.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_sxnet.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_sxnet.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3_sxnet.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_sxnet.o: ../../include/openssl/opensslconf.h
+v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_sxnet.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_sxnet.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_sxnet.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_sxnet.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_sxnet.o: ../cryptlib.h v3_sxnet.c
+v3_utl.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_utl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_utl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+v3_utl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+v3_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_utl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+v3_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+v3_utl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_utl.o: ../cryptlib.h v3_utl.c
+v3err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+v3err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+v3err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+v3err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3err.o: ../../include/openssl/x509v3.h v3err.c
diff --git a/src/lib/libcrypto/x509v3/Makefile.ssl b/src/lib/libcrypto/x509v3/Makefile.ssl
new file mode 100644
index 0000000000..66df90c346
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/Makefile.ssl
@@ -0,0 +1,603 @@
+#
+# SSLeay/crypto/x509v3/Makefile
+#
+DIR=    x509v3
+TOP=    ../..
+CC=     cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=    makedepend
+MAKEDEPEND=     $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+CFLAGS= $(INCLUDES) $(CFLAG)
+GENERAL=Makefile README
+TEST=
+APPS=
+LIB=$(TOP)/libcrypto.a
+LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c \
+v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c \
+v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \
+v3_ocsp.c v3_akeya.c
+LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
+v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \
+v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o \
+v3_ocsp.o v3_akeya.o
+SRC= $(LIBSRC)
+EXHEADER= x509v3.h
+HEADER= $(EXHEADER)
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+top:
+        (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+all:    lib
+lib:    $(LIBOBJ)
+        $(AR) $(LIB) $(LIBOBJ)
+        $(RANLIB) $(LIB) || echo Never mind.
+        @touch lib
+files:
+        $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+links:
+        @sh $(TOP)/util/point.sh Makefile.ssl Makefile
+        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+install:
+        @for i in $(EXHEADER) ; \
+        do  \
+        (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+        done;
+tags:
+        ctags $(SRC)
+tests:
+lint:
+        lint -DLINT $(INCLUDES) $(SRC)>fluff
+depend:
+        $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+dclean:
+        $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+        mv -f Makefile.new $(MAKEFILE)
+clean:
+        rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+v3_akey.o: ../../e_os.h ../../include/openssl/aes.h
+v3_akey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_akey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_akey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_akey.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_akey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_akey.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_akey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_akey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_akey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_akey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_akey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_akey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_akey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_akey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_akey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_akey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_akey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_akey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_akey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_akey.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_akey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_akey.o: ../cryptlib.h v3_akey.c
+v3_akeya.o: ../../e_os.h ../../include/openssl/aes.h
+v3_akeya.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_akeya.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_akeya.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_akeya.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_akeya.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_akeya.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_akeya.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_akeya.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_akeya.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_akeya.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_akeya.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_akeya.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_akeya.o: ../../include/openssl/opensslconf.h
+v3_akeya.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_akeya.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_akeya.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_akeya.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_akeya.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_akeya.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_akeya.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_akeya.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_akeya.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_akeya.c
+v3_alt.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_alt.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_alt.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_alt.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_alt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_alt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_alt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_alt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_alt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_alt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_alt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_alt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_alt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_alt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_alt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_alt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_alt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_alt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_alt.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_alt.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_alt.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_alt.o: ../cryptlib.h v3_alt.c
+v3_bcons.o: ../../e_os.h ../../include/openssl/aes.h
+v3_bcons.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_bcons.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_bcons.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_bcons.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_bcons.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_bcons.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_bcons.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_bcons.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_bcons.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_bcons.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_bcons.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_bcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_bcons.o: ../../include/openssl/opensslconf.h
+v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_bcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_bcons.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_bcons.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_bcons.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_bcons.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_bcons.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_bcons.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_bcons.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_bcons.c
+v3_bitst.o: ../../e_os.h ../../include/openssl/aes.h
+v3_bitst.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_bitst.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_bitst.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_bitst.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_bitst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_bitst.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_bitst.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_bitst.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_bitst.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_bitst.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_bitst.c
+v3_conf.o: ../../e_os.h ../../include/openssl/aes.h
+v3_conf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_conf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_conf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_conf.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_conf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_conf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_conf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_conf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_conf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_conf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_conf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_conf.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_conf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_conf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_conf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_conf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_conf.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_conf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_conf.c
+v3_cpols.o: ../../e_os.h ../../include/openssl/aes.h
+v3_cpols.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_cpols.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_cpols.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_cpols.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_cpols.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_cpols.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_cpols.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_cpols.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_cpols.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_cpols.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_cpols.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_cpols.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_cpols.o: ../../include/openssl/opensslconf.h
+v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_cpols.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_cpols.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_cpols.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_cpols.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_cpols.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_cpols.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_cpols.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_cpols.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_cpols.c
+v3_crld.o: ../../e_os.h ../../include/openssl/aes.h
+v3_crld.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_crld.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_crld.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_crld.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_crld.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_crld.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_crld.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_crld.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_crld.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_crld.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_crld.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_crld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_crld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_crld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_crld.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_crld.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_crld.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_crld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_crld.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_crld.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_crld.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_crld.o: ../cryptlib.h v3_crld.c
+v3_enum.o: ../../e_os.h ../../include/openssl/aes.h
+v3_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_enum.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_enum.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_enum.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_enum.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_enum.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_enum.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_enum.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_enum.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_enum.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_enum.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_enum.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_enum.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_enum.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_enum.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_enum.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_enum.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_enum.c
+v3_extku.o: ../../e_os.h ../../include/openssl/aes.h
+v3_extku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_extku.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_extku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_extku.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_extku.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_extku.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_extku.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_extku.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_extku.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_extku.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_extku.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_extku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_extku.o: ../../include/openssl/opensslconf.h
+v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_extku.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_extku.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_extku.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_extku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_extku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_extku.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_extku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_extku.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_extku.c
+v3_genn.o: ../../e_os.h ../../include/openssl/aes.h
+v3_genn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_genn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_genn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_genn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_genn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_genn.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_genn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_genn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_genn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_genn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_genn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_genn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_genn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_genn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_genn.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_genn.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_genn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_genn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_genn.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_genn.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_genn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_genn.o: ../cryptlib.h v3_genn.c
+v3_ia5.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_ia5.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_ia5.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_ia5.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_ia5.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_ia5.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_ia5.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_ia5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_ia5.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_ia5.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_ia5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_ia5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_ia5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_ia5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_ia5.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_ia5.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_ia5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_ia5.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_ia5.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_ia5.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_ia5.o: ../cryptlib.h v3_ia5.c
+v3_info.o: ../../e_os.h ../../include/openssl/aes.h
+v3_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_info.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_info.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_info.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_info.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_info.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_info.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_info.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_info.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_info.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_info.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_info.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_info.o: ../cryptlib.h v3_info.c
+v3_int.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_int.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_int.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_int.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_int.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_int.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_int.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_int.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_int.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_int.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_int.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_int.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_int.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_int.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_int.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_int.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_int.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_int.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_int.o: ../cryptlib.h v3_int.c
+v3_lib.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_lib.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_lib.o: ../cryptlib.h ext_dat.h v3_lib.c
+v3_ocsp.o: ../../e_os.h ../../include/openssl/aes.h
+v3_ocsp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_ocsp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_ocsp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_ocsp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_ocsp.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_ocsp.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_ocsp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_ocsp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_ocsp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_ocsp.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_ocsp.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_ocsp.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+v3_ocsp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_ocsp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_ocsp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_ocsp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_ocsp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_ocsp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_ocsp.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_ocsp.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_ocsp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_ocsp.o: ../cryptlib.h v3_ocsp.c
+v3_pku.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_pku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_pku.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_pku.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_pku.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_pku.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_pku.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_pku.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_pku.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_pku.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_pku.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_pku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_pku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_pku.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_pku.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_pku.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_pku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_pku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_pku.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_pku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_pku.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pku.c
+v3_prn.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_prn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_prn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_prn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_prn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_prn.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_prn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_prn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_prn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_prn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_prn.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_prn.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_prn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_prn.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_prn.o: ../cryptlib.h v3_prn.c
+v3_purp.o: ../../e_os.h ../../include/openssl/aes.h
+v3_purp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_purp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_purp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_purp.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_purp.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_purp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_purp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_purp.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_purp.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_purp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_purp.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_purp.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_purp.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_purp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_purp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_purp.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_purp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_purp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_purp.c
+v3_skey.o: ../../e_os.h ../../include/openssl/aes.h
+v3_skey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_skey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_skey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_skey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+v3_skey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_skey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_skey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_skey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_skey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_skey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_skey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_skey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_skey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_skey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_skey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_skey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_skey.c
+v3_sxnet.o: ../../e_os.h ../../include/openssl/aes.h
+v3_sxnet.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_sxnet.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_sxnet.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_sxnet.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_sxnet.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_sxnet.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_sxnet.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_sxnet.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_sxnet.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_sxnet.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_sxnet.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_sxnet.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_sxnet.o: ../../include/openssl/opensslconf.h
+v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_sxnet.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_sxnet.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_sxnet.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_sxnet.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_sxnet.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_sxnet.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_sxnet.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_sxnet.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_sxnet.c
+v3_utl.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_utl.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_utl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_utl.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_utl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_utl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_utl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_utl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_utl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_utl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_utl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_utl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_utl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_utl.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_utl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_utl.o: ../cryptlib.h v3_utl.c
+v3err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3err.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3err.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3err.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3err.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3err.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3err.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3err.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3err.o: v3err.c
diff --git a/src/lib/libcrypto/x509v3/ext_dat.h b/src/lib/libcrypto/x509v3/ext_dat.h
index 5c063ac65d..d8328ac468 100644
--- a/src/lib/libcrypto/x509v3/ext_dat.h
+++ b/src/lib/libcrypto/x509v3/ext_dat.h
@@ -65,11 +65,6 @@ extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld;
 extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
 extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
 extern X509V3_EXT_METHOD v3_crl_hold, v3_pci;
-extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints;
-extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp;
-#ifndef OPENSSL_NO_RFC3779
-extern X509V3_EXT_METHOD v3_addr, v3_asid;
-#endif
 /* This table will be searched using OBJ_bsearch so it *must* kept in
 * order of the ext_nid values.
@@ -102,10 +97,6 @@ static X509V3_EXT_METHOD *standard_exts[] = {
 #endif
 &v3_sxnet,
 &v3_info,
-#ifndef OPENSSL_NO_RFC3779
-&v3_addr,
-&v3_asid,
-#endif
 #ifndef OPENSSL_NO_OCSP
 &v3_ocsp_nonce,
 &v3_ocsp_crlid,
@@ -115,14 +106,10 @@ static X509V3_EXT_METHOD *standard_exts[] = {
 &v3_ocsp_serviceloc,
 #endif
 &v3_sinfo,
-&v3_policy_constraints,
 #ifndef OPENSSL_NO_OCSP
 &v3_crl_hold,
 #endif
 &v3_pci,
-&v3_name_constraints,
-&v3_policy_mappings,
-&v3_inhibit_anyp
 };
 /* Number of standard extensions */
diff --git a/src/lib/libcrypto/x509v3/tabtest.c b/src/lib/libcrypto/x509v3/tabtest.c
new file mode 100644
index 0000000000..dad0d38dd5
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/tabtest.c
@@ -0,0 +1,88 @@
+/* tabtest.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* Simple program to check the ext_dat.h is correct and print out
+ * problems if it is not.
+ */
+#include <stdio.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+main()
+{
+        int i, prev = -1, bad = 0;
+        X509V3_EXT_METHOD **tmp;
+        i = sizeof(standard_exts) / sizeof(X509V3_EXT_METHOD *);
+        if(i != STANDARD_EXTENSION_COUNT)
+                fprintf(stderr, "Extension number invalid expecting %d\n", i);
+        tmp = standard_exts;
+        for(i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) {
+                if((*tmp)->ext_nid < prev) bad = 1;
+                prev = (*tmp)->ext_nid;
+                
+        }
+        if(bad) {
+                tmp = standard_exts;
+                fprintf(stderr, "Extensions out of order!\n");
+                for(i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++)
+                printf("%d : %s\n", (*tmp)->ext_nid, OBJ_nid2sn((*tmp)->ext_nid));
+        } else fprintf(stderr, "Order OK\n");
+}
diff --git a/src/lib/libcrypto/x509v3/v3_addr.c b/src/lib/libcrypto/x509v3/v3_addr.c
new file mode 100644
index 0000000000..ed9847b307
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_addr.c
@@ -0,0 +1,1280 @@
+/*
+ * Contributed to the OpenSSL Project by the American Registry for
+ * Internet Numbers ("ARIN").
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ */
+/*
+ * Implementation of RFC 3779 section 2.2.
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/buffer.h>
+#include <openssl/x509v3.h>
+#ifndef OPENSSL_NO_RFC3779
+/*
+ * OpenSSL ASN.1 template translation of RFC 3779 2.2.3.
+ */
+ASN1_SEQUENCE(IPAddressRange) = {
+  ASN1_SIMPLE(IPAddressRange, min, ASN1_BIT_STRING),
+  ASN1_SIMPLE(IPAddressRange, max, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(IPAddressRange)
+ASN1_CHOICE(IPAddressOrRange) = {
+  ASN1_SIMPLE(IPAddressOrRange, u.addressPrefix, ASN1_BIT_STRING),
+  ASN1_SIMPLE(IPAddressOrRange, u.addressRange,  IPAddressRange)
+} ASN1_CHOICE_END(IPAddressOrRange)
+ASN1_CHOICE(IPAddressChoice) = {
+  ASN1_SIMPLE(IPAddressChoice,      u.inherit,           ASN1_NULL),
+  ASN1_SEQUENCE_OF(IPAddressChoice, u.addressesOrRanges, IPAddressOrRange)
+} ASN1_CHOICE_END(IPAddressChoice)
+ASN1_SEQUENCE(IPAddressFamily) = {
+  ASN1_SIMPLE(IPAddressFamily, addressFamily,   ASN1_OCTET_STRING),
+  ASN1_SIMPLE(IPAddressFamily, ipAddressChoice, IPAddressChoice)
+} ASN1_SEQUENCE_END(IPAddressFamily)
+ASN1_ITEM_TEMPLATE(IPAddrBlocks) = 
+  ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
+                        IPAddrBlocks, IPAddressFamily)
+ASN1_ITEM_TEMPLATE_END(IPAddrBlocks)
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressRange)
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressOrRange)
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressChoice)
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily)
+/*
+ * How much buffer space do we need for a raw address?
+ */
+#define ADDR_RAW_BUF_LEN        16
+/*
+ * What's the address length associated with this AFI?
+ */
+static int length_from_afi(const unsigned afi)
+{
+  switch (afi) {
+  case IANA_AFI_IPV4:
+    return 4;
+  case IANA_AFI_IPV6:
+    return 16;
+  default:
+    return 0;
+  }
+}
+/*
+ * Extract the AFI from an IPAddressFamily.
+ */
+unsigned v3_addr_get_afi(const IPAddressFamily *f)
+{
+  return ((f != NULL &&
+           f->addressFamily != NULL &&
+           f->addressFamily->data != NULL)
+          ? ((f->addressFamily->data[0] << 8) |
+             (f->addressFamily->data[1]))
+          : 0);
+}
+/*
+ * Expand the bitstring form of an address into a raw byte array.
+ * At the moment this is coded for simplicity, not speed.
+ */
+static void addr_expand(unsigned char *addr,
+                        const ASN1_BIT_STRING *bs,
+                        const int length,
+                        const unsigned char fill)
+{
+  assert(bs->length >= 0 && bs->length <= length);
+  if (bs->length > 0) {
+    memcpy(addr, bs->data, bs->length);
+    if ((bs->flags & 7) != 0) {
+      unsigned char mask = 0xFF >> (8 - (bs->flags & 7));
+      if (fill == 0)
+        addr[bs->length - 1] &= ~mask;
+      else
+        addr[bs->length - 1] |= mask;
+    }
+  }
+  memset(addr + bs->length, fill, length - bs->length);
+}
+/*
+ * Extract the prefix length from a bitstring.
+ */
+#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))
+/*
+ * i2r handler for one address bitstring.
+ */
+static int i2r_address(BIO *out,
+                       const unsigned afi,
+                       const unsigned char fill,
+                       const ASN1_BIT_STRING *bs)
+{
+  unsigned char addr[ADDR_RAW_BUF_LEN];
+  int i, n;
+  switch (afi) {
+  case IANA_AFI_IPV4:
+    addr_expand(addr, bs, 4, fill);
+    BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
+    break;
+  case IANA_AFI_IPV6:
+    addr_expand(addr, bs, 16, fill);
+    for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2)
+      ;
+    for (i = 0; i < n; i += 2)
+      BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i+1], (i < 14 ? ":" : ""));
+    if (i < 16)
+      BIO_puts(out, ":");
+    break;
+  default:
+    for (i = 0; i < bs->length; i++)
+      BIO_printf(out, "%s%02x", (i > 0 ? ":" : ""), bs->data[i]);
+    BIO_printf(out, "[%d]", (int) (bs->flags & 7));
+    break;
+  }
+  return 1;
+}
+/*
+ * i2r handler for a sequence of addresses and ranges.
+ */
+static int i2r_IPAddressOrRanges(BIO *out,
+                                 const int indent,
+                                 const IPAddressOrRanges *aors,
+                                 const unsigned afi)
+{
+  int i;
+  for (i = 0; i < sk_IPAddressOrRange_num(aors); i++) {
+    const IPAddressOrRange *aor = sk_IPAddressOrRange_value(aors, i);
+    BIO_printf(out, "%*s", indent, "");
+    switch (aor->type) {
+    case IPAddressOrRange_addressPrefix:
+      if (!i2r_address(out, afi, 0x00, aor->u.addressPrefix))
+        return 0;
+      BIO_printf(out, "/%d\n", addr_prefixlen(aor->u.addressPrefix));
+      continue;
+    case IPAddressOrRange_addressRange:
+      if (!i2r_address(out, afi, 0x00, aor->u.addressRange->min))
+        return 0;
+      BIO_puts(out, "-");
+      if (!i2r_address(out, afi, 0xFF, aor->u.addressRange->max))
+        return 0;
+      BIO_puts(out, "\n");
+      continue;
+    }
+  }
+  return 1;
+}
+/*
+ * i2r handler for an IPAddrBlocks extension.
+ */
+static int i2r_IPAddrBlocks(X509V3_EXT_METHOD *method,
+                            void *ext,
+                            BIO *out,
+                            int indent)
+{
+  const IPAddrBlocks *addr = ext;
+  int i;
+  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+    IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+    const unsigned afi = v3_addr_get_afi(f);
+    switch (afi) {
+    case IANA_AFI_IPV4:
+      BIO_printf(out, "%*sIPv4", indent, "");
+      break;
+    case IANA_AFI_IPV6:
+      BIO_printf(out, "%*sIPv6", indent, "");
+      break;
+    default:
+      BIO_printf(out, "%*sUnknown AFI %u", indent, "", afi);
+      break;
+    }
+    if (f->addressFamily->length > 2) {
+      switch (f->addressFamily->data[2]) {
+      case   1:
+        BIO_puts(out, " (Unicast)");
+        break;
+      case   2:
+        BIO_puts(out, " (Multicast)");
+        break;
+      case   3:
+        BIO_puts(out, " (Unicast/Multicast)");
+        break;
+      case   4:
+        BIO_puts(out, " (MPLS)");
+        break;
+      case  64:
+        BIO_puts(out, " (Tunnel)");
+        break;
+      case  65:
+        BIO_puts(out, " (VPLS)");
+        break;
+      case  66:
+        BIO_puts(out, " (BGP MDT)");
+        break;
+      case 128:
+        BIO_puts(out, " (MPLS-labeled VPN)");
+        break;
+      default:  
+        BIO_printf(out, " (Unknown SAFI %u)",
+                   (unsigned) f->addressFamily->data[2]);
+        break;
+      }
+    }
+    switch (f->ipAddressChoice->type) {
+    case IPAddressChoice_inherit:
+      BIO_puts(out, ": inherit\n");
+      break;
+    case IPAddressChoice_addressesOrRanges:
+      BIO_puts(out, ":\n");
+      if (!i2r_IPAddressOrRanges(out,
+                                 indent + 2,
+                                 f->ipAddressChoice->u.addressesOrRanges,
+                                 afi))
+        return 0;
+      break;
+    }
+  }
+  return 1;
+}
+/*
+ * Sort comparison function for a sequence of IPAddressOrRange
+ * elements.
+ */
+static int IPAddressOrRange_cmp(const IPAddressOrRange *a,
+                                const IPAddressOrRange *b,
+                                const int length)
+{
+  unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN];
+  int prefixlen_a = 0;
+  int prefixlen_b = 0;
+  int r;
+  switch (a->type) {
+  case IPAddressOrRange_addressPrefix:
+    addr_expand(addr_a, a->u.addressPrefix, length, 0x00);
+    prefixlen_a = addr_prefixlen(a->u.addressPrefix);
+    break;
+  case IPAddressOrRange_addressRange:
+    addr_expand(addr_a, a->u.addressRange->min, length, 0x00);
+    prefixlen_a = length * 8;
+    break;
+  }
+  switch (b->type) {
+  case IPAddressOrRange_addressPrefix:
+    addr_expand(addr_b, b->u.addressPrefix, length, 0x00);
+    prefixlen_b = addr_prefixlen(b->u.addressPrefix);
+    break;
+  case IPAddressOrRange_addressRange:
+    addr_expand(addr_b, b->u.addressRange->min, length, 0x00);
+    prefixlen_b = length * 8;
+    break;
+  }
+  if ((r = memcmp(addr_a, addr_b, length)) != 0)
+    return r;
+  else
+    return prefixlen_a - prefixlen_b;
+}
+/*
+ * IPv4-specific closure over IPAddressOrRange_cmp, since sk_sort()
+ * comparision routines are only allowed two arguments.
+ */
+static int v4IPAddressOrRange_cmp(const IPAddressOrRange * const *a,
+                                  const IPAddressOrRange * const *b)
+{
+  return IPAddressOrRange_cmp(*a, *b, 4);
+}
+/*
+ * IPv6-specific closure over IPAddressOrRange_cmp, since sk_sort()
+ * comparision routines are only allowed two arguments.
+ */
+static int v6IPAddressOrRange_cmp(const IPAddressOrRange * const *a,
+                                  const IPAddressOrRange * const *b)
+{
+  return IPAddressOrRange_cmp(*a, *b, 16);
+}
+/*
+ * Calculate whether a range collapses to a prefix.
+ * See last paragraph of RFC 3779 2.2.3.7.
+ */
+static int range_should_be_prefix(const unsigned char *min,
+                                  const unsigned char *max,
+                                  const int length)
+{
+  unsigned char mask;
+  int i, j;
+  for (i = 0; i < length && min[i] == max[i]; i++)
+    ;
+  for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--)
+    ;
+  if (i < j)
+    return -1;
+  if (i > j)
+    return i * 8;
+  mask = min[i] ^ max[i];
+  switch (mask) {
+  case 0x01: j = 7; break;
+  case 0x03: j = 6; break;
+  case 0x07: j = 5; break;
+  case 0x0F: j = 4; break;
+  case 0x1F: j = 3; break;
+  case 0x3F: j = 2; break;
+  case 0x7F: j = 1; break;
+  default:   return -1;
+  }
+  if ((min[i] & mask) != 0 || (max[i] & mask) != mask)
+    return -1;
+  else
+    return i * 8 + j;
+}
+/*
+ * Construct a prefix.
+ */
+static int make_addressPrefix(IPAddressOrRange **result,
+                              unsigned char *addr,
+                              const int prefixlen)
+{
+  int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8;
+  IPAddressOrRange *aor = IPAddressOrRange_new();
+  if (aor == NULL)
+    return 0;
+  aor->type = IPAddressOrRange_addressPrefix;
+  if (aor->u.addressPrefix == NULL &&
+      (aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL)
+    goto err;
+  if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, bytelen))
+    goto err;
+  aor->u.addressPrefix->flags &= ~7;
+  aor->u.addressPrefix->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+  if (bitlen > 0) {
+    aor->u.addressPrefix->data[bytelen - 1] &= ~(0xFF >> bitlen);
+    aor->u.addressPrefix->flags |= 8 - bitlen;
+  }
+  
+  *result = aor;
+  return 1;
+ err:
+  IPAddressOrRange_free(aor);
+  return 0;
+}
+/*
+ * Construct a range.  If it can be expressed as a prefix,
+ * return a prefix instead.  Doing this here simplifies
+ * the rest of the code considerably.
+ */
+static int make_addressRange(IPAddressOrRange **result,
+                             unsigned char *min,
+                             unsigned char *max,
+                             const int length)
+{
+  IPAddressOrRange *aor;
+  int i, prefixlen;
+  if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0)
+    return make_addressPrefix(result, min, prefixlen);
+  if ((aor = IPAddressOrRange_new()) == NULL)
+    return 0;
+  aor->type = IPAddressOrRange_addressRange;
+  assert(aor->u.addressRange == NULL);
+  if ((aor->u.addressRange = IPAddressRange_new()) == NULL)
+    goto err;
+  if (aor->u.addressRange->min == NULL &&
+      (aor->u.addressRange->min = ASN1_BIT_STRING_new()) == NULL)
+    goto err;
+  if (aor->u.addressRange->max == NULL &&
+      (aor->u.addressRange->max = ASN1_BIT_STRING_new()) == NULL)
+    goto err;
+  for (i = length; i > 0 && min[i - 1] == 0x00; --i)
+    ;
+  if (!ASN1_BIT_STRING_set(aor->u.addressRange->min, min, i))
+    goto err;
+  aor->u.addressRange->min->flags &= ~7;
+  aor->u.addressRange->min->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+  if (i > 0) {
+    unsigned char b = min[i - 1];
+    int j = 1;
+    while ((b & (0xFFU >> j)) != 0) 
+      ++j;
+    aor->u.addressRange->min->flags |= 8 - j;
+  }
+  for (i = length; i > 0 && max[i - 1] == 0xFF; --i)
+    ;
+  if (!ASN1_BIT_STRING_set(aor->u.addressRange->max, max, i))
+    goto err;
+  aor->u.addressRange->max->flags &= ~7;
+  aor->u.addressRange->max->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+  if (i > 0) {
+    unsigned char b = max[i - 1];
+    int j = 1;
+    while ((b & (0xFFU >> j)) != (0xFFU >> j))
+      ++j;
+    aor->u.addressRange->max->flags |= 8 - j;
+  }
+  *result = aor;
+  return 1;
+ err:
+  IPAddressOrRange_free(aor);
+  return 0;
+}
+/*
+ * Construct a new address family or find an existing one.
+ */
+static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr,
+                                             const unsigned afi,
+                                             const unsigned *safi)
+{
+  IPAddressFamily *f;
+  unsigned char key[3];
+  unsigned keylen;
+  int i;
+  key[0] = (afi >> 8) & 0xFF;
+  key[1] = afi & 0xFF;
+  if (safi != NULL) {
+    key[2] = *safi & 0xFF;
+    keylen = 3;
+  } else {
+    keylen = 2;
+  }
+  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+    f = sk_IPAddressFamily_value(addr, i);
+    assert(f->addressFamily->data != NULL);
+    if (f->addressFamily->length == keylen &&
+        !memcmp(f->addressFamily->data, key, keylen))
+      return f;
+  }
+  if ((f = IPAddressFamily_new()) == NULL)
+    goto err;
+  if (f->ipAddressChoice == NULL &&
+      (f->ipAddressChoice = IPAddressChoice_new()) == NULL)
+    goto err;
+  if (f->addressFamily == NULL && 
+      (f->addressFamily = ASN1_OCTET_STRING_new()) == NULL)
+    goto err;
+  if (!ASN1_OCTET_STRING_set(f->addressFamily, key, keylen))
+    goto err;
+  if (!sk_IPAddressFamily_push(addr, f))
+    goto err;
+  return f;
+ err:
+  IPAddressFamily_free(f);
+  return NULL;
+}
+/*
+ * Add an inheritance element.
+ */
+int v3_addr_add_inherit(IPAddrBlocks *addr,
+                        const unsigned afi,
+                        const unsigned *safi)
+{
+  IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
+  if (f == NULL ||
+      f->ipAddressChoice == NULL ||
+      (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
+       f->ipAddressChoice->u.addressesOrRanges != NULL))
+    return 0;
+  if (f->ipAddressChoice->type == IPAddressChoice_inherit &&
+      f->ipAddressChoice->u.inherit != NULL)
+    return 1;
+  if (f->ipAddressChoice->u.inherit == NULL &&
+      (f->ipAddressChoice->u.inherit = ASN1_NULL_new()) == NULL)
+    return 0;
+  f->ipAddressChoice->type = IPAddressChoice_inherit;
+  return 1;
+}
+/*
+ * Construct an IPAddressOrRange sequence, or return an existing one.
+ */
+static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr,
+                                               const unsigned afi,
+                                               const unsigned *safi)
+{
+  IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
+  IPAddressOrRanges *aors = NULL;
+  if (f == NULL ||
+      f->ipAddressChoice == NULL ||
+      (f->ipAddressChoice->type == IPAddressChoice_inherit &&
+       f->ipAddressChoice->u.inherit != NULL))
+    return NULL;
+  if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges)
+    aors = f->ipAddressChoice->u.addressesOrRanges;
+  if (aors != NULL)
+    return aors;
+  if ((aors = sk_IPAddressOrRange_new_null()) == NULL)
+    return NULL;
+  switch (afi) {
+  case IANA_AFI_IPV4:
+    sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp);
+    break;
+  case IANA_AFI_IPV6:
+    sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp);
+    break;
+  }
+  f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges;
+  f->ipAddressChoice->u.addressesOrRanges = aors;
+  return aors;
+}
+/*
+ * Add a prefix.
+ */
+int v3_addr_add_prefix(IPAddrBlocks *addr,
+                       const unsigned afi,
+                       const unsigned *safi,
+                       unsigned char *a,
+                       const int prefixlen)
+{
+  IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
+  IPAddressOrRange *aor;
+  if (aors == NULL || !make_addressPrefix(&aor, a, prefixlen))
+    return 0;
+  if (sk_IPAddressOrRange_push(aors, aor))
+    return 1;
+  IPAddressOrRange_free(aor);
+  return 0;
+}
+/*
+ * Add a range.
+ */
+int v3_addr_add_range(IPAddrBlocks *addr,
+                      const unsigned afi,
+                      const unsigned *safi,
+                      unsigned char *min,
+                      unsigned char *max)
+{
+  IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
+  IPAddressOrRange *aor;
+  int length = length_from_afi(afi);
+  if (aors == NULL)
+    return 0;
+  if (!make_addressRange(&aor, min, max, length))
+    return 0;
+  if (sk_IPAddressOrRange_push(aors, aor))
+    return 1;
+  IPAddressOrRange_free(aor);
+  return 0;
+}
+/*
+ * Extract min and max values from an IPAddressOrRange.
+ */
+static void extract_min_max(IPAddressOrRange *aor,
+                            unsigned char *min,
+                            unsigned char *max,
+                            int length)
+{
+  assert(aor != NULL && min != NULL && max != NULL);
+  switch (aor->type) {
+  case IPAddressOrRange_addressPrefix:
+    addr_expand(min, aor->u.addressPrefix, length, 0x00);
+    addr_expand(max, aor->u.addressPrefix, length, 0xFF);
+    return;
+  case IPAddressOrRange_addressRange:
+    addr_expand(min, aor->u.addressRange->min, length, 0x00);
+    addr_expand(max, aor->u.addressRange->max, length, 0xFF);
+    return;
+  }
+}
+/*
+ * Public wrapper for extract_min_max().
+ */
+int v3_addr_get_range(IPAddressOrRange *aor,
+                      const unsigned afi,
+                      unsigned char *min,
+                      unsigned char *max,
+                      const int length)
+{
+  int afi_length = length_from_afi(afi);
+  if (aor == NULL || min == NULL || max == NULL ||
+      afi_length == 0 || length < afi_length ||
+      (aor->type != IPAddressOrRange_addressPrefix &&
+       aor->type != IPAddressOrRange_addressRange))
+    return 0;
+  extract_min_max(aor, min, max, afi_length);
+  return afi_length;
+}
+/*
+ * Sort comparision function for a sequence of IPAddressFamily.
+ *
+ * The last paragraph of RFC 3779 2.2.3.3 is slightly ambiguous about
+ * the ordering: I can read it as meaning that IPv6 without a SAFI
+ * comes before IPv4 with a SAFI, which seems pretty weird.  The
+ * examples in appendix B suggest that the author intended the
+ * null-SAFI rule to apply only within a single AFI, which is what I
+ * would have expected and is what the following code implements.
+ */
+static int IPAddressFamily_cmp(const IPAddressFamily * const *a_,
+                               const IPAddressFamily * const *b_)
+{
+  const ASN1_OCTET_STRING *a = (*a_)->addressFamily;
+  const ASN1_OCTET_STRING *b = (*b_)->addressFamily;
+  int len = ((a->length <= b->length) ? a->length : b->length);
+  int cmp = memcmp(a->data, b->data, len);
+  return cmp ? cmp : a->length - b->length;
+}
+/*
+ * Check whether an IPAddrBLocks is in canonical form.
+ */
+int v3_addr_is_canonical(IPAddrBlocks *addr)
+{
+  unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
+  unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
+  IPAddressOrRanges *aors;
+  int i, j, k;
+  /*
+   * Empty extension is cannonical.
+   */
+  if (addr == NULL)
+    return 1;
+  /*
+   * Check whether the top-level list is in order.
+   */
+  for (i = 0; i < sk_IPAddressFamily_num(addr) - 1; i++) {
+    const IPAddressFamily *a = sk_IPAddressFamily_value(addr, i);
+    const IPAddressFamily *b = sk_IPAddressFamily_value(addr, i + 1);
+    if (IPAddressFamily_cmp(&a, &b) >= 0)
+      return 0;
+  }
+  /*
+   * Top level's ok, now check each address family.
+   */
+  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+    IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+    int length = length_from_afi(v3_addr_get_afi(f));
+    /*
+     * Inheritance is canonical.  Anything other than inheritance or
+     * a SEQUENCE OF IPAddressOrRange is an ASN.1 error or something.
+     */
+    if (f == NULL || f->ipAddressChoice == NULL)
+      return 0;
+    switch (f->ipAddressChoice->type) {
+    case IPAddressChoice_inherit:
+      continue;
+    case IPAddressChoice_addressesOrRanges:
+      break;
+    default:
+      return 0;
+    }
+    /*
+     * It's an IPAddressOrRanges sequence, check it.
+     */
+    aors = f->ipAddressChoice->u.addressesOrRanges;
+    if (sk_IPAddressOrRange_num(aors) == 0)
+      return 0;
+    for (j = 0; j < sk_IPAddressOrRange_num(aors) - 1; j++) {
+      IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
+      IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1);
+      extract_min_max(a, a_min, a_max, length);
+      extract_min_max(b, b_min, b_max, length);
+      /*
+       * Punt misordered list, overlapping start, or inverted range.
+       */
+      if (memcmp(a_min, b_min, length) >= 0 ||
+          memcmp(a_min, a_max, length) > 0 ||
+          memcmp(b_min, b_max, length) > 0)
+        return 0;
+      /*
+       * Punt if adjacent or overlapping.  Check for adjacency by
+       * subtracting one from b_min first.
+       */
+      for (k = length - 1; k >= 0 && b_min[k]-- == 0x00; k--)
+        ;
+      if (memcmp(a_max, b_min, length) >= 0)
+        return 0;
+      /*
+       * Check for range that should be expressed as a prefix.
+       */
+      if (a->type == IPAddressOrRange_addressRange &&
+          range_should_be_prefix(a_min, a_max, length) >= 0)
+        return 0;
+    }
+    /*
+     * Check final range to see if it should be a prefix.
+     */
+    j = sk_IPAddressOrRange_num(aors) - 1;
+    {
+      IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
+      if (a->type == IPAddressOrRange_addressRange) {
+        extract_min_max(a, a_min, a_max, length);
+        if (range_should_be_prefix(a_min, a_max, length) >= 0)
+          return 0;
+      }
+    }
+  }
+  /*
+   * If we made it through all that, we're happy.
+   */
+  return 1;
+}
+/*
+ * Whack an IPAddressOrRanges into canonical form.
+ */
+static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
+                                      const unsigned afi)
+{
+  int i, j, length = length_from_afi(afi);
+  /*
+   * Sort the IPAddressOrRanges sequence.
+   */
+  sk_IPAddressOrRange_sort(aors);
+  /*
+   * Clean up representation issues, punt on duplicates or overlaps.
+   */
+  for (i = 0; i < sk_IPAddressOrRange_num(aors) - 1; i++) {
+    IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, i);
+    IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, i + 1);
+    unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
+    unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
+    extract_min_max(a, a_min, a_max, length);
+    extract_min_max(b, b_min, b_max, length);
+    /*
+     * Punt overlaps.
+     */
+    if (memcmp(a_max, b_min, length) >= 0)
+      return 0;
+    /*
+     * Merge if a and b are adjacent.  We check for
+     * adjacency by subtracting one from b_min first.
+     */
+    for (j = length - 1; j >= 0 && b_min[j]-- == 0x00; j--)
+      ;
+    if (memcmp(a_max, b_min, length) == 0) {
+      IPAddressOrRange *merged;
+      if (!make_addressRange(&merged, a_min, b_max, length))
+        return 0;
+      sk_IPAddressOrRange_set(aors, i, merged);
+      sk_IPAddressOrRange_delete(aors, i + 1);
+      IPAddressOrRange_free(a);
+      IPAddressOrRange_free(b);
+      --i;
+      continue;
+    }
+  }
+  return 1;
+}
+/*
+ * Whack an IPAddrBlocks extension into canonical form.
+ */
+int v3_addr_canonize(IPAddrBlocks *addr)
+{
+  int i;
+  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+    IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+    if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
+        !IPAddressOrRanges_canonize(f->ipAddressChoice->u.addressesOrRanges,
+                                    v3_addr_get_afi(f)))
+      return 0;
+  }
+  sk_IPAddressFamily_sort(addr);
+  assert(v3_addr_is_canonical(addr));
+  return 1;
+}
+/*
+ * v2i handler for the IPAddrBlocks extension.
+ */
+static void *v2i_IPAddrBlocks(struct v3_ext_method *method,
+                              struct v3_ext_ctx *ctx,
+                              STACK_OF(CONF_VALUE) *values)
+{
+  static const char v4addr_chars[] = "0123456789.";
+  static const char v6addr_chars[] = "0123456789.:abcdefABCDEF";
+  IPAddrBlocks *addr = NULL;
+  char *s = NULL, *t;
+  int i;
+  
+  if ((addr = sk_IPAddressFamily_new(IPAddressFamily_cmp)) == NULL) {
+    X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+    return NULL;
+  }
+  for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+    CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
+    unsigned char min[ADDR_RAW_BUF_LEN], max[ADDR_RAW_BUF_LEN];
+    unsigned afi, *safi = NULL, safi_;
+    const char *addr_chars;
+    int prefixlen, i1, i2, delim, length;
+    if (       !name_cmp(val->name, "IPv4")) {
+      afi = IANA_AFI_IPV4;
+    } else if (!name_cmp(val->name, "IPv6")) {
+      afi = IANA_AFI_IPV6;
+    } else if (!name_cmp(val->name, "IPv4-SAFI")) {
+      afi = IANA_AFI_IPV4;
+      safi = &safi_;
+    } else if (!name_cmp(val->name, "IPv6-SAFI")) {
+      afi = IANA_AFI_IPV6;
+      safi = &safi_;
+    } else {
+      X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_NAME_ERROR);
+      X509V3_conf_err(val);
+      goto err;
+    }
+    switch (afi) {
+    case IANA_AFI_IPV4:
+      addr_chars = v4addr_chars;
+      break;
+    case IANA_AFI_IPV6:
+      addr_chars = v6addr_chars;
+      break;
+    }
+    length = length_from_afi(afi);
+    /*
+     * Handle SAFI, if any, and BUF_strdup() so we can null-terminate
+     * the other input values.
+     */
+    if (safi != NULL) {
+      *safi = strtoul(val->value, &t, 0);
+      t += strspn(t, " \t");
+      if (*safi > 0xFF || *t++ != ':') {
+        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_SAFI);
+        X509V3_conf_err(val);
+        goto err;
+      }
+      t += strspn(t, " \t");
+      s = BUF_strdup(t);
+    } else {
+      s = BUF_strdup(val->value);
+    }
+    if (s == NULL) {
+      X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+      goto err;
+    }
+    /*
+     * Check for inheritance.  Not worth additional complexity to
+     * optimize this (seldom-used) case.
+     */
+    if (!strcmp(s, "inherit")) {
+      if (!v3_addr_add_inherit(addr, afi, safi)) {
+        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_INHERITANCE);
+        X509V3_conf_err(val);
+        goto err;
+      }
+      OPENSSL_free(s);
+      s = NULL;
+      continue;
+    }
+    i1 = strspn(s, addr_chars);
+    i2 = i1 + strspn(s + i1, " \t");
+    delim = s[i2++];
+    s[i1] = '\0';
+    if (a2i_ipadd(min, s) != length) {
+      X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS);
+      X509V3_conf_err(val);
+      goto err;
+    }
+    switch (delim) {
+    case '/':
+      prefixlen = (int) strtoul(s + i2, &t, 10);
+      if (t == s + i2 || *t != '\0') {
+        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);
+        X509V3_conf_err(val);
+        goto err;
+      }
+      if (!v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) {
+        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+        goto err;
+      }
+      break;
+    case '-':
+      i1 = i2 + strspn(s + i2, " \t");
+      i2 = i1 + strspn(s + i1, addr_chars);
+      if (i1 == i2 || s[i2] != '\0') {
+        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);
+        X509V3_conf_err(val);
+        goto err;
+      }
+      if (a2i_ipadd(max, s + i1) != length) {
+        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS);
+        X509V3_conf_err(val);
+        goto err;
+      }
+      if (!v3_addr_add_range(addr, afi, safi, min, max)) {
+        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+        goto err;
+      }
+      break;
+    case '\0':
+      if (!v3_addr_add_prefix(addr, afi, safi, min, length * 8)) {
+        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+        goto err;
+      }
+      break;
+    default:
+      X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);
+      X509V3_conf_err(val);
+      goto err;
+    }
+    OPENSSL_free(s);
+    s = NULL;
+  }
+  /*
+   * Canonize the result, then we're done.
+   */
+  if (!v3_addr_canonize(addr))
+    goto err;    
+  return addr;
+ err:
+  OPENSSL_free(s);
+  sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free);
+  return NULL;
+}
+/*
+ * OpenSSL dispatch
+ */
+const X509V3_EXT_METHOD v3_addr = {
+  NID_sbgp_ipAddrBlock,         /* nid */
+  0,                            /* flags */
+  ASN1_ITEM_ref(IPAddrBlocks),  /* template */
+  0, 0, 0, 0,                   /* old functions, ignored */
+  0,                            /* i2s */
+  0,                            /* s2i */
+  0,                            /* i2v */
+  v2i_IPAddrBlocks,             /* v2i */
+  i2r_IPAddrBlocks,             /* i2r */
+  0,                            /* r2i */
+  NULL                          /* extension-specific data */
+};
+/*
+ * Figure out whether extension sues inheritance.
+ */
+int v3_addr_inherits(IPAddrBlocks *addr)
+{
+  int i;
+  if (addr == NULL)
+    return 0;
+  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+    IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+    if (f->ipAddressChoice->type == IPAddressChoice_inherit)
+      return 1;
+  }
+  return 0;
+}
+/*
+ * Figure out whether parent contains child.
+ */
+static int addr_contains(IPAddressOrRanges *parent,
+                         IPAddressOrRanges *child,
+                         int length)
+{
+  unsigned char p_min[ADDR_RAW_BUF_LEN], p_max[ADDR_RAW_BUF_LEN];
+  unsigned char c_min[ADDR_RAW_BUF_LEN], c_max[ADDR_RAW_BUF_LEN];
+  int p, c;
+  if (child == NULL || parent == child)
+    return 1;
+  if (parent == NULL)
+    return 0;
+  p = 0;
+  for (c = 0; c < sk_IPAddressOrRange_num(child); c++) {
+    extract_min_max(sk_IPAddressOrRange_value(child, c),
+                    c_min, c_max, length);
+    for (;; p++) {
+      if (p >= sk_IPAddressOrRange_num(parent))
+        return 0;
+      extract_min_max(sk_IPAddressOrRange_value(parent, p),
+                      p_min, p_max, length);
+      if (memcmp(p_max, c_max, length) < 0)
+        continue;
+      if (memcmp(p_min, c_min, length) > 0)
+        return 0;
+      break;
+    }
+  }
+  return 1;
+}
+/*
+ * Test whether a is a subset of b.
+ */
+int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
+{
+  int i;
+  if (a == NULL || a == b)
+    return 1;
+  if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b))
+    return 0;
+  sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp);
+  for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
+    IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
+    int j = sk_IPAddressFamily_find(b, fa);
+    IPAddressFamily *fb = sk_IPAddressFamily_value(b, j);
+    if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, 
+                       fa->ipAddressChoice->u.addressesOrRanges,
+                       length_from_afi(v3_addr_get_afi(fb))))
+      return 0;
+  }
+  return 1;
+}
+/*
+ * Validation error handling via callback.
+ */
+#define validation_err(_err_)           \
+  do {                                  \
+    if (ctx != NULL) {                  \
+      ctx->error = _err_;               \
+      ctx->error_depth = i;             \
+      ctx->current_cert = x;            \
+      ret = ctx->verify_cb(0, ctx);     \
+    } else {                            \
+      ret = 0;                          \
+    }                                   \
+    if (!ret)                           \
+      goto done;                        \
+  } while (0)
+/*
+ * Core code for RFC 3779 2.3 path validation.
+ */
+static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
+                                          STACK_OF(X509) *chain,
+                                          IPAddrBlocks *ext)
+{
+  IPAddrBlocks *child = NULL;
+  int i, j, ret = 1;
+  X509 *x = NULL;
+  assert(chain != NULL && sk_X509_num(chain) > 0);
+  assert(ctx != NULL || ext != NULL);
+  assert(ctx == NULL || ctx->verify_cb != NULL);
+  /*
+   * Figure out where to start.  If we don't have an extension to
+   * check, we're done.  Otherwise, check canonical form and
+   * set up for walking up the chain.
+   */
+  if (ext != NULL) {
+    i = -1;
+  } else {
+    i = 0;
+    x = sk_X509_value(chain, i);
+    assert(x != NULL);
+    if ((ext = x->rfc3779_addr) == NULL)
+      goto done;
+  }
+  if (!v3_addr_is_canonical(ext))
+    validation_err(X509_V_ERR_INVALID_EXTENSION);
+  sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp);
+  if ((child = sk_IPAddressFamily_dup(ext)) == NULL) {
+    X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE);
+    ret = 0;
+    goto done;
+  }
+  /*
+   * Now walk up the chain.  No cert may list resources that its
+   * parent doesn't list.
+   */
+  for (i++; i < sk_X509_num(chain); i++) {
+    x = sk_X509_value(chain, i);
+    assert(x != NULL);
+    if (!v3_addr_is_canonical(x->rfc3779_addr))
+      validation_err(X509_V_ERR_INVALID_EXTENSION);
+    if (x->rfc3779_addr == NULL) {
+      for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
+        IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
+        if (fc->ipAddressChoice->type != IPAddressChoice_inherit) {
+          validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+          break;
+        }
+      }
+      continue;
+    }
+    sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp);
+    for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
+      IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
+      int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc);
+      IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, k);
+      if (fp == NULL) {
+        if (fc->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) {
+          validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+          break;
+        }
+        continue;
+      }
+      if (fp->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) {
+        if (fc->ipAddressChoice->type == IPAddressChoice_inherit ||
+            addr_contains(fp->ipAddressChoice->u.addressesOrRanges, 
+                          fc->ipAddressChoice->u.addressesOrRanges,
+                          length_from_afi(v3_addr_get_afi(fc))))
+          sk_IPAddressFamily_set(child, j, fp);
+        else
+          validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+      }
+    }
+  }
+  /*
+   * Trust anchor can't inherit.
+   */
+  if (x->rfc3779_addr != NULL) {
+    for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) {
+      IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, j);
+      if (fp->ipAddressChoice->type == IPAddressChoice_inherit &&
+          sk_IPAddressFamily_find(child, fp) >= 0)
+        validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+    }
+  }
+ done:
+  sk_IPAddressFamily_free(child);
+  return ret;
+}
+#undef validation_err
+/*
+ * RFC 3779 2.3 path validation -- called from X509_verify_cert().
+ */
+int v3_addr_validate_path(X509_STORE_CTX *ctx)
+{
+  return v3_addr_validate_path_internal(ctx, ctx->chain, NULL);
+}
+/*
+ * RFC 3779 2.3 path validation of an extension.
+ * Test whether chain covers extension.
+ */
+int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
+                                  IPAddrBlocks *ext,
+                                  int allow_inheritance)
+{
+  if (ext == NULL)
+    return 1;
+  if (chain == NULL || sk_X509_num(chain) == 0)
+    return 0;
+  if (!allow_inheritance && v3_addr_inherits(ext))
+    return 0;
+  return v3_addr_validate_path_internal(NULL, chain, ext);
+}
+#endif /* OPENSSL_NO_RFC3779 */
diff --git a/src/lib/libcrypto/x509v3/v3_akey.c b/src/lib/libcrypto/x509v3/v3_akey.c
index ac0548b775..97e686f97a 100644
--- a/src/lib/libcrypto/x509v3/v3_akey.c
+++ b/src/lib/libcrypto/x509v3/v3_akey.c
@@ -68,17 +68,15 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
 static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
                        X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
-const X509V3_EXT_METHOD v3_akey_id =
+X509V3_EXT_METHOD v3_akey_id = {
-        {
+NID_authority_key_identifier, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
-        NID_authority_key_identifier,
+0,0,0,0,
-        X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
+0,0,
-        0,0,0,0,
+(X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
-        0,0,
+(X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
-        (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
+0,0,
-        (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
+NULL
-        0,0,
+};
-        NULL
-        };
 static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
             AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist)
@@ -110,99 +108,83 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
 static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
             X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
-        {
+{
-        char keyid=0, issuer=0;
+char keyid=0, issuer=0;
-        int i;
+int i;
-        CONF_VALUE *cnf;
+CONF_VALUE *cnf;
-        ASN1_OCTET_STRING *ikeyid = NULL;
+ASN1_OCTET_STRING *ikeyid = NULL;
-        X509_NAME *isname = NULL;
+X509_NAME *isname = NULL;
-        GENERAL_NAMES * gens = NULL;
+GENERAL_NAMES * gens = NULL;
-        GENERAL_NAME *gen = NULL;
+GENERAL_NAME *gen = NULL;
-        ASN1_INTEGER *serial = NULL;
+ASN1_INTEGER *serial = NULL;
-        X509_EXTENSION *ext;
+X509_EXTENSION *ext;
-        X509 *cert;
+X509 *cert;
-        AUTHORITY_KEYID *akeyid;
+AUTHORITY_KEYID *akeyid;
+for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
-        for(i = 0; i < sk_CONF_VALUE_num(values); i++)
+        cnf = sk_CONF_VALUE_value(values, i);
-                {
+        if(!strcmp(cnf->name, "keyid")) {
-                cnf = sk_CONF_VALUE_value(values, i);
+                keyid = 1;
-                if(!strcmp(cnf->name, "keyid"))
+                if(cnf->value && !strcmp(cnf->value, "always")) keyid = 2;
-                        {
+        } else if(!strcmp(cnf->name, "issuer")) {
-                        keyid = 1;
+                issuer = 1;
-                        if(cnf->value && !strcmp(cnf->value, "always"))
+                if(cnf->value && !strcmp(cnf->value, "always")) issuer = 2;
-                                keyid = 2;
+        } else {
-                        }
+                X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION);
-                else if(!strcmp(cnf->name, "issuer"))
+                ERR_add_error_data(2, "name=", cnf->name);
-                        {
-                        issuer = 1;
-                        if(cnf->value && !strcmp(cnf->value, "always"))
-                                issuer = 2;
-                        }
-                else
-                        {
-                        X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION);
-                        ERR_add_error_data(2, "name=", cnf->name);
-                        return NULL;
-                        }
-                }
-        if(!ctx || !ctx->issuer_cert)
-                {
-                if(ctx && (ctx->flags==CTX_TEST))
-                        return AUTHORITY_KEYID_new();
-                X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE);
                return NULL;
-                }
+        }
+}
-        cert = ctx->issuer_cert;
+if(!ctx || !ctx->issuer_cert) {
-        if(keyid)
+        if(ctx && (ctx->flags==CTX_TEST)) return AUTHORITY_KEYID_new();
-                {
+        X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE);
-                i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
-                if((i >= 0)  && (ext = X509_get_ext(cert, i)))
-                        ikeyid = X509V3_EXT_d2i(ext);
-                if(keyid==2 && !ikeyid)
-                        {
-                        X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
-                        return NULL;
-                        }
-                }
-        if((issuer && !ikeyid) || (issuer == 2))
-                {
-                isname = X509_NAME_dup(X509_get_issuer_name(cert));
-                serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
-                if(!isname || !serial)
-                        {
-                        X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
-                        goto err;
-                        }
-                }
-        if(!(akeyid = AUTHORITY_KEYID_new())) goto err;
-        if(isname)
-                {
-                if(!(gens = sk_GENERAL_NAME_new_null())
-                        || !(gen = GENERAL_NAME_new())
-                        || !sk_GENERAL_NAME_push(gens, gen))
-                        {
-                        X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE);
-                        goto err;
-                        }
-                gen->type = GEN_DIRNAME;
-                gen->d.dirn = isname;
-                }
-        akeyid->issuer = gens;
-        akeyid->serial = serial;
-        akeyid->keyid = ikeyid;
-        return akeyid;
- err:
-        X509_NAME_free(isname);
-        M_ASN1_INTEGER_free(serial);
-        M_ASN1_OCTET_STRING_free(ikeyid);
        return NULL;
+}
+cert = ctx->issuer_cert;
+if(keyid) {
+        i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
+        if((i >= 0)  && (ext = X509_get_ext(cert, i)))
+                                                 ikeyid = X509V3_EXT_d2i(ext);
+        if(keyid==2 && !ikeyid) {
+                X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
+                return NULL;
+        }
+}
+if((issuer && !ikeyid) || (issuer == 2)) {
+        isname = X509_NAME_dup(X509_get_issuer_name(cert));
+        serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
+        if(!isname || !serial) {
+                X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
+                goto err;
        }
+}
+if(!(akeyid = AUTHORITY_KEYID_new())) goto err;
+if(isname) {
+        if(!(gens = sk_GENERAL_NAME_new_null()) || !(gen = GENERAL_NAME_new())
+                || !sk_GENERAL_NAME_push(gens, gen)) {
+                X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+        gen->type = GEN_DIRNAME;
+        gen->d.dirn = isname;
+}
+akeyid->issuer = gens;
+akeyid->serial = serial;
+akeyid->keyid = ikeyid;
+return akeyid;
+err:
+X509_NAME_free(isname);
+M_ASN1_INTEGER_free(serial);
+M_ASN1_OCTET_STRING_free(ikeyid);
+return NULL;
+}
diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c
index bb2f5bc54e..58b935a3b6 100644
--- a/src/lib/libcrypto/x509v3/v3_alt.c
+++ b/src/lib/libcrypto/x509v3/v3_alt.c
@@ -1,9 +1,9 @@
 /* v3_alt.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project.
+ * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -65,10 +65,7 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx
 static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
 static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
-static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
+X509V3_EXT_METHOD v3_alt[] = {
-static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
-const X509V3_EXT_METHOD v3_alt[] = {
 { NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
 0,0,0,0,
 0,0,
@@ -101,8 +98,7 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
                                GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret)
 {
        unsigned char *p;
-        char oline[256], htmp[5];
+        char oline[256];
-        int i;
        switch (gen->type)
        {
                case GEN_OTHERNAME:
@@ -136,27 +132,13 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
                case GEN_IPADD:
                p = gen->d.ip->data;
-                if(gen->d.ip->length == 4)
+                /* BUG: doesn't support IPV6 */
-                        BIO_snprintf(oline, sizeof oline,
+                if(gen->d.ip->length != 4) {
-                                     "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
-                else if(gen->d.ip->length == 16)
-                        {
-                        oline[0] = 0;
-                        for (i = 0; i < 8; i++)
-                                {
-                                BIO_snprintf(htmp, sizeof htmp,
-                                             "%X", p[0] << 8 | p[1]);
-                                p += 2;
-                                strcat(oline, htmp);
-                                if (i != 7)
-                                        strcat(oline, ":");
-                                }
-                        }
-                else
-                        {
                        X509V3_add_value("IP Address","<invalid>", &ret);
                        break;
-                        }
+                }
+                BIO_snprintf(oline, sizeof oline,
+                             "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
                X509V3_add_value("IP Address",oline, &ret);
                break;
@@ -171,7 +153,6 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
 int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
 {
        unsigned char *p;
-        int i;
        switch (gen->type)
        {
                case GEN_OTHERNAME:
@@ -206,24 +187,12 @@ int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
                case GEN_IPADD:
                p = gen->d.ip->data;
-                if(gen->d.ip->length == 4)
+                /* BUG: doesn't support IPV6 */
-                        BIO_printf(out, "IP Address:%d.%d.%d.%d",
+                if(gen->d.ip->length != 4) {
-                                                p[0], p[1], p[2], p[3]);
-                else if(gen->d.ip->length == 16)
-                        {
-                        BIO_printf(out, "IP Address");
-                        for (i = 0; i < 8; i++)
-                                {
-                                BIO_printf(out, ":%X", p[0] << 8 | p[1]);
-                                p += 2;
-                                }
-                        BIO_puts(out, "\n");
-                        }
-                else
-                        {
                        BIO_printf(out,"IP Address:<invalid>");
                        break;
-                        }
+                }
+                BIO_printf(out, "IP Address:%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
                break;
                case GEN_RID:
@@ -241,7 +210,7 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
        CONF_VALUE *cnf;
        int i;
        if(!(gens = sk_GENERAL_NAME_new_null())) {
-                X509V3err(X509V3_F_V2I_ISSUER_ALT,ERR_R_MALLOC_FAILURE);
+                X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
                return NULL;
        }
        for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
@@ -306,7 +275,7 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
        CONF_VALUE *cnf;
        int i;
        if(!(gens = sk_GENERAL_NAME_new_null())) {
-                X509V3err(X509V3_F_V2I_SUBJECT_ALT,ERR_R_MALLOC_FAILURE);
+                X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
                return NULL;
        }
        for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
@@ -341,8 +310,7 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
        X509_NAME_ENTRY *ne;
        GENERAL_NAME *gen = NULL;
        int i;
-        if(ctx != NULL && ctx->flags == CTX_TEST)
+        if(ctx->flags == CTX_TEST) return 1;
-                return 1;
        if(!ctx || (!ctx->subject_cert && !ctx->subject_req)) {
                X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS);
                goto err;
@@ -410,172 +378,81 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
 GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
                                                         CONF_VALUE *cnf)
-        {
+{
-        return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0);
+char is_string = 0;
-        }
+int type;
+GENERAL_NAME *gen = NULL;
-GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
-                                X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-                                                 CONF_VALUE *cnf, int is_nc)
-        {
-        char is_string = 0;
-        int type;
-        GENERAL_NAME *gen = NULL;
-        char *name, *value;
+char *name, *value;
-        name = cnf->name;
+name = cnf->name;
-        value = cnf->value;
+value = cnf->value;
-        if(!value)
+if(!value) {
-                {
+        X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_MISSING_VALUE);
-                X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_MISSING_VALUE);
+        return NULL;
-                return NULL;
+}
-                }
-        if (out)
+if(!(gen = GENERAL_NAME_new())) {
-                gen = out;
+        X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
-        else
+        return NULL;
-                {
+}
-                gen = GENERAL_NAME_new();
-                if(gen == NULL)
-                        {
-                        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE);
-                        return NULL;
-                        }
-                }
-        if(!name_cmp(name, "email"))
+if(!name_cmp(name, "email")) {
-                {
+        is_string = 1;
-                is_string = 1;
+        type = GEN_EMAIL;
-                type = GEN_EMAIL;
+} else if(!name_cmp(name, "URI")) {
-                }
+        is_string = 1;
-        else if(!name_cmp(name, "URI"))
+        type = GEN_URI;
-                {
+} else if(!name_cmp(name, "DNS")) {
-                is_string = 1;
+        is_string = 1;
-                type = GEN_URI;
+        type = GEN_DNS;
-                }
+} else if(!name_cmp(name, "RID")) {
-        else if(!name_cmp(name, "DNS"))
+        ASN1_OBJECT *obj;
-                {
+        if(!(obj = OBJ_txt2obj(value,0))) {
-                is_string = 1;
+                X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_OBJECT);
-                type = GEN_DNS;
+                ERR_add_error_data(2, "value=", value);
-                }
-        else if(!name_cmp(name, "RID"))
-                {
-                ASN1_OBJECT *obj;
-                if(!(obj = OBJ_txt2obj(value,0)))
-                        {
-                        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_OBJECT);
-                        ERR_add_error_data(2, "value=", value);
-                        goto err;
-                        }
-                gen->d.rid = obj;
-                type = GEN_RID;
-                }
-        else if(!name_cmp(name, "IP"))
-                {
-                if (is_nc)
-                        gen->d.ip = a2i_IPADDRESS_NC(value);
-                else
-                        gen->d.ip = a2i_IPADDRESS(value);
-                if(gen->d.ip == NULL)
-                        {
-                        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_IP_ADDRESS);
-                        ERR_add_error_data(2, "value=", value);
-                        goto err;
-                        }
-                type = GEN_IPADD;
-                }
-        else if(!name_cmp(name, "dirName"))
-                {
-                type = GEN_DIRNAME;
-                if (!do_dirname(gen, value, ctx))
-                        {
-                        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_DIRNAME_ERROR);
-                        goto err;
-                        }
-                }
-        else if(!name_cmp(name, "otherName"))
-                {
-                if (!do_othername(gen, value, ctx))
-                        {
-                        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_OTHERNAME_ERROR);
-                        goto err;
-                        }
-                type = GEN_OTHERNAME;
-                }
-        else
-                {
-                X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_UNSUPPORTED_OPTION);
-                ERR_add_error_data(2, "name=", name);
                goto err;
-                }
+        }
+        gen->d.rid = obj;
-        if(is_string)
+        type = GEN_RID;
-                {
+} else if(!name_cmp(name, "IP")) {
-                if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) ||
+        int i1,i2,i3,i4;
-                              !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
+        unsigned char ip[4];
-                                               strlen(value)))
+        if((sscanf(value, "%d.%d.%d.%d",&i1,&i2,&i3,&i4) != 4) ||
-                        {
+            (i1 < 0) || (i1 > 255) || (i2 < 0) || (i2 > 255) ||
-                        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE);
+            (i3 < 0) || (i3 > 255) || (i4 < 0) || (i4 > 255) ) {
+                X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS);
+                ERR_add_error_data(2, "value=", value);
+                goto err;
+        }
+        ip[0] = i1; ip[1] = i2 ; ip[2] = i3 ; ip[3] = i4;
+        if(!(gen->d.ip = M_ASN1_OCTET_STRING_new()) ||
+                !ASN1_STRING_set(gen->d.ip, ip, 4)) {
+                        X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
                        goto err;
-                        }
-                }
-        gen->type = type;
-        return gen;
-        err:
-        GENERAL_NAME_free(gen);
-        return NULL;
        }
+        type = GEN_IPADD;
+} else {
+        X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_OPTION);
+        ERR_add_error_data(2, "name=", name);
+        goto err;
+}
-static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
+if(is_string) {
-        {
+        if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) ||
-        char *objtmp = NULL, *p;
+                      !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
-        int objlen;
+                                       strlen(value))) {
-        if (!(p = strchr(value, ';')))
+                X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
-                return 0;
+                goto err;
-        if (!(gen->d.otherName = OTHERNAME_new()))
-                return 0;
-        /* Free this up because we will overwrite it.
-         * no need to free type_id because it is static
-         */
-        ASN1_TYPE_free(gen->d.otherName->value);
-        if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx)))
-                return 0;
-        objlen = p - value;
-        objtmp = OPENSSL_malloc(objlen + 1);
-        strncpy(objtmp, value, objlen);
-        objtmp[objlen] = 0;
-        gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0);
-        OPENSSL_free(objtmp);   
-        if (!gen->d.otherName->type_id)
-                return 0;
-        return 1;
        }
+}
-static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
+gen->type = type;
-        {
-        int ret;
+return gen;
-        STACK_OF(CONF_VALUE) *sk;
-        X509_NAME *nm;
+err:
-        if (!(nm = X509_NAME_new()))
+GENERAL_NAME_free(gen);
-                return 0;
+return NULL;
-        sk = X509V3_get_section(ctx, value);
+}
-        if (!sk)
-                {
-                X509V3err(X509V3_F_DO_DIRNAME,X509V3_R_SECTION_NOT_FOUND);
-                ERR_add_error_data(2, "section=", value);
-                X509_NAME_free(nm);
-                return 0;
-                }
-        /* FIXME: should allow other character types... */
-        ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC);
-        if (!ret)
-                X509_NAME_free(nm);
-        gen->d.dirn = nm;
-                
-        return ret;
-        }
diff --git a/src/lib/libcrypto/x509v3/v3_asid.c b/src/lib/libcrypto/x509v3/v3_asid.c
new file mode 100644
index 0000000000..271930f967
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3_asid.c
@@ -0,0 +1,842 @@
+/*
+ * Contributed to the OpenSSL Project by the American Registry for
+ * Internet Numbers ("ARIN").
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ */
+/*
+ * Implementation of RFC 3779 section 3.2.
+ */
+#include <stdio.h>
+#include <string.h>
+#include <assert.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include <openssl/x509.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_RFC3779
+/*
+ * OpenSSL ASN.1 template translation of RFC 3779 3.2.3.
+ */
+ASN1_SEQUENCE(ASRange) = {
+  ASN1_SIMPLE(ASRange, min, ASN1_INTEGER),
+  ASN1_SIMPLE(ASRange, max, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(ASRange)
+ASN1_CHOICE(ASIdOrRange) = {
+  ASN1_SIMPLE(ASIdOrRange, u.id,    ASN1_INTEGER),
+  ASN1_SIMPLE(ASIdOrRange, u.range, ASRange)
+} ASN1_CHOICE_END(ASIdOrRange)
+ASN1_CHOICE(ASIdentifierChoice) = {
+  ASN1_SIMPLE(ASIdentifierChoice,      u.inherit,       ASN1_NULL),
+  ASN1_SEQUENCE_OF(ASIdentifierChoice, u.asIdsOrRanges, ASIdOrRange)
+} ASN1_CHOICE_END(ASIdentifierChoice)
+ASN1_SEQUENCE(ASIdentifiers) = {
+  ASN1_EXP_OPT(ASIdentifiers, asnum, ASIdentifierChoice, 0),
+  ASN1_EXP_OPT(ASIdentifiers, rdi,   ASIdentifierChoice, 1)
+} ASN1_SEQUENCE_END(ASIdentifiers)
+IMPLEMENT_ASN1_FUNCTIONS(ASRange)
+IMPLEMENT_ASN1_FUNCTIONS(ASIdOrRange)
+IMPLEMENT_ASN1_FUNCTIONS(ASIdentifierChoice)
+IMPLEMENT_ASN1_FUNCTIONS(ASIdentifiers)
+/*
+ * i2r method for an ASIdentifierChoice.
+ */
+static int i2r_ASIdentifierChoice(BIO *out,
+                                  ASIdentifierChoice *choice,
+                                  int indent,
+                                  const char *msg)
+{
+  int i;
+  char *s;
+  if (choice == NULL)
+    return 1;
+  BIO_printf(out, "%*s%s:\n", indent, "", msg);
+  switch (choice->type) {
+  case ASIdentifierChoice_inherit:
+    BIO_printf(out, "%*sinherit\n", indent + 2, "");
+    break;
+  case ASIdentifierChoice_asIdsOrRanges:
+    for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges); i++) {
+      ASIdOrRange *aor = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+      switch (aor->type) {
+      case ASIdOrRange_id:
+        if ((s = i2s_ASN1_INTEGER(NULL, aor->u.id)) == NULL)
+          return 0;
+        BIO_printf(out, "%*s%s\n", indent + 2, "", s);
+        OPENSSL_free(s);
+        break;
+      case ASIdOrRange_range:
+        if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->min)) == NULL)
+          return 0;
+        BIO_printf(out, "%*s%s-", indent + 2, "", s);
+        OPENSSL_free(s);
+        if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->max)) == NULL)
+          return 0;
+        BIO_printf(out, "%s\n", s);
+        OPENSSL_free(s);
+        break;
+      default:
+        return 0;
+      }
+    }
+    break;
+  default:
+    return 0;
+  }
+  return 1;
+}
+/*
+ * i2r method for an ASIdentifier extension.
+ */
+static int i2r_ASIdentifiers(X509V3_EXT_METHOD *method,
+                             void *ext,
+                             BIO *out,
+                             int indent)
+{
+  ASIdentifiers *asid = ext;
+  return (i2r_ASIdentifierChoice(out, asid->asnum, indent,
+                                 "Autonomous System Numbers") &&
+          i2r_ASIdentifierChoice(out, asid->rdi, indent,
+                                 "Routing Domain Identifiers"));
+}
+/*
+ * Sort comparision function for a sequence of ASIdOrRange elements.
+ */
+static int ASIdOrRange_cmp(const ASIdOrRange * const *a_,
+                           const ASIdOrRange * const *b_)
+{
+  const ASIdOrRange *a = *a_, *b = *b_;
+  assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
+         (a->type == ASIdOrRange_range && a->u.range != NULL &&
+          a->u.range->min != NULL && a->u.range->max != NULL));
+  assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
+         (b->type == ASIdOrRange_range && b->u.range != NULL &&
+          b->u.range->min != NULL && b->u.range->max != NULL));
+  if (a->type == ASIdOrRange_id && b->type == ASIdOrRange_id)
+    return ASN1_INTEGER_cmp(a->u.id, b->u.id);
+  if (a->type == ASIdOrRange_range && b->type == ASIdOrRange_range) {
+    int r = ASN1_INTEGER_cmp(a->u.range->min, b->u.range->min);
+    return r != 0 ? r : ASN1_INTEGER_cmp(a->u.range->max, b->u.range->max);
+  }
+  if (a->type == ASIdOrRange_id)
+    return ASN1_INTEGER_cmp(a->u.id, b->u.range->min);
+  else
+    return ASN1_INTEGER_cmp(a->u.range->min, b->u.id);
+}
+/*
+ * Add an inherit element.
+ */
+int v3_asid_add_inherit(ASIdentifiers *asid, int which)
+{
+  ASIdentifierChoice **choice;
+  if (asid == NULL)
+    return 0;
+  switch (which) {
+  case V3_ASID_ASNUM:
+    choice = &asid->asnum;
+    break;
+  case V3_ASID_RDI:
+    choice = &asid->rdi;
+    break;
+  default:
+    return 0;
+  }
+  if (*choice == NULL) {
+    if ((*choice = ASIdentifierChoice_new()) == NULL)
+      return 0;
+    assert((*choice)->u.inherit == NULL);
+    if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)
+      return 0;
+    (*choice)->type = ASIdentifierChoice_inherit;
+  }
+  return (*choice)->type == ASIdentifierChoice_inherit;
+}
+/*
+ * Add an ID or range to an ASIdentifierChoice.
+ */
+int v3_asid_add_id_or_range(ASIdentifiers *asid,
+                            int which,
+                            ASN1_INTEGER *min,
+                            ASN1_INTEGER *max)
+{
+  ASIdentifierChoice **choice;
+  ASIdOrRange *aor;
+  if (asid == NULL)
+    return 0;
+  switch (which) {
+  case V3_ASID_ASNUM:
+    choice = &asid->asnum;
+    break;
+  case V3_ASID_RDI:
+    choice = &asid->rdi;
+    break;
+  default:
+    return 0;
+  }
+  if (*choice != NULL && (*choice)->type == ASIdentifierChoice_inherit)
+    return 0;
+  if (*choice == NULL) {
+    if ((*choice = ASIdentifierChoice_new()) == NULL)
+      return 0;
+    assert((*choice)->u.asIdsOrRanges == NULL);
+    (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
+    if ((*choice)->u.asIdsOrRanges == NULL)
+      return 0;
+    (*choice)->type = ASIdentifierChoice_asIdsOrRanges;
+  }
+  if ((aor = ASIdOrRange_new()) == NULL)
+    return 0;
+  if (max == NULL) {
+    aor->type = ASIdOrRange_id;
+    aor->u.id = min;
+  } else {
+    aor->type = ASIdOrRange_range;
+    if ((aor->u.range = ASRange_new()) == NULL)
+      goto err;
+    ASN1_INTEGER_free(aor->u.range->min);
+    aor->u.range->min = min;
+    ASN1_INTEGER_free(aor->u.range->max);
+    aor->u.range->max = max;
+  }
+  if (!(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor)))
+    goto err;
+  return 1;
+ err:
+  ASIdOrRange_free(aor);
+  return 0;
+}
+/*
+ * Extract min and max values from an ASIdOrRange.
+ */
+static void extract_min_max(ASIdOrRange *aor,
+                            ASN1_INTEGER **min,
+                            ASN1_INTEGER **max)
+{
+  assert(aor != NULL && min != NULL && max != NULL);
+  switch (aor->type) {
+  case ASIdOrRange_id:
+    *min = aor->u.id;
+    *max = aor->u.id;
+    return;
+  case ASIdOrRange_range:
+    *min = aor->u.range->min;
+    *max = aor->u.range->max;
+    return;
+  }
+}
+/*
+ * Check whether an ASIdentifierChoice is in canonical form.
+ */
+static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
+{
+  ASN1_INTEGER *a_max_plus_one = NULL;
+  BIGNUM *bn = NULL;
+  int i, ret = 0;
+  /*
+   * Empty element or inheritance is canonical.
+   */
+  if (choice == NULL || choice->type == ASIdentifierChoice_inherit)
+    return 1;
+  /*
+   * If not a list, or if empty list, it's broken.
+   */
+  if (choice->type != ASIdentifierChoice_asIdsOrRanges ||
+      sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0)
+    return 0;
+  /*
+   * It's a list, check it.
+   */
+  for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {
+    ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+    ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1);
+    ASN1_INTEGER *a_min, *a_max, *b_min, *b_max;
+    extract_min_max(a, &a_min, &a_max);
+    extract_min_max(b, &b_min, &b_max);
+    /*
+     * Punt misordered list, overlapping start, or inverted range.
+     */
+    if (ASN1_INTEGER_cmp(a_min, b_min) >= 0 ||
+        ASN1_INTEGER_cmp(a_min, a_max) > 0 ||
+        ASN1_INTEGER_cmp(b_min, b_max) > 0)
+      goto done;
+    /*
+     * Calculate a_max + 1 to check for adjacency.
+     */
+    if ((bn == NULL && (bn = BN_new()) == NULL) ||
+        ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
+        !BN_add_word(bn, 1) ||
+        (a_max_plus_one = BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
+      X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,
+                ERR_R_MALLOC_FAILURE);
+      goto done;
+    }
+    
+    /*
+     * Punt if adjacent or overlapping.
+     */
+    if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) >= 0)
+      goto done;
+  }
+  ret = 1;
+ done:
+  ASN1_INTEGER_free(a_max_plus_one);
+  BN_free(bn);
+  return ret;
+}
+/*
+ * Check whether an ASIdentifier extension is in canonical form.
+ */
+int v3_asid_is_canonical(ASIdentifiers *asid)
+{
+  return (asid == NULL ||
+          (ASIdentifierChoice_is_canonical(asid->asnum) ||
+           ASIdentifierChoice_is_canonical(asid->rdi)));
+}
+/*
+ * Whack an ASIdentifierChoice into canonical form.
+ */
+static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
+{
+  ASN1_INTEGER *a_max_plus_one = NULL;
+  BIGNUM *bn = NULL;
+  int i, ret = 0;
+  /*
+   * Nothing to do for empty element or inheritance.
+   */
+  if (choice == NULL || choice->type == ASIdentifierChoice_inherit)
+    return 1;
+  /*
+   * We have a list.  Sort it.
+   */
+  assert(choice->type == ASIdentifierChoice_asIdsOrRanges);
+  sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);
+  /*
+   * Now check for errors and suboptimal encoding, rejecting the
+   * former and fixing the latter.
+   */
+  for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {
+    ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+    ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1);
+    ASN1_INTEGER *a_min, *a_max, *b_min, *b_max;
+    extract_min_max(a, &a_min, &a_max);
+    extract_min_max(b, &b_min, &b_max);
+    /*
+     * Make sure we're properly sorted (paranoia).
+     */
+    assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
+    /*
+     * Check for overlaps.
+     */
+    if (ASN1_INTEGER_cmp(a_max, b_min) >= 0) {
+      X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+                X509V3_R_EXTENSION_VALUE_ERROR);
+      goto done;
+    }
+    /*
+     * Calculate a_max + 1 to check for adjacency.
+     */
+    if ((bn == NULL && (bn = BN_new()) == NULL) ||
+        ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
+        !BN_add_word(bn, 1) ||
+        (a_max_plus_one = BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
+      X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, ERR_R_MALLOC_FAILURE);
+      goto done;
+    }
+    
+    /*
+     * If a and b are adjacent, merge them.
+     */
+    if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) == 0) {
+      ASRange *r;
+      switch (a->type) {
+      case ASIdOrRange_id:
+        if ((r = OPENSSL_malloc(sizeof(ASRange))) == NULL) {
+          X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+                    ERR_R_MALLOC_FAILURE);
+          goto done;
+        }
+        r->min = a_min;
+        r->max = b_max;
+        a->type = ASIdOrRange_range;
+        a->u.range = r;
+        break;
+      case ASIdOrRange_range:
+        ASN1_INTEGER_free(a->u.range->max);
+        a->u.range->max = b_max;
+        break;
+      }
+      switch (b->type) {
+      case ASIdOrRange_id:
+        b->u.id = NULL;
+        break;
+      case ASIdOrRange_range:
+        b->u.range->max = NULL;
+        break;
+      }
+      ASIdOrRange_free(b);
+      sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1);
+      i--;
+      continue;
+    }
+  }
+  assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
+  ret = 1;
+ done:
+  ASN1_INTEGER_free(a_max_plus_one);
+  BN_free(bn);
+  return ret;
+}
+/*
+ * Whack an ASIdentifier extension into canonical form.
+ */
+int v3_asid_canonize(ASIdentifiers *asid)
+{
+  return (asid == NULL ||
+          (ASIdentifierChoice_canonize(asid->asnum) &&
+           ASIdentifierChoice_canonize(asid->rdi)));
+}
+/*
+ * v2i method for an ASIdentifier extension.
+ */
+static void *v2i_ASIdentifiers(struct v3_ext_method *method,
+                               struct v3_ext_ctx *ctx,
+                               STACK_OF(CONF_VALUE) *values)
+{
+  ASIdentifiers *asid = NULL;
+  int i;
+  if ((asid = ASIdentifiers_new()) == NULL) {
+    X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+    return NULL;
+  }
+  for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+    CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
+    ASN1_INTEGER *min = NULL, *max = NULL;
+    int i1, i2, i3, is_range, which;
+    /*
+     * Figure out whether this is an AS or an RDI.
+     */
+    if (       !name_cmp(val->name, "AS")) {
+      which = V3_ASID_ASNUM;
+    } else if (!name_cmp(val->name, "RDI")) {
+      which = V3_ASID_RDI;
+    } else {
+      X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_EXTENSION_NAME_ERROR);
+      X509V3_conf_err(val);
+      goto err;
+    }
+    /*
+     * Handle inheritance.
+     */
+    if (!strcmp(val->value, "inherit")) {
+      if (v3_asid_add_inherit(asid, which))
+        continue;
+      X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_INHERITANCE);
+      X509V3_conf_err(val);
+      goto err;
+    }
+    /*
+     * Number, range, or mistake, pick it apart and figure out which.
+     */
+    i1 = strspn(val->value, "0123456789");
+    if (val->value[i1] == '\0') {
+      is_range = 0;
+    } else {
+      is_range = 1;
+      i2 = i1 + strspn(val->value + i1, " \t");
+      if (val->value[i2] != '-') {
+        X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_ASNUMBER);
+        X509V3_conf_err(val);
+        goto err;
+      }
+      i2++;
+      i2 = i2 + strspn(val->value + i2, " \t");
+      i3 = i2 + strspn(val->value + i2, "0123456789");
+      if (val->value[i3] != '\0') {
+        X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_ASRANGE);
+        X509V3_conf_err(val);
+        goto err;
+      }
+    }
+    /*
+     * Syntax is ok, read and add it.
+     */
+    if (!is_range) {
+      if (!X509V3_get_value_int(val, &min)) {
+        X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+        goto err;
+      }
+    } else {
+      char *s = BUF_strdup(val->value);
+      if (s == NULL) {
+        X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+        goto err;
+      }
+      s[i1] = '\0';
+      min = s2i_ASN1_INTEGER(NULL, s);
+      max = s2i_ASN1_INTEGER(NULL, s + i2);
+      OPENSSL_free(s);
+      if (min == NULL || max == NULL) {
+        ASN1_INTEGER_free(min);
+        ASN1_INTEGER_free(max);
+        X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+        goto err;
+      }
+    }
+    if (!v3_asid_add_id_or_range(asid, which, min, max)) {
+      ASN1_INTEGER_free(min);
+      ASN1_INTEGER_free(max);
+      X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+      goto err;
+    }
+  }
+  /*
+   * Canonize the result, then we're done.
+   */
+  if (!v3_asid_canonize(asid))
+    goto err;
+  return asid;
+ err:
+  ASIdentifiers_free(asid);
+  return NULL;
+}
+/*
+ * OpenSSL dispatch.
+ */
+const X509V3_EXT_METHOD v3_asid = {
+  NID_sbgp_autonomousSysNum,    /* nid */
+  0,                            /* flags */
+  ASN1_ITEM_ref(ASIdentifiers), /* template */
+  0, 0, 0, 0,                   /* old functions, ignored */
+  0,                            /* i2s */
+  0,                            /* s2i */
+  0,                            /* i2v */
+  v2i_ASIdentifiers,            /* v2i */
+  i2r_ASIdentifiers,            /* i2r */
+  0,                            /* r2i */
+  NULL                          /* extension-specific data */
+};
+/*
+ * Figure out whether extension uses inheritance.
+ */
+int v3_asid_inherits(ASIdentifiers *asid)
+{
+  return (asid != NULL &&
+          ((asid->asnum != NULL &&
+            asid->asnum->type == ASIdentifierChoice_inherit) ||
+           (asid->rdi != NULL &&
+            asid->rdi->type == ASIdentifierChoice_inherit)));
+}
+/*
+ * Figure out whether parent contains child.
+ */
+static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child)
+{
+  ASN1_INTEGER *p_min, *p_max, *c_min, *c_max;
+  int p, c;
+  if (child == NULL || parent == child)
+    return 1;
+  if (parent == NULL)
+    return 0;
+  p = 0;
+  for (c = 0; c < sk_ASIdOrRange_num(child); c++) {
+    extract_min_max(sk_ASIdOrRange_value(child, c), &c_min, &c_max);
+    for (;; p++) {
+      if (p >= sk_ASIdOrRange_num(parent))
+        return 0;
+      extract_min_max(sk_ASIdOrRange_value(parent, p), &p_min, &p_max);
+      if (ASN1_INTEGER_cmp(p_max, c_max) < 0)
+        continue;
+      if (ASN1_INTEGER_cmp(p_min, c_min) > 0)
+        return 0;
+      break;
+    }
+  }
+  return 1;
+}
+/*
+ * Test whether a is a subet of b.
+ */
+int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b)
+{
+  return (a == NULL ||
+          a == b ||
+          (b != NULL &&
+           !v3_asid_inherits(a) &&
+           !v3_asid_inherits(b) &&
+           asid_contains(b->asnum->u.asIdsOrRanges,
+                         a->asnum->u.asIdsOrRanges) &&
+           asid_contains(b->rdi->u.asIdsOrRanges,
+                         a->rdi->u.asIdsOrRanges)));
+}
+/*
+ * Validation error handling via callback.
+ */
+#define validation_err(_err_)           \
+  do {                                  \
+    if (ctx != NULL) {                  \
+      ctx->error = _err_;               \
+      ctx->error_depth = i;             \
+      ctx->current_cert = x;            \
+      ret = ctx->verify_cb(0, ctx);     \
+    } else {                            \
+      ret = 0;                          \
+    }                                   \
+    if (!ret)                           \
+      goto done;                        \
+  } while (0)
+/*
+ * Core code for RFC 3779 3.3 path validation.
+ */
+static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
+                                          STACK_OF(X509) *chain,
+                                          ASIdentifiers *ext)
+{
+  ASIdOrRanges *child_as = NULL, *child_rdi = NULL;
+  int i, ret = 1, inherit_as = 0, inherit_rdi = 0;
+  X509 *x = NULL;
+  assert(chain != NULL && sk_X509_num(chain) > 0);
+  assert(ctx != NULL || ext != NULL);
+  assert(ctx == NULL || ctx->verify_cb != NULL);
+  /*
+   * Figure out where to start.  If we don't have an extension to
+   * check, we're done.  Otherwise, check canonical form and
+   * set up for walking up the chain.
+   */
+  if (ext != NULL) {
+    i = -1;
+  } else {
+    i = 0;
+    x = sk_X509_value(chain, i);
+    assert(x != NULL);
+    if ((ext = x->rfc3779_asid) == NULL)
+      goto done;
+  }
+  if (!v3_asid_is_canonical(ext))
+    validation_err(X509_V_ERR_INVALID_EXTENSION);
+  if (ext->asnum != NULL)  {
+    switch (ext->asnum->type) {
+    case ASIdentifierChoice_inherit:
+      inherit_as = 1;
+      break;
+    case ASIdentifierChoice_asIdsOrRanges:
+      child_as = ext->asnum->u.asIdsOrRanges;
+      break;
+    }
+  }
+  if (ext->rdi != NULL) {
+    switch (ext->rdi->type) {
+    case ASIdentifierChoice_inherit:
+      inherit_rdi = 1;
+      break;
+    case ASIdentifierChoice_asIdsOrRanges:
+      child_rdi = ext->rdi->u.asIdsOrRanges;
+      break;
+    }
+  }
+  /*
+   * Now walk up the chain.  Extensions must be in canonical form, no
+   * cert may list resources that its parent doesn't list.
+   */
+  for (i++; i < sk_X509_num(chain); i++) {
+    x = sk_X509_value(chain, i);
+    assert(x != NULL);
+    if (x->rfc3779_asid == NULL) {
+      if (child_as != NULL || child_rdi != NULL)
+        validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+      continue;
+    }
+    if (!v3_asid_is_canonical(x->rfc3779_asid))
+      validation_err(X509_V_ERR_INVALID_EXTENSION);
+    if (x->rfc3779_asid->asnum == NULL && child_as != NULL) {
+      validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+      child_as = NULL;
+      inherit_as = 0;
+    }
+    if (x->rfc3779_asid->asnum != NULL &&
+        x->rfc3779_asid->asnum->type == ASIdentifierChoice_asIdsOrRanges) {
+      if (inherit_as ||
+          asid_contains(x->rfc3779_asid->asnum->u.asIdsOrRanges, child_as)) {
+        child_as = x->rfc3779_asid->asnum->u.asIdsOrRanges;
+        inherit_as = 0;
+      } else {
+        validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+      }
+    }
+    if (x->rfc3779_asid->rdi == NULL && child_rdi != NULL) {
+      validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+      child_rdi = NULL;
+      inherit_rdi = 0;
+    }
+    if (x->rfc3779_asid->rdi != NULL &&
+        x->rfc3779_asid->rdi->type == ASIdentifierChoice_asIdsOrRanges) {
+      if (inherit_rdi ||
+          asid_contains(x->rfc3779_asid->rdi->u.asIdsOrRanges, child_rdi)) {
+        child_rdi = x->rfc3779_asid->rdi->u.asIdsOrRanges;
+        inherit_rdi = 0;
+      } else {
+        validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+      }
+    }
+  }
+  /*
+   * Trust anchor can't inherit.
+   */
+  if (x->rfc3779_asid != NULL) {
+    if (x->rfc3779_asid->asnum != NULL &&
+        x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit)
+      validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+    if (x->rfc3779_asid->rdi != NULL &&
+        x->rfc3779_asid->rdi->type == ASIdentifierChoice_inherit)
+      validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+  }
+ done:
+  return ret;
+}
+#undef validation_err
+/*
+ * RFC 3779 3.3 path validation -- called from X509_verify_cert().
+ */
+int v3_asid_validate_path(X509_STORE_CTX *ctx)
+{
+  return v3_asid_validate_path_internal(ctx, ctx->chain, NULL);
+}
+/*
+ * RFC 3779 3.3 path validation of an extension.
+ * Test whether chain covers extension.
+ */
+int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
+                                  ASIdentifiers *ext,
+                                  int allow_inheritance)
+{
+  if (ext == NULL)
+    return 1;
+  if (chain == NULL || sk_X509_num(chain) == 0)
+    return 0;
+  if (!allow_inheritance && v3_asid_inherits(ext))
+    return 0;
+  return v3_asid_validate_path_internal(NULL, chain, ext);
+}
+#endif /* OPENSSL_NO_RFC3779 */
diff --git a/src/lib/libcrypto/x509v3/v3_bcons.c b/src/lib/libcrypto/x509v3/v3_bcons.c
index 74b1233071..cbb012715e 100644
--- a/src/lib/libcrypto/x509v3/v3_bcons.c
+++ b/src/lib/libcrypto/x509v3/v3_bcons.c
@@ -67,7 +67,7 @@
 static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist);
 static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
-const X509V3_EXT_METHOD v3_bcons = {
+X509V3_EXT_METHOD v3_bcons = {
 NID_basic_constraints, 0,
 ASN1_ITEM_ref(BASIC_CONSTRAINTS),
 0,0,0,0,
diff --git a/src/lib/libcrypto/x509v3/v3_bitst.c b/src/lib/libcrypto/x509v3/v3_bitst.c
index cf31f0816e..274965306d 100644
--- a/src/lib/libcrypto/x509v3/v3_bitst.c
+++ b/src/lib/libcrypto/x509v3/v3_bitst.c
@@ -61,6 +61,12 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
+static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+                                ASN1_BIT_STRING *bits,
+                                STACK_OF(CONF_VALUE) *extlist);
 static BIT_STRING_BITNAME ns_cert_type_table[] = {
 {0, "SSL Client", "client"},
 {1, "SSL Server", "server"},
@@ -88,10 +94,10 @@ static BIT_STRING_BITNAME key_usage_type_table[] = {
-const X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
+X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
-const X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table);
+X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table);
-STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
             ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret)
 {
        BIT_STRING_BITNAME *bnam;
@@ -102,7 +108,7 @@ STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
        return ret;
 }
        
-ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
             X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
        CONF_VALUE *val;
diff --git a/src/lib/libcrypto/x509v3/v3_conf.c b/src/lib/libcrypto/x509v3/v3_conf.c
index 2b867305fb..1284d5aaa5 100644
--- a/src/lib/libcrypto/x509v3/v3_conf.c
+++ b/src/lib/libcrypto/x509v3/v3_conf.c
@@ -3,7 +3,7 @@
 * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -69,12 +69,11 @@
 static int v3_check_critical(char **value);
 static int v3_check_generic(char **value);
 static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
-static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type, X509V3_CTX *ctx);
+static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type);
 static char *conf_lhash_get_string(void *db, char *section, char *value);
 static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
 static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
                                                 int crit, void *ext_struc);
-static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len);
 /* CONF *conf:  Config file    */
 /* char *name:  Name    */
 /* char *value:  Value    */
@@ -86,11 +85,11 @@ X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
        X509_EXTENSION *ret;
        crit = v3_check_critical(&value);
        if ((ext_type = v3_check_generic(&value))) 
-                return v3_generic_extension(name, value, crit, ext_type, ctx);
+                return v3_generic_extension(name, value, crit, ext_type);
        ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
        if (!ret)
                {
-                X509V3err(X509V3_F_X509V3_EXT_NCONF,X509V3_R_ERROR_IN_EXTENSION);
+                X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_ERROR_IN_EXTENSION);
                ERR_add_error_data(4,"name=", name, ", value=", value);
                }
        return ret;
@@ -106,7 +105,7 @@ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
        crit = v3_check_critical(&value);
        if ((ext_type = v3_check_generic(&value))) 
                return v3_generic_extension(OBJ_nid2sn(ext_nid),
-                                                 value, crit, ext_type, ctx);
+                                                         value, crit, ext_type);
        return do_ext_nconf(conf, ctx, ext_nid, crit, value);
        }
@@ -121,12 +120,12 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
        void *ext_struc;
        if (ext_nid == NID_undef)
                {
-                X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION_NAME);
+                X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME);
                return NULL;
                }
        if (!(method = X509V3_EXT_get_nid(ext_nid)))
                {
-                X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION);
+                X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION);
                return NULL;
                }
        /* Now get internal extension representation based on type */
@@ -134,9 +133,9 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
                {
                if(*value == '@') nval = NCONF_get_section(conf, value + 1);
                else nval = X509V3_parse_list(value);
-                if(sk_CONF_VALUE_num(nval) <= 0)
+                if(!nval)
                        {
-                        X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_INVALID_EXTENSION_STRING);
+                        X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING);
                        ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value);
                        return NULL;
                        }
@@ -151,16 +150,16 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
                }
        else if(method->r2i)
                {
-                if(!ctx->db || !ctx->db_meth)
+                if(!ctx->db)
                        {
-                        X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_NO_CONFIG_DATABASE);
+                        X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE);
                        return NULL;
                        }
                if(!(ext_struc = method->r2i(method, ctx, value))) return NULL;
                }
        else
                {
-                X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
+                X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
                ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
                return NULL;
                }
@@ -236,29 +235,17 @@ static int v3_check_critical(char **value)
 /* Check extension string for generic extension and return the type */
 static int v3_check_generic(char **value)
 {
-        int gen_type = 0;
        char *p = *value;
-        if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4))
+        if ((strlen(p) < 4) || strncmp(p, "DER:", 4)) return 0;
-                {
+        p+=4;
-                p+=4;
-                gen_type = 1;
-                }
-        else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5))
-                {
-                p+=5;
-                gen_type = 2;
-                }
-        else
-                return 0;
        while (isspace((unsigned char)*p)) p++;
        *value = p;
-        return gen_type;
+        return 1;
 }
 /* Create a generic extension: for now just handle DER type */
 static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
-             int crit, int gen_type, X509V3_CTX *ctx)
+             int crit, int type)
        {
        unsigned char *ext_der=NULL;
        long ext_len;
@@ -272,12 +259,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
                goto err;
                }
-        if (gen_type == 1)
+        if (!(ext_der = string_to_hex(value, &ext_len)))
-                ext_der = string_to_hex(value, &ext_len);
-        else if (gen_type == 2)
-                ext_der = generic_asn1(value, ctx, &ext_len);
-        if (ext_der == NULL)
                {
                X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
                ERR_add_error_data(2, "value=", value);
@@ -304,17 +286,6 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
        }
-static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len)
-        {
-        ASN1_TYPE *typ;
-        unsigned char *ext_der = NULL;
-        typ = ASN1_generate_v3(value, ctx);
-        if (typ == NULL)
-                return NULL;
-        *ext_len = i2d_ASN1_TYPE(typ, &ext_der);
-        ASN1_TYPE_free(typ);
-        return ext_der;
-        }
 /* This is the main function: add a bunch of extensions based on a config file
 * section to an extension STACK.
@@ -383,11 +354,6 @@ int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
 char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
        {
-        if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string)
-                {
-                X509V3err(X509V3_F_X509V3_GET_STRING,X509V3_R_OPERATION_NOT_DEFINED);
-                return NULL;
-                }
        if (ctx->db_meth->get_string)
                        return ctx->db_meth->get_string(ctx->db, name, section);
        return NULL;
@@ -395,11 +361,6 @@ char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
 STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section)
        {
-        if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section)
-                {
-                X509V3err(X509V3_F_X509V3_GET_SECTION,X509V3_R_OPERATION_NOT_DEFINED);
-                return NULL;
-                }
        if (ctx->db_meth->get_section)
                        return ctx->db_meth->get_section(ctx->db, section);
        return NULL;
diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c
index a40f490aa9..867525f336 100644
--- a/src/lib/libcrypto/x509v3/v3_cpols.c
+++ b/src/lib/libcrypto/x509v3/v3_cpols.c
@@ -3,7 +3,7 @@
 * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -63,8 +63,6 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
-#include "pcy_int.h"
 /* Certificate policies extension support: this one is a bit complex... */
 static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent);
@@ -77,7 +75,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
                                        STACK_OF(CONF_VALUE) *unot, int ia5org);
 static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
-const X509V3_EXT_METHOD v3_cpols = {
+X509V3_EXT_METHOD v3_cpols = {
 NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES),
 0,0,0,0,
 0,0,
@@ -350,7 +348,7 @@ static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
        return 1;
        merr:
-        X509V3err(X509V3_F_NREF_NOS,ERR_R_MALLOC_FAILURE);
+        X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
        err:
        sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
@@ -431,19 +429,3 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent)
                                                         notice->exptext->data);
 }
-void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent)
-        {
-        const X509_POLICY_DATA *dat = node->data;
-        BIO_printf(out, "%*sPolicy: ", indent, "");
-                        
-        i2a_ASN1_OBJECT(out, dat->valid_policy);
-        BIO_puts(out, "\n");
-        BIO_printf(out, "%*s%s\n", indent + 2, "",
-                node_data_critical(dat) ? "Critical" : "Non Critical");
-        if (dat->qualifier_set)
-                print_qualifiers(out, dat->qualifier_set, indent + 2);
-        else
-                BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, "");
-        }
-        
diff --git a/src/lib/libcrypto/x509v3/v3_crld.c b/src/lib/libcrypto/x509v3/v3_crld.c
index c6e3ebae7b..f90829c574 100644
--- a/src/lib/libcrypto/x509v3/v3_crld.c
+++ b/src/lib/libcrypto/x509v3/v3_crld.c
@@ -68,7 +68,7 @@ static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
 static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-const X509V3_EXT_METHOD v3_crld = {
+X509V3_EXT_METHOD v3_crld = {
 NID_crl_distribution_points, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(CRL_DIST_POINTS),
 0,0,0,0,
 0,0,
diff --git a/src/lib/libcrypto/x509v3/v3_enum.c b/src/lib/libcrypto/x509v3/v3_enum.c
index a236cb22e1..010c9d6260 100644
--- a/src/lib/libcrypto/x509v3/v3_enum.c
+++ b/src/lib/libcrypto/x509v3/v3_enum.c
@@ -72,7 +72,7 @@ static ENUMERATED_NAMES crl_reasons[] = {
 {-1, NULL, NULL}
 };
-const X509V3_EXT_METHOD v3_crl_reason = { 
+X509V3_EXT_METHOD v3_crl_reason = { 
 NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED),
 0,0,0,0,
 (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
diff --git a/src/lib/libcrypto/x509v3/v3_extku.c b/src/lib/libcrypto/x509v3/v3_extku.c
index a4efe0031e..b1cfaba1aa 100644
--- a/src/lib/libcrypto/x509v3/v3_extku.c
+++ b/src/lib/libcrypto/x509v3/v3_extku.c
@@ -68,7 +68,7 @@ static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
 static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
                void *eku, STACK_OF(CONF_VALUE) *extlist);
-const X509V3_EXT_METHOD v3_ext_ku = {
+X509V3_EXT_METHOD v3_ext_ku = {
        NID_ext_key_usage, 0,
        ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
        0,0,0,0,
@@ -80,7 +80,7 @@ const X509V3_EXT_METHOD v3_ext_ku = {
 };
 /* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */
-const X509V3_EXT_METHOD v3_ocsp_accresp = {
+X509V3_EXT_METHOD v3_ocsp_accresp = {
        NID_id_pkix_OCSP_acceptableResponses, 0,
        ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
        0,0,0,0,
@@ -122,7 +122,7 @@ static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
        int i;
        if(!(extku = sk_ASN1_OBJECT_new_null())) {
-                X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,ERR_R_MALLOC_FAILURE);
+                X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE);
                return NULL;
        }
@@ -132,7 +132,7 @@ static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
                else extval = val->name;
                if(!(objtmp = OBJ_txt2obj(extval, 0))) {
                        sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
-                        X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,X509V3_R_INVALID_OBJECT_IDENTIFIER);
+                        X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER);
                        X509V3_conf_err(val);
                        return NULL;
                }
diff --git a/src/lib/libcrypto/x509v3/v3_ia5.c b/src/lib/libcrypto/x509v3/v3_ia5.c
index b739ccd036..9683afa47c 100644
--- a/src/lib/libcrypto/x509v3/v3_ia5.c
+++ b/src/lib/libcrypto/x509v3/v3_ia5.c
@@ -65,7 +65,7 @@
 static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
 static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
-const X509V3_EXT_METHOD v3_ns_ia5_list[] = { 
+X509V3_EXT_METHOD v3_ns_ia5_list[] = { 
 EXT_IA5STRING(NID_netscape_base_url),
 EXT_IA5STRING(NID_netscape_revocation_url),
 EXT_IA5STRING(NID_netscape_ca_revocation_url),
diff --git a/src/lib/libcrypto/x509v3/v3_info.c b/src/lib/libcrypto/x509v3/v3_info.c
index e0ef69de42..53e3f48859 100644
--- a/src/lib/libcrypto/x509v3/v3_info.c
+++ b/src/lib/libcrypto/x509v3/v3_info.c
@@ -69,7 +69,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method
 static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-const X509V3_EXT_METHOD v3_info =
+X509V3_EXT_METHOD v3_info =
 { NID_info_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
 0,0,0,0,
 0,0,
@@ -78,7 +78,7 @@ const X509V3_EXT_METHOD v3_info =
 0,0,
 NULL};
-const X509V3_EXT_METHOD v3_sinfo =
+X509V3_EXT_METHOD v3_sinfo =
 { NID_sinfo_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
 0,0,0,0,
 0,0,
@@ -141,35 +141,36 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *metho
        int i, objlen;
        char *objtmp, *ptmp;
        if(!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) {
-                X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE);
+                X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
                return NULL;
        }
        for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
                cnf = sk_CONF_VALUE_value(nval, i);
                if(!(acc = ACCESS_DESCRIPTION_new())
                        || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) {
-                        X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE);
+                        X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
                        goto err;
                }
                ptmp = strchr(cnf->name, ';');
                if(!ptmp) {
-                        X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,X509V3_R_INVALID_SYNTAX);
+                        X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_INVALID_SYNTAX);
                        goto err;
                }
                objlen = ptmp - cnf->name;
                ctmp.name = ptmp + 1;
                ctmp.value = cnf->value;
-                if(!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0))
+                GENERAL_NAME_free(acc->location);
+                if(!(acc->location = v2i_GENERAL_NAME(method, ctx, &ctmp)))
                                                                 goto err; 
                if(!(objtmp = OPENSSL_malloc(objlen + 1))) {
-                        X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE);
+                        X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
                        goto err;
                }
                strncpy(objtmp, cnf->name, objlen);
                objtmp[objlen] = 0;
                acc->method = OBJ_txt2obj(objtmp, 0);
                if(!acc->method) {
-                        X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,X509V3_R_BAD_OBJECT);
+                        X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_BAD_OBJECT);
                        ERR_add_error_data(2, "value=", objtmp);
                        OPENSSL_free(objtmp);
                        goto err;
diff --git a/src/lib/libcrypto/x509v3/v3_int.c b/src/lib/libcrypto/x509v3/v3_int.c
index 9a48dc1508..7a43b4717b 100644
--- a/src/lib/libcrypto/x509v3/v3_int.c
+++ b/src/lib/libcrypto/x509v3/v3_int.c
@@ -60,30 +60,17 @@
 #include "cryptlib.h"
 #include <openssl/x509v3.h>
-const X509V3_EXT_METHOD v3_crl_num = { 
+X509V3_EXT_METHOD v3_crl_num = { 
        NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
        0,0,0,0,
        (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
        0,
        0,0,0,0, NULL};
-const X509V3_EXT_METHOD v3_delta_crl = { 
+X509V3_EXT_METHOD v3_delta_crl = { 
        NID_delta_crl, 0, ASN1_ITEM_ref(ASN1_INTEGER),
        0,0,0,0,
        (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
        0,
        0,0,0,0, NULL};
-static void * s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx, char *value)
-        {
-        return s2i_ASN1_INTEGER(meth, value);
-        }
-const X509V3_EXT_METHOD v3_inhibit_anyp = { 
-        NID_inhibit_any_policy, 0, ASN1_ITEM_ref(ASN1_INTEGER),
-        0,0,0,0,
-        (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
-        (X509V3_EXT_S2I)s2i_asn1_int,
-        0,0,0,0, NULL};
diff --git a/src/lib/libcrypto/x509v3/v3_lib.c b/src/lib/libcrypto/x509v3/v3_lib.c
index f3015ea610..ca5a4a4a57 100644
--- a/src/lib/libcrypto/x509v3/v3_lib.c
+++ b/src/lib/libcrypto/x509v3/v3_lib.c
@@ -162,8 +162,7 @@ int X509V3_add_standard_extensions(void)
 void *X509V3_EXT_d2i(X509_EXTENSION *ext)
 {
        X509V3_EXT_METHOD *method;
-        const unsigned char *p;
+        unsigned char *p;
        if(!(method = X509V3_EXT_get(ext))) return NULL;
        p = ext->value->data;
        if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
@@ -277,7 +276,7 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
        ext = X509V3_EXT_i2d(nid, crit, value);
        if(!ext) {
-                X509V3err(X509V3_F_X509V3_ADD1_I2D, X509V3_R_ERROR_CREATING_EXTENSION);
+                X509V3err(X509V3_F_X509V3_ADD_I2D, X509V3_R_ERROR_CREATING_EXTENSION);
                return 0;
        }
@@ -296,7 +295,7 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
        err:
        if(!(flags & X509V3_ADD_SILENT))
-                X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode);
+                X509V3err(X509V3_F_X509V3_ADD_I2D, errcode);
        return 0;
 }
diff --git a/src/lib/libcrypto/x509v3/v3_ocsp.c b/src/lib/libcrypto/x509v3/v3_ocsp.c
index 62aac06335..21badc13f9 100644
--- a/src/lib/libcrypto/x509v3/v3_ocsp.c
+++ b/src/lib/libcrypto/x509v3/v3_ocsp.c
@@ -74,15 +74,15 @@ static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent
 static void *ocsp_nonce_new(void);
 static int i2d_ocsp_nonce(void *a, unsigned char **pp);
-static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length);
+static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length);
 static void ocsp_nonce_free(void *a);
 static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
 static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent);
-static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str);
+static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
 static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind);
-const X509V3_EXT_METHOD v3_ocsp_crlid = {
+X509V3_EXT_METHOD v3_ocsp_crlid = {
        NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
        0,0,0,0,
        0,0,
@@ -91,7 +91,7 @@ const X509V3_EXT_METHOD v3_ocsp_crlid = {
        NULL
 };
-const X509V3_EXT_METHOD v3_ocsp_acutoff = {
+X509V3_EXT_METHOD v3_ocsp_acutoff = {
        NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
        0,0,0,0,
        0,0,
@@ -100,7 +100,7 @@ const X509V3_EXT_METHOD v3_ocsp_acutoff = {
        NULL
 };
-const X509V3_EXT_METHOD v3_crl_invdate = {
+X509V3_EXT_METHOD v3_crl_invdate = {
        NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
        0,0,0,0,
        0,0,
@@ -109,7 +109,7 @@ const X509V3_EXT_METHOD v3_crl_invdate = {
        NULL
 };
-const X509V3_EXT_METHOD v3_crl_hold = {
+X509V3_EXT_METHOD v3_crl_hold = {
        NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
        0,0,0,0,
        0,0,
@@ -118,7 +118,7 @@ const X509V3_EXT_METHOD v3_crl_hold = {
        NULL
 };
-const X509V3_EXT_METHOD v3_ocsp_nonce = {
+X509V3_EXT_METHOD v3_ocsp_nonce = {
        NID_id_pkix_OCSP_Nonce, 0, NULL,
        ocsp_nonce_new,
        ocsp_nonce_free,
@@ -130,7 +130,7 @@ const X509V3_EXT_METHOD v3_ocsp_nonce = {
        NULL
 };
-const X509V3_EXT_METHOD v3_ocsp_nocheck = {
+X509V3_EXT_METHOD v3_ocsp_nocheck = {
        NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
        0,0,0,0,
        0,s2i_ocsp_nocheck,
@@ -139,7 +139,7 @@ const X509V3_EXT_METHOD v3_ocsp_nocheck = {
        NULL
 };
-const X509V3_EXT_METHOD v3_ocsp_serviceloc = {
+X509V3_EXT_METHOD v3_ocsp_serviceloc = {
        NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
        0,0,0,0,
        0,0,
@@ -208,7 +208,7 @@ static int i2d_ocsp_nonce(void *a, unsigned char **pp)
        return os->length;
 }
-static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length)
+static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length)
 {
        ASN1_OCTET_STRING *os, **pos;
        pos = a;
@@ -246,7 +246,7 @@ static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out,
        return 1;
 }
-static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
+static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str)
 {
        return ASN1_NULL_new();
 }
diff --git a/src/lib/libcrypto/x509v3/v3_pku.c b/src/lib/libcrypto/x509v3/v3_pku.c
index 5c4626e89b..49a2e4697a 100644
--- a/src/lib/libcrypto/x509v3/v3_pku.c
+++ b/src/lib/libcrypto/x509v3/v3_pku.c
@@ -66,7 +66,7 @@ static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *u
 /*
 static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
 */
-const X509V3_EXT_METHOD v3_pkey_usage_period = {
+X509V3_EXT_METHOD v3_pkey_usage_period = {
 NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
 0,0,0,0,
 0,0,0,0,
diff --git a/src/lib/libcrypto/x509v3/v3_prn.c b/src/lib/libcrypto/x509v3/v3_prn.c
index 20bd9bda19..5d268eb768 100644
--- a/src/lib/libcrypto/x509v3/v3_prn.c
+++ b/src/lib/libcrypto/x509v3/v3_prn.c
@@ -109,11 +109,10 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int inde
 {
        void *ext_str = NULL;
        char *value = NULL;
-        const unsigned char *p;
+        unsigned char *p;
        X509V3_EXT_METHOD *method;      
        STACK_OF(CONF_VALUE) *nval = NULL;
        int ok = 1;
        if(!(method = X509V3_EXT_get(ext)))
                return unknown_ext_print(out, ext, flag, indent, 0);
        p = ext->value->data;
@@ -183,7 +182,7 @@ int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts
                obj=X509_EXTENSION_get_object(ex);
                i2a_ASN1_OBJECT(bp,obj);
                j=X509_EXTENSION_get_critical(ex);
-                if (BIO_printf(bp,": %s\n",j?"critical":"") <= 0)
+                if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
                        return 0;
                if(!X509V3_EXT_print(bp, ex, flag, indent + 4))
                        {
diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c
index b2f5cdfa05..bbdf6da493 100644
--- a/src/lib/libcrypto/x509v3/v3_purp.c
+++ b/src/lib/libcrypto/x509v3/v3_purp.c
@@ -139,7 +139,7 @@ int X509_PURPOSE_get_count(void)
 X509_PURPOSE * X509_PURPOSE_get0(int idx)
 {
        if(idx < 0) return NULL;
-        if(idx < (int)X509_PURPOSE_COUNT) return xstandard + idx;
+        if(idx < X509_PURPOSE_COUNT) return xstandard + idx;
        return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
 }
@@ -239,7 +239,7 @@ static void xptable_free(X509_PURPOSE *p)
 void X509_PURPOSE_cleanup(void)
 {
-        unsigned int i;
+        int i;
        sk_X509_PURPOSE_pop_free(xptable, xptable_free);
        for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i);
        xptable = NULL;
@@ -285,12 +285,7 @@ int X509_supported_extension(X509_EXTENSION *ex)
                NID_key_usage,          /* 83 */
                NID_subject_alt_name,   /* 85 */
                NID_basic_constraints,  /* 87 */
-                NID_certificate_policies, /* 89 */
                NID_ext_key_usage,      /* 126 */
-#ifndef OPENSSL_NO_RFC3779
-                NID_sbgp_ipAddrBlock,   /* 290 */
-                NID_sbgp_autonomousSysNum, /* 291 */
-#endif
                NID_proxyCertInfo       /* 661 */
        };
@@ -348,10 +343,6 @@ static void x509v3_cache_extensions(X509 *x)
                    || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) {
                        x->ex_flags |= EXFLAG_INVALID;
                }
-                if (pci->pcPathLengthConstraint) {
-                        x->ex_pcpathlen =
-                                ASN1_INTEGER_get(pci->pcPathLengthConstraint);
-                } else x->ex_pcpathlen = -1;
                PROXY_CERT_INFO_EXTENSION_free(pci);
                x->ex_flags |= EXFLAG_PROXY;
        }
@@ -415,11 +406,6 @@ static void x509v3_cache_extensions(X509 *x)
        }
        x->skid =X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
        x->akid =X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);
-#ifndef OPENSSL_NO_RFC3779
-        x->rfc3779_addr =X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL);
-        x->rfc3779_asid =X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum,
-                                          NULL, NULL);
-#endif
        for (i = 0; i < X509_get_ext_count(x); i++)
                {
                ex = X509_get_ext(x, i);
diff --git a/src/lib/libcrypto/x509v3/v3_skey.c b/src/lib/libcrypto/x509v3/v3_skey.c
index da0a3558f6..c0f044ac1b 100644
--- a/src/lib/libcrypto/x509v3/v3_skey.c
+++ b/src/lib/libcrypto/x509v3/v3_skey.c
@@ -62,7 +62,7 @@
 #include <openssl/x509v3.h>
 static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
-const X509V3_EXT_METHOD v3_skey_id = { 
+X509V3_EXT_METHOD v3_skey_id = { 
 NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
 0,0,0,0,
 (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
@@ -109,14 +109,14 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
        if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str);
        if(!(oct = M_ASN1_OCTET_STRING_new())) {
-                X509V3err(X509V3_F_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
+                X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
                return NULL;
        }
        if(ctx && (ctx->flags == CTX_TEST)) return oct;
        if(!ctx || (!ctx->subject_req && !ctx->subject_cert)) {
-                X509V3err(X509V3_F_S2I_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);
+                X509V3err(X509V3_F_S2I_ASN1_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);
                goto err;
        }
@@ -125,14 +125,14 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
        else pk = ctx->subject_cert->cert_info->key->public_key;
        if(!pk) {
-                X509V3err(X509V3_F_S2I_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);
+                X509V3err(X509V3_F_S2I_ASN1_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);
                goto err;
        }
        EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL);
        if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
-                X509V3err(X509V3_F_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
+                X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
                goto err;
        }
diff --git a/src/lib/libcrypto/x509v3/v3_sxnet.c b/src/lib/libcrypto/x509v3/v3_sxnet.c
index eaea9ea01b..d3f4ba3a72 100644
--- a/src/lib/libcrypto/x509v3/v3_sxnet.c
+++ b/src/lib/libcrypto/x509v3/v3_sxnet.c
@@ -72,7 +72,7 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent)
 static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
                                                STACK_OF(CONF_VALUE) *nval);
 #endif
-const X509V3_EXT_METHOD v3_sxnet = {
+X509V3_EXT_METHOD v3_sxnet = {
 NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
 0,0,0,0,
 0,0,
@@ -109,7 +109,7 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
        SXNETID *id;
        int i;
        v = ASN1_INTEGER_get(sx->version);
-        BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v);
+        BIO_printf(out, "%*sVersion: %d (0x%X)", indent, "", v + 1, v);
        for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
                id = sk_SXNETID_value(sx->ids, i);
                tmp = i2s_ASN1_INTEGER(NULL, id->zone);
@@ -154,7 +154,7 @@ int SXNET_add_id_asc(SXNET **psx, char *zone, char *user,
 {
        ASN1_INTEGER *izone = NULL;
        if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
-                X509V3err(X509V3_F_SXNET_ADD_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE);
+                X509V3err(X509V3_F_SXNET_ADD_ASC,X509V3_R_ERROR_CONVERTING_ZONE);
                return 0;
        }
        return SXNET_add_id_INTEGER(psx, izone, user, userlen);
diff --git a/src/lib/libcrypto/x509v3/v3_utl.c b/src/lib/libcrypto/x509v3/v3_utl.c
index ac171ca940..f23a8d29a0 100644
--- a/src/lib/libcrypto/x509v3/v3_utl.c
+++ b/src/lib/libcrypto/x509v3/v3_utl.c
@@ -1,9 +1,9 @@
 /* v3_utl.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project.
+ * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -63,7 +63,6 @@
 #include "cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
-#include <openssl/bn.h>
 static char *strip_spaces(char *name);
 static int sk_strcmp(const char * const *a, const char * const *b);
@@ -71,11 +70,6 @@ static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens);
 static void str_free(void *str);
 static int append_ia5(STACK **sk, ASN1_IA5STRING *email);
-static int ipv4_from_asc(unsigned char *v4, const char *in);
-static int ipv6_from_asc(unsigned char *v6, const char *in);
-static int ipv6_cb(const char *elem, int len, void *usr);
-static int ipv6_hex(unsigned char *out, const char *in, int inlen);
 /* Add a CONF_VALUE name value pair to stack */
 int X509V3_add_value(const char *name, const char *value,
@@ -84,7 +78,7 @@ int X509V3_add_value(const char *name, const char *value,
        CONF_VALUE *vtmp = NULL;
        char *tname = NULL, *tvalue = NULL;
        if(name && !(tname = BUF_strdup(name))) goto err;
-        if(value && !(tvalue = BUF_strdup(value))) goto err;;
+        if(value && !(tvalue = BUF_strdup(value))) goto err;
        if(!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) goto err;
        if(!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err;
        vtmp->section = NULL;
@@ -162,11 +156,11 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
        ASN1_INTEGER *aint;
        int isneg, ishex;
        int ret;
+        bn = BN_new();
        if (!value) {
                X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE);
                return 0;
        }
-        bn = BN_new();
        if (value[0] == '-') {
                value++;
                isneg = 1;
@@ -180,8 +174,7 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
        if (ishex) ret = BN_hex2bn(&bn, value);
        else ret = BN_dec2bn(&bn, value);
-        if (!ret || value[ret]) {
+        if (!ret) {
-                BN_free(bn);
                X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR);
                return 0;
        }
@@ -344,7 +337,7 @@ static char *strip_spaces(char *name)
        char *p, *q;
        /* Skip over leading spaces */
        p = name;
-        while(*p && isspace((unsigned char)*p)) p++;
+        while(isspace((unsigned char)*p)) p++;
        if(!*p) return NULL;
        q = p + strlen(p) - 1;
        while((q != p) && isspace((unsigned char)*q)) q--;
@@ -365,7 +358,7 @@ char *hex_to_string(unsigned char *buffer, long len)
        char *tmp, *q;
        unsigned char *p;
        int i;
-        const static char hexdig[] = "0123456789ABCDEF";
+        static char hexdig[] = "0123456789ABCDEF";
        if(!buffer || !len) return NULL;
        if(!(tmp = OPENSSL_malloc(len * 3 + 1))) {
                X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE);
@@ -473,30 +466,6 @@ STACK *X509_get1_email(X509 *x)
        return ret;
 }
-STACK *X509_get1_ocsp(X509 *x)
-{
-        AUTHORITY_INFO_ACCESS *info;
-        STACK *ret = NULL;
-        int i;
-        info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL);
-        if (!info)
-                return NULL;
-        for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++)
-                {
-                ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i);
-                if (OBJ_obj2nid(ad->method) == NID_ad_OCSP)
-                        {
-                        if (ad->location->type == GEN_URI)
-                                {
-                                if (!append_ia5(&ret, ad->location->d.uniformResourceIdentifier))
-                                        break;
-                                }
-                        }
-                }
-        AUTHORITY_INFO_ACCESS_free(info);
-        return ret;
-}
 STACK *X509_REQ_get1_email(X509_REQ *x)
 {
        GENERAL_NAMES *gens;
@@ -564,305 +533,3 @@ void X509_email_free(STACK *sk)
 {
        sk_pop_free(sk, str_free);
 }
-/* Convert IP addresses both IPv4 and IPv6 into an 
- * OCTET STRING compatible with RFC3280.
- */
-ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc)
-        {
-        unsigned char ipout[16];
-        ASN1_OCTET_STRING *ret;
-        int iplen;
-        /* If string contains a ':' assume IPv6 */
-        iplen = a2i_ipadd(ipout, ipasc);
-        if (!iplen)
-                return NULL;
-        ret = ASN1_OCTET_STRING_new();
-        if (!ret)
-                return NULL;
-        if (!ASN1_OCTET_STRING_set(ret, ipout, iplen))
-                {
-                ASN1_OCTET_STRING_free(ret);
-                return NULL;
-                }
-        return ret;
-        }
-ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc)
-        {
-        ASN1_OCTET_STRING *ret = NULL;
-        unsigned char ipout[32];
-        char *iptmp = NULL, *p;
-        int iplen1, iplen2;
-        p = strchr(ipasc,'/');
-        if (!p)
-                return NULL;
-        iptmp = BUF_strdup(ipasc);
-        if (!iptmp)
-                return NULL;
-        p = iptmp + (p - ipasc);
-        *p++ = 0;
-        iplen1 = a2i_ipadd(ipout, iptmp);
-        if (!iplen1)
-                goto err;
-        iplen2 = a2i_ipadd(ipout + iplen1, p);
-        OPENSSL_free(iptmp);
-        iptmp = NULL;
-        if (!iplen2 || (iplen1 != iplen2))
-                goto err;
-        ret = ASN1_OCTET_STRING_new();
-        if (!ret)
-                goto err;
-        if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2))
-                goto err;
-        return ret;
-        err:
-        if (iptmp)
-                OPENSSL_free(iptmp);
-        if (ret)
-                ASN1_OCTET_STRING_free(ret);
-        return NULL;
-        }
-        
-int a2i_ipadd(unsigned char *ipout, const char *ipasc)
-        {
-        /* If string contains a ':' assume IPv6 */
-        if (strchr(ipasc, ':'))
-                {
-                if (!ipv6_from_asc(ipout, ipasc))
-                        return 0;
-                return 16;
-                }
-        else
-                {
-                if (!ipv4_from_asc(ipout, ipasc))
-                        return 0;
-                return 4;
-                }
-        }
-static int ipv4_from_asc(unsigned char *v4, const char *in)
-        {
-        int a0, a1, a2, a3;
-        if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4)
-                return 0;
-        if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255)
-                || (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255))
-                return 0;
-        v4[0] = a0;
-        v4[1] = a1;
-        v4[2] = a2;
-        v4[3] = a3;
-        return 1;
-        }
-typedef struct {
-                /* Temporary store for IPV6 output */
-                unsigned char tmp[16];
-                /* Total number of bytes in tmp */
-                int total;
-                /* The position of a zero (corresponding to '::') */
-                int zero_pos;
-                /* Number of zeroes */
-                int zero_cnt;
-        } IPV6_STAT;
-static int ipv6_from_asc(unsigned char *v6, const char *in)
-        {
-        IPV6_STAT v6stat;
-        v6stat.total = 0;
-        v6stat.zero_pos = -1;
-        v6stat.zero_cnt = 0;
-        /* Treat the IPv6 representation as a list of values
-         * separated by ':'. The presence of a '::' will parse
-         * as one, two or three zero length elements.
-         */
-        if (!CONF_parse_list(in, ':', 0, ipv6_cb, &v6stat))
-                return 0;
-        /* Now for some sanity checks */
-        if (v6stat.zero_pos == -1)
-                {
-                /* If no '::' must have exactly 16 bytes */
-                if (v6stat.total != 16)
-                        return 0;
-                }
-        else 
-                {
-                /* If '::' must have less than 16 bytes */
-                if (v6stat.total == 16)
-                        return 0;
-                /* More than three zeroes is an error */
-                if (v6stat.zero_cnt > 3)
-                        return 0;
-                /* Can only have three zeroes if nothing else present */
-                else if (v6stat.zero_cnt == 3)
-                        {
-                        if (v6stat.total > 0)
-                                return 0;
-                        }
-                /* Can only have two zeroes if at start or end */
-                else if (v6stat.zero_cnt == 2)
-                        {
-                        if ((v6stat.zero_pos != 0)
-                                && (v6stat.zero_pos != v6stat.total))
-                                return 0;
-                        }
-                else 
-                /* Can only have one zero if *not* start or end */
-                        {
-                        if ((v6stat.zero_pos == 0)
-                                || (v6stat.zero_pos == v6stat.total))
-                                return 0;
-                        }
-                }
-        /* Format result */
-        /* Copy initial part */
-        if (v6stat.zero_pos > 0)
-                memcpy(v6, v6stat.tmp, v6stat.zero_pos);
-        /* Zero middle */
-        if (v6stat.total != 16)
-                memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total);
-        /* Copy final part */
-        if (v6stat.total != v6stat.zero_pos)
-                memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total,
-                        v6stat.tmp + v6stat.zero_pos,
-                        v6stat.total - v6stat.zero_pos);
-        return 1;
-        }
-static int ipv6_cb(const char *elem, int len, void *usr)
-        {
-        IPV6_STAT *s = usr;
-        /* Error if 16 bytes written */
-        if (s->total == 16)
-                return 0;
-        if (len == 0)
-                {
-                /* Zero length element, corresponds to '::' */
-                if (s->zero_pos == -1)
-                        s->zero_pos = s->total;
-                /* If we've already got a :: its an error */
-                else if (s->zero_pos != s->total)
-                        return 0;
-                s->zero_cnt++;
-                }
-        else 
-                {
-                /* If more than 4 characters could be final a.b.c.d form */
-                if (len > 4)
-                        {
-                        /* Need at least 4 bytes left */
-                        if (s->total > 12)
-                                return 0;
-                        /* Must be end of string */
-                        if (elem[len])
-                                return 0;
-                        if (!ipv4_from_asc(s->tmp + s->total, elem))
-                                return 0;
-                        s->total += 4;
-                        }
-                else
-                        {
-                        if (!ipv6_hex(s->tmp + s->total, elem, len))
-                                return 0;
-                        s->total += 2;
-                        }
-                }
-        return 1;
-        }
-/* Convert a string of up to 4 hex digits into the corresponding
- * IPv6 form.
- */
-static int ipv6_hex(unsigned char *out, const char *in, int inlen)
-        {
-        unsigned char c;
-        unsigned int num = 0;
-        if (inlen > 4)
-                return 0;
-        while(inlen--)
-                {
-                c = *in++;
-                num <<= 4;
-                if ((c >= '0') && (c <= '9'))
-                        num |= c - '0';
-                else if ((c >= 'A') && (c <= 'F'))
-                        num |= c - 'A' + 10;
-                else if ((c >= 'a') && (c <= 'f'))
-                        num |=  c - 'a' + 10;
-                else
-                        return 0;
-                }
-        out[0] = num >> 8;
-        out[1] = num & 0xff;
-        return 1;
-        }
-int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
-                                                unsigned long chtype)
-        {
-        CONF_VALUE *v;
-        int i, mval;
-        char *p, *type;
-        if (!nm)
-                return 0;
-        for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++)
-                {
-                v=sk_CONF_VALUE_value(dn_sk,i);
-                type=v->name;
-                /* Skip past any leading X. X: X, etc to allow for
-                 * multiple instances 
-                 */
-                for(p = type; *p ; p++) 
-#ifndef CHARSET_EBCDIC
-                        if ((*p == ':') || (*p == ',') || (*p == '.'))
-#else
-                        if ((*p == os_toascii[':']) || (*p == os_toascii[',']) || (*p == os_toascii['.']))
-#endif
-                                {
-                                p++;
-                                if(*p) type = p;
-                                break;
-                                }
-#ifndef CHARSET_EBCDIC
-                if (*type == '+')
-#else
-                if (*type == os_toascii['+'])
-#endif
-                        {
-                        mval = -1;
-                        type++;
-                        }
-                else
-                        mval = 0;
-                if (!X509_NAME_add_entry_by_txt(nm,type, chtype,
-                                (unsigned char *) v->value,-1,-1,mval))
-                                        return 0;
-                }
-        return 1;
-        }
diff --git a/src/lib/libcrypto/x509v3/v3conf.c b/src/lib/libcrypto/x509v3/v3conf.c
new file mode 100644
index 0000000000..00cf5b4a5b
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3conf.c
@@ -0,0 +1,127 @@
+/* v3conf.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+/* Test application to add extensions from a config file */
+int main(int argc, char **argv)
+{
+        LHASH *conf;
+        X509 *cert;
+        FILE *inf;
+        char *conf_file;
+        int i;
+        int count;
+        X509_EXTENSION *ext;
+        X509V3_add_standard_extensions();
+        ERR_load_crypto_strings();
+        if(!argv[1]) {
+                fprintf(stderr, "Usage: v3conf cert.pem [file.cnf]\n");
+                exit(1);
+        }
+        conf_file = argv[2];
+        if(!conf_file) conf_file = "test.cnf";
+        conf = CONF_load(NULL, "test.cnf", NULL);
+        if(!conf) {
+                fprintf(stderr, "Error opening Config file %s\n", conf_file);
+                ERR_print_errors_fp(stderr);
+                exit(1);
+        }
+        inf = fopen(argv[1], "r");
+        if(!inf) {
+                fprintf(stderr, "Can't open certificate file %s\n", argv[1]);
+                exit(1);
+        }
+        cert = PEM_read_X509(inf, NULL, NULL);
+        if(!cert) {
+                fprintf(stderr, "Error reading certificate file %s\n", argv[1]);
+                exit(1);
+        }
+        fclose(inf);
+        sk_pop_free(cert->cert_info->extensions, X509_EXTENSION_free);
+        cert->cert_info->extensions = NULL;
+        if(!X509V3_EXT_add_conf(conf, NULL, "test_section", cert)) {
+                fprintf(stderr, "Error adding extensions\n");
+                ERR_print_errors_fp(stderr);
+                exit(1);
+        }
+        count = X509_get_ext_count(cert);
+        printf("%d extensions\n", count);
+        for(i = 0; i < count; i++) {
+                ext = X509_get_ext(cert, i);
+                printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
+                if(ext->critical) printf(",critical:\n");
+                else printf(":\n");
+                X509V3_EXT_print_fp(stdout, ext, 0, 0);
+                printf("\n");
+                
+        }
+        return 0;
+}
diff --git a/src/lib/libcrypto/x509v3/v3err.c b/src/lib/libcrypto/x509v3/v3err.c
index d538ad8b80..e1edaf5248 100644
--- a/src/lib/libcrypto/x509v3/v3err.c
+++ b/src/lib/libcrypto/x509v3/v3err.c
@@ -70,15 +70,10 @@
 static ERR_STRING_DATA X509V3_str_functs[]=
        {
-{ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE),        "ASIDENTIFIERCHOICE_CANONIZE"},
-{ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL),    "ASIDENTIFIERCHOICE_IS_CANONICAL"},
 {ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"},
 {ERR_FUNC(X509V3_F_COPY_ISSUER),        "COPY_ISSUER"},
-{ERR_FUNC(X509V3_F_DO_DIRNAME), "DO_DIRNAME"},
 {ERR_FUNC(X509V3_F_DO_EXT_CONF),        "DO_EXT_CONF"},
 {ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"},
-{ERR_FUNC(X509V3_F_DO_EXT_NCONF),       "DO_EXT_NCONF"},
-{ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS),    "DO_I2V_NAME_CONSTRAINTS"},
 {ERR_FUNC(X509V3_F_HEX_TO_STRING),      "hex_to_string"},
 {ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED),        "i2s_ASN1_ENUMERATED"},
 {ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"},
@@ -87,46 +82,34 @@ static ERR_STRING_DATA X509V3_str_functs[]=
 {ERR_FUNC(X509V3_F_NOTICE_SECTION),     "NOTICE_SECTION"},
 {ERR_FUNC(X509V3_F_NREF_NOS),   "NREF_NOS"},
 {ERR_FUNC(X509V3_F_POLICY_SECTION),     "POLICY_SECTION"},
-{ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE),  "PROCESS_PCI_VALUE"},
 {ERR_FUNC(X509V3_F_R2I_CERTPOL),        "R2I_CERTPOL"},
 {ERR_FUNC(X509V3_F_R2I_PCI),    "R2I_PCI"},
 {ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "S2I_ASN1_IA5STRING"},
 {ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER),   "s2i_ASN1_INTEGER"},
 {ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING),      "s2i_ASN1_OCTET_STRING"},
 {ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID),   "S2I_ASN1_SKEY_ID"},
-{ERR_FUNC(X509V3_F_S2I_SKEY_ID),        "S2I_SKEY_ID"},
+{ERR_FUNC(X509V3_F_S2I_S2I_SKEY_ID),    "S2I_S2I_SKEY_ID"},
 {ERR_FUNC(X509V3_F_STRING_TO_HEX),      "string_to_hex"},
-{ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC),   "SXNET_add_id_asc"},
+{ERR_FUNC(X509V3_F_SXNET_ADD_ASC),      "SXNET_ADD_ASC"},
 {ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER),       "SXNET_add_id_INTEGER"},
 {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"},
 {ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC),   "SXNET_get_id_asc"},
 {ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"},
-{ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS),  "V2I_ASIDENTIFIERS"},
+{ERR_FUNC(X509V3_F_V2I_ACCESS_DESCRIPTION),     "V2I_ACCESS_DESCRIPTION"},
-{ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING),        "v2i_ASN1_BIT_STRING"},
+{ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING),        "V2I_ASN1_BIT_STRING"},
-{ERR_FUNC(X509V3_F_V2I_AUTHORITY_INFO_ACCESS),  "V2I_AUTHORITY_INFO_ACCESS"},
 {ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID),        "V2I_AUTHORITY_KEYID"},
 {ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS),      "V2I_BASIC_CONSTRAINTS"},
 {ERR_FUNC(X509V3_F_V2I_CRLD),   "V2I_CRLD"},
-{ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE),     "V2I_EXTENDED_KEY_USAGE"},
+{ERR_FUNC(X509V3_F_V2I_EXT_KU), "V2I_EXT_KU"},
+{ERR_FUNC(X509V3_F_V2I_GENERAL_NAME),   "v2i_GENERAL_NAME"},
 {ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES),  "v2i_GENERAL_NAMES"},
-{ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX),        "v2i_GENERAL_NAME_ex"},
-{ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS),   "V2I_IPADDRBLOCKS"},
-{ERR_FUNC(X509V3_F_V2I_ISSUER_ALT),     "V2I_ISSUER_ALT"},
-{ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS),       "V2I_NAME_CONSTRAINTS"},
-{ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS),     "V2I_POLICY_CONSTRAINTS"},
-{ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS),        "V2I_POLICY_MAPPINGS"},
-{ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT),    "V2I_SUBJECT_ALT"},
-{ERR_FUNC(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL),     "V3_ADDR_VALIDATE_PATH_INTERNAL"},
 {ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION),       "V3_GENERIC_EXTENSION"},
-{ERR_FUNC(X509V3_F_X509V3_ADD1_I2D),    "X509V3_add1_i2d"},
+{ERR_FUNC(X509V3_F_X509V3_ADD_I2D),     "X509V3_ADD_I2D"},
 {ERR_FUNC(X509V3_F_X509V3_ADD_VALUE),   "X509V3_add_value"},
 {ERR_FUNC(X509V3_F_X509V3_EXT_ADD),     "X509V3_EXT_add"},
 {ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS),       "X509V3_EXT_add_alias"},
 {ERR_FUNC(X509V3_F_X509V3_EXT_CONF),    "X509V3_EXT_conf"},
 {ERR_FUNC(X509V3_F_X509V3_EXT_I2D),     "X509V3_EXT_i2d"},
-{ERR_FUNC(X509V3_F_X509V3_EXT_NCONF),   "X509V3_EXT_nconf"},
-{ERR_FUNC(X509V3_F_X509V3_GET_SECTION), "X509V3_get_section"},
-{ERR_FUNC(X509V3_F_X509V3_GET_STRING),  "X509V3_get_string"},
 {ERR_FUNC(X509V3_F_X509V3_GET_VALUE_BOOL),      "X509V3_get_value_bool"},
 {ERR_FUNC(X509V3_F_X509V3_PARSE_LIST),  "X509V3_parse_list"},
 {ERR_FUNC(X509V3_F_X509_PURPOSE_ADD),   "X509_PURPOSE_add"},
@@ -140,7 +123,6 @@ static ERR_STRING_DATA X509V3_str_reasons[]=
 {ERR_REASON(X509V3_R_BAD_OBJECT)         ,"bad object"},
 {ERR_REASON(X509V3_R_BN_DEC2BN_ERROR)    ,"bn dec2bn error"},
 {ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR),"bn to asn1 integer error"},
-{ERR_REASON(X509V3_R_DIRNAME_ERROR)      ,"dirname error"},
 {ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID)  ,"duplicate zone id"},
 {ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE),"error converting zone"},
 {ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION),"error creating extension"},
@@ -151,15 +133,10 @@ static ERR_STRING_DATA X509V3_str_reasons[]=
 {ERR_REASON(X509V3_R_EXTENSION_NOT_FOUND),"extension not found"},
 {ERR_REASON(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED),"extension setting not supported"},
 {ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR),"extension value error"},
-{ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION),"illegal empty extension"},
 {ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT)  ,"illegal hex digit"},
 {ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),"incorrect policy syntax tag"},
-{ERR_REASON(X509V3_R_INVALID_ASNUMBER)   ,"invalid asnumber"},
-{ERR_REASON(X509V3_R_INVALID_ASRANGE)    ,"invalid asrange"},
 {ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING),"invalid boolean string"},
 {ERR_REASON(X509V3_R_INVALID_EXTENSION_STRING),"invalid extension string"},
-{ERR_REASON(X509V3_R_INVALID_INHERITANCE),"invalid inheritance"},
-{ERR_REASON(X509V3_R_INVALID_IPADDRESS)  ,"invalid ipaddress"},
 {ERR_REASON(X509V3_R_INVALID_NAME)       ,"invalid name"},
 {ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT),"invalid null argument"},
 {ERR_REASON(X509V3_R_INVALID_NULL_NAME)  ,"invalid null name"},
@@ -169,9 +146,9 @@ static ERR_STRING_DATA X509V3_str_reasons[]=
 {ERR_REASON(X509V3_R_INVALID_OBJECT_IDENTIFIER),"invalid object identifier"},
 {ERR_REASON(X509V3_R_INVALID_OPTION)     ,"invalid option"},
 {ERR_REASON(X509V3_R_INVALID_POLICY_IDENTIFIER),"invalid policy identifier"},
+{ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_IDENTIFIER),"invalid proxy policy identifier"},
 {ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_SETTING),"invalid proxy policy setting"},
 {ERR_REASON(X509V3_R_INVALID_PURPOSE)    ,"invalid purpose"},
-{ERR_REASON(X509V3_R_INVALID_SAFI)       ,"invalid safi"},
 {ERR_REASON(X509V3_R_INVALID_SECTION)    ,"invalid section"},
 {ERR_REASON(X509V3_R_INVALID_SYNTAX)     ,"invalid syntax"},
 {ERR_REASON(X509V3_R_ISSUER_DECODE_ERROR),"issuer decode error"},
@@ -185,14 +162,12 @@ static ERR_STRING_DATA X509V3_str_reasons[]=
 {ERR_REASON(X509V3_R_NO_PUBLIC_KEY)      ,"no public key"},
 {ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS) ,"no subject details"},
 {ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS),"odd number of digits"},
-{ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED),"operation not defined"},
-{ERR_REASON(X509V3_R_OTHERNAME_ERROR)    ,"othername error"},
 {ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED),"policy language alreadty defined"},
 {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH) ,"policy path length"},
 {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED),"policy path length alreadty defined"},
+{ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT)  ,"policy syntax not"},
 {ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED),"policy syntax not currently supported"},
 {ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),"policy when proxy language requires no policy"},
-{ERR_REASON(X509V3_R_SECTION_NOT_FOUND)  ,"section not found"},
 {ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS),"unable to get issuer details"},
 {ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID),"unable to get issuer keyid"},
 {ERR_REASON(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT),"unknown bit string argument"},
@@ -208,12 +183,15 @@ static ERR_STRING_DATA X509V3_str_reasons[]=
 void ERR_load_X509V3_strings(void)
        {
-#ifndef OPENSSL_NO_ERR
+        static int init=1;
-        if (ERR_func_error_string(X509V3_str_functs[0].error) == NULL)
+        if (init)
                {
+                init=0;
+#ifndef OPENSSL_NO_ERR
                ERR_load_strings(0,X509V3_str_functs);
                ERR_load_strings(0,X509V3_str_reasons);
-                }
 #endif
+                }
        }
diff --git a/src/lib/libcrypto/x509v3/v3prin.c b/src/lib/libcrypto/x509v3/v3prin.c
new file mode 100644
index 0000000000..b529814319
--- /dev/null
+++ b/src/lib/libcrypto/x509v3/v3prin.c
@@ -0,0 +1,99 @@
+/* v3prin.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <openssl/asn1.h>
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+int main(int argc, char **argv)
+{
+        X509 *cert;
+        FILE *inf;
+        int i, count;
+        X509_EXTENSION *ext;
+        X509V3_add_standard_extensions();
+        ERR_load_crypto_strings();
+        if(!argv[1]) {
+                fprintf(stderr, "Usage v3prin cert.pem\n");
+                exit(1);
+        }
+        if(!(inf = fopen(argv[1], "r"))) {
+                fprintf(stderr, "Can't open %s\n", argv[1]);
+                exit(1);
+        }
+        if(!(cert = PEM_read_X509(inf, NULL, NULL))) {
+                fprintf(stderr, "Can't read certificate %s\n", argv[1]);
+                ERR_print_errors_fp(stderr);
+                exit(1);
+        }
+        fclose(inf);
+        count = X509_get_ext_count(cert);
+        printf("%d extensions\n", count);
+        for(i = 0; i < count; i++) {
+                ext = X509_get_ext(cert, i);
+                printf("%s\n", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
+                if(!X509V3_EXT_print_fp(stdout, ext, 0, 0)) ERR_print_errors_fp(stderr);
+                printf("\n");
+                
+        }
+        return 0;
+}
diff --git a/src/lib/libcrypto/x509v3/x509v3.h b/src/lib/libcrypto/x509v3/x509v3.h
index db2b0482c1..e6d91251c2 100644
--- a/src/lib/libcrypto/x509v3/x509v3.h
+++ b/src/lib/libcrypto/x509v3/x509v3.h
@@ -3,7 +3,7 @@
 * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -74,14 +74,14 @@ struct v3_ext_ctx;
 typedef void * (*X509V3_EXT_NEW)(void);
 typedef void (*X509V3_EXT_FREE)(void *);
-typedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long);
+typedef void * (*X509V3_EXT_D2I)(void *, unsigned char ** , long);
 typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);
 typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist);
 typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values);
 typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext);
-typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str);
+typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
 typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent);
-typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, const char *str);
+typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
 /* V3 extension structure */
@@ -132,6 +132,7 @@ void *db;
 };
 typedef struct v3_ext_method X509V3_EXT_METHOD;
+typedef struct v3_ext_ctx X509V3_CTX;
 DECLARE_STACK_OF(X509V3_EXT_METHOD)
@@ -286,33 +287,6 @@ typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
 DECLARE_STACK_OF(POLICYINFO)
 DECLARE_ASN1_SET_OF(POLICYINFO)
-typedef struct POLICY_MAPPING_st {
-        ASN1_OBJECT *issuerDomainPolicy;
-        ASN1_OBJECT *subjectDomainPolicy;
-} POLICY_MAPPING;
-DECLARE_STACK_OF(POLICY_MAPPING)
-typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS;
-typedef struct GENERAL_SUBTREE_st {
-        GENERAL_NAME *base;
-        ASN1_INTEGER *minimum;
-        ASN1_INTEGER *maximum;
-} GENERAL_SUBTREE;
-DECLARE_STACK_OF(GENERAL_SUBTREE)
-typedef struct NAME_CONSTRAINTS_st {
-        STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;
-        STACK_OF(GENERAL_SUBTREE) *excludedSubtrees;
-} NAME_CONSTRAINTS;
-typedef struct POLICY_CONSTRAINTS_st {
-        ASN1_INTEGER *requireExplicitPolicy;
-        ASN1_INTEGER *inhibitPolicyMapping;
-} POLICY_CONSTRAINTS;
 /* Proxy certificate structures, see RFC 3820 */
 typedef struct PROXY_POLICY_st
        {
@@ -370,8 +344,6 @@ DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
 #define EXFLAG_CRITICAL         0x200
 #define EXFLAG_PROXY            0x400
-#define EXFLAG_INVALID_POLICY   0x400
 #define KU_DIGITAL_SIGNATURE    0x0080
 #define KU_NON_REPUDIATION      0x0040
 #define KU_KEY_ENCIPHERMENT     0x0020
@@ -470,13 +442,6 @@ DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
 DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)
-ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
-                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
-                                ASN1_BIT_STRING *bits,
-                                STACK_OF(CONF_VALUE) *extlist);
 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);
 int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);
@@ -509,24 +474,8 @@ DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
 DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
 DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
-DECLARE_ASN1_ITEM(POLICY_MAPPING)
-DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
-DECLARE_ASN1_ITEM(POLICY_MAPPINGS)
-DECLARE_ASN1_ITEM(GENERAL_SUBTREE)
-DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
-DECLARE_ASN1_ITEM(NAME_CONSTRAINTS)
-DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
-DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
-DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
 #ifdef HEADER_CONF_H
-GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf);
-                                                        CONF_VALUE *cnf);
-GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, X509V3_EXT_METHOD *method,
-                                X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc);
 void X509V3_conf_free(CONF_VALUE *val);
 X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
@@ -617,164 +566,7 @@ int X509_PURPOSE_get_id(X509_PURPOSE *);
 STACK *X509_get1_email(X509 *x);
 STACK *X509_REQ_get1_email(X509_REQ *x);
 void X509_email_free(STACK *sk);
-STACK *X509_get1_ocsp(X509 *x);
-ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
-ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
-int a2i_ipadd(unsigned char *ipout, const char *ipasc);
-int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
-                                                unsigned long chtype);
-void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
-#ifndef OPENSSL_NO_RFC3779
-typedef struct ASRange_st {
-  ASN1_INTEGER *min, *max;
-} ASRange;
-#define ASIdOrRange_id          0
-#define ASIdOrRange_range       1
-typedef struct ASIdOrRange_st {
-  int type;
-  union {
-    ASN1_INTEGER *id;
-    ASRange      *range;
-  } u;
-} ASIdOrRange;
-typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
-DECLARE_STACK_OF(ASIdOrRange)
-#define ASIdentifierChoice_inherit              0
-#define ASIdentifierChoice_asIdsOrRanges        1
-typedef struct ASIdentifierChoice_st {
-  int type;
-  union {
-    ASN1_NULL    *inherit;
-    ASIdOrRanges *asIdsOrRanges;
-  } u;
-} ASIdentifierChoice;
-typedef struct ASIdentifiers_st {
-  ASIdentifierChoice *asnum, *rdi;
-} ASIdentifiers;
-DECLARE_ASN1_FUNCTIONS(ASRange)
-DECLARE_ASN1_FUNCTIONS(ASIdOrRange)
-DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice)
-DECLARE_ASN1_FUNCTIONS(ASIdentifiers)
-typedef struct IPAddressRange_st {
-  ASN1_BIT_STRING       *min, *max;
-} IPAddressRange;
-#define IPAddressOrRange_addressPrefix  0
-#define IPAddressOrRange_addressRange   1
-typedef struct IPAddressOrRange_st {
-  int type;
-  union {
-    ASN1_BIT_STRING     *addressPrefix;
-    IPAddressRange      *addressRange;
-  } u;
-} IPAddressOrRange;
-typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
-DECLARE_STACK_OF(IPAddressOrRange)
-#define IPAddressChoice_inherit                 0
-#define IPAddressChoice_addressesOrRanges       1
-typedef struct IPAddressChoice_st {
-  int type;
-  union {
-    ASN1_NULL           *inherit;
-    IPAddressOrRanges   *addressesOrRanges;
-  } u;
-} IPAddressChoice;
-typedef struct IPAddressFamily_st {
-  ASN1_OCTET_STRING     *addressFamily;
-  IPAddressChoice       *ipAddressChoice;
-} IPAddressFamily;
-typedef STACK_OF(IPAddressFamily) IPAddrBlocks;
-DECLARE_STACK_OF(IPAddressFamily)
-DECLARE_ASN1_FUNCTIONS(IPAddressRange)
-DECLARE_ASN1_FUNCTIONS(IPAddressOrRange)
-DECLARE_ASN1_FUNCTIONS(IPAddressChoice)
-DECLARE_ASN1_FUNCTIONS(IPAddressFamily)
-/*
- * API tag for elements of the ASIdentifer SEQUENCE.
- */
-#define V3_ASID_ASNUM   0
-#define V3_ASID_RDI     1
-/*
- * AFI values, assigned by IANA.  It'd be nice to make the AFI
- * handling code totally generic, but there are too many little things
- * that would need to be defined for other address families for it to
- * be worth the trouble.
- */
-#define IANA_AFI_IPV4   1
-#define IANA_AFI_IPV6   2
-/*
- * Utilities to construct and extract values from RFC3779 extensions,
- * since some of the encodings (particularly for IP address prefixes
- * and ranges) are a bit tedious to work with directly.
- */
-int v3_asid_add_inherit(ASIdentifiers *asid, int which);
-int v3_asid_add_id_or_range(ASIdentifiers *asid, int which,
-                            ASN1_INTEGER *min, ASN1_INTEGER *max);
-int v3_addr_add_inherit(IPAddrBlocks *addr,
-                        const unsigned afi, const unsigned *safi);
-int v3_addr_add_prefix(IPAddrBlocks *addr,
-                       const unsigned afi, const unsigned *safi,
-                       unsigned char *a, const int prefixlen);
-int v3_addr_add_range(IPAddrBlocks *addr,
-                      const unsigned afi, const unsigned *safi,
-                      unsigned char *min, unsigned char *max);
-unsigned v3_addr_get_afi(const IPAddressFamily *f);
-int v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi,
-                      unsigned char *min, unsigned char *max,
-                      const int length);
-/*
- * Canonical forms.
- */
-int v3_asid_is_canonical(ASIdentifiers *asid);
-int v3_addr_is_canonical(IPAddrBlocks *addr);
-int v3_asid_canonize(ASIdentifiers *asid);
-int v3_addr_canonize(IPAddrBlocks *addr);
-/*
- * Tests for inheritance and containment.
- */
-int v3_asid_inherits(ASIdentifiers *asid);
-int v3_addr_inherits(IPAddrBlocks *addr);
-int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b);
-int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b);
-/*
- * Check whether RFC 3779 extensions nest properly in chains.
- */
-int v3_asid_validate_path(X509_STORE_CTX *);
-int v3_addr_validate_path(X509_STORE_CTX *);
-int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
-                                  ASIdentifiers *ext,
-                                  int allow_inheritance);
-int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
-                                  IPAddrBlocks *ext,
-                                  int allow_inheritance);
-#endif /* OPENSSL_NO_RFC3779 */
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -785,63 +577,46 @@ void ERR_load_X509V3_strings(void);
 /* Error codes for the X509V3 functions. */
 /* Function codes. */
-#define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE             156
-#define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL         157
 #define X509V3_F_COPY_EMAIL                              122
 #define X509V3_F_COPY_ISSUER                             123
-#define X509V3_F_DO_DIRNAME                              144
 #define X509V3_F_DO_EXT_CONF                             124
 #define X509V3_F_DO_EXT_I2D                              135
-#define X509V3_F_DO_EXT_NCONF                            151
-#define X509V3_F_DO_I2V_NAME_CONSTRAINTS                 148
 #define X509V3_F_HEX_TO_STRING                           111
 #define X509V3_F_I2S_ASN1_ENUMERATED                     121
-#define X509V3_F_I2S_ASN1_IA5STRING                      149
+#define X509V3_F_I2S_ASN1_IA5STRING                      142
 #define X509V3_F_I2S_ASN1_INTEGER                        120
 #define X509V3_F_I2V_AUTHORITY_INFO_ACCESS               138
 #define X509V3_F_NOTICE_SECTION                          132
 #define X509V3_F_NREF_NOS                                133
 #define X509V3_F_POLICY_SECTION                          131
-#define X509V3_F_PROCESS_PCI_VALUE                       150
 #define X509V3_F_R2I_CERTPOL                             130
-#define X509V3_F_R2I_PCI                                 155
+#define X509V3_F_R2I_PCI                                 142
 #define X509V3_F_S2I_ASN1_IA5STRING                      100
 #define X509V3_F_S2I_ASN1_INTEGER                        108
 #define X509V3_F_S2I_ASN1_OCTET_STRING                   112
 #define X509V3_F_S2I_ASN1_SKEY_ID                        114
-#define X509V3_F_S2I_SKEY_ID                             115
+#define X509V3_F_S2I_S2I_SKEY_ID                         115
 #define X509V3_F_STRING_TO_HEX                           113
-#define X509V3_F_SXNET_ADD_ID_ASC                        125
+#define X509V3_F_SXNET_ADD_ASC                           125
 #define X509V3_F_SXNET_ADD_ID_INTEGER                    126
 #define X509V3_F_SXNET_ADD_ID_ULONG                      127
 #define X509V3_F_SXNET_GET_ID_ASC                        128
 #define X509V3_F_SXNET_GET_ID_ULONG                      129
-#define X509V3_F_V2I_ASIDENTIFIERS                       158
+#define X509V3_F_V2I_ACCESS_DESCRIPTION                  139
 #define X509V3_F_V2I_ASN1_BIT_STRING                     101
-#define X509V3_F_V2I_AUTHORITY_INFO_ACCESS               139
 #define X509V3_F_V2I_AUTHORITY_KEYID                     119
 #define X509V3_F_V2I_BASIC_CONSTRAINTS                   102
 #define X509V3_F_V2I_CRLD                                134
-#define X509V3_F_V2I_EXTENDED_KEY_USAGE                  103
+#define X509V3_F_V2I_EXT_KU                              103
+#define X509V3_F_V2I_GENERAL_NAME                        117
 #define X509V3_F_V2I_GENERAL_NAMES                       118
-#define X509V3_F_V2I_GENERAL_NAME_EX                     117
-#define X509V3_F_V2I_IPADDRBLOCKS                        159
-#define X509V3_F_V2I_ISSUER_ALT                          153
-#define X509V3_F_V2I_NAME_CONSTRAINTS                    147
-#define X509V3_F_V2I_POLICY_CONSTRAINTS                  146
-#define X509V3_F_V2I_POLICY_MAPPINGS                     145
-#define X509V3_F_V2I_SUBJECT_ALT                         154
-#define X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL          160
 #define X509V3_F_V3_GENERIC_EXTENSION                    116
-#define X509V3_F_X509V3_ADD1_I2D                         140
+#define X509V3_F_X509V3_ADD_I2D                          140
 #define X509V3_F_X509V3_ADD_VALUE                        105
 #define X509V3_F_X509V3_EXT_ADD                          104
 #define X509V3_F_X509V3_EXT_ADD_ALIAS                    106
 #define X509V3_F_X509V3_EXT_CONF                         107
 #define X509V3_F_X509V3_EXT_I2D                          136
-#define X509V3_F_X509V3_EXT_NCONF                        152
-#define X509V3_F_X509V3_GET_SECTION                      142
-#define X509V3_F_X509V3_GET_STRING                       143
 #define X509V3_F_X509V3_GET_VALUE_BOOL                   110
 #define X509V3_F_X509V3_PARSE_LIST                       109
 #define X509V3_F_X509_PURPOSE_ADD                        137
@@ -852,7 +627,6 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_R_BAD_OBJECT                              119
 #define X509V3_R_BN_DEC2BN_ERROR                         100
 #define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
-#define X509V3_R_DIRNAME_ERROR                           149
 #define X509V3_R_DUPLICATE_ZONE_ID                       133
 #define X509V3_R_ERROR_CONVERTING_ZONE                   131
 #define X509V3_R_ERROR_CREATING_EXTENSION                144
@@ -863,15 +637,10 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_R_EXTENSION_NOT_FOUND                     102
 #define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED         103
 #define X509V3_R_EXTENSION_VALUE_ERROR                   116
-#define X509V3_R_ILLEGAL_EMPTY_EXTENSION                 151
 #define X509V3_R_ILLEGAL_HEX_DIGIT                       113
-#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG             152
+#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG             153
-#define X509V3_R_INVALID_ASNUMBER                        160
-#define X509V3_R_INVALID_ASRANGE                         161
 #define X509V3_R_INVALID_BOOLEAN_STRING                  104
 #define X509V3_R_INVALID_EXTENSION_STRING                105
-#define X509V3_R_INVALID_INHERITANCE                     162
-#define X509V3_R_INVALID_IPADDRESS                       163
 #define X509V3_R_INVALID_NAME                            106
 #define X509V3_R_INVALID_NULL_ARGUMENT                   107
 #define X509V3_R_INVALID_NULL_NAME                       108
@@ -881,9 +650,9 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_R_INVALID_OBJECT_IDENTIFIER               110
 #define X509V3_R_INVALID_OPTION                          138
 #define X509V3_R_INVALID_POLICY_IDENTIFIER               134
-#define X509V3_R_INVALID_PROXY_POLICY_SETTING            153
+#define X509V3_R_INVALID_PROXY_POLICY_IDENTIFIER         147
+#define X509V3_R_INVALID_PROXY_POLICY_SETTING            151
 #define X509V3_R_INVALID_PURPOSE                         146
-#define X509V3_R_INVALID_SAFI                            164
 #define X509V3_R_INVALID_SECTION                         135
 #define X509V3_R_INVALID_SYNTAX                          143
 #define X509V3_R_ISSUER_DECODE_ERROR                     126
@@ -893,18 +662,16 @@ void ERR_load_X509V3_strings(void);
 #define X509V3_R_NO_ISSUER_CERTIFICATE                   121
 #define X509V3_R_NO_ISSUER_DETAILS                       127
 #define X509V3_R_NO_POLICY_IDENTIFIER                    139
-#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED   154
+#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED   148
 #define X509V3_R_NO_PUBLIC_KEY                           114
 #define X509V3_R_NO_SUBJECT_DETAILS                      125
 #define X509V3_R_ODD_NUMBER_OF_DIGITS                    112
-#define X509V3_R_OPERATION_NOT_DEFINED                   148
+#define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED        149
-#define X509V3_R_OTHERNAME_ERROR                         147
+#define X509V3_R_POLICY_PATH_LENGTH                      152
-#define X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED        155
+#define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED     150
-#define X509V3_R_POLICY_PATH_LENGTH                      156
+#define X509V3_R_POLICY_SYNTAX_NOT                       154
-#define X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED     157
+#define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED   155
-#define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED   158
+#define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 156
-#define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159
-#define X509V3_R_SECTION_NOT_FOUND                       150
 #define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS            122
 #define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID              123
 #define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT             111